Privacy Notice / Policy

The privacy and security of your personal information is extremely important to us.

This privacy notice explains how and why we use your personal data, to make sure you stay informed and can be confident about giving us your information. We will keep our privacy notice and data protection policy updated to show you all the things we do with your personal data. This notice applies if you are a supporter of DFN UK (donor, volunteer, employee, sponsor, person who has requested information/updates) or use any of our services, visit our website, email, call or write to us. In certain circumstances we may also provide an extra privacy notice, which will always refer to this policy.  This notice/policy should be read in conjunction with the DFN UK Data Protection Policy (available on request).

We will never sell your personal data and will only share it with organisations we work with when it is necessary and the privacy and security of your data is assured. 

1: Who are ‘we’?

In this policy, whenever you see the words ‘we’, ‘us’, ‘our’, ‘DFN UK’, it refers to Freedom Network International which is a registered Charity number 1122937, company limited by guarantee number 06256996. 

If you have any questions in relation to this privacy policy or how we use your personal data they should be sent to dpo@dfn.org.uk addressed to the Data Protection Officer, DFN UK.

2: What personal data do we collect?

Your personal data (any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, email address) will be collected and used by us. We will only collect the personal data that we need. 

We collect personal data in connection with specific activities such as donations, volunteering, sponsorship, employment, interest in our work, etc. 

You can give us your personal data by filling in forms on our website, by registering to use our website, signing up at events, subscribing to take part in social media functions on our website, by corresponding with us (by phone, email or by mail), or being involved in an Action Group. 

This personal data you give us may include name, title, address, date of birth, age, gender, employment status, demographic information, email address, telephone numbers, personal description, photographs, attitudes, opinions.

2.1 Personal data provided by you

This includes information you give when interacting with us. For example:

• Personal details (name, date of birth, email, address, telephone, and so on) when you become a volunteer, sponsor or employee
• Financial information (payment information such as credit or debit card or direct debit details, and whether donations are gift-aided) when you donate to our work

We may automatically collect the following information:

• Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and if you access our website via your mobile device we will collect your unique phone identifier
• Information about your visit, including, but not limited to the full Uniform Resource Locators (URL) and query string, clickstream to, through and from our website (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as but not limited to scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our office number
• The terms that you use to search our website

Please note that certain services on our website will not be available to you until you have registered to use our website.

2.2 Personal data created by your involvement with us

Your activities and involvement with us will result in personal data being created. This could include details of how you have helped us by volunteering, sponsoring or being involved with our campaigns and activities. If you decide to donate to us, then we will keep records of when and how much you give to a particular cause.  

2.3 Information we generate

We conduct research and analysis on the information we hold, which can in turn generate personal data. For example, by analysing your interests and involvement with our work we may be able to build a profile which helps us decide which of our events and activities are likely to interest you.

3: How we use your personal data

We will only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation (GDPR), the UK Data Protection Act and the Privacy of Electronic Communication Regulations.

Personal data provided to us will be used for the purpose or purposes outlined in any fair processing notice in a transparent manner at the time of collection or registration where appropriate, in accordance with any preferences you express. If asked by the police, or any other regulatory or government authority investigating suspected illegal activities, we may need to provide your personal data.

Your personal data may be collected and used to help us deliver our charitable activities, help us raise funds, or communicate with you in respect of your sponsorship of children’s education in India. Below are the main uses of your data which depend on the nature of our relationship with you and how you interact with our various services, websites and activities. 

3.1 Promotional communications 

Your privacy is important to us, so we will always keep your details secure. We would like to use your details to keep in touch about things that may matter to you. 

If you choose to hear from us, we may send you information based on what is most relevant to you or things you have told us that you like. We may also show you relevant content online.

We’ll only send these to you if you agree to receive them and we will never share your information with companies outside DFN UK for inclusion in their marketing. (We may however share cookie data with third parties to help with our own advertising targeting).  If you agree to receive marketing information from us, you can change your mind at a later date. 

We may sometimes use third parties to capture some of our data on our behalf, but only where we are confident that the third party will treat your data securely, in accordance with our terms and in line with the requirements set out in the GDPR.

We will always act upon your choice of how you want to receive communications (for example, by email, post or phone). However, there are some communications that we need to send. These are essential to fulfil our promises to you as a volunteer, sponsor or donor. Examples are Transaction messaging, such as Direct Debit/Standing Order schedules.

3.2 Fundraising, donations and legacy pledges 

Where we have your permission, we may invite you to support our vital work by making a donation, getting involved in fundraising activities or leaving a gift in your will. 

If you make a donation, whether generally or in respect of sponsorship, we will use any personal information you give us to record the nature and amount of your gift, claim gift aid where you have told us that you are eligible and thank you for your gift. If you interact or have a conversation with us, we will note anything relevant and store this securely on our systems.

If you tell us you want to fundraise to support our cause, we will use the personal information you give us to record your plans and contact you to support your fundraising efforts.

If you have told us that you are planning to, or thinking about, leaving us a gift in your will, we will use the information you give us to keep a record of this – including the purpose of your gift, if you let us know this. 

If we have a conversation or interaction with you (or with someone who contacts us in relation to your will, for example your solicitor), we will note these interactions throughout your relationship with us, as this helps to ensure your gift is directed as you wanted.

Charity Commission rules require us to be assured of the provenance of funds and any conditions attached to them. We follow a due diligence process which involves researching the financial soundness, credibility, reputation and ethical principles of donors who’ve made, or are likely to make, a significant donation to DFN UK.

As part of this process we will carry out research using publicly available information and professional resources. If this applies to you, we will remind you about the process when you make your donation.

3.3 Research 

We carry out research with our supporters, customers, staff and volunteers to get feedback on their experience with us. We use this feedback to improve the experiences that we offer and ensure we know what is relevant and interesting to you.  

If you choose to take part in research, we will tell you when you start what data we will collect, why and how we will use it. All the research we conduct is optional and you can choose not to take part. For some of our research we may ask you to provide sensitive personal data (e.g. ethnicity). You do not have to provide this data and we also provide a ‘prefer not to say’ option. We only use it at an aggregate level for reporting (e.g. equal opportunities monitoring).  

We may give some of your personal data (e.g. contact information) to a research agency who will carry out research on our behalf.  

3.4 Profiling 

We know it is important to our supporters to use our resources in a responsible and cost-effective way. So, we may use automated profiling and targeting to help us understand our supporters and make sure that:

• our communications (e.g. emails) and services (e.g. our website) are relevant, personalised and interesting to you
• our services meet the needs of our supporters
• we only ask for further support and help from you if it is appropriate
• we use our resources responsibly and keep our costs down

4: Recruitment and employment 

In order to comply with our contractual, statutory, and management obligations and responsibilities, we process personal data, including ‘sensitive’ personal data, from job applicants and employees.  

Such data can include, but is not limited to, information relating to health, racial or ethnic origin, and criminal convictions. In certain circumstances, we may process personal data or sensitive personal data, without explicit consent. Further information on what data is collected and why it is processed is given below.

Contractual responsibilities: Our contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts.

Statutory responsibilities: Our statutory responsibilities are those imposed through law on the organisation as an employer. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, equal opportunities monitoring.

Management responsibilities: Our management responsibilities are those necessary for the organisational functioning of the organisation. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters, e-mail address and telephone number.

5: Volunteers

If you are a volunteer then we may collect extra information about you (e.g. references, criminal records checks, details of emergency contacts, medical conditions etc.). This information will be retained for legal or contractual reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.

5.1 Management of volunteers 

We need to use your personal data to manage your volunteering, from the moment you enquire to the time you decide to stop volunteering with us. This could include: contacting you about a role you have applied for or we think you might be interested in, expense claims you have made, and to recognise your contribution.

We may also share this with funders to help them monitor how their funding is making a difference. 

6: Sensitive personal data

The Act defines ‘sensitive personal data’ as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.  

In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee.

(a) We will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and, where necessary, consent.

(b) We will process data about, but not limited to, an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions.

(c) Data about an employee’s criminal convictions will be held as necessary.

7: Disclosure of personal data to other bodies

In order to carry out our contractual and management responsibilities, we may, from time to time, need to share an employee’s personal data with one or more third party supplier. 

To meet the requirements of the employment contract, we are required to transfer an employee’s personal data to third parties, for example, to pension providers and HM Revenue & Customs.

In order to fulfil our statutory responsibilities, we are required to give some of an employee’s personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs.

MailChimp: We use MailChimp to manage lists, preferences and to send emails. Mail Chimp has staff based outside the European Economic Area and stores your data in the USA. You can find out more about its privacy policy at https://mailchimp.com/ .

Charity Digital Mail: We use the dotdigital platform via Charity Digital Mail to manage lists, preferences and to send emails. The data is stored in the UK/EU and is governed by GDPR. You can find out more about its privacy policy at https://dotdigital.com/trust-center/ .

Access PaySuite: We use Access PaySuite to process Direct Debit instructions. This includes contact details and bank details. The data is stored in the UK/EU and is governed by GDPR. You can find out more about its privacy policy at https://www.accesspaysuite.com/privacy-and-legal/ .

Stripe Inc: We use Stripe, a financial services company, to process some card donations. Stripe has staff based outside the European Economic Area and may store your data in any country where they do business including the USA. Where it does so outside the EU it has in place standards contractual clauses approved by the European Commission such as Privacy Shields. You can find out more about its privacy policy at https://stripe.com/gb/privacy .

Squareup International Ltd: We use Square, a financial services company, to process some card donations. Square may store your data in the EU, USA, Canada, Japan or other countries. Where it does so outside the EU it has in place standards contractual clauses approved by the European Commission such as Privacy Shields. You can find out more about its privacy policy at https://squareup.com/gb/en/legal/general/privacy.

Microsoft: We store some personal and financial data within Microsoft’s SharePoint and Azure product. Microsoft has staff based worldwide including outside the European Economic Area, and stores your data in the UK/EU and is governed by GDPR. You can find out more about its privacy and security terms at https://www.microsoft.com/licensing/terms/product/PrivacyandSecurityTerms/all.

8: How can I change my contact preferences?

We would love to stay in touch, but we do not want to out-stay our welcome.  You can choose how you would like us to get in touch with you.  You may change this at any time. This can be done by contacting info@dfn.org.uk.

For further information about how your personal information is used, how we store your information securely and your rights to access the information that we hold about you, please contact our Data Protection Officer at dpo@dfn.org.uk.