Smile Train Privacy Policy

Last modified: 22 May 2018

Smile Train UK (“Us”, “We”, “Our” or “Smile Train”), is a charitable company limited by guarantee with registered charity number 1114748. Our registered address is: 10 Queen Street Place London UK EC4R 1BE.

We are committed to protecting your privacy and will only use the information that we collect about you lawfully in accordance with data protection legislation. This policy is intended to give you an understanding of how and why we use the information you provide to us both online (our website is located at the URL www.smiletrain.org.uk (“the Website”) and otherwise.

To further understand how we gather information from children, see our Privacy Policy for Children under the Age of 13 (https://smiletrain.org.uk/about/childrens-privacy-policy-uk).

Because we want to demonstrate our commitment to your privacy, this Privacy Policy notifies you of:

What information do we collect about you?
How will we use the information about you?
Marketing and Fundraising Communications
Our Legal Basis for processing data
Will we share this information with others?
How do we protect the security of personal data?
How long do we keep your data for?
Your privacy rights
How will we let you know of changes to our privacy policy?
How to contact us

Please read this policy carefully to understand how we will collect, use and store your data.

Questions regarding this statement should be directed to Smile Train by sending an email to [email protected]. Please reference this Privacy Policy in your subject line.

1. What information do we collect about you?

1.1 We collect personal data about you for a number of reasons, including communicating with you, responding to requests for information, and to process donations.

The personal data we collect can include:

  1. Your full name;
  2. postal address;
  3. telephone number(s);
  4. email address;
  5. bank details;
  6. credit and debit card details;
  7. records of your correspondence with us;
  8. your communication preferences;
  9. donation and gift aid details;
  10. your connection to the charity;
  11. your participation in charity events and campaigns;
  12. IP address;
  13. information you may enter onto the Website; and
  14. other information you share with us.

1.2 On occasion, we also collect sensitive personal data about individuals, for example, health information. We will normally only record this data where we have your explicit consent, unless we are permitted to do so in other circumstances under data protection law. For example, we may make a record that a person is in a vulnerable circumstance in order to comply with requirements under charity law and the Code of Fundraising Practice to ensure that we do not send fundraising communications to them.

1.3 We also collect information about the use of our website using cookies (see our Cookie Policy at https://smiletrain.org.uk/about/cookie-policy-uk).

1.4 There is also information about your computer hardware and software that is automatically collected by Smile Train. This information can include: your IP address (the unique identifying number of a computer), the browser you use, for example Internet Explorer, Firefox etc., domain names, access times and referring Website addresses. This information is used by Smile Train for the operation of the service, to maintain and improve the quality of the service, and to provide general statistics regarding use of the Website.

2. How will we use the information about you?

We will process your data for the following reasons:

  1. To administer your donation including processing Gift Aid;
  2. To acknowledge donations and send a thank you letter;
  3. To deliver services, literature and/or other materials and information you have requested from us;
  4. To send you updates about our work and charitable programmes, along with information about how you can help us raise funds, get involved with the charity and participate in our events.
  5. For our own internal administrative purposes and to keep a record of your relationship with us;
  6. To manage your communication preferences;
  7. To conduct research, for example, via surveys about your opinion of current services offered by Smile Train or of potential new services which may be offered;
  8. To administer and send you information about our legacy programme;
  9. To conduct surveys, research and gather feedback; and
  10. To comply with applicable laws and regulations, and requests from statutory agencies.

We may also analyse your personal information and create a profile of your interests and preferences. This allows us to ensure communications are relevant and timely, and provide an improved experience for our supporters. It also helps us understand the background of our supporters so that we can make appropriate requests to those who may be willing and able to give more than they already do, enabling us to raise funds sooner and more cost-effectively.

When building such a profile, we may make use of additional information about you, including geo-demographic information. This information is taken from publicly available sources, for example from public registers, such as listed Directorships, typical earnings in a geographical area, information from the electoral roll, press reports and social media posts.

3 Marketing and Fundraising Communications

3.1 It is vital that we can communicate with our supporters and tell people about the important work that Smile Train undertakes. We would love to keep you up to date with our fundraising, marketing and campaign activity. We use a range of marketing and fundraising activities and channels to contact our supporters including through our website, face-to-face fundraising, direct mail, SMS/text campaigns, telephone and email.

3.2 We will obtain your prior consent to send you information by e-mail, text and telephone. We will send you marketing materials by post on the basis of it being within our legitimate interests (see section 4 below).

3.3 We send the following types of fundraising and marketing material:

  • Updates about Smile Train’s work and programmes including newsletters and other publications about our work and campaigns;
  • Fundraising appeals including requests for donations, information about how you can leave a legacy to us in your will, how you can raise money on our behalf or attend or take part in a fundraising event;
  • Invites to our fundraising and challenge events such as our annual golf day and carol concert, or runs, hikes and other challenges you can participate in; and
  • Information about how you can volunteer to help support Smile Train by giving up your time or using your influence to progress our aims, along with updates on the impact of your work.

3.4 You can opt-out or update your communication preferences at any time by using the details in the “Contact us” section below. Any electronic communications will have a link to unsubscribe from future electronic communications, so you can manage your own consent. You can also opt-out of receiving marketing communications from us by signing up to the Fundraising Preference Service https://www.fundraisingregulator.org.uk/the-fundraising-preference-service/.

3.5 If you make any changes to your communication preferences, we will update your record as soon as we possibly can.  It may take up to 2 months for our systems to update and stop any postal communications from being sent to you.

3.6 If you tell us you do not wish to receive marketing or fundraising communications, you may still receive transactional and service-based communications confirming and servicing other relationships you have with us, e.g., to administer your donation.

4. Our Legal Basis for Processing Data

4.1 Organisations that collect and use personal data must have a lawful basis for doing so under data protection law. The General Data Protection Regulation (“GDPR”) sets out six ways in which personal data (and additional ways for sensitive personal data) can legitimately be used. The GDPR requires us to tell you the legal basis which we rely on when processing your data. These include:

  • Obtaining your consent to use your data for a particular purpose (for example, to send you direct marketing by e-mail or SMS or to collect sensitive personal data);
  • Where the use of the data is in our “legitimate interests” (see below for more information);
  • Where we need to process your data in order to perform our obligations under a contract that we have entered into with you (for example, to provide you with event tickets or other goods or services that you have purchased from us); and
  • To process data where we are under a legal obligation to do so (for example, to process your gift aid declaration).

4.2 Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as its use is fair and does not adversely impact the rights of the individual concerned. When we use your personal information, we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair. Our legitimate interests include:

  • Charity Governance, including delivery of our charitable purposes, statutory and financial reporting and other regulatory compliance purposes and intergroup transfers of data between Smile Train UK and Smile Train Inc.;
  • Administration and operational management, including responding to solicited enquires, providing information that you have requested, research, events management, the administration of volunteers and employment and recruitment requirements.
  • Fundraising and Campaigning, includingadministering campaigns and donations, and sending direct marketing by post, sending thank you letters, analysis, targeting and segmentation to develop communication strategies and maintaining communication suppressions.

4.3 If you would like more information on our uses of legitimate interests or to change our use of your personal data in this manner, please get in touch with us using the details in the “Contact us” section below.

5. Will we share this information with others

5.1 We do not share, sell or rent your information to third parties for marketing purposes. We will not otherwise disclose your personal information unless required to do so by a regulatory agency or law.

5.2 Smile Train UK is a wholly owned subsidiary of Smile Train Inc. When you provide data to Smile Train UK, it will be held at the Smile Train database at its headquarters in the US. Smile Train UK and Smile Train Inc. have secure methods of data transfer in place and also comply with GDPR requirements on international data transfers by entering into an EU-approved agreement which contains the necessary model clauses.

5.3 We may allow our staff, consultants and/or external providers (data processors) acting on our behalf to access and use your information for the purposes for which you have provided to us (e.g., to deliver mailings, to analyse data and to process payments). We only provide them with the information they need to deliver the relevant service, and ensure that we have robust data processing agreements in place which govern the use and deletion of the data.

6. How do we protect the security of personal data?

6.1 All information provided to Smile Train is transmitted using SSL (Secure Socket Layer) encryption. SSL is a proven coding system that lets your browser automatically encrypt, or scramble, data before you send it to us. We also protect account information by placing it on a secure portion of our Website that is only accessible by certain qualified employees of Smile Train. Unfortunately, however, no data transmission over the Internet is 100% secure. While we strive to protect your information, we cannot ensure or warrant the security of such information.

6.2 We encourage you to review the privacy statements of websites you choose to link to from the Website so that you can understand how those sites collect, use and share your information. Smile Train UK is not responsible for the privacy statements or other content on sites outside of the Website.

6.3 The information we collect from you may be transferred to and processed and/or stored at a destination outside the European Economic Area (“EEA”). If we send your personal data outside the EEA we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your information.

7. How long do we keep your data for?

7.1 We will keep your personal data for no longer than is necessary for the purposes for which it is processed, in accordance with our internal data retention policy.  

7.2 The length of time that data will be kept may depend on the reasons for which we are processing the data and on the law or regulations that the information falls under such as financial regulations, statute of limitations, Health and Safety regulation etc., or any contractual obligation we might have – such as under grant funding agreement.

7.3 Subject to the above, we will typically store data relating to donors and supporters for 7 years after their last donation or interaction, after which time it will either be deleted, archived or anonymised.

7.4 If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future.

7.5 Where possible we cleanse and remove out of date data by checking it against publicly available records such as deceased records. This helps us to improve the delivery rate of our mailings and minimise wasted expenditure.

8. Your privacy rights

8.1 You have a number of rights under data protection legislation. These include:

  • Right of access

    You have the right know what information we hold about you and to ask, in writing, to see your records. We will provide you with details of the records we hold as soon as possible and at latest within one month, unless the request is complex. We may require proof of identity before we are able to release the data. Please use the details in the “Contact us” section below if you would like to exercise this right.
     
  • Right to be informed

    You have the right to be informed how your personal data will be used. This policy as well as any additional information or notice that is provided to you either at the time you provided your details, or otherwise, is intended to provide you with this information.
     
  • Right to withdraw consent

    Where we process your data on the basis of your consent (for example, to send you marketing texts or e-mails) you can withdraw that consent at any time. To do this, or to discuss this right further with us, please contact us using the details in the “Contact us” section below.
     
  • Right to object

    You also have a right to object to us processing data where we are relying on it being within our legitimate interests to do so (for example, to send you direct marketing by post). To do this, or to discuss this right further with us, please contact us using the details in the “Contact us” section below.
     
  • Right to restrict processing

    In certain situations, you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.
     
  • Right of erasure

    In some cases, you have the right to be forgotten (i.e., to have your personal data deleted from our database). Where you have requested that we do not send you marketing materials, we will need to keep some limited information in order to ensure that you are not contacted in the future.
     
  • Right of rectification

    If you believe our records are inaccurate, you have the right to ask for those records concerning you to be updated. To update your records, please get in touch with us using the details in the “Contact us” section below.
     
  • Right to data portability

    Where we are processing your personal data because you have given us your consent to do so, you have the right to request that the data is transferred from one service provider to another.

Complaints

If you are unhappy with the way in which we have handled your personal information, please contact us using the details below. You are also entitled to make a complaint to the Information Commissioner’s Office - https://ico.org.uk/.

9. How will we let you know of changes to our privacy policy?

We may update this policy from time to time without notice to you, so please check it regularly. We will however aim to bring any significant changes to your attention. The privacy policy was last updated in May 2018.

10. How to contact us

Please contact us if you have any questions about our privacy policy or information we hold about you:

By phone: 0300 303 9630

By e-mail: [email protected]

Or write to us at:

The Smile Train UK, Supporter Care Team
York House, Wetherby Road
York YO26 7NH