This Privacy Notice sets out how we collect, use and store your personal information (this means any information that identifies or could identify you).

The CAfS Privacy Notice may change so please remember to check back from time to time. Where we have made any changes to this Privacy Notice, we will make this clear on our website or contact you about any changes.

This Privacy Notice covers the following:

1. Who we are
2. How we collect information about you
3. Information we collect and why we use it
4. Profiling: making our work more unique to you
5. Legal basis for using your information
6. Marketing
7. Sharing your information
8. Keeping your information safe
9. How long we hold your information for
10. Your rights
11. Cookies

1. Who we are

Here at CAfS (Cumbria Action for Sustainability), we are committed to protecting your personal information and making every effort to ensure that your personal information is processed in a fair, open and transparent manner.

We are a “data controller” for the purposes of the Data Protection Act 2018 and the EU General Data Protection Regulation 2016/679. This means that we are responsible for, and control the processing of, your personal information.

2. How we collect information about you

We collect information from you in the following ways:

When you interact with us directly: This could be if you ask us about our activities, register with us for training or an event, make a donation to us, ask for information or advice on suppliers, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This includes when you phone us, visit our website or get in touch through the post, or in person.

When you interact with us through partners or suppliers working on our behalf: This could be if you access a service such as home energy advice visits which are delivered through trusted contractors working on our behalf and always under our instruction.

When you interact with us through third parties: This could be if you provide a donation through a third party such as Just Giving or one of the other third parties that we work with and provide your consent for your personal information to be shared with us.

When you visit our website: We gather general information which might include which pages you visit most often and which services, events or information are of most interest to you. We also use “cookies” to help our site run effectively. There are more details below – see ‘Cookies’.

From other information that is available to the public: In order to tailor our communications with you to your background and interests we may collect information about you from publicly available sources or through third-party subscription services or service providers (we have provided further details about this below – see ‘Profiling: Making our work unique to you’).

3. Information we collect and why we use it

Personal Information

Personal information we collect includes details such as your name, date of birth, email address, postal address, telephone number and credit/debit card details (if you are making a donation), as well as information you provide in any communications between us. Sensitive personal information we collect may include health and income details, ethnicity and religion. You will have given us this information whilst making a donation, registering for an event or any of the other ways to interact with us.

We will only use this information:
• To provide the services or goods that you have requested.
• To process your donations, to claim Gift Aid on your donations and verify any financial transactions.
• To update you with important administrative messages about your donation, an event or services you have requested.
• To keep a record of your relationship with us.
• Where you volunteer with us, to administer the volunteering arrangement.
• Where you are contracted or employed with us, to administer any contractual agreement
• To comply with the Charities (Protection and Social Investment) Act 2016 and follow the recommendations of the official regulator of charities, the Charity Commission, which require us to identify and verify the identity of supporters who make major gifts so we can assess any risks associated with accepting their donations.
• To report back to our funders and partners where required.

If you do not provide this information, we may not be able to process your donation, sign you up for a particular event or provide services you have requested.

Where permitted we may also use your personal information:
• To contact you about our work and how you can support CAfS (see section 8 on ‘Marketing’ below for further information).
• To inform you of events and services that may be of interest to you
• To carry out targeted fundraising activities

4. Profiling: making our work more unique to you

We want to improve how we talk to you and the information we provide through our website, services, products and information. To do this we sometimes use profiling and screening methods so that we can better understand our supporters, your preferences and needs to provide a better experience for you. For example, we might send you details about an event we think you’d be interested in, based on CAfS events you’ve been to in the past – if you’ve given us permission to do so when you signed up for our newsletters.

We may carry out targeted fundraising activities using profiling techniques based on the information that we hold about you – for example, the length of time you’ve been a supporter of CAfS or whether you’ve donated to CAfS in the past.

We do not use any third-party services to acquire additional information about you.

5. Legal basis for using your information

In some cases, we will only use your personal information where we have your consent or because we need to use it in order to fulfil a contract with you.

However, there are other lawful reasons that allow us to process your personal information and one of those is called ‘legitimate interests’. This means that the reason that we are processing information is because there is a legitimate interest for CAfS to process your information to provide you with a service.

Whenever we process your personal information under the ‘legitimate interest’ lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.

6. Marketing

We will only contact you about our work and how you can support CAfS by email, phone or letter if you have given us permission to contact you in this way.

You can update your choices by clicking on the ‘Update Profile’ link at the bottom of our email newsletters, or if you’d like us to stop sending you these communications, click the unsubscribe link.

7. Sharing your Information

The personal information we collect about you will mainly be used by our staff (and volunteers) at CAfS so that they can support you.
Where we are the Data Controller, we will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.

CAfS may however share your information with our trusted partners and suppliers who work with us on or on our behalf to deliver our services, but processing of this information is always carried out under our instruction. We make sure that they store the data securely, delete it when they no longer need it and never use it for any other purposes.

We enter into agreements with these service providers that require them to comply with Data Protection Laws and ensure that they have appropriate controls in place to secure your information.

We currently use:

CarbonLite IT Solutions (IT support and maintenance)
PHD Computer Consultants Ltd (Website and CRM support)
Bytemark (Webserver hosting)
Wordpress (Website software)
CiviCRM (Customer Relationship Management software)
Cumbria CVS (Independent Examiners)
Unity Trust (Banking)
Connexions Group (Telecoms and broadband provider)
Accend Consulting (Project support)
BrightPay (Payroll processing software & support)
Quickbooks (Finance processing software & support)
The Books Accountants Ltd (Accountancy Support)
Paypal (Payment provider)
Microsoft (Email and diary hosting)
Acton Jennings (HR support)
Various local contractors – you will be advised when appointments are made (Home Energy Visits and Energy Audits)
Various local contractors – you will be advised when appointments are made (Installation of energy measures and draughtproofing)

Where we are contracted to do work for another organisation

When we act under instruction from another organisation we are the Data Processor. In these cases there will be a contract in place which will tell us what to do with the information and you will be given a different privacy notice by them which will tell you about it. Your rights are unlikely to be affected if your information is used in this way.

Legal disclosure

We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority).

8. Keeping your information safe

We take looking after your information very seriously. We’ve implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.

We only transfer data outside of the EEA if it is to
• A country considered to have adequate data protection legislation as decided by the European Commission
• An organisation which is registered on the EU-US Privacy Shield Framework

Unfortunately the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site.

Our websites may contain links to other sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites. Please be aware that advertisers or websites that have links on our site may collect personally identifiable information about you. This privacy statement does not cover the information practices of those websites or advertisers.

Any debit or credit card details which we receive are passed securely to Quickbooks (our accountancy provider) and Unity Trust Bank (our payment processing partner), according to the Payment Card Industry Security Standards. We also use trusted partners Paypal and Eventbrite for some transactions, and they also adhere to these standards.

9. How long we hold your information for

We only keep it as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations (for example, the collection of Gift Aid). More details can be found in our Retention Policy.

10. Your rights

You have various rights in respect of the personal information we hold about you – these are set out in more detail below. If you wish to exercise any of these rights or make a complaint, you can do so by first contacting our office at Eden Rural Foyer, Old London Road, Penrith and by phone on 01768 210276. If you feel we do not adequately resolve your complaint, you can also make a complaint to the data protection supervisory authority, the Information Commissioner’s Office, https://ico.org.uk/

• Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge by getting in touch.
• Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
• Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
• Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
• Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
• Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
• Profiling: You can ask us not to use your data to profile you.
• Automated-decision making: CAfS does not currently use any of your personal data to make automated decisions.

Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request.

11. Cookies

‘Cookie’ is a name for a small file, usually of letters and numbers, which is downloaded onto your device, like your computer, mobile phone or tablet when you visit a website.
They let websites recognise your device, so that the sites can work more effectively, and also gather information about how you use the site. A cookie, by itself, can’t be used to identify you.

How do we use cookies?

We use cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you come to our website and also allows us to improve the user experience.

The cookies we use

We use the categorisation set out by the International Chamber of Commerce in their UK Cookie Guide.

We use all four categories of cookies:

• ‘Strictly necessary’ cookies are essential for you to move around our website and to use its features, like your account.
• ‘Performance’ cookies collect anonymous information about how you use our site, like which pages are visited most.
• ‘Functionality’ cookies collect anonymous information that remember choices you make to improve your experience, like your text size or location. They may also be used to provide services you have asked for such as watching a video or commenting on a blog.
• ‘Targeting or advertising’ cookies collect information about your browsing habits in order to make advertising relevant to you and your interests. As such if you visit the CAfS website you may then be more likely to see adverts about CAfS’ work on other websites as your browsing suggests that this is an area of interest.

No cookies, please

You can opt out of all our cookies (except the strictly necessary ones). Find out how to control and delete cookies in your browser.

But, if you choose to refuse all cookies, our website may not function for you as we would like it to.

If you have any questions about how we use cookies, please contact us.

 

Version: 1.0
24/09/19