The Charterhouse is committed to protecting and respecting your privacy. For the purposes of the General Data Protection Regulations (GDPR) and any subsequent UK legislation covering data protection the Data Controller is The Charterhouse.
This Policy sets out why we collect personal information about individuals and how we use that information. It explains the legal basis for this and the rights you have over the way your information is used.
This Policy covers the Charterhouse and its subsidiary company in relation to the collection and use of the information you give us. We may change this Policy from time to time. If we make any significant changes we will advertise this on the website or contact you directly with the information. Please check this page occasionally to make sure you are happy with any changes. If you have any questions about this Policy or concerning your personal information please contact the Bursar at email firstname.lastname@example.org or by post to The Charterhouse, Charterhouse Square, London, EC1M 6AN.
The type and amount of information we collect depends on why you are providing it.
The information we collect when you make an enquiry or booking includes your name, email address, postal address and phone number etc.
If you are a supporter, for example making a donation, volunteering, helping to fundraise, signing up for an event in addition to asking for your name and contact details (your full address, email address and your phone number) we may also ask you for other data.
To process donations or payments we collect and hold bank or credit card details which we and our contractors process securely.
If you are a Brother or job applicant the information you are asked to provide is as set out in the application and necessary for the purposes of our considering the application.
We may collect information from you whenever you contact us or have any involvement with us, for example when you:
We collect information:
(1) From you when you give it to us directly: You may provide your details when you ask us for information or make a booking or donation, apply to be a Brother, member of staff or volunteer, attend an event or contact us for any other reason.
(3) When you have given other organisations permission to share it: Your information may be provided to us by other organisations if you have given them your permission. This might for example be a charity working with us or might be when you buy a product or service from a third party organisation. The information we receive from other organisations depends on your settings or the option responses you have given them.
(5) When it is in available on social media: Depending on your settings or the privacy policies applying for social media and messaging services you use, like Facebook, Instagram or Twitter, you might give us permission to access information from those accounts or services.
We will use your personal information in a number of ways which reflect the legal basis applying to processing of your data. These may include:
The use of your information for the purposes set out above is lawful because one or more of the following applies:
We understand the importance of security of your personal information and take appropriate steps to safeguard it.
Our server is kept secure, all computers and relevant software are password protected. The number of staff users of personal data is as kept as small as possible.
We always ensure only authorised persons have access to your information, which means only our staff, volunteers and contractors, and that everyone who has access is appropriately trained to manage your information.
No data transmission over the internet can however be guaranteed to be 100% secure. So while we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk.
Owing to matters such as financial or technical considerations the information you provide to us may be transferred to countries outside the European Economic Area (EEA), which are not subject to the same data protection regulations as apply in the UK. We meet our obligations under GDPR by ensuring that the information has equivalent protection as if it were being held within the EEA. We do this by ensuring that any third parties processing your data outside the EEA either benefits from an adequacy determination for GDPR purposes and/or, where appropriate, we have entered into a Data Processing Agreement which contains model EU clauses.
We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest.
Other than this, we will not share your information with other organisations without your consent.
We really appreciate it if you let us know if your contact details change. You can do so by contacting us at email@example.com
Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
The law states that we can store cookies on your machine if they are essential to the operation of the site, but that for all others we need your permission to do so. The list below explains the cookies we use and why:
Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and volumes of usage. This is to ensure that the service is available when you want it and is fast.
For further details on the cookies set by Google Analytics, please refer to the Google Code website. Cookies used: _ga, _gid, _gat.
If you do not wish to receive cookies from us or any other website, you should be able to turn cookies off on your web browser: please follow your browser provider’s instruction in order to do so. Unfortunately, we cannot accept liability for any malfunctioning of your PC or its installed web browser as a result of any attempt to turn off cookies.
We appreciate that our supporters are of all ages. Where appropriate we will ask for consent from a parent or guardian to collect information about children (under 16s).
We will hold your personal information for as long as it is necessary for the relevant activity. By way of example, we hold records of donations you make for at least six years so we can fulfil our statutory obligations for tax purposes. Please see our Records Retention Policy here.
Where we rely on your consent to contact you for direct marketing purposes, we will treat your consent as lasting only for as long as it is reasonable to do so. We may periodically ask you to renew your consent.
If you ask us to stop contacting you with marketing or fundraising materials, we will keep a record of your contact details and limited information needed to ensure we comply with your request.
You have the right to request details of the processing activities that we carry out with your personal information through making a Subject Access Request. Such requests have to be made in writing, and are subject to a charge of £10 – On or AFTER 25 May 2018 no charge may be made under GDPR except in very limited circumstances which will be explained to you if relevant. More details about how to make a request, and the procedure to be followed, can be found in our Data Protection Policy. To make a request contact us at firstname.lastname@example.org
You also have the following rights:
All of these rights are subject to certain safeguards and limits or exemptions, further details of which can be found in our Data Protection Policy. To exercise any of these rights, you should contact the email@example.com or write to us at The Charterhouse, Charterhouse Square, London, EC1M 6AN.
If you are not happy with the way in which we have processed or dealt with your information, you can complain to the Information Commissioner’s Office. Further details about how to complain can be found here.
This Policy may be changed from time to time. If we make any significant changes we will advertise this on our website or contact you directly with the information.
Do please check this Policy each time you consider giving your personal information to us.