Privacy Policy

[toc]

Abbreviation

Definition

ACCT

Angel Community Canal Boat Trust (also known as ‘Angel Boat’)

PCI-DSS

Payment Card Industry Data Security Standard

SSL

Secure Sockets Layer

Purpose

Every person has a right to privacy and so our Privacy Policy is designed to ensure the fair and proper use of information about people and compliance with relevant legislation, including General Data Protection Regulations (GDPR). This policy sets out our approach to ensure we comply with its provisions.

In this policy “We” and “Us” means the Angel Community Canal Boat Trust (ACCT) (charity no 1103542), or ‘The Angel Boat’. Your personal data (i.e. any information which identifies you, or which can be identified as relating to you personally) will be collected and used by ACCT.

For the purposes of data protection law, ACCT will be the controller.

Policy Principles

ACCT will ensure that all personal data that we hold will be:

  • Processed lawfully, fairly and in a transparent manner
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
  • Adequate, relevant and limited to what is necessary
  • Accurate and kept up to date
  • Kept in a form which permits identification of data subjects for no longer than is necessary
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage

Information ACCT Collects

Below are the types of information we collect and process:

Personal Data

We collect data people provide to us when:

  • Becoming a friend or supporter of ACCT
  • Becoming a member of staff, Trustee, Company Member or volunteer
  • Making a donation
  • Asking for information about us or when booking a trip on our canal boat
  • Buying a ticket for any event we arrange

This data consists of:

  • Personal details (name / email address / postal address / telephone number etc.)
  • Financial information (payment information such as credit/debit card or direct debit details, and whether donations are gift-aided. Please see 1 How We Protect Data for more information on payment security
  • In the case of volunteers, details of your interests, skills, preferences and emergency contacts and any further information required for safeguarding purposes
  • For employees, we have a legal obligation to collect, process and share information relating to payroll date to HM Revenue and Customers

Information Created By Your Involvement With Us

We may collect details about how you’ve helped us by volunteering or being involved with our activities.

Sensitive Personal Data

We do not collect or store sensitive personal data, such as information relating to beliefs or political affiliation, about Friends, Trustees, supporters, Company Members, donors, volunteers, users or customers except where sometimes it is necessary to do so where there has been an accident or other incident (see 3.4 Accidents or Incidents).

Accidents or Incidents

If an accident or incident occurs on our property or our canal boat or on property to which we have been given access then we will keep a record of this, which may include personal data and sensitive information. This information will be retained for legal reasons, for example in relation to an insurance or legal claim.

Social Media

We may collect information from social media where you have given us permission from social media where you have given us permission to do so, or if you post on one of our social media pages.

How We Use Information

We only ever use your personal data with your consent, or where it is necessary in order to:

  • Enter into, or perform, a contract with you
  • Reply to enquiries you send to us
  • Handle transactions or donations that you initiate
  • Comply with a legal duty
  • Protect your vital interests
  • For our own (or a third party’s) lawful interests, provided your rights do not override these.

In addition, if you are a Friend or a member of our 100 Club (‘member’) of ACCT supporters, because you have shown us your interest in what ACCT is doing and your wish to support us, we undertake to keep you informed about our work and how you can support us, and we feel you would expect us to do so. (This is referred to as ‘legitimate interest’ under the General Data Protection Regulations.)

In any event, we’ll only use your information for the purpose or purposes it was collected for (or else for closely related purposes).

Marketing

We use personal data to communicate with people, to promote ACCT and to help with fundraising. This includes keeping you up to date with our news, activities and fundraising. For further information on this please see

Administration

We use personal data for administrative purposes (i.e. to carry out our charity work). This includes:

  • Receiving donations (e.g. direct debits or gift-aid instructions);
  • Maintaining databases of our Friends, 100 Club members, supporters, donors, volunteers, users or customers
  • Performing our obligations under membership contracts
  • Fulfilling orders for goods or services (whether placed online, over the phone or in person)
  • Helping us respect you and preferences (e.g. if you ask not to receive marketing material, we’ll keep a record of this).

Disclosing and Sharing Data

We will never sell your personal data. We may share limited contact information (e.g. postal or email address):

  • With subcontractors or suppliers who provide us with services such as the production and distribution of our marketing materials or the supply and delivery of goods you may have ordered through us
  • Occasionally, where we partner with other organisations, for example in jointly organised events, we may also share information about people involved in such events, such as names and contact details, with them. We’ll only share information when necessary
  • We will only ever share your data with such organisations where necessary and if the privacy and security of your data are guaranteed

Marketing

Marketing includes providing or sharing information about our activities, news, boat trips, fundraising and volunteering opportunities.

Friends, supporters, members, donors, volunteers, users or customers are asked to “opt-in” for most communications but we rely on ‘legitimate interests’ to keep Friends and 100 Club members informed as to our activities and appeals. You always have the choice as to whether you want to receive these messages and how you want to receive them (by post or email) although not all communications will be available in all formats.

You can decide not to receive communications or change how we contact you at any time. If you wish to do so, please contact us as follows:

  • Email: info@acct.org.uk
  • Post: ACCT, 16-34 Graham Street, London N1 8JX)
  • Telephone: 07970 175488.

Fundraising

As a charity, we rely on donations and financial and other support to continue our work. Occasionally, we will contact Friends, supporters, members, donors, volunteers, users or customers with fundraising material and communications. We will only contact people other than Friends and 100 Club members if they have opted in to marketing and in any event you always have the choice to tell us you do not want to receive such communications.

Research and Profiling

Analysis, Profiling and Grouping

We may on occasions analyse our Friends, supporters, 100 Club members, donors, volunteers, users or customers to determine common characteristics and preferences. We do this by assessing various types of information including behaviour (e.g. previous responses) or demographic information (e.g. location) or information on preferences and interests. By doing this, we can ensure that you are provided with communications and information which is likely to be relevant to you, and that we do not waste resources by contacting people with information which is not relevant to them.

Anonymised Data

We may aggregate and anonymise personal data so that it can no longer be linked to any particular person. This information can be used for a variety of purposes, such as recruiting new Friends and supporters or contacting new users or to identify trends or patterns within our existing Friends, supporters, members, donors, volunteers, users or customers. This information helps inform our actions and improve the service we provide.

How We Protect Data

We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, use or disclosure of your personal information.

Payment Security

Friends’ and 100 Club members’ standing order mandates are sent directly to your bank for processing. We do not retain your bank details on the membership register. A copy of the mandate is held until your first payment has been received and is then deleted.

All electronic forms that we use that request financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.

If you use a credit card to make a payment or donate on-line we will pass your credit card details securely to our payment providers (currently Stripe). Other payment methods (i.e. Direct Debit and PayPal) are handled in a similar manner. We comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and never store card or account details electronically.

Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk.

Storage of Data

Where We Store Information

Our operations are based in the UK and we store our data within the UK including on secure cloud storage facilities. Some organisations which provide services to us may transfer personal data outside of the EEA, but we’ll only allow them to do so if we believe your data is adequately protected.

How Long We Store Information

We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored for depends on the information in question and what it is being used for. We may also be required to store data to satisfy legal requirements, for financial audit purposes or to satisfy insurance requirements.

If you ask us not to send you marketing emails, we may retain your email address to ensure that we do not send marketing material to that e-mail address. However, we will keep a record of your preference not to be emailed.

We may also retain your email address for other purposes, such as for administration if you are a Friend or 100 Club member or volunteer.

We continually review what information we hold and delete what is no longer required.

Your Rights and Complaints Process

Under this policy you have the right to:

  • Have confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as a subject access request)
  • Have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason)
  • Have inaccurate data corrected
  • Object to your data being used for marketing or profiling
  • Where technically feasible, personal data you have provided to us which we process automatically on the basis of your consent or the performance of a contract. This information will be provided in a common electronic format

There are exceptions to the above rights and, although we will always try to respond to your satisfaction, there may be situations where we are unable to do so.

If you would like further information on your rights or wish to exercise them, please contact using one of the following:

  • Email: info@acct.org.uk
  • Post: ACCT, 16-34 Graham Street, London N1 8JX)
  • Telephone: 07970 175488

You can complain to us directly using the contact details set above. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk or call 0303 123 1113.

Social Media Platforms

Communication, engagement and actions taken through social media platforms that we participate on are subject to the terms and conditions as well as the privacy policies held with each social media platform respectively.

We will never ask for personal or sensitive information through social media platforms and encourage you, should you wish to discuss sensitive details, to communicate through primary communication channels such as by telephone or email.

Cookies

Our website uses ‘cookies’ to provide you with the best possible experience and to make use of certain functionality. This does not entail the collection of any personal information identifying you.

Your browser lets you choose whether or not to accept, or be warned before accepting, cookies. You will find these settings in your browser’s settings.

Our website uses Google Analytics, a web analytics service provided by Google Inc. (Google). Google Analytics uses cookies to help us analyse how visitors use our website. The information generated by the cookie about your use of the website (including your IP address) will be used by Google for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing other services relating to website activity and internet usage.

The information collected by Google Analytics about usage of our website is not personally identifiable. The data is collected anonymously, stored by Google and used by us to create reports about website usage. Google’s privacy policy is available at http://www.google.com/privacypolicy.html

Privacy Policy Review

We will amend this Privacy Policy from time to time to ensure it remains compliant with prevailing legislation and accurately reflects how and why we use your personal data.

We will always post a copy of the current version of our Privacy Policy on our website.

This Privacy Policy was last updated on 2 January 2020.

Appendix A: Glossary of Abbreviations and Terms Glossary of Abbreviations

Glossary of Abbreviations

Abbreviation

Definition

ACCT

Angel Community Canal Boat Trust (also known as ‘Angel Boat’)

PCI-DSS

Payment Card Industry Data Security Standard

SSL

Secure Sockets Layer

Glossary of Terms

Term

Definition

Angel Boat

Angel II of Islington

Controller

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposed of data protection, ACCT is the controller

Cookie

A cookie is a small file of letters and numbers that is downloaded to your computer when you visit a website. Cookies are used by many websites and can do a number of things, e.g. remembering your preferences, and counting the number of people looking at a website.

Member

ACCT 100 Club member

Secure

Sockets

Layer

A standard security technology for establishing an encrypted link between a server and a client, typically a web server (website) and a browser, or a mail server and a mail client (e.g. Outlook)

User

A group, organisation or individual hiring Angel II of Islington