All services

Thames Reach Privacy Policy

 

Introduction

The purpose of this privacy policy is to set out how Thames Reach obtains, stores and uses your personal information when you access our website, www.thamesreach.org.uk, or when we collect your personal information in other ways

Our commitment to you

We appreciate very much the relationships that we have with our supporters, donors and the people who are interested in our work and we are certain that, by respecting your rights relating to data protection, we can further enhance our relationship with you.

We will ensure that your personal data is:

– Processed lawfully, fairly and in a transparent manner
– Collected for specified, explicit and legitimate purposes
– Adequate, relevant and limited to what is necessary
– Accurate and current
– Kept for no longer than is necessary
– Processed in a manner that ensures appropriate security of your personal data

Thames Reach is committed to protecting your rights and freedoms and fully complying with the principles of data protection detailed in the EU General Data Protection Regulations, which come into force in May 2018.

Data Controller

Thames Reach is a ‘Data Controller’, as defined in the General Data Protection Regulations, and is responsible for your personal data.

If you have any questions about this notice, including any requests to exercise your legal rights, please contact us using the details set out below:

Contact details

Our full contact details are:

Name: Thames Reach Charity Limited
Registered office: The Employment Academy, 29 Peckham Road, London, SE5 8UA
Charity number: 1166311
Company number: 10098652
Email address: datacontroller@thamesreach.org.uk
Telephone number: 020 3664 9551

Whose data do we collect?

This privacy policy relates to the data we collect from people who:

– visit our website
– subscribe to our newsletter
– make a donation
– apply to work with Thames Reach
– visit our projects or services
– attend our events
– or support us in other ways

It also applies to people who ask us to provide them with a support service, such as housing, skills development, volunteering or employment.

In order for us to ensure the personal data we hold about you is accurate and current, please notify us of any changes to your personal details.

How we collect or obtain personal information about you

We collect personal information about you as and when you provide it to us, such as when you use our website, when you make a donation to support our work or when you apply for assistance through our projects and services.

We may also receive information about you from third parties such as digital fundraising platforms (Just Giving, My Donate when you create a fundraising page), corporate partnerships, or affiliates of the charity.

We assure you that we do not purchase mailing lists or use any other form of mass-marketing data.

We also collect information about your use of the Thames Reach website through cookies. Our cookies page sets out how we use cookies and similar technologies to collect information about you. You can find out more about our use of cookies here.

How we use your data

We need to collect certain types of personal data as part of our legitimate business activities but we will only use your personal data as the law allows us to. We will not collect any more personal data from you than we need nor use your personal data for any purpose other than that for which we originally collected it.

Most commonly, we will use your personal data in the following circumstances:

– Where you ask us to do something for you, such as send you information or provide you with a service and we need to use your personal information to do so. This constitutes a Contract that we have entered into with you.
– Where we make a decision to use your data for general administrative purposes, for example keeping a record of our communication history or your attendance at one of our events, or confirming receipt of a donation. It is in our Legitimate Interest to keep accurate records and provide you with a good customer service.
– Where there is a legal requirement to process your personal data, for example, the requirement to keep financial records for a period of six years, this is in compliance with a Legal Obligation.
– Occasionally we will send marketing information to people who aren’t currently on our mailing list, for example friends of friends or personal recommendations. We believe that it is in our Legitimate Interest to approach potential new supporters but will only do this by post and no more than once a year. It is your right to object to this type of communication or ask us to remove your details from our mailing list if you would prefer not to receive such correspondence from us.
– Thames Reach will use your contact data to provide you with information about our services, news and events that we think may interest you. We will only do this where you have given us clear and unambiguous Consent.

We understand that ‘Direct Marketing’ can be very upsetting for some people, and so will only send you marketing information where you have consented or where we think you would reasonably expect to receive it from us. Whenever we send you marketing materials, we will always make clear how you can ask us to stop providing this type of information.

The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), sits alongside the General Data Protection Regulations and sets out more-specific privacy rights governing the use of electronic communications. Where we are communicating with current or new supporters by telephone or email, we will only do so with your explicit Consent.

Children’s data

We recognise that some young people under the age of 18 choose to fundraise for vulnerable people experiencing homelessness. We will never pro-actively market ourselves to anyone under the age of 18 and will not process their data without the explicit consent of a parent or guardian.

People who apply to work for Thames Reach

Thames Reach will collect and store certain information about you when you apply to work for us. This information will be accessed through the recruitment process, mostly information that you provide but some will come from third parties.

We will collect:
– your name, address and contact details, including email address and telephone number, date of birth and gender
– your work and education history and experience
– references
– information about your nationality and entitlement to work in the UK
– information about your criminal record
– equal opportunities monitoring information, including your ethnic origin, sexual orientation, history of homelessness, health and religion or belief.

We collect this information in a variety of ways. For example, through your application form, CV, identity documents such as your driving licence, health and criminal record declaration, from general correspondence with you and through interviews and other assessments.

We seek information from third parties such as previous employers and referees and the Disclosure and Barring Service (DBS). We will only seek this information with your explicit and unambiguous Consent.

In some cases, Thames Reach will process data to ensure that it is complying with its Legal Obligations. For example, entitlement to work in the UK and Equal Opportunities.

Thames Reach has a Legitimate Interest in processing certain data for other purposes, for example safeguarding and general administration. For certain roles within Thames Reach, we will seek a criminal records checks from the DBS, we will also keep information following the recruitment process to provide feedback and in case of a dispute.

Some special categories of personal data, such as information about ethnicity, race, health or medical conditions, is processed for the purposes of equal opportunities monitoring.

Your information will be stored on our HR database, which is currently hosted in the UK, and only shared within the Human Recourses team and the recruitment panel until such time as you are offered a position.

If you become an employee of Thames Reach, we will hold your personal data for the duration of your employment or in compliance with statutory retention periods. If your application is unsuccessful, we will hold your information for six months.

For more information on how we process employee data, please click here.

Profiling

Thames Reach tries to identify the personal preferences of its donors and supporters to help us select the particular type of information that we think will be of interest to you. Personal preferences are ascertained by both a review of our previous contact with you and a preference questionnaire that we will ask you to complete. All profiling undertaken by Thames Reach is carried out manually by our fundraising staff. No automated profiling is ever undertaken.

Sharing your data

There are some circumstances where we share your personal data with a third party, for instance, registering you for a challenge event with the event organiser or claiming Gift Aid from HMRC. We will never share your data with a third party in a way that you wouldn’t reasonably expect and never without your explicit Consent.

Thames Reach will never sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

Storing your data

The information that you give us via our website when you make a donation or fill out a volunteer application form will be stored on the website, which is hosted by Pantheon Platform Solutions in the United States.

Your personal information will also be stored on a secure supporter database called eTapestry, which is provided by Blackbaud Europe Limited and is also hosted in the United States.

When we transfer your data outside the EU/UK, we ensure that your data is processed only in countries that provide an adequate level of protection for your data or where the recipient provides appropriate safeguards. As a Data Controller, we require all of the Data Processors that process data on our behalf to agree to our data protection standards.

Data retention

We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, any legal requirement, the purposes for which we process your personal data and whether we can achieve those purposes through other means.

By law we have to keep basic information about financial transactions for six years.

Your legal rights

Thames Reach recognises that your personal data belongs to you and we would not wish to use it in ways that you wouldn’t want us to. Under the General Data Protection regulations, you can exercise a variety of rights regarding our use of your data:

– You can ask us to tell you what information we hold about you
– You can ask us to correct any incorrect data we have about you.
– You can ask us to delete your data
– You can ask us to provide you with a copy of your data in a common, machine-readable format
– You can object to any processing we do on the basis of legitimate interests

For more information on your rights, please click here

Should you wish to talk to us about the information we are holding or how we process your data, please feel free to contact us at datacontroller@thamesreach.org.uk or on 020 3664 9551.

If you remain dissatisfied with the way we are processing your data, you have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect about you.

We will notify you and any applicable regulator of a breach where we are legally required to do so.

Links to other websites

The Thames Reach website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over the other website. Therefore, we are not responsible for the protection and privacy of any information you provide whilst visiting external websites and such websites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to an individual website in question.

Updates to Privacy Policy

This privacy policy may be updated from time to time to reflect changes in legislation and good practice, we recommend you check this page regularly to ensure that you remain satisfied with our ongoing approach to data protection.