In this policy, “processes” means collects, stores, shares and otherwise uses for lawful purposes. “We” and “our” means Ruby and White At Home and it covers all the instances where we might process personal information of customers, clients, supporters, event attendees, beneficiaries and other relevant parties.
This policy has been updated in April 2018 to reflect the new data protection legislation called the General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulation (PECR).
If you have any questions about this policy or how we use your personal information, please contact us using the contact details given below.
Organisations are permitted to process data if they have a legal basis for doing so Ruby and White At Home processes data on the basis that in furtherance of our business objectives:
Ruby and White At Home may change this policy from time to time and any such changes will be published on our website. notwithstanding any change to this policy, we will continue to process your personal data in accordance with your rights and our obligations in law.
The personal information we collect about you will depend on your relationship with our business. It includes (but isn’t limited to):
We may keep such data on a ‘suppression list’ so we know not to contact you or process your data in future until further notice.
You also have the right to raise any issues of concern about us regarding data protection and our processing of your information to the data protection regulator, The Information Commissioner’s Office (ICO). Here is a helpful link to their website. https://ico.org.uk/concerns/
We do not and never would profile your information. Profiling is an automated process which uses publicly available information to reach conclusions about supporters and then marketing to them accordingly.
We would also never sell your information to a third party.
We use your personal information for the following purposes:
We do not sell or share personal details to third parties for the purposes of marketing.
But, if we run a promotion or campaign, it may require the service of a third party and then we might need to share your details with them.
If we share your data with colleagues or programme partners, including outside of the European Union, we will only do so if we are confident that they adhere to the same high standards that we do when processing data and protecting its privacy and security.
When we share your information with other organisations or data processors we don’t allow them to use your information for their own purposes and they have to follow our strict instructions whilst complying with appropriate security measures. We regularly assess their security measures and we continue to monitor their compliance throughout the time we use their services.
We may also share your data with law enforcement agencies, regulators, courts, public authorities or emergency services when required to do so.
Cookies are small text files placed on your device which uniquely identify your device. Cookies cannot be used to run programs or deliver viruses to your device.
For more information about our use of these technologies please contact our assigned Data Protection Officer (DPO), Sara Walker on firstname.lastname@example.org
The period for which we keep your information depends on the purpose for which your information was collected and the use.
We will not keep your personal information for longer than necessary for those purposes or for any other legal requirements. If you would like more details in relation to your personal data, please contact us.
We review all data retention periods every two years. Data collected for accounts purposes are kept for seven years plus an additional period of six months. You can request data we have on file to be forgotten.
We want to make sure that any personal information we hold about you is up to date. So if you think your personal information is inaccurate, you can ask us to correct or remove it at no charge to you.
This is called your right to rectification. Please contact us if you would like to change any information that we may hold on you.
Under the GDPR, you have a right to know what personal information we hold about you. To request any information, please fill in our Subject Access Request Form (available on request) and send it to our Data Controller whose details are listed above, and we will make sure that this is handled in a swift and appropriate manner.
If you do not want to receive information from us, or would only like to receive information about a certain aspect of what we do (e.g. events or emergencies) please get in touch with us and we will change your preferences.
We maintain the highest standards of data privacy and security to protect your personal details and other information about you because we want you to feel completely confident about the communications you receive from us. We regularly review our processes and procedures to protect your information from unauthorised access and use, accidental loss and/or destruction.
Please contact our assigned Data Protection Officer (DPO), Sara Walker on email@example.com
This website has been built and hosted by Omniweb Ltd. Omniweb has its own private cloud which is located in a UK Data centre. Omniweb is a Registered Data Keeper with the UK's ICO (Information Commissioner's Office). This is the highest UK Government authority on Data Protection. Omniweb is also certified under the UK Government Cyber Essentials Plus programme for Cyber Security.