1. Who is this privacy notice from?
This notice is from South African Youth Education for Sustainability (SAYes). Throughout this notice ‘we’ and ‘us’ means South African Youth Education for Sustainability (SAYes). South African Youth Education for Sustainability (SAYes) is represented in the UK by South African Youth Education for Sustainability (SAYes) Ltd, registered charity number is 1127701 and South African Youth Education for Sustainability (SAYes) Trust in South Africa, registration no. IT 2774/2010.
2. What is this notice about?
SAYes is committed to protecting your privacy. This notice explains how we use and store the personal information you provide to us.
3. What personal data do we hold about you?
Personal information is information that can be used to identify you.
As a charity with you as a supporter we are likely to hold your name, date of birth, email address, postal address, telephone number, mobile telephone number, fax number, bank account details, credit/debit card details and whether you are a UK tax payer.
Whether you are a UK tax payer is relevant to us so that we can claim Gift Aid (please rest assured we do not collect information about your actual tax payments, just whether you are a tax payer). Gift aid allows us to reclaim 25% of your donation from HMRC, if you are a UK tax payer, at no cost to yourself.
We may collect information and photographs of you, for example if you willingly tell us about your experiences (for example, if you mentor for us). Where you provide this information we may want to use this in our communications including PR and media activity, digital and social media, campaigning, fundraising materials and internal communications. We would never use your story without obtaining your explicit consent first and we will fully explain how we would like to use your information, so that we may obtain your fully-informed consent.
Credit, Debit card payment information
If you use your credit or debit card to donate to us, buy something or pay online, we will ensure that this is done securely and in accordance with the Payment Card Industry (PCI) Data Security Standard (DSS). Find out more information about PCI DSS standards by visiting their website at www.pcisecuritystandards.org.
We do not store your credit or debit card details at all, following the completion of your transaction. All card details and validation codes are securely destroyed once the payment or donation has been processed. Only those staff authorised to process payments will be able to see your card details. If we receive an e-mail containing any credit or debit card details, it will be immediately deleted, no payment will be taken and you will be notified about this.
Our payment providers include Stripe, PayPal, SnapScan, Virgin Media and GivenGain, and they store card details in line with their privacy notices and will not share your data with us. We do not take card payments over the phone.
4. Where do we obtain your personal data?
We collect personal information which is provided to us via phone, mobile, email, letter, online or any other correspondence and store this on a customer relationship management system which is only accessible to us, we will never buy or sell this information. We collect personal information about you when you provide it to us including when you sign up for our newsletter, make a donation to us, register for an event, or contact us.
We also collect data via third-party platforms Mailchimp, Stripe, PayPal, SnapScan, Virgin Media, GivenGain, GlobalGiving, SurveyMonkey, Simply Book Me, Office 365 and Fundraise Up, as well as through our social media channels – Facebook, YouTube, Twitter and Instagram.
5. What is the legal basis for us using your data?
We will only use your information where we have a legal basis to do so in line with the General Data Protection Regulation (GDPR) and we will always respect your rights, which are explained in section 14 below. Where we use your information, it will be because you have either:
1. Consented to us doing so
2. Because we consider we have a legitimate interest to do so. Where we do rely on a legitimate interest to use your information, we will always ensure that this is done in a way so as not to be intrusive or cause distress, and that respects your rights.
Here are some examples of what we consider to be a legitimate interest:
• You have made a donation to us in the past 2 years and have not expressed a desire to not be contacted again.
• We are directly replying to contact you have made with us.
• You have volunteered or fundraised for us in the past 2 years and have not expressed a desire to not be contacted again.
• We believe that in your role as a trustee/ambassador or professional capacity our work is of interest to you.
• As required by the terms and conditions for a given activity.
3. Because we have a legal obligation to do so
For example, we are legally required to provide your data to HMRC if you have agreed to us claiming Gift Aid on your behalf.
6. Why do we collect and use your personal information
We collect and use your personal information to keep in touch with you about the vital work we do for children in social care in South Africa and the UK, our fundraising appeals and opportunities to support us and make sure our supporters are appropriately recognised. This includes:
• To contacting you to invite you to events.
• To contact you to tell you about our fundraising appeals and ask for support.
• To ensure we have records of your past support and can thank you appropriately for this and make sure we always manage our relationships with you in the way you wish and expect.
• To manage our ongoing relationship with our supporters and anyone we work with.
• To manage our financial transactions and prevent fraud.
7. How do we use your personal information?
7.1 To send you electronic marketing communications by email, mobile messaging, or direct message on social media or where we have legitimate interest to do so.
Or where you have provided an email, mobile number and consented to being contacted in this way, we will send you information by those channels. Covering ways to give or raise money for us, to campaign for us, to volunteer for us, updates on health information, on our research on our wider work. Where we have legitimate interest to contact you via social media we will send information on the above.
7.2 To contact you by phone and post
Where it is appropriate and relevant, and you have provided us with a telephone number or a postal address, we will occasionally call or write to you to tell you about ways to give or raise money for us, to campaign for us, to volunteer for us, updates on health information, on our research and on our wider work. We will not contact you by phone for marketing purposes if your number is registered with the Telephone Preference Service or Corporate Telephone Preference Service, unless you have agreed to receive calls from us.
7.3 To manage your contact preferences
You can tell us to stop contacting you, or change the way in which we do so, by getting in touch with us using the details in section 13. We will keep a record of any requests to stop receiving marketing from us to ensure that we do not communicate with you in the future, unless you tell us you want to hear from us again.
7.4 To make sure we speak to you in a way that is relevant to you, and to understand our supporters more broadly, we try to ensure that our communications are as affective as possible so that we make the best use of the money we spend on them. This means communicating with people in different ways, appropriate to them.
On occasion, we will use information you have given us directly, for example the record of your previous donations to us and the type of activity you have been involved with, to tailor our communications with you about future activities. We will also use information about how you use our website or interact with our emails so we can make them more effective.
In certain circumstances we will use information about you from publicly available sources such as online registries, websites, media or social media, or personal introductions in order to understand more about your interests and preferences so that we can better tailor our communications – telling you about the things you are likely to be interested in or letting you know of ways to fundraise with us which is relevant to you. We may do this by looking at your career information, peer networks, demographic information, hobbies and interests or other information.
We will analyse data from our database so that we can understand our supporters. For example, we use systems such as Mosaic to create supporter categories within our database based on postcodes and we will, where appropriate, store this information on your record. We will also use broad demographic information such as statistics and analysis from third parties to better understand how our own supporter base compares to the general population. This helps us to decide who to send our communications to and is useful to ensure the communications you receive are relevant to you.
If you would prefer we didn’t use your information in this way, then you have the right to tell us to stop and can do so by getting in touch with us using the details in section 13.
7.5 To use any images, videos of, or other information you tell us about something you have done for SAYes.
If you share information about the fundraising or campaigning activities you have done for us, or your personal experiences, by post, email or over social media, we may want to use this to help us promote our events and activities in the future. We will obtain explicit consent to use this information.
8. Sharing your data
We will not sell your information.
We may disclose your personal information to third parties if we are required to do so through a legal obligation (for example to a competent authority such as the police or a government body) or as required by the terms and conditions for a given activity.
We will never share your information with third parties for their own purposes, unless this is explained to you at the time we collect your information, you give us explicit consent to, or we are legally required to do so. For example, we are legally required to provide your data to HMRC if you have agreed to us claiming Gift Aid on your behalf.
We also use suppliers known as ‘data processors’ to process data on our behalf, for example, to send out mailings. When enlisting the services of such suppliers we ensure that they are under a contractual obligation to only use your information in accordance with our instructions and for no other purposes.
We do not share your information for any other purposes. The categories of data processor we use are:
9. How do we keep your data accurate?
We aim to ensure that all information we hold about you is accurate and, where necessary, kept up to date. If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware, we will ensure it is amended and updated as soon as possible. You have rights under data protection law to have inaccurate personal data corrected and incomplete data completed. For more details about your rights please see section 13.
10. Children’s privacy
If you are aged 16 or under, and would like to participate in an event, make a donation or get involved with us, please make sure that we have a record of the parent/guardian’s explicit consent. When we collect information about a child or young person, we will make it clear as to the reasons for collecting this information and how it will be used. If you are a parent/guardian, please provide explicit contact by emailing us at email@example.com.
We recognise the importance of protecting our vulnerable supporters and follow the guidance issued by the Institute of Fundraising on treating donors fairly. We believe this helps to support our staff and fundraisers who come into contact with supporters in providing high quality customer care, ensuring anyone donating to the charity is in a position to make a free and informed decision.
For more guidance please consult the Institute of Fundraising’s website www.institute-of-fundraising.org.uk.
12. Storing your data and keeping it safe
We will keep your information for as long as required to enable us to operate our services but we will not keep your information for any longer than is necessary. We will take into consideration our legal obligations and tax and accounting statutory retention periods when determining how long we should retain your information. When we no longer need to retain your information we will ensure it is securely disposed of, at the appropriate time.
When storing data we will take such measures as are appropriate to ensure the confidentiality, integrity and availability of systems, which are regularly independently tested and reviewed.
The data we collect from you is stored within the third party platforms we use. These include Mailchimp, Stripe, PayPal, SnapScan, Virgin Media, GivenGain, GlobalGiving and Fundraise Up and as such are covered by their individual terms and privacy policies.
13. Your rights
You have the right to:
• Request a copy of the information we hold about you;
• Update or amend the information we hold about you if it is wrong;
• Change your communication preferences at any time;
• Ask us to remove your personal information from our records;
• Object to the processing of your information for marketing purposes; or
• Raise a concern or complaint about the way in which your information is being used;
• Restrict processing in certain circumstances.
Specifically under the General Data Protection Regulation (GDPR) you have the following rights:
Right to be Informed – the right to receive the information contained in this policy and our data collection forms about the way we process your personal data.
Right to Access – the right to know that we are processing your personal data and, in most circumstances, to have a copy of the personal data of yours that we hold. You can also ask for certain other details such as what purpose we process your data for and how long we hold it.
Right to Rectification – You have the right to request that we correct inaccurate data or complete incomplete data that we hold on you.
Right to Erase – Known as the Right to be forgotten. In certain circumstances you may request that we erase your personal data held by us.
Right of Restriction – You have the right to restrict the way we process your personal data in certain circumstances, for example if: you contest the accuracy of the data, if our processing is unlawful, to pursue legal claims, where we are relying on legitimate interests to process data.
Right to Object Right – You have the right to object to us processing your data for (i) direct marketing purposes (ii) scientific or historical research or statistical purposes and (iii) purposes of profiling related to direct marketing or based on our legitimate interests or on the performance of a task in the public interest.
Right to Portability – you have the right to receive a copy of certain personal data or to have it transferred to another organisation in some circumstances.
Right to Withdraw Consent at any time – Where we use your personal information based on your prior consent, such as information about your health, or where you have given us permission to send you marketing communications by email, mobile messaging and by direct message on social media, you can withdraw your consent at any time by contacting us.
If you wish to find out more about these rights, or obtain a copy of the information we hold about you, please visit the Information Commissioner’s Office (ICO) website www.ico.org.uk or contact the charity at firstname.lastname@example.org.
14. Changes to this privacy notice
This policy replaces all previous versions and is correct as of June 2021. We will regularly review and update this Privacy Notice and will update, modify, add or remove sections at our discretion.
15. Do you have any questions?
If you have any questions or queries about this Privacy Notice, please contact the charity at email@example.com.