Your data privacy is of extreme importance to us and at HHUGS, (Charity Registration No. (1117924) whose registered address is Office 36, 89-90 Hatton Gardens London EC1N 8PN, are committed to ensuring that your privacy is protected.
This policy is effective from 10th May 2018.
Who We Are
HHUGS (registered charity in England and Wales 1117924) and a charitable company limited by guarantee in England.
We are a “data controller” for the purposes of the Data Protection Act 1998 and (from 25 May 2018) the EU General Data Protection Regulation 2016/679 (“Data Protection Law”). This means that we are responsible for, and control the processing of, your personal information.
For further information about our privacy practices, please contact us by:
- Writing to HHUGS at Office 36, 89-90 Hatton Gardens London EC1N 8PN.
- Calling us on 0207 733 2104
- Emailing firstname.lastname@example.org
HHUGS Privacy Overview
We are a charity with relationships with hundreds of fundraisers, volunteers, beneficiaries and supporters, so we use personal information on a day to day basis in order to operate. Our use of personal information allows us to make better decisions, fundraise more efficiently and, ultimately, helps us to reach our goals of ensuring some of the most overlooked families in our community get the support they deserve. Your data privacy is incredibly important to us. We respect you and your data, we will not sell your data or email address to third parties without consent.
We will do everything we can to keep your details and data private. The web is not 100% secure, but we will however do everything we can to keep your data private and have our own IT and cyber security support, Which enables us with regular security updates/ patches, passwords, firewalls, backups and robust security systems and procedures to try our best to keep your data away from any malicious activity.
How we collect information about you
Everything we do, we do to ensure that we can help individuals impacted by national security measures receive both support and respect. We want to make sure you receive the communications that are most relevant to you, be it through visiting our website or receiving emails, post or phone calls. We want to make sure you receive the best attention when you book on an event, or make a donation.
We collect information from you in the following ways:
When you interact with us directly: This could be if you ask us about our activities, register with us for an event, make a donation to us, ask a question about our services, purchase something from our online store, apply for a job or volunteering opportunity, apply as a beneficiary, give us feedback, make a complaint, or otherwise provide us with your personal information. This includes when you phone us, visit our website, or get in touch through the post, or in person.
We collect anonymous statistical information about our users’ systems and browsing habits using systems from our server logs, cookies and from search/analytics providers such as Google Analytics to continually improve HHUGS.
We use this information to personalise the way our website is presented when you visit to make improvements and to ensure we provide the best service and experience for you. Wherever possible we use anonymous information which does not identify individual visitors to our website.
In addition, in accordance with common website practice, we will receive information about the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might give us permission to access information from those services, for example when you publicly tag us in an event photo. To change your settings on these platforms, please refer to their privacy notices.
From other information that is available to the public: In order to tailor our communications with you to your background and interests we collect information about you from publicly available sources or through third party subscription services or service providers such as charity websites and annual reviews, corporate websites, public social media accounts, the electoral register and Companies House.
We may use information held about you to provide you with news about service updates, things we think you might be interested in, or any changes to our charity.
If you have signed up for job alerts /newsletters/Charity or fundraising updates or subscriptions and want us to stop contacting you. No problem, you have options:
The quickest way to stop receiving a messages or subscription is click on the unsubscribe link at the bottom of the email (this way we hold your details on a ‘suppression list’ to make sure you do not receive any more of these emails or newsletters).
For the purpose of the Data Protection Act 1998 or any replacement legislation including the EU General Data Protection Regulation (the “GDPR”) (together, the “Data Protection Legislation”), the data controller for HHUGS is Office 36, 89-90 Hatton Gardens London EC1N 8PN.
HHUGS is committed to ensuring that your details are kept private and confidential and will do our utmost to guarantee this. In accordance with the Data Protection Act and the General Data Protection Regulation, we endeavour to provide our users with a safe, secure and confidential experience. All of the information that you provide will only be used for the purposes set forth herein.
You, HHUGS.org.uk User
Occasionally, further and more specific information about you might be needed, in instances where you might sign up for a contest, a service or to purchase a product. These details might include your name, e-mail address, credit card details, telephone number, etc. We may use that information to make you aware of new products or services that may be of interest to you or to contact you regarding site changes. We may also ask you for other details about your interests, the fundraising you are interested in and more specific questions regarding the site in order to provide you with the best possible HHUGS.org.uk experience.
General Information Disclosure
Our policy is to keep details such as your name, address, e-mail address, telephone number, etc private and confidential and do not disclose these details to outside parties, except when we are certain that the law requires it and without your consent. As indicated earlier, we may share aggregate information with our partner/s. In the case of you inputting your details into a co-branded registration page for an event or contest or into a partner home page, your information becomes the property of both HHUGS.org.uk and the individual partner. HHUGS.org.uk is not responsible for the information that is received by the partner company. If you do not want us to use your information for direct marketing purposes, let us know and we will remove your name from our direct marketing database.
Information we may collect from you
We may collect and process the following data about you:
- Information you give us
Information that you provide by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise. This includes information provided at the time of visit of the website, subscribing to our service, posting material, participating in discussion boards or other social media functions on our site/platforms, completing any surveys, requesting further services and when you report a problem with our site.
- Information we collect about you
Each time you visit our site, we may automatically collect details of your visits including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access.
- Internet Provider addresses and cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our sponsors, affiliates or associates. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us to:
- Estimate our audience size and usage pattern.
- Store information about your preferences, and so allow us to customise our site according to your individual interests.
- Speed up your searches.
You can opt out of all our cookies (except the strictly necessary ones). Find out how to control and delete cookies in your browser.
But, if you choose to refuse all cookies, our website may not function for you as we would like it to.
When you visit HHUGS website, we may also log your IP address, a unique identifier for your connection at a point in time.
HHUGS may also track the clicks made on emails sent to you to track the success of marketing campaigns.
Security and Passwords
In order to register for an event/fundraising or other material with this site, you may need to use a user personal details and possibly add a password. You are solely responsible for the security and proper use of your details such as personal information or password, which should be kept confidential at all times and not disclosed to any other person. You must notify us immediately if you believe that someone else knows your details or if it may be used in an unauthorised way. We accept no liability for any unauthorised or improper use or disclosure of any password.
We highly recommend that you do not share your details, or user name with anyone. HHUGS staff may ask for personal details if needed but will not ask for credit card details or passwords, so please be aware of this and do not give these details to anyone if requested. We also recommend that you regularly change your password and do not use the same password on multiple sites or on multiple online services to ensure best practice in web security and privacy of your personal details.
Social Media, registration and subscription
You can register with any fundraising initiatives or other services at HHUGS.org.uk via your social media accounts such as Facebook, LinkedIn etc. This is purely to make life easier for you and to potentially speed up your process. We are not interested in using your social accounts to look at your private life; we feel your private life should remain private!
Location based services
If you use the HHUGS.org.uk mobile site we may ask you if you want to use our location service. Based on your mobile phone GPS signal it allows us to identify your location. We will use this information to provide you with job offers close to you and to improve our Products and Services. In no case will we merge such information with any personally identifiable information. We will at no times be able to connect you personally in connection with the respective location.
As set out in the “Sending marketing communications” section above, we will never sell or rent your information to third parties for marketing purposes. You will not receive marketing from any other companies, charities or other organisations as a result of giving your details to us. However we may disclose your information to third parties in connection with the other purposes set out in this policy.
- Third party suppliers: We may need to share your information with data hosting providers or service providers who help us to deliver our services, projects, or fundraising activities and appeals. These providers will only act under our instruction and are subject to pre-contract scrutiny and contractual obligations containing strict data protection clauses.
- Where legally required: We will comply with requests where disclosure is required by law, for example, we may disclose your personal information to the government for tax investigation purposes, or to law enforcement agencies for the prevention and detection of crime. We may also share your information with the emergency services if we reasonably think there is a risk of serious harm or abuse to you or someone else.
Your communications with our teams (including by telephone or email) may be monitored and/or recorded for training, quality control and compliance purposes to ensure that we continuously improve our customer service standards.
How we host and handle your data
The personal information that we collect from you will, where possible, be stored and processed within the European Economic Area (EEA). HHUGS website servers and CRM database servers are all hosted within the EEA region. We will only keep your personal information for as long as we reasonably require and, in any event, only for as long as Data Protection Legislation allows.
Although we will take extensive steps to protect your personal information, we cannot guarantee the security of your data transmitted via email and/or our website; any transmission is at your own risk. We take steps to protect your personal information from unauthorised access and against unlawful processing, accidental loss, destruction and damage. Unfortunately, the transmission of information via the internet is not completely secure.
In the event your personal information is transferred, stored or processed outside of the EEA, we will take all steps reasonably necessary to ensure that your personal information is treated securely.You should be aware that, in general, legal protection for personal information in countries outside the EEA may not be equivalent to the level of protection provided in the EEA.
However we take steps to put in place suitable safeguards to protect your personal information when processed by the supplier such as entering into the European Commission approved standard contractual clauses. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.
Managing your data
In all of our marketing and subscriptions you can unsubscribe. If you unsubscribe HHUGS will then hold your details on a ‘suppression list’ to ensure we do not send any more emails to that registered email address for the selected subscription.
If you are subscribed to more than one email subscription list, you can be unsubscribed from one, or all email lists. If you unsubscribe from one service, you will still be registered and receive email from the other services you are subscribed to.
HHUGS gives you the right to object from receiving further correspondence from HHUGS. On any subscription emails from HHUGS there will be the option to ‘unsubscribe’ from receiving any further email correspondence.
Your hard copy data will be kept for up to 24 months in a secured location within the HHUGS office. All personal documents will be destroyed following the 24 months unless agreed others
We ensure that there are appropriate technical and organisational controls (including physical, electronic and managerial measures) in place to protect your personal details. Our online forms are always encrypted and our network is protected and routinely monitored.
We limit access to information on a need-to-know basis and take appropriate measures to ensure that our people are aware that such information is only used in accordance with this Privacy Notice.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
If you use your credit or debit card to donate to us, buy something or make a booking online, we pass your card details securely to our payment processing partners. We do this in accordance with industry standards and do not store the details on our website.
However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of data (including personal information) disclosed or transmitted over public networks.
We may use information from external sources such as the post office national change of address database and/or the public electoral roll to identify when we think you have changed address so that we can update our records and stay in touch. We only use sources where we are confident that you’ve been informed of how your information may be shared and used.
We do this so we can continue to contact you where you have chosen to receive marketing messages from us and contact you if we need to make you aware of changes to our terms or assist you with problems with donations.
This activity also prevents us from having duplicate records and out of date preferences, so that we don’t contact you when you’ve asked us not to.
We’re committed to putting you in control of your data and you’re free at any time to opt out from this activity.
We really appreciate it if you let us know if your contact details change.
How long will we keep your information?
HHUGS has specific criteria to determine how long we will retain your information for, which are determined by legal and operational considerations For instance we are required to keep some personal information for tax or health and safety purposes, as well as keep a record of your interactions with us.
We will keep your personal information in respect of financial transactions for as long as the law requires us to for tax or accounting purposes (which may be up to six years after a particular transaction).
If you request that we stop processing your personal information for the purpose of marketing we may in some instances need to add your details to a suppression file to enable us to comply with your request not to be contacted.
In respect of other personal information, we will retain it for no longer than necessary for the purposes for which it was collected, taking into account guidance issued by the Information Commissioner’s Office.
Under UK data protection law, you have rights over personal information that we hold about you. We’ve summarised these below:
You may ask us to delete some or all of your personal information and in certain cases, and subject to certain exceptions, you have the right for this to be done.
It is important to understand the difference between a right to object / unsubscribe and a request for deletion. If you request deletion, we will remove any data we hold about you from our systems. This will also mean that we will remove you from our suppression files.
If you are removed from our suppression files, there is a risk that we may contact you again in the future if your details are re-added to our systems by a sales person who genuinely believes you may have a legitimate interest in the HHUGS services. If you do not wish to receive correspondence from HHUGS the future we recommend that you request a right to object / unsubscribe, as this will ensure that your details are always suppressed from receiving correspondence.
If you want us to delete your records, please email email@example.com (with the reference take me of mailing list) and we will handle your request within 28 days. We will keep your details on file for up to 5 years unless you request for this to be removed.
The difference between unsubscribe and deletion / removal. You can either unsubscribe or delete your details on request. If you unsubscribe, we will hold your details in a ‘suppression list’ to ensure you do not receive any future emails for a newsletter and so we can automatically manage your preferences on how we handle your data.
If we delete your details, this will be completed within 28 days, and we will completely delete/remove your records. So if you sign up for any services such as job alerts or newsletters in the future, we will no longer hold any of your preferences and these will have to be set up again. Deletion of records will be completed as quickly as possible. We say that this will take 28 days, to ensure your details are also removed from any database or server backups.
Request for Data Held
Data protection legislation gives you the right to request access to personal information about you which is processed by HHUGS and to have any inaccuracies corrected.
You have a right to request access to the personal data that we hold about you. You also have the right to request a copy of the information we hold about you, and we will provide you with this unless legal exceptions apply.
You may request that we send you all of the data we hold that relates to you. Please make your request in writing, with a description of the information you wish to see, by emailing firstname.lastname@example.org or by post to HHUGS. We will process and respond to your request within 28 days.
Right to have your inaccurate personal information corrected
You have the right to have inaccurate or incomplete information we hold about you corrected. If you believe the information we hold about you is inaccurate or incomplete, please provide us with details and we will investigate and, where applicable, correct any inaccuracies.
Right to restrict use of your personal information
You have a right to ask us to restrict the processing of some or all of your personal information in the following situations: if some information we hold on you isn’t right; we’re not lawfully allowed to use it; you need us to retain your information in order for you to establish, exercise or defend a legal claim; or you believe your privacy rights outweigh our legitimate interests to use your information for a particular purpose and you have objected to us doing so.
Right for your personal information to be portable
If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.
Right to object to the use of your personal information
If we are processing your personal information based on our legitimate interests, you have a right to object to our use of your information.
If we are processing your personal information for direct marketing purposes, and you wish to object, we will stop processing your information for these purposes as soon as reasonably possible.
If you want to exercise any of the above rights, please contact us on HHUGS or by email to email@example.com. We may be required to ask for further information and/or evidence of identity. We will endeavour to respond fully to all requests within one month of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay.
Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office (ICO).
If you are unhappy with any aspect of how we are using your personal information we’d like to hear about it. We appreciate the opportunity this feedback gives us to learn and improve. You can find out more and read our Complaints Policy on our web pages.
You also have the right to lodge a complaint about any use of your information with the Information Commissioners Office, the UK data protection regulator.
Information Commissioner’s Office