What This Privacy Policy Covers.
The purpose of this policy is to give you clear explanation about how Devon Christian Youth Camps Trust (DCYC) [BR1] collects and uses the personal information you provide to us and that we collect, whether online, via phone, email, in letters or in any other correspondence.
Information we collect about you.
Personal information is collected directly from you when you interest with DCYC, for example making a donation, sending or receiving an email or completing an online booking for a camp. Information may be collected in person, over the phone, through our website, social media or something you’ve posting to us. This information will be used to ensure we communicate with you in the right way.
Our legal basis for contacting you and using your personal information
When we collect and use your personal information, we will make sure this is only done in accordance with at least one of the legal grounds available to us under Data Protection law.
One of these is where we have obtained your specific consent to use your information for a previously notified purpose, such as to send you email/text marketing or to provide you with a product, service or information at your request.
Another is where we have a legal obligation to use or disclose information about you – for instance, where we are ordered by a court or regulatory authority or we are legally required to hold donor transaction details for Gift Aid or accounting/tax purposes.
In all cases, we carefully consider your rights as an individual and make sure we only use personal information in a way or for a purpose that you would reasonably expect in accordance with this Policy and that does not intrude on your privacy or previously expressed marketing preferences. We always carefully balance our legitimate interests against your rights as an individual, to ensure the best possible outcome for the families who need our support.
Notifying you of changes to policies
If we make significant changes to our policies which may affect you, we will use your contact details to inform you of the changes.
We may use your information to enforce and comply with the law
As with all charities, we ensure that our activities comply with the law. Therefore, we may need to share or use your personal information if we are required to do so by law (for example, in response to a warrant or court order) and we may use information from other sources for the purposes of fraud prevention, for example to comply with money laundering regulations, or to protect people’s rights, property or safety.
If certain levels of donation are made, the Fundraising Regulator’s Code of Fundraising Practice requires us, and all charities in the UK, to perform checks. More details can be found at www.fundraisingregulator.org.uk.
Your debit and credit card information
If you use your credit or debit card to donate to us, or pay for a registration online or over the phone, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard. You can find our more information about PCI DSS here
https://www.pcisecuritystandards.org/security_standards/index.php
We do not store your credit or debit card details at all, following the completion of your transaction. All card details and validation codes are securely destroyed once the payment or donation has been processed.
How we use social media
We operate a number of social media pages (including Facebook[BR2] ). This policy covers how we will use any data collected from those pages. It does not cover how the providers of social media websites will use your information. Please ensure you read the privacy policy of the social media website before sharing data and make use of the privacy settings and reporting mechanisms to control how your data is used.
How we might use your information if you have visited our website[BR3]
Cookies and IP address
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about browsing actions and patterns, and does not identify any individual.
We log the IP address of the computer you are using in order to protect our servers against abuse and malicious activity. The logs are deleted every 60 days. Other information is used to measure the performance of the website, the volume of traffic that the site receives, how users move around the site and what sort of users the site attracts. This is statistical data that help us identify actions and patterns, and does not identify and individual.
When you access our website, some cookies are saved to your computer, for example if you have chosen a particular language setting or created a user account. Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to improve the performance of a website, for saving different options and to provide website owners with information on how the site is being used.
Cookies enable us to:
We use cookies to enhance the experience of the website, to increase the performance, to identify how the website is being used and where we can make improvements and to monitor how our advertisements perform. Some of our cookies are vital for the website to operate effectively and others are optional, but may decrease the usability or performance of the website.
You can turn off your cookies so that we can’t access that information. However if you select this setting you may be unable to access certain parts of the website.
Information storage and security
When you give us your details, you agree to us recording your details on our secure database. We hold your personal information for as long as required to provide you with the information or services you have requested, to administer your relationship with us and your contact preferences, to comply with the law, fulfil statutory obligations (for example, the collection of Gift Aid) or to ensure we do not communicate with people who no longer wish to hear from us.
We take the care of your information seriously and protect your personal information in a range of ways including secure servers, firewalls and SSL encryption. We follow payment card industry (PCI) security compliance requirements when processing credit card payments. We operate a policy of restricted, password controlled, access to any of your information which is stored on our systems.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Your rights
You have various rights in respect of the personal information we hold about you – these are set out in more detail below.
Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge. Please make all requests for access in writing, and provide us with evidence of your identity. Please note that if you ask for the material to be sent electronically but prefer not to use our secure file transfer, DCYC cannot be held responsible for the security risk to your information as it travels across the Internet.
Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you.
Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
We will never share your details with other organisations to use for their own purposes, other than where we are required to by law, for example with HMRC for Gift Aid auditing purposes. DCYC will not, under any circumstances, share or sell your personal information to any third party for marketing purposes and you will not receive offers from other companies or organisations as a result of giving your details to us.
For more information about data protection
You can find out more about your data protection rights on the Information Commissioner’s Office (ICO) website here.
You can find out more about data protection law here: Data Protection Act 1998 until the 25th May 2018 General Data Protection Regulation 2018
If you would like to make any enquiry about data protection, update the information we hold about you, request or opt out of receiving communications or change the way we process your information, you can let us know in the following ways:
Email – info@dcyc.org.uk
To raise a concern about how your personal information has been used please contact us on the details listed.
Alternatively, you are entitled to raise a concern to the Information Commissioner’s Office (ICO) without first referring your complaint to us.