Data Protection and Privacy Policy

Date:   April 2018
Review date: April 2020

1.0 Introduction

This Policy has been written in accordance with the requirements of EU General Data Protection Regulations (GDPR). The GDPR is a regulation about data protection and privacy in EU law which applies to all individuals within the European Union. The law also deals with the transfer of personal data outside the EU. The GDPR aims to give citizens and residents control over their personal data. It is enforceable from 25 May 2018, replacing the 1995 Data Protection Directive.

2.0 Scope

CHCT is the data controller (organisation) in respect to information it collects about data subjects (people) resident in the EU. In accordance with the European Commission, this data includes “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be … a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information …”

This policy explains our privacy practices and how we treat information. It describes the types of information collected in connection with our work and our fundraising, how and why we use such information, who we share it with and the legal rights of those whose information we keep. Unless indicated otherwise, this privacy policy applies to all our website, domains, communications and services.

3.0 Who or what is CHCT?

The Catriona Hargreaves Charitable Trust is a different kind of charity. We are a grass-roots group of unpaid volunteers working to transform the lives of deprived people all over the world where disease and poverty meet. CHCT reaches communities in the roughest slums and remotest villages ignored by the mainstream international aid agencies.

3.1 What Do We Do

Food, shelter, medical treatment and health education in the most vulnerable communities are our special concern. All projects are strictly monitored by our Trustees.

3.2 What We Don’t Do

CHCT has never paid people to market in the street, we never pester anyone with junk mail or cold calls and we never take a salary. Every penny received goes to those who need it most.

4.0 Legitimate interests and legal basis for processing information:

CHCT relies on a number of legal bases to collect, store, use, share, and otherwise ‘process’ the information we have about subjects.

4.1 CHCT maintains a list of contact details (referred to as our ‘mailing list’) including names and addressed of interested parties who have indicated that they are willing for us to communicate our activity with them, including our trustees. We do not share this list with any other parties, and we respect subjects’ rights to revoke their agreement for us to contact them at any time.

4.2 CHCT collects information about funds raised, including the details of the activity/method and the name of donors and subjects who raised the funds, for the purposes of required financial reporting and monitoring. We may store photographs of subjects and activities, where this is provided to us. We do not share this information with other parties outside of our Board of Trustees (such as on our website), without consent of the subject, and we respect their right to withdraw this consent at any time.

4.3 CHCT collects information (contact details, bank account information, employment and information related to the grant, communications) from funding applicants, and stores this as required for financial reporting. We reserve the right to make enquiries via internet searches (information in the public domain) about the individuals and organizations’ who apply to us for funding, to support our due diligence checks. This information is not shared with other parties outside of our Board of Trustees, unless consent is given by the applicant.

4.4 When applicants provide information about other subjects to CHCT, such as photographs of project beneficiaries, CHCT have expectations that these beneficiaries have consented to the sharing of this information about them. We will ask the funding applicants permission to use any relevant information (such as photographs of project subjects) on our website and other communications.

5.0 Referees

Applicants are asked to provide CHCT with contact details for referees. CHCT store this information, and the information referees provide, to evidence our due diligence checks. This information is not shared outside of our Board of Trustees and is not used for any other purpose.

6.0 Subjects rights

Subjects have control over what and how their information is used. We explain here the choices subjects have in order to control our use of their data.

6.1 Remove yourself from our mailing list
Subjects can request by post, email, phone, and via our web page that we stop contacting them. We will respect this and permanently destroy the data of any subject who asks to be removed from our ‘mailing list.’

6.2 Revoke consent
Where a subject has previously provided consent, they have the right to withdraw this at any time. If subjects withdraw consent to the use of their information for purposes set out in this Policy, they may not have continued access to all (or any) of our Services, such as communications and funding. If we have a legal basis to do so, we may continue to process information (such as retaining records of funding that has been granted) after subject consent has been withdrawn.

6.3 Complain
If you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority or CHCT’s lead supervisory authority, the British Data Protection Commission.

6.4 Access to information
Subjects should contact CHCT (see details 10.0) to request a copy of the data we hold on them to be released to that subject.

7.0 Sharing information with third parties

7.1 Publicly-available content
In limited circumstances (for example to highlight an issue or need relevant to our charitable objectives), we may make small amounts of content provided by our subjects (such as quotes, case studies), without any identifying subject information, available to the public via our website.

7.2 Marketing and spam
We will never sell, rent or share subject information.

7.3 Third party service providers
We may share personal information with third parties where necessary to help us provide support, such as banking services to help us to receive funds and to send grants to approved subjects. These third parties are contractually required to use this data only to provide their service to us, and contractually barred from using it for their own purposes.

7.4 Legal and safety reasons
We may retain, preserve, or share subject personal information if we have a good-faith belief that it is reasonably necessary to (a) respond, based on applicable law, to a legal request (e.g., a subpoena, search warrant, court order, or other request from government or law enforcement); (b) detect, investigate, prevent, and address fraud and other illegal activity, security or technical issues; (c) protect our rights, property, or safety; (d) enforce any agreement we have with the subject; (e) prevent harm to any person or entity, including the subject and members of the general public.

7.5 Aggregated information
We reflect on aggregated information about our income and funding grants, such as statistics, the success of fundraising activity, and information about the communities we fund. If we share this information with parties outside of our Board of Trustees, we will do so without personally identifying any data subjects.

We may also share aggregated or anonymised information with individuals or organisations, for purposes such as marketing and promotion.

8.0  Data retention

We may retain subject information for as long as necessary in light of the purposes set out in this Policy, subject to any legal obligations. For example, we will retain information relating to subjects who we have funded, for a period of 7 years, or any other period as necessary under financial regulations.

9.0  Additional information

9.1  Security
CHCT takes reasonable steps to promote the security of the information held about subjects. We do this by:

  • Limiting the information we print to reduce the risk of it being inadvertently picked up by a third party
  • Promoting good practice amongst our trustees for the confidential management of personal information

10.00 Amendments to the Policy

From time to time we may make changes to this Policy. If we materially change our Policy, we will take steps to notify you in advance of the change, for example by emailing you or by posting a notice on our website. The most up-to-date version of the Policy is available via the link to our website: http://www.chct.org.uk

11.00 Contact Us

To contact our data controller/data protection officer, email us at: info@chct.org.uk or by post to:

Brandenbury Oast
Collier Street
Kent, TN12 9RH