Who are we and how do we collect information about you?
What type of information do we collect, how do we use it and how long do we keep it?
Personal information we may collect from you could include your name, address, phone number, email address and where appropriate your date of birth and bank account details. Our legal basis for processing your information and contacting you with fundraising marketing materials under GDPR is “legitimate interest”, although in accordance with PECR, our legal basis for sending electronic marketing is consent of the data subject. We use the information you provide to:
- Acknowledge your donation and thank you for your support.
- Process financial transactions such as donations, sales, and event entries.
- Fulfil your requests for information.
- Provide you with information about our fundraising activities and how we spend the monies raised for the benefit of patients.
- Award you charitable grants.
- Carry out research into the interests and habits of our supporters to improve our fundraising strategy and help us provide our supporters with a better service and experience.
Your information will be retained for audit purposes for six years (or three if you have no contact with the charity in this time), after which it will be securely archived. We archive your information so that donations made at a later date can be linked to your previous giving history and to allow us to undertake anonymised research into giving trends to better inform our fundraising strategies.
Who has access to your information, and how do we store and protect it?
We will not rent or sell your information or share it with third parties for marketing purposes. We will only share your information with selected third parties if we are legally required to do so by law or we are working with carefully selected and trusted third parties contracted to undertake work on our behalf. These may include mailing houses, financial institutions and IT firms who are sending postal mail, emails and text messages on our behalf, processing card payments or maintaining our database. We will only pass on personal data to such partners if they have signed a contract which requires them to abide by General Data Protection Regulations, and if we have your consent.
The North West Ambulance Charity takes your privacy very seriously and once we receive your personal information, we will endeavour to keep it secure on our systems.
We hold information on secure computers with servers located in the UK which operate within the NHS security systems of North West Ambulance Service NHS Trust. We use secure server software to encrypt any financial and/or personal information you input online before it is sent to us. All information stored on paper files such as event entry forms are held in secure locations. Our staff are required to protect your information under the NHS Confidentiality Code of Conduct, and they will inform you of how your information may be used and allow you to decide if and how we may use that information.
Under General Data Protection Regulations, you have rights over your data and the way in which we use it. You have a right in certain circumstances to have inaccurate personal data amended, blocked, erased or destroyed. You have the right to prevent your data being used for marketing purposes and you have the right to access a copy of the data we hold about you. To exercise these rights please contact the Head of Charity at [email protected].
This Privacy Statement is effective as of January 2024. Any future changes will come into effect immediately upon being published on our webpages. We reserve the right to update or change our Privacy Statement at any time, and you should check this Privacy Statement periodically. We keep this statement under regular review.
For more information on your rights under General Data Protection Regulations please visit the website of the Information Commissioner’s Office. If you have a complaint about the charity, please see our complaints procedure.