1. Policy Statement
1.1 Steps Charity Worldwide (hereinafter referred to as ‘Steps’) is committed to protecting your personal data, whether you are a supporter of our cause, or a volunteer. In order to protect your data, please read this policy carefully. This will help you understand how we collect, use and store your personal data. 1.2 Steps is a registered UK charity; registration number 1094343. We are also registered with the Information Commissioners Office. If you have any questions regarding this policy, please feel free to contact our Operations and Governance Officer: By telephone: 01925 750 271 By Email: firstname.lastname@example.org In writing: The White House, Wilderspool Business Park, Greenalls Avenue, Warrington, WA4 6HL 1.3 This policy takes into account the following legislation:
- The Data Protection Act 2018 and GDPR 16 EU GDPR 2016/679 (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC)
- The Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011
- Directive 2009/136/EC of 25 November 2009 (“The European Union Cookie Directive”).
2.1 Steps reserves the right to amend this privacy statement at any time. You are advised to visit our website section periodically in order to keep up to date with any changes that may be implemented in accordance with changes in the law.
4.1 How we collect information
4.1.1 We may collect information about you whenever you interact with us. For example, when you contact Steps regarding our events and activities, register as a donor or volunteer, send or receive information, engage with our social media or make a donation to us, you are specifically and knowingly providing us with your personal information.
4.1.2 In addition, we collect aggregated or anonymous information about the services you use and how you use them for example, when you visit our website, view our marketing materials, respond to our adverts and interact with us via social media. We may also receive information about you from third parties – for example, where you’ve given them permission to share your information or where we gather information from publicly available sources which we discuss below.
4.2 What information we collect
4.2.1 We may collect names, addresses, email addresses, telephone numbers for setting up a regular direct debit (if this is what you ask us to do) and, where appropriate, dates of birth when you interact with us, only with your permission.
4.2.2 For grants and funding purposes, we also collect the service users name and address, parent/guardian name and address, dates of birth, email addresses, telephone numbers and medical references; in order to process and validate our services to you as required for regulatory and monitoring purposes.
4.3 How we use your information
4.3.1 We may use your information in several ways for various purposes which may include:
- To provide you with information or services that you have requested from us or that we feel may be of interest to you where you have consented to being contacted;
- To provide you with information about our work or our activities where you have agreed to receive communications from us;
- To invite you to participate in interactive features on our website;
- To process donations, we may receive from you;
- To fundraise in accordance with our internal policies and procedures;
- For administrative purposes (for example, we may contact you regarding an event for which you have registered, to provide marketing information that you have requested from us or to address a query regarding a donation you may have made);
- For internal record keeping relating to your donations, feedback or even complaints;
- To invite you to participate in voluntary surveys or research;
- To contact you where you have been identified as a contact person for an organisation, such as a school (if we obtain your contact details in this way, we will only use them to contact you in your capacity as a representative of that organisation);
- To analyse and improve our website;
- To analyse the personal information we collect about you and use publicly available information to better understand your interests, preferences and level of potential donations so that we can contact you in the most appropriate way and to ensure that we do not send you unwanted communications;
- To tailor advertising that is presented to you on the Internet according to your interests, preferences and other characteristics;
- To direct advertisements and other communications to other people who may have similar interests or other characteristics to yours;
- To assess your personal information for the purposes of credit risk and security or fraud prevention; and;
- Where it is required or authorised by law.
4.3.2 We may contact you for marketing purposes by email or text message if you have specifically provided us with your consent allowing us to contact you in this way. We may also send you acknowledgement communications via email or text, for example where you request services on our website, or where you have donated by text.
4.3.3 We may send you information about our work by direct mail or telephone if you have specifically provided us with your consent allowing us to contact you in this way; and only if you have provided us with your postal address or telephone number.
4.3.4 It is up to you to choose how you hear from us therefore you must express this by indicating your consent for us to contact you in the methods you prefer. It is only with your express consent that we can use your personal data for marketing purposes as we have outlined above. Please tick the relevant boxes on our forms such as our donor forms, our website when you make a donation, any of our marketing literature and materials; and any other direct communication we may have with you such as face-to-face, via emails or over the telephone.
4.3.5 You can also update or change any of your marketing preferences at any time (including telling us that you don’t want us to contact you for marketing purposes) by:
- Indicating that you do not wish to receive our marketing emails by clicking the ‘unsubscribe’ link at the end of our marketing emails;
- Asking us to stop sending you marketing texts by sending us an “opt-out” text message, following the instructions we provide you in our initial text; or
- By telephone: 01925 750 271
- By Email: email@example.com
- In writing: The White House, Wilderspool Business Park, Greenalls Avenue, Warrington, WA4 6HL
4.3.6 If you have told us that you do not wish to be contacted for marketing purposes, we will maintain your details on a suppression list to help ensure that we do not continue to contact you.
5. How we disclose the information we have collected to outside parties
5.1 Steps may provide your information to service providers that we use. Subject to your communication preferences and our internal policies and procedures, this would include providing your information to third parties that work with us to help deliver on our charitable purpose, other volunteers or entities that act as fundraisers for Steps, sell products in aid of fundraising, or provide information and marketing on our behalf.
5.2 Where you have agreed to receive emails from us, we may provide your email address to social media or other similar companies in an encrypted format in order to tailor relevant advertising to you on those social media platforms and other websites, as well as identify audiences with interests similar to yours.
5.3 We enter into contracts with all service providers that require them to in order to comply with data protection laws and to ensure that the service providers have appropriate controls in place to protect the security of the information that you provide.
5.4 We will never sell your details onto third parties and will only share your details (who are not service providers working at our direction) if you ask us to.
5.5 We will not make cold telephone calls to members of the general public; therefore, we will not purchase your data in order to do so.
5.6 We may disclose your personal information if we are requested or required to do so by a regulator or law enforcement or in order to enforce or apply our rights (including in relation to our website or other applicable terms and conditions) or to protect Steps (for example in cases of suspected fraud or defamation, or in order to comply with any other applicable legal obligation.
6. How we protect your personal information
6.1 Steps take the appropriate physical, electronic and managerial measures to ensure that we keep your information secure, accurate and up to date. We will only retain your information for as long as it is reasonable and necessary and in accordance with our record retention policy
6.2 Whilst we use appropriate security measures, once we receive your personal information the transmission of information over the internet is never completely secure. At Steps we do our best to protect personal information, but we cannot guarantee the security of information transmitted to our website, so any transmission is at the user’s own risk. However, any payment card details (such as credit or debit cards) we receive on our website are passed securely to our payment processing provider in accordance with the Payment Card Industry Security Standards.
7. Job or volunteer applicants and current/former employees
7.1 If you apply for a job or volunteer opportunity at Steps, we will only use the information you give us to process your application and to monitor recruitment statistics. If we want to disclose information to someone outside of our organisation, for example, if we need a reference, plan to use an external supplier to run background checks or need to get a ‘disclosure’ from the Disclosure and Barring Service (DBS) – we will make sure we tell you beforehand, unless we are required to disclose this information by law.
7.2 We may also collect information so that we can assess your suitability for the role.
7.3 If you are unsuccessful in your job application, we will hold your personal information for 6 months only. After this time and only if we have finished recruiting for the post you applied for, then we will destroy or delete your information.
7.4 If you are successful, we will put together a personnel file about your employment or working relationship with us. The information in this file will be kept secure and we will only use it for matters that apply directly to your employment with us at Steps.
7.5 When your employment ceases or if you choose to leave Steps, we will keep your file in accordance with our record retention policy. You can contact us to find out more about this.
8. Your credit or debit card information
8.1 If you use your credit or debit card to donate funds to Steps, you will be directed to our secure payment processing partners PayPal, who will process your payment in accordance with the Payment Card Industry Security Standards. We do not store your card details or any personal details on our website.
9. Can you gain access to your personal information?
9.1 You are entitled to request a copy of the personal information Steps have in relation to you which is kept on our internal database created and accessed only by appointed staff members or service providers. You must do so in writing:
- By email: firstname.lastname@example.org
- By post: The White House, Wilderspool Business Park, Greenalls Avenue, Warrington, WA4 6HL
10. How to update your information or change your marketing preferences
10.1 If you want to update the information Steps hold for you, or you think any information we have about you is incorrect or incomplete, please get in touch as soon as possible. The same details should be used if you want to remove your details from our marketing mailing lists or to change your marketing preferences.
11. Children’s data
11.1 When you register with Steps, you are stating that you are 18 years of age or over, or that you are a minor under the care of a parent/guardian who is authorised to provide your data in order to gain the benefit of our services.
11.2 By registering, parents/guardians agree to provide information to us about the child who is receiving our services, that is true and correct at any time.
11.3 Any data we receive to enable us to support yours or your child’s needs will be held for a maximum of 3 years, after which time, all data will destroyed as it will have served its purpose.
12.1 We cannot be held responsible for the privacy of data collected by websites not owned or managed by Steps. This includes those linked through our website.
13.1 Emails aren’t always secure, and they may be intercepted or changed after they’ve been sent. Steps do not accept any liability if this happens. The contents of any emails exchanged reflect their author’s views and not necessarily those of Steps.
13.2 We would ask that you do not send any financial data via email. The information in emails is confidential, so if you’ve received one by mistake, please delete it without copying, using, or telling anyone about its contents.
14. COOKIES POLICY
14.1 Steps use “Cookies” on our website, as almost all websites do; in order to help us to provide you with the best experience we can.
15. What are Cookies?
- Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. They are then sent back to the originating website for Steps on each subsequent visit, or to another website that recognises that cookie.
16. Categories of Cookies we use
16.1 Cookies may be either ‘session cookies’ or ‘persistent cookies’. Your computer automatically removes session cookies once you close your browser. Persistent cookies will survive on your computer until an expiry date specified in the cookie itself, is reached. At Steps we use both session and persistent cookies.
16.2 We also use the following type of Cookies:
- Strictly necessary cookies: These cookies are essential for the user to move around the website and to use its features;
- Performance cookies: These cookies collect information about how the user makes use of the site, e.g. which pages the user visits most. These cookies do not collect information that identifies the user.
- Functionality cookies: These cookies remember choices made by the user and enhance the features, e.g. language or users location. This cookie is also used to remember a user’s preferences for a font size, or customisable parts of a web page.
17. What information we collect
17.1 We may collect some, or all, of this information when you visit our website, depending on how you use it. We monitor how people use our website so we can improve it. We collect this information anonymously. However, you can use our website anonymously without giving us any information. If you visit our website, we may record information about:
- the areas of the website you visit;
- the amount of time you spend on the site;
- whether you are new to the site, or have visited it before;
- how you came to our website – for example, through an email link or a search engine
- the type of device and browser you use; and
- how you use the website and the quality of your experience – for example we may track your bandwidth when viewing videos.
18. What we do
18.2 We do measure the success of the emails we send (although not through cookies), so we know what subject lines and stories people liked the most. We receive this information anonymously and we do not share it.
- collect any personally identifiable information (without your express permission);
- collect any sensitive information (without your express permission);
- pass your data onto advertising networks;
- pass personally identifiable data to third parties; or
- pay sales commissions.
19.1 Most web browsers automatically accept cookies, but if you prefer, you should be able to change your browser to prevent that. You should read the information that came with your browser software to see how you can set up your browser to notify you when you receive a Cookie. This should then give you the opportunity to decide whether to accept it. However, you may not be able to take full advantage of a website if you do so.
19.2 Please note that cookies are specific to the server that created them and cannot be accessed by other servers, which means they cannot be used to track your movements around the web. If you do not change your browser settings and continue to use our websites, Steps will infer that you have consented to us using cookies for the purposes set out below.
19.3 There is no way to prevent these cookies being sent other than to not use our site.
20. How to turn cookies off
20.1 You can usually switch cookies off by adjusting your browser settings to stop it from accepting cookies (Learn how here). In doing so however, you will likely limit the functionality of ours and a large proportion of the world’s websites as cookies are a standard part of most modern websites.
21. Anonymous visitor statistics cookies
- This policy will be reviewed annually, and updated where necessary, in line with legislative and regulatory changes.
- As at point 2.1 above, Steps reserves the right to amend this privacy statement at any time therefore you are advised to visit our website often in order to keep up to date with any changes that may have been implemented in accordance with necessary changes.