Privacy Notice
This is Settle Support’s general privacy notice. It applies to visitors to our website, including in relation to any subscriptions and donations made via the website.
Introduction
This is Settle Support’s general privacy notice. It applies to visitors to our website (https://wearesettle.org/), including in relation to any subscriptions and donations made via the website. It also applies to other individuals we interact with when we highlight that this privacy notice will be applicable, such as offline subscribers, donors, fundraisers, supporters, event attendees, volunteers and job applicants.
It should be noted that this privacy notice does not apply to the collection and processing of personal data of people who receive support from us.
In this privacy notice, we outline what data we collect, how we use data, the conditions under which we may disclose it to others and how we keep your data secure.
We may change this privacy notice from time to time and will provide you with fair notice if there are any changes.
If you have any questions you can contact us at hello@wearesettle.org and we will be happy to discuss our privacy notice in greater detail.
Who are we?
We are Settle Support, operating under the name Settle. Our registered charity number is 1162399. Our address is Tobacco Dock, Wapping Lane, London, E1W 2SF.
Our data collection principles
- We will never sell or swap your data.
- You can change your communication preferences or opt out altogether whenever you choose.
- We’re especially sensitive when engaging vulnerable young people through our services and through our fundraising.
- We work hard to safeguard your information through security policies and protocols; and
- We recognise that data protection is an ongoing commitment, not a one-off policy.
We challenge and review our processes on a regular basis to keep step with changing technology and expectations. Settle will respect and protect your privacy by handling any information that we collect from you or have about you from other sources in line with applicable laws including the UK GDPR (General Data Protection Regulation) and the Data Protection Act 2018.
Purpose of our Privacy Notice
This privacy notice explains how we collect and process your personal data when you use our website and otherwise interact with us. Please read this privacy notice carefully as it contains information about:
- what personal data we may collect from you;
- how we will use, store and protect your personal data; and
- with whom we may share your personal data.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where information relating to identity has been removed (anonymous data).
It is important that you read this privacy notice together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements other notices and privacy policies and is not intended to override them.
How do we collect data and what type of information is collected from you?
The type of information that we collect from you and how we collect it depends on how you interact with Settle. For instance, we collect different data from you if you engage with us for the provision of a service (e.g. to receive our newsletter or to make a donation to us) compared to if you are simply a website visitor.
As described in section 5) below, we also collect information from third parties where it is relevant to our relationship with you and where you have given them consent to share your information with us, or where there is another legal reason for sharing the information such as for fraud prevention purposes, public protection or safeguarding purposes.
Below we’ve broken down the different ways you might interact with us, and what information we might collect directly from you.
Website visitors and social media use
When you visit our website, the personal information we collect might include your name, address, email address, IP address, and information regarding what pages are accessed and when.
We may use Google Analytics to better understand how people use our website. For instance we can determine the number of people using our site and how they find and use our web pages. With this information we can continually improve the information that we provide on our site and the processes for actions such as contacting us and donating. We can also use it to increase the number of new people finding our site.
Google Analytics stores the following data:
- Time of visit, pages visited, and time spent on each page of the webpages;
- Interactions with site-specific widgets;
- Referring site details (such as the URL a user came through to arrive at this site);
- Type of web browser;
- Type of operating system (OS);
- Flash version, JavaScript support, screen resolution, and screen colour processing ability;
- Network location and IP address;
- Document downloads;
- Clicks on links leading to external websites;
- Errors when users fill out forms;
- Clicks on videos; and
- Scroll depth.
We only ever look at aggregated data from Google Analytics to determine trends in the use of our website, rather than individuals data.
We use social media to inform, educate and engage new potential supporters. We may target ads using social media at audiences that look like they have an interest in Settle’s work.
If you have given us consent to use your image or become a case study to help promote our work we may post this on our social media outlets.
We want to remind you that information shared on social media, on our pages or in private messages may be used or sold by the provider, such as Facebook, Twitter or YouTube, for commercial purposes.
Newsletter subscribers
If you subscribe to our mailing list, you will be automatically subscribed to receive newsletters and/or email updates. You will only receive information that you have opted in to receive. When signing up, we will ask you for personal information such as your name and email address. These contact details are stored on our internal password protected database.
We also might analyse email results, such as open rate and click-through. We don’t want to waste anyone’s time on emails that no one is reading, so it’s important to be able to see what messaging people are interested in. However we only look at aggregated data, not individuals.
We use third party services such as Mailchimp to send our newsletters and emails to our subscribers. Mailchimp is a service provided by The Rocket Science Group from servers located in the USA. Accordingly, to enable us to send our newsletters and emails, your personal data may be uploaded external databases and servers in the USA.
Online Donation on our Website
If you make a donation via our website, we will record the name, date, donation amount and if you choose to make your donation with Gift Aid we store your address on our internal donor database. To claim Gift Aid from HMRC, we need your name and address for the claim to be valid.
We use the third party plugin for WordPress “Give WP” to facilitate the making of donations on the website. The Give WP plugin enables you to make a donation to us by linking you to a third-party payment gateway selected by you such as PayPal or Stripe. To make the donation, your details are collected directly by the selected third-party payment gateway and the payment is processed entirely by the third-party payment gateway not Settle. We do not have access to or store your payment information (such as your credit or debit card information, or your PayPal login details). You should note any terms and conditions and privacy policies which are presented to you by the third-party payment gateway during the donation process and only proceed with the donation if you are comfortable with the terms and conditions and privacy policies which are presented. You should also note that if you proceed with a donation, your personal data may be processed using servers outside of the EEA including in the USA when making a donation.
If you set up a standing order to donate to us regularly, financial data such as your bank details are saved on an internal password protected database, however we do not store any card details or other financial information related to you.
Supporters and Fundraisers
If you take part in an event for us we might ask you for personal details such as name, age, address, contact number. If you take part in a physical event such as a marathon we also might ask about your health status. We will also ask for emergency contact details, but we will only contact that person in an emergency and delete the information once the event is finished.
If you give us emergency contact details on behalf of someone else, you confirm that the other person has given you permission to act on his/her behalf and has agreed that you can:
- provide their personal data to us; and
- give consent on their behalf to the processing of their personal data.
Any data we store related to individual donations will be retained for six years in line with our Data Protection Policy.
Job applicants and volunteers
If you apply to work with or volunteer for Settle, we will ask for your personal information, a CV and references. Only team members with directly relevant service lines will have access to the otherwise restricted database where this information would be stored. We will use the information you provide to process your application to join our team.
Successful job applicants will also be asked to undergo a DBS check. The DBS check process is set out by the Disclosure and Barring Service which is a government body. This process includes specifying what proof of ID and address information is required. Volunteers may also be asked to undergo a DBS check depending on their involvement.
Unsuccessful applicants’ data will be stored for one year in case we wish to contact you about future opportunities. If you would like us to delete your information sooner, please let us know.
Use of other organisations data
We may receive personal data about you from third parties. For example, if you decide to donate to us using services such as Just Giving and Virgin Money Giving, we may receive details about you and your donation. In such circumstances, your donation will be subject to the terms and conditions and privacy policies presented to you by those third-party providers. Typically, the third parties only provide us with your data if you have given them permission to. If you don’t give them permission, we normally receive anonymised data. If we do receive personal data about you from third parties, we will treat it in accordance with this Privacy Policy.
We may look at publicly held information through the Charity Commission, media and Google, to better understand organisations and their philanthropic priorities. We do this so that we can be measured in who we approach for support. Research of this kind is important because there is a risk to the charity if we unwittingly align ourselves with someone that would undermine the trust we have built with our service users or damage our reputation.
We also don’t wish to waste prospective donors’ time by making uninformed approaches. For instance, there is no point in us writing a letter to someone who has publicly declared that they are solely committed to supporting environmental charities. But we can only know that by researching the person using publicly held information and storing it against their record so that we don’t have to repeat the research in the future.
Who has access to your data?
Within Settle only our staff and third parties engaged by us who need access to your data to do their job can access it.
We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
If you choose to subscribe to our email or newsletter services, or if you choose to make a donation via the website, the third party providers (described above in Section 4) such as Mailchimp, and the third-party payment gateways such as Stripe or Paypal used to process your payment (if applicable) may have access to your personal data.
Settle will pass certain personally identifiable information on to third party suppliers if it is necessary to complete a commercial transaction or a request. Settle will, however, endeavour to pass on only the minimum information necessary to complete the commercial transaction or request.
Settle requires all third parties to respect the security of your personal data and to treat it in accordance with the law. Settle does not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
There may be circumstances where we need to share your personal data with third parties located outside of the United Kingdom and European Economic Area (EEA). Where your data will be transferred outside of the EEA, we will only transfer your data where suitable safeguards have been put in place, this may include entering into specific contractual terms which are compliant with the UK GDPR and the Data
Protection Act 2018.
Legal
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
Settle will disclose personally identifiable information when required by the law or in the good faith belief that such an action is necessary to:
- Conform to the edicts of the law or comply with a legal process served on Settle;
- Protect or defend the rights or property of the Settle network of sites, or visitors to the Settle website;
- Identify persons who may be violating the law, the legal notice or the rights of third parties; and
- Co-operate with the investigations of purported unlawful activities.
The legal bases that we rely on for processing your personal data are:
1.You have provided your consent to us using your personal data for a specific purpose:
We will ask for your consent to use your personal data to send you marketing emails.
You always have the right to withdraw your consent at any time.
- It is necessary in connection with the performance of a contract with you:
Sometimes it is necessary to process your personal data so that we can provide contractual relationships with you. For example, if you work for us.
- It is necessary for compliance with a legal obligation to which we are subject:
This would include where we must retain certain records, for example, to manage health and safety, for the detection and prevention of crime, safeguarding obligations, for maintaining suppression lists to ensure we comply with marketing laws, for tax reasons (such as those related to Gift Aid donations) and undertaking due diligence before accepting certain donations or entering certain relationships.
- It is within our legitimate interests.
Applicable law allows personal data to be collected and used if it is reasonably necessary for our legitimate interests or a third party’s legitimate interests (if the processing is fair, balanced and does not unduly impact individuals’ rights). We will rely on this ground to process your personal data when it is not practical or appropriate to ask for your consent, and where we are confident that this will not impact your rights.
Our legitimate interests include raising funds for a wide range of activities to support our charitable objectives. We also have a legitimate interest in publicity and income generation, campaigning and fundraising to support these objectives and undertaking due diligence to establish the provenance of donations that are made, or may be made, to us.
Where you have provided your details to us, we may contact you for certain marketing and fundraising activities (but we will explain this to you at the point that we collect your details). You can opt out of this activity at any time by emailing us on hello@wearesettle.org
We will also rely on our legitimate interests for the proper administration of Settle, and to manage our operations (for example, maintaining appropriate records and databases, for the detection and prevention of crime and safeguarding all those who access our premises and facilities).
When we process your personal data to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal data for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
Links to other sites
The Settle website may contain links and plug-ins to other sites. This includes the plug-in which enables you to make donations via third-party gateways such as Stripe and PayPal.
Clicking on those links and plug-ins may allow third parties to collect or share data about you. These sites are beyond Settle’s control and the user is subject to the individual privacy policies of these sites.
Whilst Settle strives to protect personally identifiable information collected from users of the Website, we cannot guarantee the security of private information disclosed online to linked sites. When you leave the Settle website, we encourage you to read the privacy policy of every website you visit.
Security of your data
Settle exercises every precaution to ensure the security of data transmissions from the user’s PC to our servers and stored information.
Settle has put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Where sensitive information like credit card details or financial information is transmitted, it is done so using SSL encryption. Access to stored information is password protected and every attempt will be made to ensure that these passwords are only known to Settle personnel and trusted third parties (website developers and the Internet Service Provider) who are authorised by us.
Unfortunately, no data transmission or stored information is 100% secure. Thus, whilst Settle strives to protect user’s information as far as possible, we cannot ensure or warrant the security of any information that the user transmits to us.
What are cookies and how do we use them?
Like many other websites, the Settle website uses cookies.
‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to store your country preference. This helps us to improve our website and deliver a more personalised service.
The user has the choice to accept or reject cookies by changing settings on their browser, if you do accept cookies on the Settle website, you will be prompted to renew your consent after 365 days.. Cookies are used to deliver personalised content to users by storing the user’s preferences. Sensitive information like passwords and credit card details are not stored on cookies placed on the user’s system by the Settle website. For more information about cookies visit www.allaboutcookies.com.
We may use third party cookies for Google Analytics and for other third parties. The user has the choice to accept or reject third party cookies by changing settings on their browser.
Your rights
As an individual whose personal data is processed by Settle you have the following rights:
- Right to be Informed: You have the right to be informed about how we are using your data. If you think we are doing something with your information that we have not told you about in this Privacy Notice, you can object to this;
- The Right of Access: You can request access to a copy of the personal data that we hold about you;
- The Right to Rectification: If you think that the personal data we hold about you is inaccurate or incomplete, you have a right to request that it be rectified;
- The Right to Erasure: You can ask us to delete your personal data where it is no longer necessary for us to use it, where you have withdrawn consent (if we process based on consent), or where we have no lawful basis for keeping it;
- The Right to Restrict Processing: You can ask us to restrict the personal data we use about you where you have asked for it to be erased or where you have objected to our use of it;
- Right to Data Portability: You can ask us to provide you, or a third party (if possible), with some of the personal data we hold about you in a structured, commonly used, electronic form, so that it can be easily transferred; and
- Right to Object: You can object to the processing of your personal data. You should note that this right does not apply in all circumstances, for example, where we are processing information because it is necessary to complete a contract.
You can ask us to stop processing your data for marketing and fundraising by clicking the unsubscribe link in the footer of any email you receive from us. Or you can contact us at hello@wearesettle.org to exercise your rights outlined above. We will treat your information with respect and will not share it with any other organisation.
If you would like to exercise any of the above rights, please:
- put your request in writing;
- include proof of your identity (such as a copy of your driving licence or passport) and address (such as a recent utility or credit card bill); and
- specify the right you wish to exercise.
We will respond to requests made by you within one month. We will not charge a fee for you to exercise any of the rights listed above.
Contact
You should be aware that you have the right to raise any concerns in relation to how we process your personal data to the Information Commissioner’s Office (ICO).
If you have any questions about this privacy notice or our privacy practices, please contact us using the details below:
Full name of legal entity: Settle Support
Email address: hello@wearesettle.org.