NMITE Privacy Notice - Donors and Supporters
NMITE (“We”) are committed to protecting and respecting your privacy, and we will look after any personal information that is made available to us in accordance with data protection law. We ask that you read this Privacy Notice carefully as it sets out the basis on which any personal data and sensitive personal data that we collect from you, or that you provide to us (“Your Data”), will be processed and used by us.
This Privacy Notice applies to information we collect about NMITE’s donors and supporters. This includes:
- Individuals and organisations who make a monetary gift to NMITE;
- Individuals and organisations who provide non-monetary support to NMITE (for example, a service or partnership);
- Individuals who attend an event organised by NMITE
Under the General Data Protection Regulation 2018, a “data controller” is a person, company, or other body that determines the purpose and means of processing personal data.
For the purpose of GDPR, the data controller is New Model Institute for Technology and Engineering, Gardner Hall, Venns Lane, Hereford, HR1 1DT. Company limited by guarantee number 08800142. Registered Charity No 1176550.
Please direct any enquiries via email to NMITE’s Data Protection Officer, Tam Milner, via firstname.lastname@example.org
1) The information we collect
The overarching purpose of collecting and processing your data is to provide you with the best possible experience of being a donor or supporter of NMITE. It also enables us to ensure that any approaches we make to ask for your support of our fundraising goals are respectful, professional, and relevant to you. NMITE colleagues work closely together to ensure we engage with you in a coordinated manner.
a) Donors and potential donors
When you make a donation to NMITE we collect and process a range of information about you. The data we process is that which you provide, for example, via your gift form or gift agreement, an online donation platform, or bank transfer.
Examples of categories of personal data which we may hold are:
i. Contact details – for example, your name, postal/ email address and telephone number (this is so we can get in touch with you regarding your gift);
ii. Financial details that you have provided to us - for example, card details (this is so we can process your gift).
From time to time we may also use publicly available sources to collect additional information in relation to individuals who have donated to NMITE in the past, or who have been identified as prospective donors to NMITE.
These public sources may include: LinkedIn, Twitter, Companies House and other business-related resources including company websites, The Queen’s Honours lists, Royal Mail National Change of Address service, reliable news and press reports, FTSE100 directorships, company directorships, property holdings, Forbes, rich lists.
Examples of these additional categories of personal data are:
i. Biographical details – for example, your date of birth, gender, nationality, marital status, spouse’s name;
ii. Education details – for example, institutions attended, the courses you completed and dates of study;
iii. Professional details – for example, employer, occupation and work address;
iv. Philanthropic details – for example, your history of donations, of both time (for example, volunteering) and money, your areas of philanthropic interest and your publicly known philanthropy.
b) Event attendees
If you accept an invitation to, and/or attend, an event hosted by or on behalf of NMITE, we will process and store the following information:
i. Any preferences provided by you for a specific purpose such as access requirements or other adjustments and dietary preferences for event management purposes;
ii. Photographs taken at events unless you request not to be photographed;
iii. A record of your attendance and correspondence for the purposes of event administration;
iv. If you have given consent, we will let you know about future events you may be interested in.
c) Visitors to our website
d) Individuals on behalf of organisations
If we are in communications with you regarding an organisational partnership with NMITE, we will collect the following details for administration purposes:
i. Your work email address and phone number (so we have contact details within your organisation)
ii. Communications history (so we have a record of conversations, emails, meetings and telephone calls relating to the partnership).
2) How we process your data
All the personal data that we hold about you is information that you have provided to NMITE or information which is in the public domain. We only process data for specified purposes and if it is justified in accordance with data protection law.
In general terms, we process your personal data to improve your experience and engagement with NMITE as a supporter. More specifically, we process personal data for the following purposes:
a) Gift Administration:
i. Thanking you for any gifts that help NMITE’s charitable causes;
ii. Internal record-keeping and administration, for example, to process your donation;
iii. Undertaking any necessary research for our due diligence to meet money laundering regulations in alignment to our Gift Oversight Policy;
iv. To validate any Gift Aid claims in order to claim Gift Aid from HMRC.
b) Event Management:
i. To ensure that events are well organised and administrated, taking in to account any necessary adjustments, for example dietary and accessibility requirements, to ensure our event is inclusive, in line with the provisions of the Equality Act 2010.
ii. To ensure that you are informed about the event you are attending, for example through email communications and phone calls;
iii. To publish photographs and videos relating to our activities and events. We will inform you about such processing at the time when the data is obtained or as soon as reasonably possible thereafter;
iv. To inform you of other events you may be interested in, providing you have given your consent.
c) Generating further philanthropic support for NMITE charitable projects:
i. If you sign up to our mailing list, we will send you publications (for example impact reports, magazines, updates and invitations to events; email newsletters about NMITE and its fundraising projects) in a way which is tailored and relevant to you;
ii. Asking you if you would like to continue to support NMITE (for example, by making a donation, contributing to surveys, volunteering);
iii. Reviewing publicly held information to give an indication of the financial giving capacity of individuals. This is known as wealth screening.
Please note that we never use the data produced by wealth screening exercises as the sole basis for sending out communications. These exercises are a starting point for further research which we carry out about a person to identify if they may be interested in supporting NMITE. We consider any previous engagement with NMITE, their philanthropic interests and previous donations. This enables us to identify and contact only those individuals whose interests we believe align with our charitable fundraising mission.
d) Research (including market research) and analysis purposes:
i. To validate your address and to prepare reports using maps by ‘geocoding’ your address against publicly available web mapping services;
ii. To compile anonymised statistics for ranking/league tables in which NMITE participates;
iii. To compile anonymised reports to assess NMITE’s progress against fundraising targets;
iv. To track overall giving trends and strategically analyse information in order to inform our strategy and communications.
3) Legal grounds for processing
We consider the processing of your personal data for these purposes to be necessary:
i. For the pursuit of NMITE’s legitimate interests in fundraising, in support of our charitable mission and maintaining a strong relationship with our supporters;
ii. To enable NMITE to comply with its legal obligations, for example for compliance with money laundering rules and Gift Aid requirements;
iii. For the performance of tasks carried out in the public interest or in the exercise of our official authority.
4) Storing your personal data
NMITE will store personal data collected during the course of our relationship with our stakeholders, staff, students, and alumni. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice. Data that you have provided will be stored:
i. On our secure SharePoint environment. This runs on Microsoft Azure Cloud, which is UK hosted (UK West and UK South). The official Microsoft privacy statement can be found here;
ii. On our secure Database, Donorfy, which is hosted in Microsoft Azure’s European Azure data centres in Republic of Ireland and the Netherlands. You can view Donory’s security information here, and their Data Processing Agreement here;
iii. Any hard-copies of personal information, such as the information provided on paper donation forms and Gift Aid forms, will be kept in a secure location within our premises in the UK;
iv. On trusted third party servers as outlined in Section 7.
We aim to keep your data up to date and welcome any updates to your details or corrections to any inaccuracies you may wish to provide.
We will remove your data from our databases upon request unless we have a legal requirement to continue storing it.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
5) How long your data is kept
The length of the data retention period varies according to the nature of the information that is being held. The following schedule has been compiled in line with NMITE’s Record Retention Schedule:
i. Records documenting the management of NMITE’s relationship with our donors, and records documenting donations to NMITE, will be retained for the duration of the relationship + 6 years.
ii. Records documenting the design, conduct and summary results of fundraising campaigns will be retained until the date of the last action on the campaign + 5 years.
iii. Records documenting the planning, administration and impact/results of public events, including information provided about special access requirements or dietary needs, will be retained until the date of the completion of the event + 3 years.
iv. Any research data relating to identifiable individuals, such as wealth screening, will be retained until completion of the analysis of the data.
6) Disclosure of your information
Only authorised personnel within NMITE will be able to access the information you provide to us. We may also disclose your data to other third parties who act for us for the purposes set out below or for purposes approved by you, but always with appropriate non-disclosure and data protection agreements in place. We will never sell your data. Third parties include:
a) Email Platform
b) Contracted Agencies
We employ other companies and individuals to perform functions on our behalf. Examples include:
i. Financial software for processing credit card payments. For example, we use a trusted third-party provider, GoCardless, to process Direct Debit instructions. In this case, GoCardless acts as the Data Controller and NMITE as the Data Processor. Financial information supplied to GoCardless for the purposes of setting up a Direct Debit to NMITE will be processed by GoCardless and will not be shared with NMITE. You can read GoCardless’ Privacy Notice here.
ii. Printing houses for publication printing and mailing;
iii. Digital agencies for hosting the website.
iv. Research agencies. We may sometimes using trusted third parties, such as Factary, to review publicly held information to give an indication of the financial giving capacity of individuals.
The contracted agencies have access to personal information needed to perform their functions, but may not use it for other purposes, and must delete it as soon as the function is complete.
c) Fraud Prevention
Personal information provided by you may occasionally be shared with other organisations for the prevention of fraud. Third parties may include solicitors, agents appointed by us (for example, debt recovery and tracing agents) and the Courts.
d) Approved Volunteers
Upon the signing of a non-disclosure agreement, approved volunteers may be given access to your Data. This access will be for a specific purpose, and for a time-limited period only, and will be monitored at all times by authorised NMITE staff). Sensitive personal data will not, under any circumstances, be shared with volunteers.
We will not otherwise share, sell or distribute any of the information you provide to us without your consent, unless required or permitted to do so by law.
7) Your rights
As a data subject, you have a number of lawful rights. You can:
i. Access and obtain a copy of your data on request;
ii. Require the organisation to change incorrect or incomplete data;
iii. require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
iv. Object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact our Data Protection Officer via email at email@example.com
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner (www.ico.org.uk)
8) Updating this Privacy Notice
We keep our Privacy Notices under regular review. Any changes will be published so that it is clear what information we collect and how we use it at all times and, where appropriate, we may notify you by email.
This Privacy Notice was last updated in June 2020