Who are we?
The principal objectives of The Hampstead Wells and Campden Trust (“the Trust”) are the alleviation of poverty and the advancement of health in the Trust’s area of benefit.
We make grants to organisations, individuals, and families. In addition, a small number of older residents receive regular pension awards from the Trust.
Who is responsible for your data?
With the Brexit transition period over, the EU General Data Protection Regulation (“EU GDPR”) no longer applies to the UK. For now, much of the EU GDPR has been saved in domestic law by virtue of Section 3 of the European Union (Withdrawal) Act 2018. It is now the “UK GDPR” (along with an amended version of the Data Protection Act 2018) which governs data protection in the UK.
We are the “data controller” for the purposes of the Data Protection Act 2018 and UK GDPR.
The Trust has a designated Data Protection Lead who can be contacted via: [email protected]
What data do we collect?
We collect some personal data from you, for example, when you donate to us, use our website, use our services, or contact us.
We may collect and process the following categories of information about you:
When you contact us or donate by post, telephone or on our website we will collect your personal data including your name, postal address, telephone number and date of birth (where relevant).
Special Categories of Personal Data
The UK GDPR defines special categories of personal data as information about a person's race and ethnicity, religious or philosophical beliefs, trade union memberships, political opinions, genetic data, biometric and health data, and information concerning a natural person's sex life or sexual orientation.
We may collect special categories of personal data when you submit a grant application or attend any mutual events.
Generally, we do not collect or retain special categories of personal data. If we do need to do so (for example, to enable you to participate in an event), we will seek your explicit consent to process your data.
If you set up a regular gift (e.g. direct debit or standing order) or send us a cheque in the post we will collect your name, sort code and account number.
We collect your personal data when you communicate with us i.e. from your emails, letters etc. or when you call us.
We collect personal data when you apply for a job with the Trust as part of our staff or volunteer recruitment processes as a Trustee
Legal basis for processing
The Data Protection Act 2018 requires organisations to consider the legal basis under which they process personal data. the Trust will process personal under the following lawful basis:
The Hampstead Wells and Campden Trust gathers personal data primarily as part of the grant application process, including applicants’ contact details, health, occupational and financial information. This personal data is required for us to process applications and will only be used by us for this purpose. You may withdraw your consent for us to use it at any time but please note that if you do so, we may be unable to proceed with your application. Please ensure that any individuals whose personal data is included in the grant application are provided with this information and agree to the submission of their information.
In respect of the other personal information provided the Trust processes this information without consent on the basis that it is in our legitimate interests to do so and where we are confident that such processing is not likely to prejudice the individual’s legitimate interests or rights or freedoms. Our legitimate interests are that we intend to administer and monitor charitable grants.
How we use your personal data
We use your personal data for the following purposes:
- To manage your donations, requests or calls to action
When you interact with us, we use your information to perform our services in relation to your donation, to deal with your queries and requests.
- To communicate and manage our relationship with you
Occasionally we may need to contact you by mail, email and/or telephone for administrative or operational reasons – for example, to send you confirmation of your donation.
We will also use your personal data if we contact you after you have sent us a request, filled in a web form through our website.
- For administration purposes and our charitable interests
The purposes for which we will use your information include accounting, billing and audit, credit or other payment card verification, fraud screening, safety, security and legal purposes, statistical and marketing analysis, legacy administration, systems testing, maintenance and development.
Children and vulnerable people
We are committed to protecting the privacy of the young people who engage with us through our website. If you are under 16 and would like to get involved with our work, please note we will request consent from a parent or guardian before we take your information.
We will only ever collect or process any personal information for a child under 13 with explicit consent of the person who has parental responsibility for child.
When we collect information about a child or young person under 16, we will make clear the reasons for doing so and be clear on how the information will be used.
Supporters in vulnerable circumstances
We are committed to protecting vulnerable applicants. We provide training to our staff who come into regular contact with applicants to be aware of, and to identify signs of, people in potentially vulnerable circumstances. We work in accordance with our Vulnerable Adults Policy at all times.
Sharing your personal data
We do not share your personal data with any other charity, public body or commercial organisation for their marketing purposes.
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements; or to protect the rights, property, or safety of the organisation, or others. This includes exchanging information with other companies and organisations for the purposes of safeguarding or other statutory regulations we have to comply with.
How long do we keep your personal data?
We retain your personal data in a live environment for as long as necessary to fulfil the purpose(s) for which it was collected (including as required by applicable law or regulation, typically 7+ years).
We may keep your data for longer to establish, exercise, or defend our legal rights and yours. Where there is a need, personal data is securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it.
We are required to keep details of financial transactions, including donations, for seven years to meet accountancy and HMRC requirements. We will anonymise or delete personal data if, after a period of seven years, we have not had any contact or communication from you (this will be measured on a rolling seven-year period) – subject to special circumstances concerning legacies.
We maintain data retention criteria to help implement this. This takes account of our legal and accounting obligations, balancing this with what would be considered reasonable.
If supporters tell us that they have included a gift to us in their will, or they intend to do so. We retain this information indefinitely so that we can keep in touch during their lifetime and provide a caring and efficient legacy administration service.
Security of your personal data
In accordance with the Data Protection Act 2018 and UK GDPR, we have implemented appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
Additionally, we put in place appropriate security procedures and access controls to ensure the confidentiality of the special categories of personal data that we process. For instance, information relating to the religious beliefs of our supporters.
Personal data collected through our websites is transmitted across the Internet securely using high-grade encryption and we take particular care with online giving. We only use service providers who specialise in the secure capture and processing of online payments. The online donation form is secure, and your information is encrypted and stored on a secure database. We do not retain any card payment information.
The data we collect from you is processed on our servers located in the UK. If your data needs to be transferred outside of the European Economic Area (EEA), or to a country that has not been granted a finding of adequacy by EC, we will transfer your data using ‘appropriate safeguards’ i.e. Binding Corporate Rules (BCR) and/or Standard Contract Clauses (SCC) (also known as Model Contract Clauses) etc., or we will seek your consent, on a case-by -case basis, and where appropriate to do so.
What at are my data subject rights?
We support your data subject rights in relation to the processing of your information under the Data Protection Act 2018 and the UK GDPR, including your:
- right to be informed (chiefly via this policy)
- right of access
- right to rectification
- right to erasure
- right to restrict processing
- right to data portability
- right to object
- rights related to automated decision-making including profiling.
You can exercise any of these rights by contacting us using any of the methods shown below in the ‘How do I contact you?’ section. We will respond to your request as quickly as possible. Usually, this will be within one month of receiving your request.
You can request a copy of the information we hold about you by using any of the methods shown below in the ‘How do I contact you’ section. We will respond to your request as quickly as possible. Usually, this will be within one month of receiving your request.
Updating my information
You may choose to correct, update, or delete your personal data, by contacting us using any of the methods shown below in the ‘How do I contact you?’ section.
If you have opted-in to receiving communications form us, your preferences will remain in effect until you tell us that you want to opt-out of receiving any further communications. Normally, you can do this by clicking the link at the footer of the email you have received.
You can change your preferences at any time by clicking the relevant link in the emails we send you or by contacting using any of the methods shown below in the ‘How do I contact you?’ section.
Withdrawing my consent
Where we process your information based on your consent, you may withdraw your consent at any time. You can do this by contacting us using any of the methods shown below in the ‘How do I contact you?’ section.
Making a complaint to us
We hope you’ll never have the need to do so, but if you do want to complain about our use of your personal data, or our facilitation of your data subject rights requests, you can contact us using any of the methods shown below in the ‘How do I contact you?’ section.
Our Data Protection Lead will investigate your complaint and provide you with an appropriate response as quickly as possible.
Making a complaint to the Information Commissioner
You can lodge a complaint with the Information Commissioner at any time. For instance, if you are unhappy with the way in which we are processing your information, or we have failed to facilitate your data subject rights.
The Information Commissioner can be contacted as follows:
Information Commissioner’s Office
By Phone: 0844 496 4636 (local rate)
Further information about your data subject rights and how to complain to the ICO can be found here: ICO Make a Complaint
How do I contact you?
You may contact us using any of the following methods:
Data Protection Lead
62 Rosslyn Hill,
London NW3 1ND
By email: [email protected]