How this policy applies
Protecting your privacy is important to us. At all times, we aim to respect and safeguard any personal information that you may share with us and to process this data fairly and lawfully in accordance with the Data Protection Act 2018 and the General Data Protection Regulations (GDPR) which came into force at the end of May 2018.
This Privacy Notice (Notice) explains what information we collect from you, how we use that information and our legal basis for doing so. It also covers whether and how that information may be shared and your rights and choices regarding the information you provide to us. By choosing to share your personal data with us and using the services offered by Frazzled Cafe, you are acknowledging that you have understood and agreed to the terms of this Notice.
If you have any questions about this Notice, please contact us via the “Contact us” section on our website (www.frazzledcafe.org/contact)
When and how we collect your data
In order to fulfil our charitable objectives, and provide the best experience that we can when you interact with us we may collect information from you in various ways including:
When you interact with us directly:
This could be if you sign up to our mailing list, register to attend a Frazzled Cafe meeting, make a donation to us, apply for a job or volunteering opportunity or otherwise provide us with your personal information.
When you interact with us via online platforms that we use to fulfil our charitable objectives; including our website and a small number of trusted and secure third-party services that we use for managing event bookings and capturing data via online forms and surveys:
We gather general information which might include which pages on our website you visit most often, and which pages you visit when you click on links in emails from us. Some platforms may also collect technical information such as the internet protocol (IP) address used to connect your computer to the internet and time zone setting. There are more details below – see ‘Cookies & usage tracking’.
When you interact with us via third parties:
This could be if you provide a donation through a third party such as KindLink or interact with us through social media and provide your consent for your personal information to be shared with us.
When it is available publicly:
Your personal information may be available to us from external publicly available sources. For example, listed directorships, information from the electoral roll and press reports – we may obtain this personal information, for example, when undertaking due diligence on potential donors or fundraising partners to ensure they align with our mission and values.
We may combine your personal information from one or more of these sources for the purposes set out in this Notice.
We endeavour to ensure that the information we hold is accurate and, where necessary, kept up to date. If you wish to access, update or request deletion of your personal information we will ensure that such requests are always acted on in a timely and appropriate way.
Personal data that we process
Personal data that we collect includes details such as your name, email address, payment information (if you are making a donation or purchase) and information that you provide in any communications between us.
Our processing of your data is based on one or several of the following legal bases:
Legal: Where it is necessary so that we can comply with a legal obligation to which we are subject – For example where we are obliged to share your personal information with HMRC to process a Gift Aid declaration;
Consent: For example, to send you email invitations to Frazzled Cafe meetings in your area. Your consent is given to us when you choose to share your information with us in accordance with this Notice;
Legitimate Interest: in some cases, we may process your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our charity and that does not materially impact your rights, freedom or interests. These include the following:
- Charity Governance, including delivery of our charitable purposes, statutory and financial reporting and other regulatory compliance purposes;
- Administration and operational management, including responding to solicited enquires, providing information, research, donor due diligence, employment and recruitment requirements and events management;
- Fundraising and Campaigning, including administering campaigns and donations, analysis, targeting and segmentation to develop communication strategies and maintaining communication suppressions;
- Where it is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering a contract, for example if you are partnering with or otherwise involved in supporting Frazzled Cafe under a contract.
Your data will be held and processed in a limited number of carefully controlled systems that we use to fulfil our charitable objectives, including the trusted third-party platforms we use for email communications, relationships management and secure data storage and backup.
How we use your data
We will only use your data in a manner that is appropriate considering the basis on which that data was collected, as set out in the section ‘Personal data that we process’. This may include:
- Sending you invitations to and details of our meetings and/or bespoke events;
- Processing payments from you such as donations (including Gift Aid) or other transactions that you initiate;
- Providing you with services or information which you request;
- Communicating with you to share information relating to our work which we think may be of interest to you;
- Administering our websites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To improve your interactions with our websites, for example by ensuring that content is presented in the most relevant and effective manner for you and for your computer;
- As part of our efforts to keep our websites and our internal operations safe and secure;
- To measure or understand the effectiveness of our communications with you;
- To undertake donor due diligence (see ‘Donor due diligence’ for more details);
- Administering your employment or volunteer application;
- Dealing with enquiries and/or complaints made by or about you;
- To audit and/or administer our accounts;
- To satisfy legal obligations which are binding on us, for example arising from contracts entered into between you and us or in relation to regulatory, government and/or law enforcement bodies with whom we may work;
- Prevention of fraud, misuse of services or money laundering;
- Enforcement of legal claims
When and how we may share your data
We will only pass your data to third parties in the following circumstances:
- Where we are required by law to do so, for example to law enforcement or regulatory bodies where this is required or allowed under the relevant legislation;
- In order to carry out our charitable aims, your data may be processed on our behalf by one or more trusted service providers which we use to operate elements of our service (such as an event booking system). Where such data is provided to third parties it will always be on a limited and controlled basis and they will not have permission to contact you for any other purposes;
- Where we have your explicit consent to do so;
- Where it is necessary to protect your vital interests, or ensure support for individuals with a particular medical condition, or to safeguard children or individuals at risk;
- With our Patron: Ruby Wax, OBE is the Founder and Patron of Frazzled Cafe. We sometimes share limited personal information with her for the purposes set out in this Notice, and she will sometimes share personal information with us where it is lawful and appropriate to do so. For example, we may share limited information about our supporters who are attending an event at which Ruby may be present, or Ruby may share the details of individuals with Frazzled Cafe who have expressed an interest in being involved in our work.
Information you provide to us will not be shared with any other entity or organisation without your explicit consent.
How long we keep your data for
We will only hold your information on our systems for the period necessary to fulfil the purposes outlined in this Notice or until you request that it is deleted.
Rights you have over your data
You have a range of rights over your data, which include but are not limited to the following:
- Where data processing is based on consent, you may revoke this consent at any time and we will make it as easy as possible for you to do this (for example by putting ‘unsubscribe’ links at the bottom of all our marketing emails);
- You have the right to ask for rectification and/or deletion of your information;
- You have the right to request copies of your personal information within our custody and control, and details of how we use that information;
- You have the right to lodge a complaint with the Information Commissioner if you feel your rights have been infringed.
A full summary of your legal rights over your data can be found on the Information Commissioner’s website here: https://ico.org.uk/
Please note that we may, where permitted under applicable law, charge a small administrative fee and/or request proof of identity. We will respond to your requests within all applicable timeframes (in accordance with the Information Commissioner’s Office guidelines).
Relying on some of these rights, such as the right to deleting your data, may make it impossible for us to continue to deliver some services to you.
If you would like to exercise any of the rights listed above, or any other legal rights you have over your data under current legislation, you can do so by contacting us via the “Contact Us” section of our website.
How we keep your data secure
We take your privacy very seriously and we are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable procedures to safeguard and secure the information we collect. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. The transmission of information via the internet (including e-mail) is never completely secure however, and although we do our best to protect it, we cannot guarantee the security of personal information transmitted via the internet.
Cookies & usage tracking
Donor due diligence
Like many charities, we need to undertake checks on individuals who give or propose to give large donations to us, so that we are complying with our duties to protect charity funds, assets, and reputation, and to comply with the “know your donor” principles further to Charity Commission guidance, to prevent fraud. We may use third party suppliers to assist us with these checks, and we may obtain information from publicly available sources in order to do so. Donor due diligence may also include information which is considered “sensitive personal data”. This may include personal information regarding racial or ethnic origins, political opinions, religious beliefs, health and also information concerning criminal offences.
Do we collect/share sensitive personal information?
Data privacy law identifies certain categories of personal information as sensitive and therefore requiring more protection, for example information about your health or ethnicity. In limited cases, we may collect and/or use your sensitive personal information (also known as special category data). Normally we will only do so where we have your explicit consent, but there may be other circumstances permitted under data privacy law. For example, we may record that a person is in a vulnerable circumstance in order to comply with requirements under charity law and fundraising regulation to ensure that we do not send fundraising communications to them.
Links to other websites and resources
Our website contains links to other websites and resources of interest. Once you have used these links to leave our site, you should note that we do not have any control over these other websites. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Notice. We encourage you to read the privacy policies of any external websites you visit via links on ours so that you can understand how they collect, use and share your personal information.
Changes to this Notice
We keep this Notice under regular review and may update it from time to time, so we recommend that you check it regularly. Where necessary we may also notify you of changes to this Notice by email. This Notice was last updated on the 1st November, 2018.
Contact us (including complaints)
If you have any questions or concerns (including complaints) about this Notice or about the way in which your personal information is being used, please let us know by contacting us via the “Contact us” section on our website (www.frazzledcafe.org/contact).
We take your privacy very seriously and aim to respond quickly and flexibly to any queries or complaints that are raised. You also have the right to raise concerns with the Information Commissioner’s Office the UK regulatory authority for data privacy https://ico.org.uk/concerns.
We would be grateful for the opportunity to resolve any concerns before you approach the ICO and request that you contact us in the first instance.