We are committed to safeguarding the privacy of our members and website visitors; subscribers to our newsletters, attendees at our events, and others whose data we hold. We want you to feel confident about how any personal information you share will be looked after or used.
This privacy notice explains how and why WISH process personal data under the General Data Protection Regulations (GDPR) and the Data Protection Act 2018 (DPA). It describes what may be done with personal information. All personal data is held confidentially and protected using physical, electronic, and management procedures.
In this policy, we explain the type of personal information we collect, how and why we collect it, how we use it, and how we keep it secure.
The type of personal information we collect:
We currently collect and process the following information:
- Personal identifiers, contacts, and characteristics (e.g. name and contact details)
- Demographic information for equalities monitoring (e.g. gender, ethnicity, sexuality)
- Your opinion and feedback in relation to any surveys or questionnaires issued by WISH that you complete, such as feedback on our charitable activities and events. This data is anonymised unless otherwise agreed
- Website user statistics and cookies – When you use the WISH website, like most websites, we receive and store certain details. Cookies mean that a website will remember you and any preferences you have entered. It also helps us to understand how you use our website, and where we can make improvements.
- Members’ videos, blogs, or articles for publishing on our media such as our website, bulletin, and youtube channel which may contain personal information.
Why we collect personal information
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- To become a WISH member or supporter, including to receive our newsletter
- To register to attend one of our events (online or face-to-face)
- To use our website
- To feature an item e.g. blog in our newsletter and/or on our website
- To complete a survey
- To apply for a paid or unpaid role with us
- To communicate with us
- To make a payment or donation to us.
We may use the information that you have given us in order to:
- Send you member communications, mainly:
- Members’ event invite
- Members’ survey
- Occasional email regarding e.g. important pieces of policy work, important announcements about WISH
- Process and respond to requests, enquiries and complaints that we receive from you
- Send statements, invoices and payment reminders to you, and collect payments from you:
- Keep our database up to date
- To contact you if we need to obtain or provide additional information
- Meet any statutory or regulatory compliance.
- Contact relevant authorities in the rare event of a safeguarding issue (see Safeguarding policy)
Disclosing personal information
We will only disclose your personal information:
- If required to do so by law;
- In connection with any ongoing or prospective legal proceedings;
- In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
- If we feel that you are at risk from harm (see Safeguarding policy)
Lawful basis for processing
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. We will only process personal data after being given express permission by you, after having explained what we will use the personal information for. You are able to remove your consent at any time. You can do this by contacting us at firstname.lastname@example.org or by writing to us at our postal address.
(b) We have a contractual obligation. We sometimes enter into contractual working agreements with individuals which require us to process personal data supplied by them.
(c) We have a legal obligation. This refers to our holding of data on our trustees, and employees’ taxation and pensions.
(d) We have a vital interest. If we are in contact with a member whose life we believe may be at risk, we reserve the right to share their data with appropriate organisations to try to mitigate this risk.
Your data protection rights
Under data protection law, you have legal rights over your personal information. For example, you can see it, amend it, ask us to change the way we handle it or have it removed from our records completely.
The rights under Data Protection law mean that you have a right to request:
- A copy of the information that is held about them (‘subject access request’ (SAR) in the GDPR)
- That anything inaccurate in their personal data is corrected (‘rectification’ in the GDPR)
- That the personal data be erased (‘right to erasure’ in the GDPR)
The DPA Data Protection Act 2018) stipulates statutory retention periods for some records that contain personal data. Other personal data will be held for as long as may be justifiable under the regulations after which all personal data will be securely deleted.
If you want to do any of these things, you can email email@example.com