COLLECTION OF PERSONAL DATA
The St John Ophthalmic Association is part of the St John of Jerusalem Eye Hospital Group (SJEHG). SJEHG only require you to provide personal information necessary for us to complete a specific task, for example, when you make a donation we require you to provide us with sufficient personal information so that we may process your donation and also so that we may contact you in the event of a problem.
We will only email you on average three times per year with updates on our news and events. You can stop this service at any time by following the ‘unsubscribe’ link in every email.
DISCLOSURES OF YOUR INFORMATION
The SOA Ltd is part of the St John of Jerusalem Eye Hospital Group will not share your personal information with any third party.
UNSUBSCRIBING FROM OUR COMMUNICATIONS
If you no longer wish to receive communications from The St John Ophthalmic Association please contact email@example.com. You are free to unsubscribe from all communications at any time.
WHAT IS A COOKIE?
Cookies are small text files on your device. They are made by your web-browser when you visit a website. Every time you go back to that website, your browser will send the cookie file back to the website’s server. Cookies are useful because they allow a website to recognise a user’s device.
You can find more information about cookies at: www.allaboutcookies.org and www.youronlinechoices.com.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving the user experience.
They can also help to ensure that adverts you see online are more relevant to you and your interests.
Information supplied in cookies also allows us to measure the effectiveness of online marketing campaigns for St John Eye Hospital. This enables us to ensure any money we spend on digital marketing gives us a good return on investment. How to control your cookie preferences
Cookies are used to enable us to improve services for you through, for example:
- remembering if you are logged in so you can move around the website without having to log in again on each page
- measuring how many people are using each page of the website and for how long so that we can try to improve the quality of our website
- enabling you to view content shared on other sites e.g. YouTube or Twitter
- However, if you wish to restrict or block the cookies which are set by our website, or indeed any other website, you can do this through your browser settings. The Help function within your browser should tell you how.
Alternatively, you may wish to visit www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies. For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.
Please be aware that restricting cookies may impact on the functionality of our website.
St John of Jerusalem Eye Hospital Group (SJEHG) is committed to protecting and respecting your privacy. For the purposes of the General Data Protection Regulations (GDPR) and any subsequent UK legislation covering data protection the Data Controller is SJEHG.
This Policy sets out why we collect personal information about individuals and how we use that information. It explains the legal basis for this and the rights you have over the way your information is used.
This Policy covers SJEHG in relation to the collection and use of the information you give us. We may change this Policy from time to time. If we make any significant changes we will advertise this on the website or contact you directly with the information. Please check this page occasionally to make sure you are happy with any changes.
If you have any questions about this Policy or concerning your personal information please contact the Director of Fundraising at firstname.lastname@example.org or by post to St John of Jerusalem Eye Hospital Group, 4 Charterhouse Mews, London EC1M 6BB.
WHAT TYPE OF PERSONAL INFORMATION WE COLLECT
The type and amount of information we collect depends on why you are providing it.
The information we collect when you make an enquiry includes your name, date of birth, email address, postal address, phone number and preferred themes and methods of communication.
If you are a supporter, for example making a donation, volunteering, registering to fundraise, signing up for an event in addition to asking for your name and contact details (your full address, email address and your phone number) we may also ask you for your preferred themes and methods of communication and reasons for supporting our work if you are willing to provide this information.
The information we collect when you make a donation or payment can include your name, email address, postal address, phone number and preferred themes and methods of communication. For credit and debit card transactions, we destroy the long card number and security code upon processing, in line with Payment Card Industry Data Security Standard (PCI DSS) compliance requirements. For auditing purposes, for cheque transactions we take a photocopy of the cheque. For direct debit transactions we keep a copy of the authorisation that includes bank account details.
If you are a job applicant the information you are asked to provide is as set out in the application and necessary for the purposes of our considering the application.
HOW WE COLLECT INFORMATION
We may collect information from you whenever you contact us or have any involvement with us for example when you:
- visit our website (see our Cookies Policy)
- donate to us or fundraise for us
- enquire about our activities or services
- sign up to receive news about our activities 2
- post content onto our website/social media sites
- volunteer for us
- attend a meeting with us and provide us with information
- take part in our events
- contact us in any way including online, email, phone, SMS, social media or post
WHERE WE COLLECT INFORMATION FROM
We collect information:
- From you when you give it to us directly: You may provide your details when you ask us for information or make a donation, volunteer, attend our events contact us for any other reason.
- When you have given other organisations permission to share it: Your information may be provided to us by other organisations if you have given them your permission. This might for example be a charity working with us or might be when you buy a product or service from a third party organisation. The information we receive from other organisations depends on your settings or the option responses you have given them.
- When it is in available on social media: Depending on your settings or the privacy policies applying for social media and messaging services you use, like Facebook, Instagram or Twitter, you might give us permission to access information from those accounts or services.
HOW WE USE YOUR INFORMATION
We will use your personal information in a number of ways which reflect the legal basis applying to processing of your data. These may include:
- providing you with the information or services you have asked for
- processing donations you make, including processing for Gift Aid purposes
- organising volunteering activity you have told us you want to be involved in and in relation to the fundraising for us you are involved in
- sending you communications with your consent that may be of interest including marketing information about our services and activities, events, campaigns and appeals asking for donations and other fundraising activities and promotions for which we seek support
- when necessary for carrying out your obligations under any contract between us
- seeking your views on the services or activities we carry on so that we can make improvements
- maintaining our organisational records and ensuring we know how you prefer to be contacted
- analysing the operation of our website and analysing your website behaviour to improve the website and its usefulness
- processing job applications
OUR LEGAL BASIS FOR PROCESSING YOUR INFORMATION
The use of your information for the purposes set out above is lawful because one or more of the following applies:
- Where you have provided information to us for the purposes of requesting information or requesting that we carry out a service for you, we will proceed on the basis that you have given consent to us using the information for that purpose, based on the way that you provided the information to us. You may withdraw consent at any time by emailing us at email@example.com. This will not affect 3 the lawfulness of processing of your information prior to your withdrawal of consent being received and actioned.
- It is necessary for us to hold and use your information so that we can carry out our obligations under a contract entered into with you or to take steps you ask us to prior to entering into a contract.
- It is necessary to comply with our legal obligations.
- Where the purpose of our processing is the provision of information or services to you, we may also rely on the fact that it is necessary for your legitimate interests that we provide the information or service requested, and given that you have made the request, would presume that there is no prejudice to you in our fulfilling your request.
If you want to contact us about your marketing preferences please contact firstname.lastname@example.org or call on 020 7253 2582
PROFILING AND SCREENING
We use some profiling and screening techniques, performed by our own staff, to ensure communications are relevant and timely, and to provide an improved experience for our supporters. Profiling also allows us to target our resources effectively, which donors consistently tell us is a key priority for them.
We do this because it allows us to understand the background of the people who support us and helps us to make appropriate requests to supporters who may be able and willing to give more than they already do. Importantly, it enables us to raise more funds, sooner, and more cost-effectively, than we otherwise would.
When building a profile we may analyse geographic, demographic and other information relating to you in order to better understand your interests and preferences in order to contact you with the most relevant communications. In doing this, we may use additional information from third party sources when it is available. Such information is compiled using publicly available data about you, for example addresses, listed Directorships or typical earnings in a given area.
If you have any questions or concerns about this, please contact us at email@example.com or on 020 7253 2582 or at 4 Charterhouse Mews, London EC1M 6BB.
HOW WE KEEP YOUR INFORMATION SAFE
We understand the importance of security of your personal information and take appropriate steps to safeguard it.
SJEHG has an internal Information Security Policy, which governs how sensitive personal data is used and stored in line with PCI DSS compliance requirements.
We always ensure only authorised persons have access to your information, which means only our staff, volunteers and contractors, and that everyone who has access is appropriately trained to manage your information.
No data transmission over the internet can however be guaranteed to be 100% secure. So while we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk.
WHO COULD HAVE ACCESS TO YOUR INFORMATION?
- Third parties if we run an event in conjunction with them. We will let you know how your data is used when you register for any event.
- Analytics and search engine providers that help us to improve our website and its use.
- Third parties in connection with restructuring or reorganisation of our operations, for example if we merge with another charity. In such event we will take steps to ensure your privacy rights will be protected by the third party.
Owing to matters such as financial or technical considerations the information you provide to us may be transferred to countries outside the European Economic Area (EEA), which are not subject to the same data protection regulations as apply in the UK. This will only be with SJEHG and its subsidiaries and with other affiliates of The Order of St John (The Most Venerable Order of the Hospital of St John of Jerusalem). We meet our obligations under GDPR by ensuring that the information has equivalent protection as if it were being held within the EEA. We do this by ensuring that any third parties processing your data outside the EEA either benefits from an adequacy determination for GDPR purposes and/or, where appropriate, we have entered into a Data Processing Agreement which contains model EU clauses.
We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest.
Other than this, we will not share your information with other organisations without your consent.
KEEPING YOUR INFORMATION UP TO DATE
We really appreciate it if you let us know if your contact details change. You can do so by contacting us at firstname.lastname@example.org or on 020 7253 2582.
HOW LONG WE KEEP YOUR INFORMATION FOR
We will hold your personal information for as long as it is necessary for the relevant activity. By way of example, we hold records of donations you make for at least six years so we can fulfil our statutory obligations for tax purposes. Please see our Records Retention Policy here.
Where we rely on your consent to contact you for direct marketing purposes, we will treat your consent as lasting only for as long as it is reasonable to do so. This will usually be for five years. We may periodically ask you to renew your consent.
If you ask us to stop contacting you with marketing or fundraising materials, we will keep a record of your contact details and limited information needed to ensure we comply with your request.
You have the right to request details of the processing activities that we carry out with your personal information through making a Subject Access Request. Such requests have to be made in writing. More details about how to make a request, and the procedure to be followed, can be found in our Data Protection Policy. To make a request contact us at email@example.com or on 020 7253 2582 or at 4 Charterhouse Mews, London EC1M 6BB.
You also have the following rights:
- the right to request rectification of information that is inaccurate or out of date;
- the right to erasure of your information (known as the “right to be forgotten”);
- the right to restrict the way in which we are dealing with and using your information; and
- the right to request that your information be provided to you in a format that is secure and suitable for re-use (known as the “right to portability”);
- rights in relation to automated decision making and profiling including profiling for marketing purposes.
All of these rights are subject to certain safeguards and limits or exemptions, further details of which can be found in our Data Protection Policy. To exercise any of these rights, you should contact the Director of Fundraising at firstname.lastname@example.org or on 020 7253 2582 or at 4 Charterhouse Mews, London EC1M 6BB.
If you are not happy with the way in which we have processed or dealt with your information, you can complain to the Information Commissioner’s Office. Further details about how to complain can be found here.
This Policy may be changed from time to time. If we make any significant changes we will advertise this on our website or contact you directly with the information. Do please check this Policy each time you consider giving your personal information to us.