At Shine we take your privacy seriously and are committed to protecting your personal information. Please read this policy carefully to understand how we collect, use and store your personal information.
Who we are
Shine is a charity registered in England and Wales with charity number 1117954. Our aim is to transform lives by improving access to basic literacy education for children in Africa. Currently, Shine is established in Zambia through its subsidiary, Shine Zambia – a registered NGO in Zambia.
Shine employs no UK staff. Work is carried out by trustees and volunteers.
Using social media is a great way for us to update you on our work, and let you know the difference your support is making. To visit our Facebook page, please click the below link.
Our Data Protection Officer is Vineet Bhatnagar.
The Data Protection Officer
PO Box 6945
London W1A 6US
This policy includes:
- How we collect personal information
- What categories of personal information we collect
- How we will use your personal information
- Communicating with you
- Supporter analysis
- Children’s data
- How we keep your personal information safe and who has access to it
- Who we share your personal data with
- How we keep your information up-to-date
- How long we keep your information for
- Our legal basis for processing your information
- Your rights
How we collect personal information
We collect personal information in the following ways:
When you provide it directly
For example, when you:
- enquire about our activities or services
- visit our website
- make a donation
- post content to our social media (including Facebook)
- meet with us
- take part in one of our events, campaign or fundraise for us
- communicate with us (either online, by email, phone, SMS or post)
When you provide it indirectly
For example, when it is shared with us by third parties such as professional fundraisers, partners, or subcontractors acting on our behalf, or through fundraising sites such as JustGiving or Virgin Money. These organisations will have their own privacy policies, and/or statements so please do ensure you check when providing your personal information to them.
When you have given other organisations permission to share it
You may have provided your details to another organisation that works with Shine. The information we get from these third parties depends on your settings and the permissions and choices you have provided, so you should regularly check what you have agreed that these third party organisations may share with us or with others.
Via social media
Depending on your settings and the relevant policies and terms of service, when using social media and messaging services like Facebook and Twitter, you might give us permission to access information about you from those accounts or services.
When we collect information when you are using our website
When your information is available from public sources
We may collect personal information about you from the public domain, such as from open social networks, company website, political and property registers and news archives. We may use third party agencies to collect this information. Please see the section below on “What categories of personal information do we collect?” for more details.
To administer legacies
In the course of administering legacies gifted to Shine we may obtain the personal information of, for example, other beneficiaries to the will. We also work with third party probate specialists who provide us with this information, and sometimes obtain it from other charities who are named in the will.
What categories of personal information we collect
The types of personal information we collect depends on how we intend to use it.
We collect, store and use the following kinds of personal information:
- Identity data, including your name and date of birth (for example, if you make a donation or volunteer)
- Contact data, including your email address, postal address, and phone number
- Financial data, including bank or payment card details (for example, if you make a donation)
- Transaction data, including details of your giving
- Technical data such as your IP address, when you browse our website
- Marketing data such as your preferences for receiving communications from us
- Any other information you provide us as above (see “How we collect personal information”)
Sensitive personal information
Data protection law identifies certain categories of personal information as sensitive and therefore requiring more protection. For example, information about health or ethnicity. Where appropriate we may also collect/use this information, but normally only where we have your explicit consent or data protection law allows it, such as to protect the life of an individual participating in a fundraising event. We only aim to collect this type of information when we feel it is necessary in relation to your relationship with us.
How we will use your personal information
We may use your personal information for a number of different purposes, including for following:
- To provide you with the services or any information you have requested
- To update you about any changes to our work or services
- To communicate with you as set out in this policy (including administrative communications as well as communications about our work, fundraising and events)
- To administer payments such as donations
- To display your content on the website (if you have agreed to do so)
- To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- To maintain our organisational records and ensure we have your most up-to-date details, including marketing preferences
- To help us improve our services, campaigns or information-offering, and improve your interactions with our website (including via cookies)
- To enable you to participate in interactive features on our website
- To enable you to participate in voluntary surveys or research
- To analyse your website behaviour
- To tailor advertising that is presented to you on the internet according to your interests, preferences and other characteristics, and to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you
- To administer your volunteering or employment application
- To assist in your voluntary or fundraising work, or to run our events
- To deal with enquiries and/or complaints made by or about you
- To audit and/or administer our accounts
- To help us work with third parties to ensure that we send you targeted communications (see “What categories of personal information do we collect?” above)
- To contact you where you have been identified as a contact person for an organisation, such as a school
We always want you to get the most out of our website, so if you do experience any issues with our online forms we may follow up with you to find out how we can best support you with any problems experienced.
Communicating with you
We may communicate with you using the contact details you have provided for essential administrative purposes, such as to administer a donation or provide you with information regarding a fundraising or volunteering opportunity you have asked to take part in.
If you have given us your consent to do so, we will contact you for marketing purposes by email, SMS message or telephone calls. We may also send you communications by post, on the basis that it is in our legitimate interests to do so, unless you ask us not to.
You are in control of how we use your personal information for marketing and fundraising purposes, and can update your preferences at any time. If you would like to contact us about your marketing preferences, please email email@example.com or write to Shine, Unit 4322, PO Box 6945, London W1A 6US– we are happy to answer any queries you may have. If you do ask us to stop sending marketing communications, please note that we will continue to send you administrative communications as needed.
If you ask us to stop sending you marketing materials, we will keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us.
We may analyse your personal information to create a profile about you, your interests and preferences. In doing this, we may combine information that you have given us with other information about you when it is available (for example, from public records or social media). This may include any of the information listed above (for example, an estimate of your age). This provides background information about our supporters and helps us to tailor appropriate communications to them as well as helping us to improve the quality of our supporters’ experience with us. We may use third party suppliers to undertake these activities on our behalf and share your data with them only to the extent required (usually full name and post code). Please rest assured that our suppliers will not share this information with any other organisation and it will only be used for the purposes set out above. Additionally, we may use and disclose information in aggregate (so that no individuals are identified) for marketing and strategic development purposes.
You can opt out of your data being used in this way by contacting us at firstname.lastname@example.org.
While we do not actively collect information from children (under-18s), we appreciate that our supporters are of all ages. Where appropriate, we will always ask for consent from a parent or guardian to collect information about children. All Shine events will have clear rules on whether or not children can take part and the collection of data will be managed in accordance with each individual event, with appropriate safeguards in place.
How we keep your data safe and who has access to it
We place great importance on the security of your personal information and always take appropriate precautions to protect it.
We ensure that there are security measures in place to protect your personal data. For example, we use encryption technology on our website and carry out regular security reviews on our network.
We only allow authorised personnel to have access to your information i.e. Shine trustees, staff, volunteers or contractors and ensure that they are appropriately trained. We promptly remove access when it is no longer required or appropriate.
We do not receive payment details (such as credit or debit cards) through our website. Donations are externally processed and passed securely to our payment processing providers who meet the required Payment Card Industry (PCI) Security Standards. We do not store your card details when donations are made in this way.
Despite all of our precautions no data transmission over the internet can be guaranteed to be 100% secure.
Who we share your personal data with
Sometimes, we may use external organisations to process personal data on our behalf – for example payment providers, mailing houses, legacy administrators and external fundraising entities and platforms. Before working with these companies we check that they provide appropriate safeguards in respect of your personal data and treat it in accordance with the law.
Financial or technical considerations may potentially lead us to use the services of a supplier based outside the European Economic Area (EEA), which in turn might lead to your personal information being transferred, processed and stored outside of the EEA. Where necessary, we will take steps to provide suitable safeguards to protect your personal information, so that these transfers are compliant with data protection laws.
We might need to share your personal information with others if we are under a duty to do so or to comply with a legal obligation, or in order to protect the rights, property or safety of Shine, our employees, volunteers, supporters or others. This includes for example sharing details with the police or for regulatory reasons.
How we keep your information up-to-date
Where possible, we may try to keep your records up to date; for example, using the Post Office’s National Change of Address database. However, we really appreciate it if you let us know if your contact details change.
How long we keep your information for
For some information we hold, there are legal requirements which determine how long we must keep it. For example, HMRC require us to retain details of Gift Aid for at least six years after the year in which the last donation was made.
Generally, we hold your personal information on our systems for as long as is necessary for the relevant activity, for example, in general we will only keep your contact information for as long as our interactions with you continue and for six years thereafter.
After such a period, within our database, we may anonymise records so we can reference behavioural patterns in our data analytics, but the information is no longer personal to you.
In the case that Shine receives legacy income, we may keep some of your personal information for at least 13 years after we receive the full gift or longer in some circumstances, so that we can administer legacy gifts and communicate effectively with the families of people leaving us legacies. This also enables us to identify and analyse the source of legacy income we receive.
Our legal basis for processing your information
Data privacy law requires us to have one or more lawful grounds to process your personal information. The following grounds are relevant to our use of your information:
- In many cases we will seek consent to process your personal information, for example to send you marketing and fundraising emails, and text messages. Where we do rely on consent, you are entitled to withdraw it at any time.
- To protect your vital interests. For example to ensure you get urgent medical assistance if needed when competing in a fundraising event.
- Where we have a contractual relationship with you. Though the majority of our relationships are voluntary, if we enter into a contract with you, we will process information to administer that contract.
- Legal obligations. We will sometimes pass on personal information to comply with legal obligations such as providing tax and gift aid information to HMRC.
- “Legitimate Interests”. Where it is appropriate we rely on the processing being in our legitimate interests, provided we are confident that such processing is not likely to override your own legitimate interests or rights and freedoms. For example, sending you marketing and fundraising post, provided this is done in an unobtrusive manner.
Shine’s legitimate interests are ultimately in pursuit of our charitable objectives, including:
- Governance and operational management, such as statutory reporting or employee and volunteer administration and management
- Publicity and income generation, such as marketing and fundraising, events, and supporter analysis
- Administration, such as Gift Aid
- Financial management and control, such as processing donations
You retain ultimate control of how we use your personal information.
You can always request details and copies of the information we hold about you.
Data privacy law gives you a number of additional rights. These include:
- The right to rectification: To have personal information amended if it is inaccurate or incomplete. You can ask us to check the personal data that we hold about you if you are unsure.
- The right to erasure: In some cases, to have your personal information erased (or anonymised), including when consent is withdrawn, your information is being unlawfully processed or it is no longer necessary for us to process it.
- The right to data portability. Where we are processing your information on the basis of consent you can request it to be transferred from one service provider to another in a suitable format.
- The right to object. You can ask us to stop processing your personal information in certain circumstances, including an absolute right to ask us to stop processing for direct marketing.
- The right to restrict processing. If there is any disagreement about the accuracy or legitimate usage of your personal information, you can ask us to “hold” it but not use it further, whilst the issue is resolved.
- You also have rights in relation to “automated decision-making”. Shine does not carry out any automated decision-making or profiling. If this changes in the future, which is not likely, we will provide you with an updated notice setting out our decision making process.
If you want to enforce any of these rights in respect to your personal information, please contact: The Data Protection Officer, Shine, Unit 4322, PO Box 6945, London W1A 6US or email email@example.com.
Please be aware that the above descriptions are necessarily brief and non-legal. You may only exercise some of these rights in limited circumstances and for more information on these rights please read the relevant guidance issued by the ICO, the regulatory body in the UK for data privacy.
If you would like to make a complaint about how we process your personal data, please contact our Data Protection Officer at firstname.lastname@example.org.
You are entitled to make a complaint to the Information Commissioner’s Office at any time. However, we are grateful for the opportunity to address your concerns before you feel this step is necessary.
Please note that you can also register with the following services to stop receiving unsolicited marketing communications from a selected charity or charities:
- The Mail Preference Service (MPS), in relation to postal communications.
- The Telephone Preference Service (TPS), in relation to phone calls.
- The Fundraising Preference Service (FPS), in relation to email, telephone, addressed post and/or text messages. We will ensure any new FPS preferences take effect within 28 days.
This policy may change from time to time. If we make any significant changes to this policy, we will publicise these changes clearly on our website or contact you directly with more information.
Please revisit this policy each time you consider giving your personal information to Shine.