NMITE Privacy Notice - Donors and Supporters
NMITE (“We”) are committed to protecting and respecting your privacy, and we will look after any personal information that is made available to us in accordance with data protection law. We ask that you read this Privacy Notice carefully as it sets out the basis on which any personal data and sensitive personal data that we collect from you, or that you provide to us (“Your Data”), will be processed and used by us.
This Privacy Notice applies to information we collect about NMITE’s donors and supporters. This includes:
- Individuals and organisations who make a monetary gift to NMITE;
- Individuals and organisations who provide non-monetary support to NMITE (for example, a service or partnership);
- Individuals who attend an event organised by NMITE.
Under the General Data Protection Regulation 2018, a “data controller” is a person, company, or other body that determines the purpose and means of processing personal data.
For the purpose of GDPR, the data controller is New Model Institute for Technology & Engineering, Gardner Hall, Venns Lane, Hereford, HR1 1DT. Company limited by guarantee number 08800142. Registered Charity No 1176550.
Please direct any enquiries to firstname.lastname@example.org
1) The information we collect
The overarching purpose of collecting and processing your data is to provide you with the best possible experience of being a donor or supporter of NMITE. It also enables us to ensure that any approaches we make to ask for your support of our fundraising goals are respectful, professional, and relevant to you. NMITE colleagues work closely together to ensure we engage with you in a coordinated manner.
When you make a donation to NMITE we collect and process a range of information about you. The data we process is that which you provide, for example, from your gift form or gift agreement, an online donation platform, or bank transfer. Examples of categories of personal data which we may hold are:
- Contact details – for example, your name, postal/ email address and telephone number. This is so we can get in touch with you regarding your gift;
- Financial details - for example, card details. This is so we can process your gift.
If you have not already disclosed it, we may collect and hold additional personal information derived from publicly available sources (either directly or through internet search functions). These public sources may include: LinkedIn, Twitter, Companies House and other business-related resources including company websites, The Queen’s Honours lists, Royal Mail National Change of Address service, reliable news and press reports, and rich lists. Examples of categories of personal data which we may hold are:
- Biographical details – for example, your date of birth, gender, nationality, marital status, spouse name;
- Education details – for example, institutions attended, the courses you completed and dates of study;
- Professional details – for example, employer, occupation and work address;
- Philanthropic details – for example, your history of donations, of both time (for example, volunteering) and money, your areas of philanthropic interest and your publicly known philanthropy.
b) Event attendees
- Any preferences provided by you for a specific purpose such as access requirements or other adjustments and dietary preferences for event management purposes;
- Photographs taken at events;
- A record of your attendance and correspondence for the purposes of event administration;
- If you have given consent, we will let you know about future events you may be interested in.
c) Visitors to our site.
d) Individuals on behalf of organisations. If we are in communications with you regarding an organisational partnership with NMITE, we will collect the following details for administration purposes:
- Your work e-mail address and phone number. This is so we have contact details within your organisation.
- Communications history. This is so we have a record of conversations, e-mails, meetings and telephone calls relating to the partnership.
2) How we process your data
The majority of the personal data that we hold is the information that you have provided to NMITE or information which is in the public domain. We only process data for specified purposes and if it is justified in accordance with data protection law.
In general terms, we process your personal data to improve your experience and engagement with NMITE as a supporter. More specifically, we process personal data for the following purposes:
a) Gift Administration:
- Thanking you for any gifts that help NMITE’s charitable causes;
- Internal record-keeping and administration, for example, to process your donation;
- Undertaking any necessary research for our due diligence to meet money laundering regulations in alignment to our Gift Acceptance policy;
- To validate any Gift Aid claims in order to claim Gift Aid from HMRC.
b) Event Management
- To ensure that events are well organised and administrated, taking in to account any necessary adjustments, for example dietary and accessibility requirements, to ensure our event is inclusive, in line with the provisions of the Equality Act 2010
- To ensure that you are informed about the event you are attending, for example through e-mail communications and phone calls;
- To publish photographs and videos relating to our activities and events. We will inform you about such processing at the time when the data is obtained or as soon as reasonably possible thereafter
- To inform you of other events they may be interested in, providing you have given your consent
c) Generating further philanthropic support for NMITE charitable projects:
- If you sign up to our mailing list, we will send you publications (for example impact reports, magazines, updates and invitations to events; email newsletters about NMITE and its fundraising projects) in a way which is tailored and relevant to you;
- Asking you if you would like to continue to support NMITE (for example, by making a donation, contributing to surveys, volunteering).
d) Research (including market research) purposes, including wealth screening:
- Using trusted third parties to review publicly held information on our behalf to give an indication of the financial giving capacity of individuals. These third parties include: FTSE100 directorships, company directorships, property holdings, Forbes, rich lists, etc.
- To validate your address and to prepare reports using maps by ‘geocoding’ your address against publicly available web mapping services;
- To compile anonymised statistics for ranking/league tables in which NMITE participates.
We never use the data produced by these exercises as the sole basis for sending out communications. These exercises are a starting point for further research which we carry out about a person to identify if they may be interested in supporting NMITE. We consider any previous engagement with NMITE, their philanthropic interests and previous donations. This enables us to identify and contact only those individuals whose interests we believe align with our charitable fundraising mission.
We will never store your Data without your consent, and will remove your data from our databases upon request.
3) Legal grounds for processing
We consider the processing of your personal data for these purposes to be necessary:
- For the pursuit of NMITE’s legitimate interests in fundraising, in support of our charitable mission and maintaining a strong relationship with our supporters;
- To enable NMITE to comply with its legal obligations, for example for compliance with money laundering rules and Gift Aid requirements;
- For the performance of tasks carried out in the public interest or in the exercise of our official authority.
4) Storing your personal data
We will not store your Data without your consent, unless otherwise stated. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice. Data that you have provided will be stored:
- On our secure data cloud in our premises within the UK;
- On our secure Database in our premises within the UK. This contains personal data collected by NMITE during the course of our relationship with our stakeholders, staff, students, and alumni. We aim to keep your data up to date and welcome any updates to your details or corrections to any inaccuracies you may wish to provide;
- On trusted third party servers as outlined in Section 7.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
5) How long your data is kept
We will only retain your Data for as long as we need it to fulfil our purposes, including any relating to legal, accounting, or reporting requirements. Data will only be stored in a way that is compliant with data protection law.
Skeleton records of inactive supporters or former supporters who no longer wish to engage with NMITE will be retained to provide context and to ensure that such supporters are not approached in the future.
If you contact us with a question, comment or complaint then we will keep a record of this correspondence so that we have the information available in the event of a follow-up, dispute or investigation.
6) Disclosure of your information
Authorised personnel within NMITE will be able to access the information you provide to us. We may also disclose your Data to other third parties who act for us for the purposes set out below or for purposes approved by you, but always with appropriate non-disclosure and data protection agreements in place. We will never sell your data to third parties.Third parties include:
- E-mail Platform
- Contracted Agencies
We employ other companies and individuals to perform functions on our behalf. Examples include:
- Financial software for processing credit card payments;
- Printing houses for publication printing and mailing;
- Digital agencies for hosting the website.
The contracted agencies have access to personal information needed to perform their functions, but may not use it for other purposes, and must delete it as soon as the function is complete.
- Fraud Prevention
Personal information provided by you may occasionally be shared with other organisations for the prevention of fraud. Third parties may include solicitors, agents appointed by us (for example, debt recovery and tracing agents) and the Courts.
- Approved Volunteers
Upon the signing of a non-disclosure agreement, approved volunteers may be given access to your Data. This access will be for a specific purpose, and for a time-limited period only, and will be monitored at all times by authorised NMITE staff). Sensitive personal data will not, under any circumstances, be shared with volunteers.
Unless required or permitted to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.
7) Your rights
As a data subject, you have a number of lawful rights. You can:
- Access and obtain a copy of your data on request;
- Require the organisation to change incorrect or incomplete data;
- require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- Object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact email@example.com If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner (www.ico.org.uk)
8) Updating this Privacy Notice
We keep our Privacy Notices under regular review. Any changes will be published so that it is clear what information we collect and how we use it at all times and, where appropriate, we may notify you by email.
This Privacy Notice was last updated in January 2020