Privacy Policy

Smile Train has created this Privacy Policy to explain why we collect particular information and how we will protect your personal privacy within our Website.

Privacy Policy

Smile Train UK (“Us”, “We”, “Our” or “Smile Train”), is a charitable company limited by guarantee with registered charity number 1114748. Our registered address is: 126 Fairlie Road, Slough, SL1 4PY.

We are committed to protecting your privacy and will only use the information that we collect about you lawfully in accordance with data protection legislation. This policy is intended to give you an understanding of how and why we use the information you provide to us both online (our website is located at the URL www.smiletrain.org.uk (“the Website”)) and otherwise.

The Website is not intended for children and we do not generally or knowingly collect information relating to children. For more information see the 'Children's data' section below

Because we want to demonstrate our commitment to your privacy, this Privacy Policy notifies you of:

Please read this policy carefully to understand how we will collect, use and store your personal information.

Questions regarding this statement should be directed to Smile Train by sending an email to ukinfo@smiletrain.org. Please reference this Privacy Policy in your subject line.

1. What personal information do we collect about you?

1.1 We collect personal information about you for a number of reasons, including communicating with you, responding to requests for information, and to process donations.

The personal information we collect can include:

  • Your full name;
  • postal address
  • telephone number(s)
  • email address
  • bank details
  • credit and debit card details;
  • records of your correspondence with us
  • your communication preferences
  • donation and gift aid details
  • your connection to the charity
  • your participation in charity events and campaigns;
  • IP addresses
  • CV or application for any job advertised in our 'Careers' section;
  • information you may enter onto the Website;
  • information we obtain from the public domain; and
  • other information you share with us.

1.2 On occasion we also collect sensitive personal data about individuals, for example, health information (including their connection to cleft). We will normally only record this data where we have your explicit consent, unless we are permitted to do so in other circumstances under data protection law. For example, we may make a record that a person is in a vulnerable circumstance in order to comply with requirements under charity law and the Code of Fundraising Practice to ensure that we do not send fundraising communications to them.

1.3 We also collect information about the use of our website using cookies (see our Cookie Policy).

1.4 There is also information about your computer hardware and software that is automatically collected by Smile Train. This information can include: your IP address (the unique identifying number of a computer), the browser you use, for example Internet Explorer, Firefox etc., domain names, access times and referring Website addresses. This information is used by Smile Train for the operation of the service, to maintain and improve the quality of the service, and to provide general statistics regarding use of the Website.

2. How will we use the personal information about you?

We will process your personal information for the following reasons:

To administer your donation including processing Gift Aid;

To acknowledge donations and send a thank you letter

To deliver services, literature and/or other materials and information you have requested from us;

To send you updates about our work and charitable programmes, along with information about how you can help us raise funds, get involved with the charity, and participate in our events.

For our own internal administrative purposes and to keep a record of your relationship with us;

To manage your communication preferences;

To create profiles of our supporters and potential supporters, in order to more effectively and efficiently fundraise (see section 3 below

To conduct research, for example, via surveys about your opinion of current services offered by Smile Train or of potential new services which may be offered;

To administer and send you information about our legacy programme;

To review your application to work for STUK and to communicate with you about your job application

To comply with applicable laws and regulations, and requests from statutory agencies.

3. Profiling and prospect research

3.1 We may analyse your personal information and create a profile of your interests and preferences as part of our fundraising activities. This allows us to ensure communications are relevant and timely, and provide an improved experience for our supporters. It also helps us understand the background of our supporters and prospective supporters so that we can make appropriate requests to those who may be willing and able to give more than they already do, enabling us to raise funds sooner and more cost-effectively.

3.2 When building such a profile, we may make use of additional information about you, including geo-demographic information. This information is taken from publicly available sources, for example from public registers, such as listed Directorships and trusteeships on the Companies House and Charity Commission registers, typical earnings and house prices in a geographical area, information from the electoral roll, press reports and social media posts. The type of information we collect can include a career overview, gift capacity and measures of affluence, areas of interest, and history of giving to charities/ public information on any philanthropic activities.

3.3 We sometimes use third parties to capture some of this data on our behalf and assist with our prospect research activities, but only where we are confident that the third party will treat your data securely, in accordance with our terms and in line with the requirements set out in the UK GDPR.

3.4 We may also from time to time engage specialist prospect research and wealth-screening agencies to assist with our profiling activities, but only where we are confident that they will treat your data securely. This includes screening our supporter database against the agency’s demographic database in order to assess (based on estimated levels of wealth), whether our existing supporters may have the capacity and propensity to provide greater financial or other support to Smile Train UK. This enables us to communicate and engage with supporters in the most appropriate and relevant ways.

3.5 If you do not want us to use your personal information for profiling and research purposes, then you can ask us not to by contacting us using the details in the “Contact Us” section below.

4. Social Media Tools

4.1 We may use your personal information to participate in Facebook's Custom Audience and Lookalike Audience programs, which enable us to display adverts to both existing and potential supporters when they visit Facebook (and/ or Instagram which is also operated by Facebook). We choose to use Facebook Audience tools as a means to reach our current supporters and new supporters in order to pursue fundraising in the most cost-effective way. We may provide your personal information, including (currently) your email address, name, phone number and postal address to Facebook so that it can determine whether you are a registered account holder with them. Our adverts may then appear when you access their platforms. Your personal data is sent in an encrypted format which is deleted by Facebook (a) if it does not match with an account or (b) after they confirm you are an account holder.

4.2 When we work with Facebook to identify you on their platform and provide you with our adverts, we are joint controllers of your personal information with Facebook. We have an agreement with Facebook which sets out our responsibilities to you – for example, we are responsible for informing you about this activity. Both we and Facebook are responsible for keeping your information secure, and you can exercise your privacy rights against each of us individually. For more detailed information please see https://www.facebook.com/business/help/744354708981227 and Facebook's data policy.

4.3 If you do not want us to share your personal information with Facebook, then you can ask us not to by contacting us using the details in the "Contact Us" section below.

4.4 We rely on legitimate interests to process your personal information for these purposes (see section 6 below). You can see our legitimate interest assessment for this activity at this link: https://www.smiletrain.org.uk/legitimate-interests-assessment

5. Marketing and Fundraising Communications

5.1 It is vital that we can communicate with our supporters and tell people about the important work that Smile Train undertakes. We would love to keep you up to date with our fundraising, marketing and campaign activity. We use a range of marketing and fundraising activities and channels to contact our supporters including through our website, social media, direct mail, SMS/text campaigns, telephone and email, as well as television advertising.

5.2 We will obtain your prior consent to send you information by e-mail, text and telephone. We will send you marketing materials by post on the basis of it being within our legitimate interests (see section 6 below).

5.3 We send the following types of fundraising and marketing material:

Updates about Smile Train's work and programmes including newsletters and other publications about our work and campaigns;

Fundraising appeals including requests for donations, information about how you can leave a legacy to us in your will, how you can raise money on our behalf or attend or take part in a fundraising event;

Invites to our fundraising and challenge events such as our annual golf day and carol concert, or runs, hikes and other challenges you can participate in and

Information about how you can volunteer to help support Smile Train by giving up your time or using your influence to progress our aims, along with updates on the impact of your work.

5.4 You can opt-out or update your communication preferences at any time by using the details in the “Contact us” section below. Any electronic communications will have a link to unsubscribe from future electronic communications, so you can manage your own consent. You can also opt-out of receiving marketing communications from us by signing up to the Fundraising Preference Service.

5.5 If you make any changes to your communication preferences, we will update your record as soon as we possibly can. It may take up to 2 months for our systems to update and stop any postal communications from being sent to you.

5.6 If you tell us you do not wish to receive marketing or fundraising communications, you may still receive transactional and service-based communications confirming and servicing other relationships you have with us e.g. to administer or acknowledge your donation.

6. Our Legal Basis for processing personal information

6.1 Organisations that collect and use personal information must have a lawful basis for doing so under data protection law. The UK General Data Protection Regulation (“UK GDPR”) sets out six 'lawful bases' upon which personal information (and additional conditions for sensitive personal data) can legitimately be used. The UK GDPR requires us to tell you the legal basis which we rely on when processing your personal information. These include:

  • Obtaining your (explicit) consent to use your personal information for a particular purpose (for example to send you direct marketing by e-mail or SMS or to collect sensitive personal data);
  • Where the use of the personal information is in our “legitimate interests” (see section 6.2 below for more information);
  • Where we need to process your personal information in order to perform our obligations under a contract that we have entered into with you (for example to provide you with event tickets or other goods or services that you have purchased from us); and
  • To process personal information where we are under a legal obligation to do so (for example to process your gift aid declaration).

6.2 Personal information may be legally collected and used if it is necessary for a legitimate interest of the organisation or a third party using the personal information, as long as its use is fair and does not adversely impact the rights of the individual concerned. When we use your personal information, we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair. Our legitimate interests include:

  • Charity Governance, including delivery of our charitable purposes, statutory and financial reporting and other regulatory compliance purposes and intergroup transfers of personal information between Smile Train UK and Smile Train Inc.;
  • Administration and operational management, including responding to solicited enquires, providing information that you have requested, research, events management, the administration of volunteers and employment and recruitment requirements.
  • Fundraising and Campaigning, , including administering campaigns and donations, and sending direct marketing by post and social media, sending thank you letters, analysis, profiling (including our supporter research as set out in section 3), targeting and segmentation to develop communication strategies (including our use of social media as set out in section 4) and maintaining communication suppressions.

6.3 If you would like more information on our uses of legitimate interests or to change our use of your personal information in this manner, please get in touch with us using the details in the “Contact us” section below.

7. Will we share personal information with others?

7.1 We do not share, sell or rent your personal information to third parties for marketing purposes. We will not otherwise disclose your personal information unless required to do so by a regulatory agency or law.

7.2 Smile Train UK is a wholly owned subsidiary of Smile Train Inc. When you provide personal information to Smile Train UK it will be held as part of the Smile Train database at its headquarters in the US. Smile Train UK and Smile Train Inc. have secure methods of data transfer in place and also comply with UK GDPR requirements on international data transfers by entering into an ICO-approved agreement which contains appropriate safeguards. If you have any questions about this arrangement, please get in touch with us using the details in the “Contact us” section below.

7.3 We may allow our staff, consultants and/or external providers (processors) acting on our behalf to access and use your personal information for the purposes for which you have provided it to us/ are set out in this Policy (e.g. to deliver mailings, to analyse data and to process payments). We only provide them with the information they need to deliver the relevant service, and ensure that we have robust data processing agreements in place which govern the use and deletion of personal information.

7.4 In addition, we reserve the right to disclose your personal information to third parties, such as regulatory bodies, law enforcement agencies and professional advisers such as lawyers, accountants and auditors:

  1. in the event that we sell or buy any business or assets, in which case we will disclose your personal information to the (prospective) seller or buyer of such business or assets;
  2. if substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets
  3. if we are under any legal or regulatory duty to do so; and/or
  4. to protect the rights, property or safety of Smile Train, its personnel or others.

8. How do we protect the security of personal information?

8.1 All information provided to Smile Train is transmitted using SSL (Secure Socket Layer) encryption. SSL is a proven coding system that lets your browser automatically encrypt, or scramble, data before you send it to us. We also protect account information by placing it on a secure portion of our Website that is only accessible by certain qualified employees of Smile Train. Unfortunately, however, no data transmission over the Internet is 100% secure. While we strive to protect your personal information, we cannot ensure or warrant the security of such information.

8.2 We encourage you to review the privacy statements of websites you choose to link to from the Website so that you can understand how those sites collect, use and share your personal information. Smile Train UK is not responsible for the privacy statements or other content on sites outside of the Website.

9. International Data Transfers

9.1 The personal information we collect from you may be transferred to and processed and/or stored at a destination outside the UK and EU (including the US). Some countries outside of the UK and the EU have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. If we send your personal information outside the UK and EU we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your information (such as entering into the EU approved standard contractual clauses).  If you have any questions about the international data transfers we make, please get in touch with us using the details in the “Contact us” section below.

10. How long do we keep your personal information for?

10.1 We will keep your personal information for no longer than is necessary for the purposes for which it is processed, in accordance with our internal data retention policy.

10.2 The length of time that personal information will be kept may depend on the reasons for which we are processing the information and on the law or regulations that the information falls under such as financial regulations, statute of limitations, Health and Safety regulation etc., or any contractual obligation we might have – such as under grant funding agreements.

10.3 Subject to the above, we will typically store personal information relating to donors and supporters for 7 years after their last donation or interaction with us, after which time it will either be deleted, archived or anonymised.

10.4 If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future.

10.5 Where possible we cleanse and remove out of date personal information by checking it against publicly available records such as deceased records. This helps us to improve the delivery rate of our mailings and minimise wasted expenditure.

11. Children's Data

Smile Train UK does not generally target or intentionally collect the personal information of children. If we become aware that you are under 16 years of age, we may ask to speak to your parent, guardian or responsible adult (e.g. your teacher or school) in order to collect any necessary consent from them to use your personal information, or we may simply erase your personal information from our records.

12. Your privacy rights

12.1 You have a number of rights under data protection legislation. These include:

  1. Right of access
    You have the right to know what personal information we hold about you and to ask, in writing, to see your records. We will provide you with details of the records we hold as soon as possible and at the latest within one month, unless the request is complex or we can rely on exemptions to withhold the personal information. We may require proof of identity before we are able to release the personal information to you. Please use the details in the “Contact us” section below if you would like to exercise this right.
     
  2. Right to withdraw consent
    Where we process your personal information on the basis of your consent (for example, to send you marketing texts or e-mails) you can withdraw that consent at any time. To do this, or to discuss this right further with us, please contact us using the details in the “Contact us” section below.
     
  3. Right to object
    You also have a right to object to us processing your personal information where we are processing it for direct marketing purposes, or where we are relying on the legitimate interests basis to do so (for example, to send you direct marketing by post). To do this, or to discuss this right further with us, please contact us using the details in the “Contact us” section below.
     
  4. Right to restrict processing
    In certain situations you have the right to ask for processing of your personal information to be restricted because there is some disagreement about its accuracy or legitimate use.
     
  5. Right of erasure
    In some cases, you have the right to be forgotten (i.e. to have your personal information deleted from our database). Where you have requested that we do not send you marketing materials we will need to keep some limited information in order to ensure that you are not contacted in the future.
     
  6. Right of rectification
    If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. To update your records please get in touch with us using the details in the “Contact us” section below.
     
  7. Right to data portability
    Where we are processing your personal information because you have given us your consent to do so or because it is necessary for us to process your personal information for the performance of a contract, you have the right to request that your personal information (that you have provided to us) is transferred from Smile Train to you or a third party in a commonly used format.

Complaints

If you are unhappy with the way in which we have handled your personal information, please contact us using the details below. You are also entitled to make a complaint to the Information Commissioner's Office - https://ico.org.uk/. We always appreciate the opportunity to discuss complaints with you before you feel it is necessary to approach the Information Commissioner's Office.

13. How will we let you know of changes to our privacy policy?

We may update this policy from time to time without notice to you, so please check it regularly. We will however aim to bring any significant changes to your attention. The privacy policy was last updated in February 2023.

14. How to contact us

Please contact us if you have any questions about our privacy policy or personal information we hold about you:

By phone: 0300 124 5205

By e-mail: ukinfo@smiletrain.org

Or write to us at:
The Smile Train UK, Supporter Care Team
126 Fairlie Road,
Slough, SL1 4PY