Last modified: 22 May 2018
Smile Train UK (“Us”, “We”, “Our” or “Smile Train”), is a charitable company limited by guarantee with registered charity number 1114748. Our registered address is: 10 Queen Street Place London UK EC4R 1BE.
We are committed to protecting your privacy and will only use the information that we collect about you lawfully in accordance with data protection legislation. This policy is intended to give you an understanding of how and why we use the information you provide to us both online (our website is located at the URL www.smiletrain.org.uk (“the Website”) and otherwise.
What information do we collect about you?
How will we use the information about you?
Marketing and Fundraising Communications
Our Legal Basis for processing data
Will we share this information with others?
How do we protect the security of personal data?
How long do we keep your data for?
Your privacy rights
How to contact us
Please read this policy carefully to understand how we will collect, use and store your data.
1. What information do we collect about you?
1.1 We collect personal data about you for a number of reasons, including communicating with you, responding to requests for information, and to process donations.
The personal data we collect can include:
1.2 On occasion, we also collect sensitive personal data about individuals, for example, health information. We will normally only record this data where we have your explicit consent, unless we are permitted to do so in other circumstances under data protection law. For example, we may make a record that a person is in a vulnerable circumstance in order to comply with requirements under charity law and the Code of Fundraising Practice to ensure that we do not send fundraising communications to them.
1.4 There is also information about your computer hardware and software that is automatically collected by Smile Train. This information can include: your IP address (the unique identifying number of a computer), the browser you use, for example Internet Explorer, Firefox etc., domain names, access times and referring Website addresses. This information is used by Smile Train for the operation of the service, to maintain and improve the quality of the service, and to provide general statistics regarding use of the Website.
2. How will we use the information about you?
We will process your data for the following reasons:
We may also analyse your personal information and create a profile of your interests and preferences. This allows us to ensure communications are relevant and timely, and provide an improved experience for our supporters. It also helps us understand the background of our supporters so that we can make appropriate requests to those who may be willing and able to give more than they already do, enabling us to raise funds sooner and more cost-effectively.
When building such a profile, we may make use of additional information about you, including geo-demographic information. This information is taken from publicly available sources, for example from public registers, such as listed Directorships, typical earnings in a geographical area, information from the electoral roll, press reports and social media posts.
3 Marketing and Fundraising Communications
3.1 It is vital that we can communicate with our supporters and tell people about the important work that Smile Train undertakes. We would love to keep you up to date with our fundraising, marketing and campaign activity. We use a range of marketing and fundraising activities and channels to contact our supporters including through our website, face-to-face fundraising, direct mail, SMS/text campaigns, telephone and email.
3.2 We will obtain your prior consent to send you information by e-mail, text and telephone. We will send you marketing materials by post on the basis of it being within our legitimate interests (see section 4 below).
3.3 We send the following types of fundraising and marketing material:
3.4 You can opt-out or update your communication preferences at any time by using the details in the “Contact us” section below. Any electronic communications will have a link to unsubscribe from future electronic communications, so you can manage your own consent. You can also opt-out of receiving marketing communications from us by signing up to the Fundraising Preference Service https://www.fundraisingregulator.org.uk/the-fundraising-preference-service/.
3.5 If you make any changes to your communication preferences, we will update your record as soon as we possibly can. It may take up to 2 months for our systems to update and stop any postal communications from being sent to you.
3.6 If you tell us you do not wish to receive marketing or fundraising communications, you may still receive transactional and service-based communications confirming and servicing other relationships you have with us, e.g., to administer your donation.
4. Our Legal Basis for Processing Data
4.1 Organisations that collect and use personal data must have a lawful basis for doing so under data protection law. The General Data Protection Regulation (“GDPR”) sets out six ways in which personal data (and additional ways for sensitive personal data) can legitimately be used. The GDPR requires us to tell you the legal basis which we rely on when processing your data. These include:
4.2 Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as its use is fair and does not adversely impact the rights of the individual concerned. When we use your personal information, we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair. Our legitimate interests include:
4.3 If you would like more information on our uses of legitimate interests or to change our use of your personal data in this manner, please get in touch with us using the details in the “Contact us” section below.
5. Will we share this information with others
5.1 We do not share, sell or rent your information to third parties for marketing purposes. We will not otherwise disclose your personal information unless required to do so by a regulatory agency or law.
5.2 Smile Train UK is a wholly owned subsidiary of Smile Train Inc. When you provide data to Smile Train UK, it will be held at the Smile Train database at its headquarters in the US. Smile Train UK and Smile Train Inc. have secure methods of data transfer in place and also comply with GDPR requirements on international data transfers by entering into an EU-approved agreement which contains the necessary model clauses.
5.3 We may allow our staff, consultants and/or external providers (data processors) acting on our behalf to access and use your information for the purposes for which you have provided to us (e.g., to deliver mailings, to analyse data and to process payments). We only provide them with the information they need to deliver the relevant service, and ensure that we have robust data processing agreements in place which govern the use and deletion of the data.
6. How do we protect the security of personal data?
6.1 All information provided to Smile Train is transmitted using SSL (Secure Socket Layer) encryption. SSL is a proven coding system that lets your browser automatically encrypt, or scramble, data before you send it to us. We also protect account information by placing it on a secure portion of our Website that is only accessible by certain qualified employees of Smile Train. Unfortunately, however, no data transmission over the Internet is 100% secure. While we strive to protect your information, we cannot ensure or warrant the security of such information.
6.2 We encourage you to review the privacy statements of websites you choose to link to from the Website so that you can understand how those sites collect, use and share your information. Smile Train UK is not responsible for the privacy statements or other content on sites outside of the Website.
6.3 The information we collect from you may be transferred to and processed and/or stored at a destination outside the European Economic Area (“EEA”). If we send your personal data outside the EEA we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your information.
7. How long do we keep your data for?
7.1 We will keep your personal data for no longer than is necessary for the purposes for which it is processed, in accordance with our internal data retention policy.
7.2 The length of time that data will be kept may depend on the reasons for which we are processing the data and on the law or regulations that the information falls under such as financial regulations, statute of limitations, Health and Safety regulation etc., or any contractual obligation we might have – such as under grant funding agreement.
7.3 Subject to the above, we will typically store data relating to donors and supporters for 7 years after their last donation or interaction, after which time it will either be deleted, archived or anonymised.
7.4 If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future.
7.5 Where possible we cleanse and remove out of date data by checking it against publicly available records such as deceased records. This helps us to improve the delivery rate of our mailings and minimise wasted expenditure.
8. Your privacy rights
8.1 You have a number of rights under data protection legislation. These include:
If you are unhappy with the way in which we have handled your personal information, please contact us using the details below. You are also entitled to make a complaint to the Information Commissioner’s Office - https://ico.org.uk/.
10. How to contact us
By phone: 0300 303 9630
By e-mail: firstname.lastname@example.org
Or write to us at:
The Smile Train UK, Supporter Care Team
York House, Wetherby Road
York YO26 7NH