We make every effort to safeguard your privacy and this policy explains the data processing we do and how we do it.
What information do we collect and store?
We collect the following information when you use the Platform:
1. information which you give to us when you register including your name, address, your e-mail address and your telephone number;
2. information which you provide to us through your use of the Website, including any information you provide in relation to Gift Aid;
3. your IP address and information about your browser when you register with easyfundraising and visit the site;
5. information in relation to searches, websites you visit, and the Donations you make to Good Causes through the Platform;
6. information in relation to the purchases you make from retailers which relate to Donations.
7. information in relation to the social networks you use to connect to the Platform;
8. information and data in respect of Good Causes;
9. if you use our easysearch product, details of your searches;
10. if you contact our support team, written details of the enquiry and its resolution;
11. if the Platform or one of its components malfunctions, details of any request made / action performed, in order to help us diagnose and fix the problem;
12. if you complete a shopping survey, your answers.
We store all of the information described above (and details of emails and notifications that we send you) against your user identification number which we assign to you when you register with us on the Platform.
We will also receive information about you which is collected by our retailers (and affiliate networks) in respect of the actions you perform on their websites and within their network. Supporters are able to raise monies for Good Causes through our arrangements with certain retailers (either directly or through affiliate networks). They pay monies to us and we hold them (as agent) before paying them to Good Causes. The collection of such information by third parties is governed by their privacy and cookies policies.
We do not collect or store your financial information unless you are a Good Cause Administrator and you have asked for Donations you have raised to be paid by BACS, in which case we shall retain the relevant account details.
What do we use the information for?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances which describes the lawful basis for use:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
We want to give our users the best possible service and need key information to provide our fundraising service to you. Therefore, the main use of the information we collect is to enable the core functioning of the Platform for you and other users.
In addition, we use the information provided by you and the information we collect about your use of the Platform to offer you a more personalised service to enhance your fundraising efforts. To do this, we rely on our legitimate interests to provide you with the most effective Platform and fundraising service. This use of your information includes, but is not limited to, customising the offers that we send to you via email, SMS or other means, customising the look and feel of the Platform, customising fundraising tips and ideas that we share with you. You can opt-out of personalisation by setting the preferences in the 'Preferences' section of the 'My Account' area of the Platform. We may still send you offers and fundraising tips but we will no longer use your personal data to customise them.
We may use the data collected by us to contact you by telephone, e-mail, SMS or other means, to update you of new products, services, or changes to our service or your account. We will only advise you of products that we believe will be of interest to you and help raise funds for your selected organisation or charity. You can tell us to stop sending you communications information about you at any time by using the My Preferences section of the 'My Account' area or by sending an e-mail to firstname.lastname@example.org or clicking the 'unsubscribe' link within any of our marketing emails.
We may contact you by SMS in relation to the use of your account. However, if you no longer wish to be contacted by SMS, please reply to any texts we have sent by texting "STOP" to the number included within the text we originally sent you
We will also contact you if there are any important changes to your account or if we have any concerns in relation to your account, any of your information is at risk, if there is any unusual activity in relation to your account or if we have queries or information regarding a specific donation or purchase.
Information collected will also be used to improve the Platform, monitor how the Platform is being used, how it is performing, including detecting problems in its functioning.
We may use your information in an aggregated and anonymised form for analytic purposes, trend analysis and to inform how we evolve the easyfundraising service.
We take secure backups of information held in the Platform for disaster recovery purposes. These backups include information provided by you or collected by us as outlined in ‘What information we collect’ section of this policy.
Any personal information you provide to us will only be used by us, our agents and service providers, and will not be disclosed unless we are obliged or permitted to do so by law.
Other than as described below, we will not pass on your personal details to any third party without your permission.
What information do we share with third parties?
We may share your information with third parties in the following circumstances:
1. Good Cause: we share a Supporter's name and information regarding his/her behaviour on the Website and how much money a Supporter has raised with its Good Cause;
2. Good Cause: we share your Gift Aid Declaration and email address with your Good Cause where it has requested it in order to claim Gift Aid on your Donation. The Good Cause may also pass this information to HMRC; and
3. Facebook: we may share your email address with Facebook so that they can send you targeted marketing communications through their site in order to help you use the Platform. Facebook may also use the email addresses to algorithmically assemble a group of members whose profiles indicate similar online behaviour to yours and these members may then be targeted with advertisements concerning our Platform and services. Please note, we take all necessary steps to ensure any information provided to Facebook is not accessible publicly through their site.
3. Third Party Competitions: if Easyfundraising operates a competition, it may do so in conjunction with third parties in which case details of what information and how it will be shared will be provided to you as part of the competition rules;
4. Sale of Easyfundraising: in relation to the sale of some or all Easyfundraising's business, or its assets, to a third party, or as part of any business restructuring or reorganisation. In such circumstances we will take steps to notify you and to ensure your privacy rights continue to be protected;
5. Law Enforcement Agencies: with law enforcement agencies (if required to do so by a court order or for the purposes of prevention of fraud or other crime).
6. IT, Email & System Administration Service Providers: we use a range of 3rd party service providers to run and administer our Platform. We ensure that all providers adhere to the same level of data protection as Easyfundraising. For the purposes of Data Protection Legislation, these 3rd parties are data processors
Lawful Basis for Sharing
In each of the instances where we may share data as set out above, the relevant lawful basis for processing is our legitimate interests. This sharing helps us to provide a more tailored service to you and other users and helps us to promote the Good Causes registered on the Platform.
Data Retention Periods
We retain the data outlined in the above sections for the following time periods:
- Where we collect data for the operation of our core fundraising service, we will retain that data for the entire period that you remain a supporter.
- Where we collect data for the purposes of personalising our service for you, we will retain and process that data for the purpose of personalisation for the entire period that you remain a supporter.
- Where we capture data about the Platform performance and usage, we will retain that data for the entire period that you remain a supporter.
- We will retain data created for the purposes of diagnosing and resolving problems with the Platform for a period of 6 months.
- We will use the information we collect to create aggregated and anonymised analytics and trend analysis and the applicable retention period set out above will apply to that anonymised data.
- We retain secure copies of our data backups for a period of 6 months.
Ctrlio Mobile Deals Tool
Sharing information on the Platform
We may share your first name and first initial of your name on the page of your Good Cause so other users can see it and the amount you have raised. We may also link the money you have raised to a specific retailer or affiliate network. If you do not want us to do this, please use the 'My Account' section on the Website to tell us you wish to remain anonymous.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Transferring information abroad or to others
We do not transfer information outside the EEA unless we need to transfer information abroad specifically to ensure that the service you seek is properly provided to you where that service is provided in whole or in part from abroad.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
If we sell or otherwise dispose of the site, our business, or part of it in any way, the information will go with it but we will seek similar safeguards for you as these.
Please contact us at email@example.com if you want further information on the mechanisms used by us when transferring personal data out of the EEA.
You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You can request a copy of your data via the ‘Easyfundraising Data’ section of the ‘My Account’ area.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. You can correct the data you have supplied to us in the 'My Account' area of the website.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. We delete all personal information collected in relation to Supporters and Good Causes if the data subject cancels his/her registration with the Website, although we may retain such information in anonymised form. You may request that we delete your account and all information relating to your account by using the Delete Your Account functionality in the 'Easyfundraising Data' area of the 'My Account' section of the website or sending an email to us at firstname.lastname@example.org with the heading 'DELETE ACCOUNT'.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. Options for managing this can be found in the 'Preferences' section of the 'My Account' area.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Options for managing this can be found in the 'Preferences' section of the 'My Account' area.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. You can request a copy of your data via the ‘Easyfundraising Data’ section of the ‘My Account’ area.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please use the ‘My Account’ area of the Platform, or contact us. email@example.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If, at any time, you would like to contact Easyfundraising about your views on this Policy, or in relation to your rights in respect of your personal information, you can do so by sending an e-mail to our Data Protection Office, Louise Mullock at firstname.lastname@example.org.