Data Privacy Policy
This privacy notice describes how EduSpots (‘we’, ‘us’) collects and processes personal information about you, how we use and protect this information, and your rights in relation to this information.
This privacy notice applies to all personal information we collect or process about you. Personal information is information, or a combination of pieces of information, that could reasonably allow you to be identified.
Personal Information we use
We will collect personal information about you from a variety of sources, including information we collect from you directly (e.g. when you contact us, or register for our newsletter and updates), and information we collect about you from other sources, described below.
Note: that we may be required by law to collect certain personal information about you if you attempt to make a donation to us. Failure to provide this information may mean we cannot accept donations from you. We will inform you at the time your information is collected where this is compulsory.
Information we collect directly from you:
The categories of information that we may collect directly from you are:
(a) personal details (e.g. name, date of birth)
(b) contact details (e.g. phone number, email address, postal address or mobile number)
(c) Your donation history
(d) Details of the events you have attended with us
(e) Bank details
(f) Gift Aid eligibility information (regarding your taxpayer status)
(g) Information we collect automatically from you using cookies and other device identifying technologies (‘Cookies and Tracking Technologies’).
Information we collect from other sources:
We may collect Know Your Donor due diligence information about you from publicly available sources. This may include publicly available details of any criminal convictions you may have.
How We Use Your Personal Information and the Basis on Which We Use It
We may use your personal information to:
(a) collect and process donations
(b) conduct Know Your Donor due diligence
(c) provide, improve and personalise our website
(d) deal with your enquiries and requests
(e) manage our relationships with current and potential donors
(f) comply with legal obligations to which we are subject and cooperate with regulators and law enforcement bodies
(g) contact you with marketing and offers relating to products and services offered by us (unless you have opted out of marketing, or we are otherwise prevented by law from doing so)
(h) personalise the marketing messages we send you to make them more relevant and interesting
(i) operate our business
We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:
(a) to comply with our legal obligations, for example complying with our Know Your Donor obligations
(b) to meet our legitimate interests, for example to collect and process your donations. When we process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests do not override your interests or fundamental rights and freedoms.
We may obtain your consent to collect and use certain types of personal information when we are required to do so by law (for example, in relation to our direct marketing activities, Cookies and Tracking Technologies). If we ask for your consent to process your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this privacy notice.
Your Rights Over Your Personal Information
You have certain rights regarding your personal information, subject to local law. These include the following rights to:
- access your personal information
- rectify the information we hold about you
- erase your personal information
- restrict our use of your personal information
- object to our use of your personal information
- receive your personal information in a usable electronic format and transmit it to a third party (right to data portability)
- lodge a complaint with your local data protection authority.
If you would like to discuss or exercise such rights, please contact us at the details below.
We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. We will contact you if we need additional information from you in order to honour your requests.
Automated Decisions About You
We may make automated decisions about you based on your personal information. For example, we may:
- Contact you to ask if you would like to donate to a particular cause based on your event attendance or donation history
- Contact you to ask if you would like to attend a local event based on your residential address
These types of decisions will not have legal or similar effects for you.
Information Sharing
We may share your personal information with third parties under the following circumstances:
- Service providers and business partners. We may share your personal information with our service providers and business partners that perform marketing services and other business operations for us.
- Social media. With your consent, we may publish your details on our social media accounts.
- Law enforcement agency, court, regulator, government authority or other third party. We may share your personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
- Asset purchasers. We may share your personal information with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this privacy notice.
The recipients referred to above may be located outside the UK. See the section on “International Data Transfer” below for more information.
Information, Security & Storage
We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on- going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.
We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:
- Maintain donation records for analysis and/or audit purposes
- Comply with record retention requirements under the law
- Defend or bring any existing or potential legal claims
- Deal with any complaints
We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.
International Data Transfer
Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under European Union law.
We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.
Contact Us
EduSpots is the controller responsible for the personal information we collect and process.
If you have questions or concerns regarding the way in which your personal information has been used, please contact us by email at info@eduspots.org or by post at EduSpots, 2 High Street, Sevenoaks, Kent, TN13 1HX.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the Information Commissioner’s Office.
Changes to the Policy
You may request a copy of this privacy notice from us using the contact details set out above. We may modify or update this privacy notice from time to time.
Where changes to this privacy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing).