Updated May 2018
The Sevenoaks Fund, which is administered by Sevenoaks Town Council (we, our or us), is committed to protecting and respecting your privacy.
This policy, (together with our terms and conditions (our terms), explains how we handle and use your personal information and your rights in relation to that information.
Under data protection law, Sevenoaks Town Council is the controller of that information and responsible for its use and protection.
This policy describes the way we handle and use the personal information that we obtain from all the different interactions you may have with us, when you visit the website currently located at www.sevenoaks.fund (Site), when you contact us or pledge a donation either through the site or another method.
We, the Sevenoaks Fund, are the controller in relation to the processing activities described below. This means that we decide why and how your personal information is processed. Please see the section at the end of this policy for our contact and legal information.
We collect personal information from you if you pledge funds to the projects included on the site. Their use of that information during and after their campaign (e.g. to keep in contact with you about progress of their project and their achievements) are uses of your information for which those projects determine, independently of us. As a result, those members will be separate controllers of your personal information.
We refer to ‘projects, ‘donors’ and ‘pledges’ throughout this document.
- How and when we collect personal information about you
We receive personal information about you that you give to us or that we collect from your use of our Site. We only collect personal information which we need and that is relevant for the purposes for which we intend to use it.
Personal information that you give to us
This is personal information about you that you give to us when:
- submitting personal information via our Site
- following us, interacting with us and posting on our social media pages
- we interact with you at events
- corresponding with us by phone, email or in another way.
This information is provided by you entirely voluntarily.
This includes information provided on the Site at the time of registering as a donor, pledging funds to a project on the Site or cancelling a pledge and when generally using our Site. For example, you may give us your personal information by filling in forms, uploading profile information and other content to the Site, managing your account online, engaging in correspondence with us by phone, email or otherwise and meeting with us at events (e.g. you may provide us with your business card). We may also ask you for information when you report a problem with our Site or when you exercise your legal rights.
If we do not receive this information, you may be unable to register with the Site, pledge funds to projects or communicate with us effectively or allow us to comply with our own obligations.
Information that we collect about you
We may automatically collect the following information:
- details of your visits to our site, including, but not limited to traffic data, location data, weblogs and other communication data, and the resources you access;
- technical information, including anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
- Categories of personal information we use about you
We process different types of personal information about you. To make it easier to understand the information that we use about you, we have categorised this information in the table below and provided a short explanation of the type of information each category covers.
We process the following categories of personal information about you:
|Category||Personal information included in this category|
|Contact||information which can be used to address, send or otherwise communicate a message to you|
|Banking/Billing||information used to send/receive funds to/from you|
|Fraud||information relating to the occurrence, investigation or prevention of fraud|
|Legal||information relating to legal claims made by you or against you or the claims process|
|Donations||information relating to your pledges|
|Correspondence||information contained in our correspondence or other communications with you about projects and other activities on our Site, our services or our business|
- Use of your personal information
We use your personal information for a variety of reasons. We rely on different legal grounds to process your personal information, depending on the purposes of our use and the risks to your privacy. We do not share your personal information with any other body.
We use your personal information in the following ways:
4.1 Where you have provided CONSENT
We may use and process your personal information for the following purposes where you have consented for us to do so:
- to contact you via email with information about our projects or funding opportunities;
You may withdraw your consent for us to use your information in any of these ways at any time.
4.2 Where necessary to comply with our LEGAL OBLIGATIONS
We will use your personal information to comply with our legal obligations:
- to keep a record relating to the exercise of any of your rights relating to our processing of your personal information;
- to perform anti-money laundering and related checks where the law requires these;
- to anonymise, pseudonymise and destroy your personal information in accordance with our retention policies and data protection law;
- to handle and resolve any complaints we receive relating to the services we provide;
4.3 Where necessary to process a claim of Gift Aid
We will use your personal information to process a claim for Gift Aid where this has been requested, including forwarding your details as necessary to the applicable charity or project.
4.4 Where necessary for us to pursue a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a fund for the following purposes:
Processing necessary for us to promote our fund activities and measure the reach and effectiveness of our campaigns
- for analysis and insight conducted to inform our marketing strategies, and to enhance and your visitor experience;
- to tailor and personalise our marketing communications based on your behaviour;
- to identify and record when you have received, opened or engaged with our website or electronic communications.
Processing necessary for us to support our donors with their enquiries
- to respond to correspondence you send to us and fulfil the requests you make to us.
Processing necessary for us to respond to changing market conditions and the needs of our guests and visitors
- to analyse, evaluate and improve our Site and other services so that your visit and use of our Site is more useful and enjoyable (we will generally use data amalgamated from many people so that it does not identify you personally);
- to undertake market analysis and research (including contacting you with surveys) so that we can better understand you as a donor;
- for the purposes of developing new initiatives and features on our Site (for example new types of fundraising options or support).
Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively
- to administer our Site for internal operations, including troubleshooting, testing, statistical purposes;
- for the prevention of fraud and other criminal activities;
- to verify the accuracy of data that we hold about you and create a better understanding of you as an account holder or visitor;
- for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access, including to archive, destroy, pseudonymise or anonymise your personal information;
- to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
- for efficiency, accuracy or other improvements of our databases and systems, for example, by combining systems or consolidating records we hold about you;
- to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings;
- to inform you of updates to our terms and conditions and policies; and
- for other general administration including managing your queries, complaints, or claims, and to send service messages to you.
Marketing communications: If you give your consent, we may use your personal information to contact you by email to send you newsletters or to notify you with details of projects. We try to adapt any marketing material that we send to you, for example by notifying you of projects that apply to your interests. If you do not wish to receive email communications from us, please inform us by using the unsubscribe link inside the email messages we send.
If you opt-out of receiving marketing communications from us, we keep your email address on our suppression list for a defined period to ensure that we comply with your wishes.
- Disclosure and sharing of your personal information by us
We only disclose and share your personal information outside the fund in limited circumstances. If we do, we will put in place a contract that requires recipients to protect your personal information, unless we are legally required to share that information. Any contractors or recipients that work for us will be obliged to follow our instructions. We do not sell your personal information to third parties.
We may disclose your information to the following:
- project owners for them to contact you in connection with their project and backers to allow them to identify the project owners responsible for the projects to which they pledge, in each case in accordance with our Terms;
- our third-party service providers, agents and subcontractors (Suppliers) for the purposes of providing services to us or directly to you on our behalf, including the operation and maintenance of our Site. Our Suppliers can be categorised as follows:
|Recipient / relationship to us||Industry sector (& sub-sector)|
|Accountants and legal and security advisers and consultants||Professional Services (Accountancy, Security & Legal)|
|Advertising, PR, digital and creative agencies||Media (Advertising & PR)|
|Banks, payment processors and financial services providers (Stripe, PayPal)||Finance (Banking & Payment Processing)|
|Business intelligence and performance services||IT (Business Performance)|
|Cloud software system providers, including database, email and document management/monitoring providers (Mandrill, Mailchimp, Google Docs, Dropbox)||IT (Cloud Services)|
|Delivery and mailing services providers (Royal Mail)||Logistics (Delivery Service)|
|Event booking service provider (Eventbrite)||Events (Booking)|
|Facilities and technology service providers including scanning and data destruction providers||IT (Data Management)|
|Fraud and identity verification services (Stripe, PayPal)||IT (Verification)|
|Tax administration (HMRC)||Government (Tax Administration)|
|Health and safety claims administrators and consultants||Health & Safety (Claims)|
|Insurers and insurance brokers||Insurance (Underwriting & Broking)|
|Online survey platforms and services (Survey Monkey)||IT (Survey)|
|Social media platforms (Facebook, Twitter and LinkedIn)||Media (Social Media)|
|Website and data analytics platform providers, and website performance tools (Google Analytics)||IT (Data Analytics)|
|Website and App developers||IT (Software Development)|
|Website marketing, search and integration services||IT (Software Development and Marketing)|
|Website hosting services providers||IT (Hosting)|
|File and data transfer providers (WeTransfer, Google Docs)||IT (Cloud)|
The Suppliers above are located in the European Economic Area or the USA.
When we use Suppliers, we only disclose to them any personal information that is necessary for them to provide their services and only where we have a contract in place that requires them to keep your information safe and secure.
We may disclose the personal information to other third parties as follows:
- if we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation or request, including by the police, courts, tribunals or regulators.
- Transfers of your personal information outside of Europe
Except in a limited number of cases, we do not transfer your personal information outside of Europe. Where we do, we take measures to protect your personal information.
All the personal information collected about you by us or on our behalf may be transferred to countries outside the European Economic Area (EEA). By way of example, this may happen where any of our group companies are located in a country outside of the EEA or if any of our servers or those of our third-party service providers are from time to time located in a country outside of the EEA. These countries may not have similar data protection laws to the UK and so they may not protect the use of your personal information to the same extent. If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipients of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. For example, those of our third-party service providers who receive your personal information in the USA may subscribe to the “EU-US Privacy Shield” framework. Where they do not, we ensure that we impose contractual obligations on them that are broadly equivalent as required by UK data protection law. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.
If you use our services whilst you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
- Security and links to other websites
We take the security of your personal information seriously and use a variety of measures based on good industry practice to keep it secure. Nonetheless, transmissions over the internet and to our Site may not be completely secure, so please exercise caution. When accessing links to other websites, their privacy policies, not ours, will apply to your personal information.
We employ security measures to protect the personal information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage. When we have provided (or you have chosen) a password or pin allowing you access to certain parts of the Site, you are responsible for safeguarding it and keeping it confidential and you promise not to allow it to be used by third parties. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do everything possible to protect your personal information, we cannot guarantee the security of any personal information during its transmission to us online. You accept the inherent security implications of using the internet and will not hold us responsible for any breach of security unless we are at fault.
In addition, if you linked to our Site from a third-party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party website and recommend that you check the policy of that third-party website.
We work with Stripe which provides our secure payment service. When making a donation on our website, your card details are processed and stored securely by Stripe.
Stripe Payments UK, Ltd. is a company registered in 9th Floor, 107 Cheapside, London, EC2V 6DN.
- The periods for which we retain your personal information
We will not hold your personal information in an identifiable format for any longer than is necessary for the purposes for which we collected it. For certain purposes we retain your personal information for a very short period whilst for others we retain it for a period of 7 years after the information is no longer required for business reasons so that we can deal with any legal proceedings that could arise.
We retain your personal information for the following periods:
|Type of personal information||How long do we keep your personal information?|
|Registration information||7 years from the date your account is closed for any reason.|
|Information relating to Donors (other than registration information) including pledge history||7 years from the date your account is closed for any reason.|
|Web traffic and device information||26 months from the date of collection.|
|Marketing preferences||For as long as you have not opted-out and if you opt-out, indefinitely after we place you on our suppression list to ensure we honour your wishes.|
|Complaints and queries||2 years, except where these relate to legal claims, in which case 7 years.|
The only exceptions to the periods mentioned above are where:
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
- you exercise your right to require us to retain your personal information for a period longer than our stated retention period;
- we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible;
- we archive the information, in which case we will delete it in accordance with our deletion cycle; or
- in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.
- Your rights in relation to your personal information
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to verify your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no such information is required, after we have received full details of your request. You have the following rights, some of which may only apply in certain circumstances:
9.1. To be informed about the processing of your personal information (this is what this policy sets out to do);
9.2. To have your personal information corrected if it is inaccurate and to have incomplete personal information completed;
The accuracy of your information is important to us and we make it easy for you to review and correct the personal information that we hold about you in your Profile. If you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, you can let us know by contacting us in any of the details described at the end of this policy but we ask you to first check that you cannot correct your details using the tools in your Profile.
9.3. To object to processing of your personal information;
Where we rely on our legitimate interests as the legal basis for processing your personal information for particular purposes, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please use our unsubscribe tool.
9.4. To withdraw your consent to processing your personal information;
Where we rely on your consent as the legal basis for processing your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can also do so using our unsubscribe tool.
You can choose to receive or opt-out of future marketing from Projects you have pledged on.
You can also choose to receive or opt-out of updates from Projects you have pledged on.
Please note that our standard receipt emails and notifications of a donation contain important financial information regarding your pledge and so cannot be turned off.
If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
9.5. To restrict processing of your personal information;
You may ask us to restrict the processing your personal information in the following situations: where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.
In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
9.6. To have your personal information erased;
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
9.7. To request access to your personal information and information about how we process it;
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
If you wish to make a Subject access request, please send us a message at email@example.com. We will then respond to your request in adherence with the ICO guidelines.
9.9. Rights relating to automated decision making, including profiling.
We do not envisage that any decisions that have a legal or significant effect on you will be taken about you using purely automated means, however we will update this policy and inform you if this position changes.
You have the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live or where your legal rights have been infringed. The contact details for the Information Commissioner’s Office (ICO), the data protection regulator in the UK, are available on the ICO website, where your personal information has or is being used in a way that you believe does not comply with data, however, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.
Please check this page regularly for changes to this policy. We will email you with changes if we hold a valid email address for you.
We may review this policy from time to time and any changes will be notified to you by posting an updated version on our Site and, where appropriate, by contacting you by email. Any changes will take effect 7 days after we post the modified terms on our Site or after the date we notify you by email. We recommend you regularly check this page for changes and review this policy each time you visit our Site.
- Contact and legal information
To contact us in relation to this policy, including to exercise any of your rights in relation to your personal information, please contact us or write to us by email at firstname.lastname@example.org
The Sevenoaks Fund’s registered address is Sevenoaks Town Council, Bradbourne Vale Road, Sevenoaks, TN13 3QG