The preceding information includes both our Privacy Notice for General Public and our Privacy Notice for Enham Trust Customers.


Privacy Notice for General Public

Introduction

This Privacy Notice sets out information on how and why Enham Trust (Company Number 00173199) of Enham Place, Enham Alamein, Andover, Hampshire, SP11 6JS ("we") processes personal information about the people who engage with us in relation to our Marketing and fundraising activities("you"). It also sets out your rights in relation to that information. Under data protection laws we are the "data controller" of this personal information.

It is important that you read this privacy notice to understand your rights. This privacy notice supplements the other notices and is not intended to override them.

How we manage your data

There are 6 key principles under data protection laws which govern how we must deal with your personal information. We must: 

  • Hold and use it lawfully, fairly and in a transparent way.
  • Only use it for specific and lawful purposes that have been explained to you.
  • Make sure that it is adequate, relevant and limited to what is necessary for those purposes.
  • Make sure that it is accurate and up to date.
  • Make sure that we only keep it for as long as is necessary for those purposes.
  • Make sure that it is kept securely.

We must also ensure that we comply with relevant privacy legislation that governs how we can send marketing materials to you or tell you about fundraising activities.

What information do we collect about you and how we collect it?

We may collect, use, store and transfer different kinds of personal information about you in order to provide your chosen services to you, which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, marital status, title, date of birth, next of kin and gender.
  • Contact Data includes home address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details, financial needs and circumstances, details about payments to and from you, bursaries or grants obtained by you and tax details relating to Gift Aid nominations.
  • Services Data includes information relating to your donations and/or fundraising activities and your preferences for getting updates about how our funds are used and future activities for you to get involved with.

We do not collect special category data within Marketing and Fundraising.

We collect information via a variety of methods. For Marketing and Fundraising it includes via our website, by telephone, by email or by hard copy form.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

On what grounds do we process your personal information?

We will only use your personal information when the law allows us to. We will rely on your consent in order to contact you regarding our news and events, opportunities to support Enham Trust and to tell you how the amounts you raise are being used by us. You are free to withdraw any consent you have given us at any time by contacting us using the details set out above.

We will also rely on your consent in order to take photographs of activity participants and prepare case studies for the purpose of Marketing and Fundraising. You are free to withdraw this consent at any time by contacting us using the details set out above.

Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your information. Please contact us if you need details about the specific legal grounds we are relying on to process your personal information.

Who will we share your information with?

We may have to share your personal information with the parties set out below: 

  • Service providers who provide IT and system administration services (including cloud based systems), maintenance services or utility services on our behalf.
  • Professional advisors who are advising us including lawyers, bankers, auditors and insurers.
  • HM Revenue & Customs, the Care Quality Commission, the Charity Commission, Police, Ofsted or the Health and Safety Executive and other authorities who require reporting of processing activities or access to personal information in certain circumstances.
  • Third parties to whom we may choose to sell, transfer, or merge parts of our charity or our assets. Alternatively, we may seek to acquire other charities or merge with them. If a change happens to our organisation, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • Pictures and fundraising activities may be shared with our wider audience through our Marketing and Fundraising forums, including social media, where your specific consent has been gained.

This list is not exhaustive as there are other circumstances where we may also be required to share information, which we have yet to envisage. In all cases, we will do so in compliance with the GDPR and all applicable laws and contractual obligations which we hold with you

We require all third parties who process personal information on our behalf to respect the security of your information and to treat it in accordance with the law. We do not allow our third-party service providers that are processing your information on our behalf to use your personal information for their own purposes and only permit them to process your information for specified purposes and in accordance with our instructions. Where we disclose information to third parties who are data controllers in their own right, they must comply with all relevant data protection laws and you can exercise your rights against them direct. 

Google Analytics

The Enham Trust website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies to help us to analyse how users use the Enham Trust website. The information generated by the cookie about your use of our site (including your IP address) will be transmitted to and stored by Google on servers in the United States.

Google will use this information for the purposes of evaluating your use of our sites, compiling reports on website activity for us and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of the Enham website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

International transfers

We do not currently transfer your personal information outside the European Economic Area (EEA) other than to those countries approved as having adequate protection for the rights and freedoms of individuals' data by the European Commission. If data is transferred to any other countries we will ensure that we put in place appropriate measures to ensure that we comply with the requirements set out in the General Data Protection Regulation 2016 ("GDPR") for overseas transfers.

Information security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, trustees and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long will we keep your personal information?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Within Marketing and Fundraising, we keep personal information for 1 year. Any financial or tax fundraising or donation information is kept for the required length of time in line with HMRC guidelines. We also keep certain information that is provided to us for historical archiving purposes.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your legal rights

Under the GDPR, you have a number of important rights free of charge. These include rights to:

  • Access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address.
  • Require us to correct any mistakes in your information which we hold.
  • Require the erasure of personal information concerning you in certain situations.
  • Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations.
  • Object at any time to processing of personal information concerning you for direct marketing.
  • Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you (we do not currently carry out any such decision making).
  • Object in certain other situations to our continued processing of your personal information.
  • Otherwise restrict our processing of your personal information in certain circumstances.

For further information on each of those rights, including the circumstances in which they apply, see the detailed guidance available from the ICO (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/)

Please note that not all of these rights apply in all circumstances – we will explain this to you if applicable when you make a request. 

Access to your information

If you would like to exercise any of those rights, please email, call or write to using the contact details set out below and provide us with proof of your identify with the request. You also need to let us know the specific information that you are requesting.

If you make a request, we will respond to you within one month. We will not charge you a fee for dealing with your request (unless your request is manifestly unfounded or excessive, such as where you make repeated requests).

Further information

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact them via [email protected] or 01264 345800 (asking for the data privacy manager).

You have the right to make a complaint at any time to the ICO, the UK supervisory authority for data protection issues www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Do you need extra help?

If you would like this notice in another format (for example: audio, large print, braille) please contact us via [email protected] or on 01264 345800 and asking for the Data Protection Manager.

Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply:

  1. a) Your data will be made available to our website provider
  2. b) The data that may be available to them include any of the data we collect as described in [section 3] above.
  3. c) Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
  4. They will store your data for a maximum of 7 years.
  5. This processing does not affect your rights as detailed in this privacy policy

This version was last updated on 24th May 2018

 

 

 


 

 

Privacy Notice for Enham Trust Customers

Introduction

This Privacy Notice explains how and why Enham Trust keeps personal information about you. It is important that you understand your rights about your personal information under a piece of law called the Data Protection Act 2018.

This privacy notice supports any other privacy notices which you may have been issued.

How we manage your data

To ensure we comply with the law there are certain things that we must do with your personal information and these things are;

  • hold and use it lawfully
  • only use it for specific and lawful purposes
  • make sure we only keep the information about you that we need to
  • make sure the information we keep about you is correct and up to date
  • make sure that we only keep information about you for as long as we need to
  • make sure that your information is kept securely

We also ensure that we will only send you information about Enham if you want us to.
For more information about these 6 principles of how we can manage your data see the detailed guidance available from the ICO https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr.

What information we have about you and how we get it

Your personal information means any information about you from which you can be identified. It does not include data where your identity has been removed; this is called anonymous data. For example, describing some as a ‘male who lives in Somerset’ is anonymous.

We collect information about you in many ways from;

  • our website
  • by telephone
  • by email
  • in person
  • or by hard copy form

We may collect, use, store and transfer different kinds of personal information about you in order to provide your chosen services to you, these may include:

  • Your first name, maiden name, last name, marital status, title, date of birth, next of kin and gender, photographs of you
  • Your home address, email address and telephone numbers
  • Your lifestyle information, such as what activities you do, referral information and conviction or offence history
  • Your bank account and payment card details, financial needs and circumstances, details about payments to and
  • from you, bursaries or grants obtained by you and tax details relating to Gift Aid nominations
  • Any information to assist us in providing you with the correct support, advice and guidance within your service.
  • Any information to assist, relevant investigation and complaint activity, incidents, accidents or safeguarding
  • activities and Equality and Diversity information
  • Any information necessary to administer participations in our service to you professional skills and expertise / experience or qualifications

We may also hold personal information about you relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data using for uniquely identifying you, health information or information concerning your sex life or sexual orientation. If we hold this personal information about you then we will only do so, so that we can provide you with the correct advice and support.

We may also obtain information about you from other people (third parties) such as family members, local authorities, and regulatory bodies such as the Care Quality Commission, NHS bodies or police forces.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

If you don't provide us with information

Where we need to collect personal information by law, or under the terms of a tenancy or services agreement we have with you, and you don’t provide that information to us, we may not be able to help or support you. In this case, we may have to end our relationship with you, but we will tell you if this is what we are going to do.

Why do we process and collect your data?

Legally, we can only use your personal information in the following circumstances;

  • Where we need to perform an agreement, we are about to enter into or have entered into with you e.g. to provide you with the service you have asked for.
  • Where we need to comply with a legal or regulatory obligation e.g. provide information to local authorities, HMRC, the Care Quality Commission, the Health and Safety Executive, the Charity Commission or Ofsted.
  • Where is it necessary to protect your or someone else's interests
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests e.g. to improve how we offer services to our residents and beneficiaries, carry out fraud prevention activities, liaise with grant and bursary providers, put in place appropriate insurance cover etc.

Under these points, we do not need your agreement to process your personal information.

  • Where you have given us your explicit consent to process your personal information for example, when we would like to take photographs of you or to share information about you to other people (for example if you achieved something and we wrote a story about it, we could only share it with other people if you said you are happy that we do so).

If you are not happy for us to take your photograph or for us to write a story about you at the moment, you can change your mind about this at any point; all you need to do is tell us by emailing [email protected].

If we have personal information about your criminal conviction(s) or offence (s), we can hold this information if:

  • it is necessary to protect your or someone else's interests where you are incapable of giving consent
  • we need to meet our charitable objectives of helping those with disabilities of all kinds
  • we need to establish, protect or defend legal claims
  • if it is in the substantial public interest e.g. where steps are taken to prevent fraud or other dishonest activity or safeguard the economic well-being of certain individuals
  • you have given us your explicit consent

We may process your personal information without your knowledge or agreement where this is required or allowed by the law.

If we need to use your personal information for another reason, we will notify you to explain why.

Who can we share your personal information with?

We may have to share your personal information with other people (third parties), such as:

  • Service providers who provide IT and system administration services (including cloud-based systems), maintenance services or utility services on our behalf
  • Professional advisors who are advising us including lawyers, bankers, auditors and insurers
  • HM Revenue & Customs, the Care Quality Commission, the Charity Commission, Ofsted or the Health and Safety Executive and other authorities who require reporting of processing activities or access to personal information in certain circumstances
  • Third parties to whom we may choose to sell, transfer, or merge parts of our charity or our assets. Alternatively, we may seek to acquire other charities or merge with them. If a change happens to our organisation, then the new owners may use your personal data in the same way as set out in this privacy notice.

We require other people who process your personal information on our behalf;

  • to respect the security of your information and to treat it in accordance with the law.
    to use your personal information for their own purposes.

Where we tell your local authority about you, who are data controllers in their own right, they must also comply with all relevant data protection laws. For this, we strongly suggest to read their privacy notices that can be found on their websites.

Video or audio recordings

We do not currently video or audio record support or confidential conversations with customers without prior knowledge and consent. With your safety and the safety of Enham Trust staff in mind, we ask that you refrain from videotaping or taking photos, videos or recordings of any kind with your camera, cell phone, smart phone, tablet, or any other device without prior consent and supervision from the Quality and Risk team who you can contact via d[email protected].

If you would like to know more about our Video recording policy, please contact [email protected].

Webinar recordings

We may record video webinars, training, or information sessions to provide as a resource to our customers to who it would be relevant but were not in attendance. If this is the case, we will inform you of the recording within the session invite.

By participating in these webinars, you are consenting to our collection (including recording) in accordance with this Privacy Notice. Information is also processed via video conferencing platforms such as Zoom or Microsoft Teams. Please refer to their privacy policy at Zoom Privacy Policy or Microsoft Teams recording Privacy Notice.

The information we process for this purpose is name, email address, your image if you choose to have your camera on and the sound of your voice if you speak or choose to ask or answer any questions. Video and audio will be used for attendance, documentation and communication.

The above listed personal information will be stored on our secured drives with restricted access where only the relevant departments staff team would be able to access it. The recording will be shared via a direct link and the link will be disabled after 1 year.

We will share the video recordings with our customers and staff to whom the information is important and necessary for them to understand and receive.

If you would like to know more about our webinar recording policy or like our support on how to remove your name or turn off your camera, please contact [email protected].

International Transfers

We do not currently transfer your personal information outside the European Economic Area (EEA) other than to those countries approved as having adequate protection for the rights and freedoms of individuals' data by the European Commission. If data is transferred to any other countries, we will ensure that we put in place appropriate measures to ensure that we comply with the requirements set out in the Data Protection Act 2018 as well as in the General Data Protection Regulation 2016 ("GDPR") for overseas transfers.

Information Security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those who need to know.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long will we keep your information?

We will only keep your personal information for as long as we need to fulfil the purposes we collected it for, including for the purposes of satisfying any legal requirements. We may retain your personal data for a longer period in the event of a complaint.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including contact details, identity, service needs and requirements) in line with our contractual and legal requirements. Our Retention Policy is up to date and complies with Data Protection Act 2018. Please contact us if you would like to see a copy our retention schedules.

Your legal rights?

Under the GDPR, you have a number of important rights. These include;

  • access your personal information and to certain other information
  • require us to correct any mistakes in your personal information
  • require us to delete personal information about you in certain situations
  • receive personal information about you from us, in a structured, commonly used and machine-readable format and have the right to give it to other people in certain situations
  • object at any time and request that we stop sending you information about Enham Trust
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you (we do not currently carry out any such decision making)
  • object in certain other situations to us having your personal information
  • restrict our processing of your personal information in certain circumstances

For further information on each of those rights, including the circumstances in which they apply, see the detailed guidance available from the ICO (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/).

Please note that not all of these rights apply in all circumstances – we will explain this to you if applicable when you make a request.

Access to your information

If you would like access to your information, please email, call or write to us using the contact details set out below and provide us with proof of your identify with the request. You also need to tell us specifically what you want to help us ensure that we provide you with what you have asked for.

If you ask for this information, we will respond to you within one month. We will not charge you a fee for dealing with your request.

Contact details

We have appointed someone at Enham (called a Data Privacy Manager) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact them via [email protected] or 01264 345800 (asking for the Data Privacy Manager).

Complaints

You have the right to make a complaint at any time to the ICO, the UK supervisory authority for data protection issues www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

 

This version was last updated on 5th October 2021

 

DO YOU NEED EXTRA HELP?

If you would like this notice in another format (for example: audio, large print, braille) please contact us at [email protected] or on 01264 345800 and ask for the Data Privacy Manager.