PRIVACY NOTICE

 

ZANE: ZIMBABWE A NATIONAL EMERGENCY

 

Your privacy is important. As such it is worth taking a few minutes to read through this document. It tells you about who we are, what information we collect about you, how it's collected and how we use it, and what your rights are as a data subject. Those rights include the ability to complain about how we use your personal data, and this document also explains how to raise any concerns you have.

 

This document also contains sections dealing with who we might share some of your information with, and how we look after the information in this country, as well as if it is ever transferred to another country.

 

If you know what you are looking for, you can click on one of the links above, to take you directly to that section. If, after you have read this document, you still have questions about how we are using your personal data, remember that you can always contact us by post, or by e-mailing privacy@zaneinfo.com

 

Finally, you will notice that there are some words in this document that are marked like this. These are words that have a special meaning under data protection law. If you want to understand more about these words, we have a section at the end of this document which explains them in more detail, which you can reach by clicking on those words wherever they appear.

 

1.              About us

 

We are ZANE: Zimbabwe A National Emergency and are a registered charity in England and Wales (1112949). Registered Office: 2 Church Street, Bladon, Oxon OX20 1RS. We are a controller in respect of information you provide to us. We are registered with the Information Commissioner's Office with controller ID: Z3029621

 

We can be contacted by:

-     emailing privacy@zaneinfo.com;

-       telephoning 020 7060 6643; or

-     writing to us at our registered office (set out above).

 

 

 

2.              What information we collect or generate

 

If you choose to join or support us (whether as a supporter, volunteer or otherwise), we need to collect certain information about you. We will also generate relevant information about you and your activities which is recorded within our systems for as long as we need it.

 

The following tables give some examples of the personal data we might collect or generate in different circumstances:

when you:

we might collect:

and we might generate:

Subscribe to any of our communications

o   your name to be able to identify you;

o   contact information to send out the communications;

o   information about your preferences around subject matter or frequency of communications

o   information about what communications were sent to you and when;

o   information about your interactions with those communications (such as whether you opened or acted on them)

Make a donation

o   your name and contact information;

o   your tax status, if you intend to Gift Aid the donation;

o   financial information necessary to process the payment;

o   a record of the transaction;

o   other internal book-keeping and accounting records

Contact us

o   whatever information you provide during your communication;

o   a record of your communication activity (such as the date and time you sent us an e-mail)

o   a record of our communications with you in response;

o   if you have raised a matter that requires further consideration, internal records that relate to that matter

Applying to work for us as a volunteer

o   name and contact information;

o   information about your relevant experience;

o   other biographical information

o   internal records of our communications with you or about you;

o   records of any decision about whether to recruit you

Are being supported by our charity

o   name and contact information

o   biographical information

o   information about your needs

o   records of how we have supported you

o   other internal records about you

 

Except as indicated above, we do not normally expect to collect or store any special categories of personal data. If this does occur, then we will take extra care to ensure your rights are protected.

 

This document does not relate to the processing of employee personal data which is dealt with under a separate notice which we provide to our staff.

 

3.              How we collect information

 

We collect most of this information from you directly when you provide it to us. However, we may also collect information:

-     from publicly accessible sources;

-     via our website - we may use cookies on our website (for more information on cookies, please see our Cookies Policy)

-     via our information technology (IT) systems, such as

o   automated monitoring of our websites;

o   automated monitoring of our computer networks and connections;

o   logs and records generated by our office software including email and other communications systems

 

4.              How we use the information

 

Under data protection law, we can only use your personal data if we have a proper reason for doing so. This might be:

-     to comply with our legal and regulatory obligations (for example, we have to check contact details against the fundraising preference service to ensure that we do not communicate with those who are registered on that service, we also have to communicate Gift Aid information to HMRC);

-     for the performance of a contract with you or to take steps at your request before entering into a contract (if you are a supplier to the charity, or you have agreed to participate in a sponsored event);

-     for our legitimate interests or those of a third party. A legitimate interest is when we have an operational or commercial reason to use your information, so long as this is not overridden by your own rights and interests (it might extend to some fundraising activity and a lot of the internal processing of personal data that we undertake for audit and record-keeping purposes); or

-     where you have given consent (this tends to be in fairly limited circumstances, but might apply if we are sending you fundraising or other communications).

 

We will only use your information for the purpose that it was collected for, or for a closely related purpose. If we intend to use the information for a completely new process, we will inform you of that clearly, before we start that new processing activity and, if appropriate, seek your consent.

 

5.              Sharing your information

 

We may routinely share your personal data with:

-     our representatives and volunteers, where they need to process the information in the performance of their duties to us or to comply with our instructions;

-     professional advisers who we instruct to advise us in connection with our activities. These might be legal or medical professionals, accountants, tax advisors or other experts;

-     our insurers and brokers;

-     external auditors and regulators;

-     our bank;

-     external service suppliers, representatives and agents that we use to make our charity more efficient. These currently include:

o   Harlequin [CRM provider]

o   Constant Contact [Bulk email services]

o   TSOHost Limited [Internet hosting services]

o   Virgin Money Giving

 

We only allow any third party to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers relating to data protection, to ensure they can only use your personal data to provide services to us and to you.

 

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

 

6.              Looking after your information

 

Information may be held at our offices and those of our service providers and representatives as described above. We employ a variety of physical and technical measures to keep your personal data safe and to prevent unauthorised access to, or use or disclosure of it. Electronic data and databases are stored on secure computer systems and we control who has access to them (using both physical and electronic means).

 

We cannot absolutely guarantee the security of the Internet or external networks and any online communications (e.g. information provided by email or through our website) are at your own risk.

 

Online payments are handled by third party suppliers such as JustGiving and PayPal. Details of those organisations' privacy policies can be found on their websites. We will also process financial information if you choose to give by Direct Debit, card payment over the telephone, or donation by post. In all these cases we will keep any associated financial information secure, and only keep as much as we need for as long as we need it (after which it will be destroyed or deleted).

 

Some of the third parties we share data with may be based outside the European Economic Area. For more information, including on how we safeguard your personal data when this occurs, see below.

 

We will only keep your personal data for as long as is necessary. Sometimes, this will mean that we continue to keep personal data even after you have finished dealing with us. We will do so for one of these reasons:

-     to respond to any questions, complaints or claims made by you or on your behalf;

-     to show that we treated you fairly;

-     to keep records required by law

 

When it is no longer necessary to retain your personal data, we will delete or anonymise it.

 

7.              Transfers outside the EEA

 

To deliver services to you, or to perform some other function, it is sometimes necessary for us to share your personal data outside the European Economic Area (EEA), for example:

·            with our affiliated operations in Zimbabwe, the United States or Australia;

·            with your and our service providers located outside the EEA; or

·            if you or members of our staff are based outside the EEA

 

These transfers are subject to special rules under European and UK data protection law. The non-EEA countries identified above do not have the same data protection laws as the United Kingdom and EEA. We will, however, make sure that the transfer complies with data protection law and all personal data will be secure. Our standard practice is to use standard data protection contract clauses which have been approved by the European Commission. To obtain a copy of those clauses

please contact us.

 

8.              Your rights

 

You have the following rights, which you can exercise free of charge:

Access

The right to be provided with a copy of your personal data

Rectification

The right to require us to correct any mistakes in your personal data

To be forgotten

The right to require us to delete your personal data - in certain situations

Restriction of processing

The right to require us to restrict processing of your personal data - in certain circumstances, eg if you contest the accuracy of the data

Data portability

The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party - in certain situations

To object

The right to object:

- at any time to your personal data being processed for direct marketing (including profiling);

- in certain other situations to our continued processing of your personal data, eg processing carried out for the purpose of our legitimate interests.

Not to be subject to automated individual decision making

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

 

For further information on each of those rights, including the circumstances in which they apply, please contact us.

 

If you want to exercise any of these rights, you will need to let us have enough information to identify you (for example, your full name, address and the circumstances in which we came to be processing your personal data. You will also need to let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill). Finally, you will need to tell us what right you want to exercise and the information to which your request relates.

 

9.              How to complain

 

We hope that we can resolve any query or concern you may raise about our use of your information. Please do contact us in the first instance about any issue that you would like to raise.

 

You also have the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.

 

10.           Definitions

 

Here are some helpful explanations of the words used in this document which have a specific meaning under data protection law.

Controller

is the organisation, company or individual who is responsible for the processing of personal data, either by themselves or using a processor. They make decisions about how and why the personal data is used

Data subject

is the person who the personal data is about

Personal data

is any information about an identified or identifiable individual. This might be information which enables them to be identified, but it could also be information about their characteristics, activity, preferences or history

Processing

means anything that is done with personal data and could include collecting, recording, organising, storing, adapting or altering, retrieving, consulting, using, disclosing or making available, checking against other data, combining with other data, restricting, erasing or destroying it.

Processor

is the organisation, company or individual that processes personal data on the instructions of a controller

Special category personal data

means personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership; genetic and biometric information; or data concerning health, sex life or sexual orientation

Supervisory authority

is the independent public body in each EU member state responsible for overseeing compliance with data protection rules. In the UK this is the Information Commissioner's Office ("ICO")

 

This privacy notice was published on 17 January 2018 and last updated on 15 July 2019.

 

We may change this privacy notice from time to time, when we do, we will publish an updated version on our website and draw any significant changes to your attention where it is practical to do so.

 

If you would like this notice in another format (for example audio, large print, braille) please contact us.

Giving

Donate
Set up a fundraising page
Remember ZANE in your will

Actions

Attend a ZANE event
Join the ZANE Facebook group
Become a ZANE Ambassador

Resources

Annual Report
ZANE Newsletter
ZANE 2019 Raffle
Commonwealth Veterans

About Us

Contact us
Trustees
Legal


© 2019
ZANE - Zimbabwe a National Emergency
Registered Charity No: 1112949

company number 05604011
Registered address:
2 Church Street, Bladon, Oxon OX20 1RS

Legal

archive