Cord is committed to complying with all relevant requirements and restrictions within the General Data Protection Regulation (GDPR), which governs most forms of direct marketing to individuals. As an organisation we hold very little personal data, and what we do hold is limited to supporters contact details and their donation records. We uphold the individual’s rights to privacy and data protection, and we will take any action necessary to ensure that we handle the data of supporters, partners, customers, volunteers and staff in a compliant manner.
When we process donations made by supporters using a credit card, a Standing Order or a Direct Debit, we are obliged to share some supporter details with the companies responsible for processing these payments. Otherwise we do not share data with any external or third party organisations.
Processing Personal Data
Personal data is processed according to the Information Commissioner’s Office’s six data protection principles:
- Processed lawfully, fairly and transparently.
- Collected only for specific legitimate purposes.
- Adequate, relevant and limited to what is necessary.
- Accurate and kept up to date.
- Stored only as long as is necessary.
- Appropriate security, integrity and confidentiality is ensured.
Our data processing is ethical, proportionate, and transparent, and we have no plans to conduct extra profiling, wealth screening, or data appending.
We implement minimal segmentation of data for specific marketing activities. Adequate consent or privacy notices have been included in both our printed and digital materials.
We have put in place certain measures where we hold or process personal data on your behalf:
- We will report any data protection breaches to the Information Commissioner within three working days
- Cord has password protected and backed up all data and applications to our own in-house server
- You are free to unsubscribe from our mailings at any time. You may request a copy of the data we hold about you, and provision of such information may be subject to the payment of a fee (currently fixed at £10.00)
- We will keep a record of supporters’ donations that are subject to Gift Aid for at least six years, in compliance with HMRC rules. For supporters’ donations that are not subject to Gift Aid, given what we understand to be their legitimate interest in continuing to receive updates on our work and information about our fundraising and communications efforts
- If an individual contact opts out from receiving emails or post from us, or they are no longer considered to have a legitimate interest in Cord communications, then we will consider this supporter to be inactive, until the point at which they make a donation or request to opt in to receiving either emails or post from us again.
We are committed to safeguarding the privacy of our website visitors; here we set out how we treat your personal information
(1) What information do we collect?
We may collect, store and use the following kinds of personal data:
(a) information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type, referral source, length of visit and number of page views);
(b) information relating to any transactions carried out between you and us on or in relation to this website, including information relating to any products that you purchase or charitable donations you make (including the purchase of products, alternative gifts, event tickets or donations towards our work);
(c) information that you provide to us for the purpose of registering with us (including information required to claim Gift Aid on your behalf);
(d) information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters (including both print and electronic communications);
(e) any other information that you choose to send to us.
A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We may use both “session” cookies and “persistent” cookies on the website. We will use the session cookies to: keep track of you whilst you navigate the website; and to keep track of the contents of you shopping/donation basket. We will use the persistent cookies to: enable our website to recognise you when you visit.
Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information.
Our payment services providers may also send you cookies.
Most browsers allow you to refuse to accept cookies. (For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.) This will, however, have a negative impact upon the usability of many websites, including this one.
(3) Using your personal data
We may use your personal information to:
(a) administer the website;
(b) improve your browsing experience by personalising the website;
(c) enable your use of the services available on the website;
(d) send you products that you have purchased via the website, supply to you services purchased via the website and process donations you make via our website.
(e) send statements and invoices to you, and collect payments from you;
(f) send you general (non-marketing) communications;
(g) send you email notifications which you have specifically requested;
(h) send to you our email and/or postal newsletter and other marketing communications relating to our organisation by post or, where you have specifically agreed to this, by email (you can inform us at any time if you no longer require marketing communications);
(i) provide third parties with statistical information about our users – but this information will not be used to identify any individual user;
(j) deal with enquiries and complaints made by or about you relating to the website; and where you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the license you grant to us.
We will not without your express consent provide your personal information to any third parties for the purpose of direct marketing.
All our website financial transactions are handled through our payment services provider, Paypal and Stripe Inc. You should only provide your personal information to Paypal and Stripe Inc. after reviewing their privacy policies (available at www.paypal.com and https://stripe.com/gb/privacy respectively). We will share information with PayPal and Stripe Inc. only to the extent necessary for the purposes of processing payments you make via our website.
In addition, we may disclose information about you:
(a) to the extent that we are required to do so by law;
(b) in connection with any legal proceedings or prospective legal proceedings; and
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
(5) International data transfers
If you are in the European Economic Area (EEA), information which you provide may be transferred to countries (including the United States) which do not have data protection laws equivalent to those in force in the EEA.
In addition, personal information that you submit for publication on the website will be published on the internet and may be available, via the internet, around the world.
You expressly agree to such transfers of personal information.
(6) Security of your personal data
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
We will store all the personal information you provide on our secure servers. All electronic transactions you make to or receive from us (and our service provision partners) will be encrypted using SSL technology.
We do not store Credit or Debit card numbers on our servers. This information is held by our Payment Processor, PayPal.
Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
(7) Policy amendments
(8) Your rights
You may instruct us not to process your personal data for marketing purposes by email at any time.
(9) Third party websites
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.
(10) Updating information
Please let us know if the personal information which we hold about you needs to be corrected or updated.
(12) Data controller
The data controller responsible for our website is “Cord Global”.
Our data protection registration number is Z7163794