Document title:	Privacy Policy
Version number:	1.2
Date:	November 2024

 

Record of change:

 

INTRODUCTION

We understand that the privacy of all of our donor, beneficiaries and services users is important to them and that they care about how their personal data is used. In this Privacy Notice, we refer to them all of those individuals as "you" for convenience.

We respect and value your privacy and will only collect, hold, use, or share your personal data in ways that are described here, and in a way that is consistent with our obligations and your legal rights.

The company who provides the service to Charity Extra is Giving More Online Limited.

1.        Information about us

Giving More Online Limited is a registered company no: 12228700

Representative: David Bude

Email address: info@charityextra.com

Postal address: 36-38 Waterloo Road, London, NW2 7UH.

2.        What does this Notice cover?

This Privacy Notice explains the types of your personal data that we collect, how it is collected, how it is held, how we use it, and how it is processed. It also explains your rights under data protection legislation[1] relating to your personal data. Further information about your rights can also be obtained from the Information Commissioner's Office or your local Citizens Advice Bureau.

3.        What is "personal data"?

Personal data is any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. The personal data that we collect and use is set out in paragraph 5 below.

4.        What are my rights?

Under the data protection legislation, you have the following rights, which we will always work to uphold. You have the right to:

a)        be informed about how we process your personal data;

b)        access and be given a copy of the personal data we hold about you. (See paragraph 10 below about this);

c)        require us to correct any personal data that we hold about you if any of it is inaccurate or incomplete;

d)        be forgotten: in certain circumstances you have a right to have your personal data erased from our records;

e)        restrict (i.e. prevent) the processing of your personal data;

f) object to the way we process your personal data (e.g. for direct marketing);

g)        withdraw consent: if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time;

h)        data portability: the right in certain circumstances to have us transfer your personal data to another organisation; and

i) not be subject to a decision based solely on automated processing (including profiling) which produces legal effects on you. We do not use your personal data in this way.

j) You have the right to revoke our app's access to your Gmail account at any time through your Google Account settings (https://myaccount.google.com/permissions). Revoking access will not affect any emails already sent.

As to how to contact us for more information about our use of your personal data or exercising your rights as outlined above, see paragraph 11 below.

It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.

If you wish to make a complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office but please contact us first (see paragraph 11 below) so that we might try to resolve your concerns ourselves.

5.        What personal data do you collect and how?

We may collect and hold some or all of the personal data set out below, using the methods set out there. We do not collect any personal data relating to children or data relating to criminal convictions and/or offences.

Data collected	How we collect the data
Identity Information e.g., name, title, date of birth and gender.	Provided by you, or by direct interaction with you or via our website.
Contact information e.g., address, email address, telephone number.	Provided by you, or by direct interaction with you or via our website.
Payment information e.g., card details, bank account number, whether you are a taxpayer.	Provided by you, or by direct interaction with you or via our website.
Data, including contact information, profile information, from publicly available sources and from third parties.	Provided by you, or by direct interaction with you, via our website or via a third party.
Gmail Data Access	If you authorize us via Google OAuth, we may access specific Gmail data to send emails on your behalf. This access is granted only with your explicit consent and is used exclusively to provide the email-sending feature.

6.        How do you use my personal data?

Under UK data protection legislation, we must always have a lawful basis for using personal data.

With your permission and/or where permitted by law, we may use your personal data for marketing purposes, which may include contacting you by email or telephone or text message or post newsletters, fundraising appeals, campaigns, or other information or with information about our products or services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the UK data protection legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.

We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us using the details in paragraph 11 below.

If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.

In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the data protection legislation and your legal rights.

We access and use Gmail data only for the purpose of sending emails on your behalf as requested by you. This access is limited to the scope of permissions you grant during the OAuth process and complies with Google's User Data Policy. Your Gmail data is not stored, shared, or used for any purpose other than providing the requested service.

 

7.        How long will you keep my personal data?

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected.

8.        How and where do you store or transfer my personal data?

We will only store or transfer your personal data within the European Economic Area (the "EEA")[2]. This means that your personal data will be fully protected under the data protection legislation and/or to equivalent standards by law.]

The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:

�         limiting access to your personal data to those employees, volunteers, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality;

�         procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner's Office where we are legally required to do so.

 

As a global platform, we may store some users' personal data outside the UK or EU. If we do, we ensure your data is processed only in countries that provide an adequate level of protection for your data or where the recipient provides appropriate safeguards, such as model contract clauses, binding corporate rules, or mechanisms like the EU-U.S. Privacy Shield framework.

 

Gmail Data Security:

We do not permanently store your Gmail data. All data accessed during the email-sending process is handled securely and is not retained after the service is completed. We implement encryption and other security measures to protect your data during transit and use.

 

9.        Do you share my personal data?

We will not share any of your personal data with any third parties for any purposes, subject to the following exception[s].

In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

 

Recipient	Activity carried out	Sector	Location
Banks and payment providers - to authorise and complete payment transactions	Information to enable payments initiated by you.	Banks and payment providers	Global
In relation to creators of Crowdfunding Pages, third party identity checking or credit reference agencies - for the purposes of identity checking and bank account verification	Information to enable payments initiated by you.	Banks and payment providers	Global
Organisations within the payment card industry - to help prevent online fraud	Information to enable payments initiated by you.	Banks and payment providers	Global
IT, information security and cloud services providers - to help us provide the Services and keep your data safe	IT infrastructure	IT	Global
Communication providers - to assist us with the processing and delivery of email and other communications	IT infrastructure	IT	Global

If any of your personal data is shared with a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party's obligations under the law, as described above in paragraph 8.

Third-Party Sharing of Gmail Data

We do not share your Gmail data with third parties, except as necessary to provide the email-sending functionality (e.g., third-party servers securely processing email requests). These third parties are bound by confidentiality and data security obligations.

 

10.  Compliance with Google API Services User Data Policy

Our application complies with Google's API Services User Data Policy. We adhere to Google's "Limited Use" requirements, ensuring that Gmail data is used solely for the stated purpose of sending emails on your behalf and is not stored, shared, or accessed beyond what is necessary to fulfill this functionality.

11.      How can I access my personal data?

If you want to know what personal data we hold about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a subject access request ("SAR").

All SARS should be made in writing and sent to the email or postal address shown in paragraph 11.

There is not normally any charge for a SAR. If your request is 'manifestly unfounded or excessive' (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your SAR within a month and, or receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

12.      How do I contact you?

To contact us about anything to do with your personal data and data protection, including to make a SAR, please use the following details:-

Representative: David Bude

Email address: info@charityextra.com

Postal address: 36-38 Waterloo Road, London, NW2 7UH.

 

Inquiries Related to Gmail Access

For questions or concerns about our use of Gmail data, please contact us using the details provided in this policy.

 

13.      Changes to this Privacy Notice

We may change this Privacy Notice from time to time.

 

 

Subject Access Request Form

 

 

Important Information

 

Charity Extra collects, holds, and processes certain personal data about its donors and supporters ("data subjects"). As a data subject, you have a legal right, under data protection legislation to find out about our use of your personal data as follows:

 

• Confirmation that your personal data is being processed by us;
• Access to your personal data;
• How we use your personal data and why;
• Details of any sharing or transfers of your personal data;
• How long we hold your personal data;
• Details of your rights under the data protection legislation including, but not limited to, your rights to withdraw your consent to our use of your personal data at any time and/or to object to our processing of it.

 

No fee is payable under normal circumstances. We reserve the right to charge a reasonable fee for subject access requests ("SARs") that are manifestly unfounded, excessive, or repetitive. Such charges will be based only on the administrative cost that we will incur in order to respond.

 

Please complete the required information overleaf and return it to us by email or by post addressed to:

Representative: David Bude

Email address: info@charityextra.com

Postal address: 36-38 Waterloo Road, London, NW2 7UH.

You do not have to use this SAR form and may instead write to us using the same contact details.

 

After receiving your SAR, we may contact you to request additional supporting information and/or proof of your identity. This helps us to safeguard your privacy and personal data.

 

We will respond to all SARs within one month of receipt and will aim to provide all required information to you within the same period. If we require more information from you, or if your request is unusually complicated, we may require more time and will inform you accordingly.

 

If you are making a SAR on someone else's behalf, please contact David Bude at 36-38 Waterloo Road, London, NW2 7UH. before making your request.

 

 

Your Details

 

Title:
Forename(s):
Surname:
Address:
Telephone Number:
Email Address:

 

Information Being Requested

 

Please provide specific details (along with any relevant dates) of the information being requested and any additional information that may help us to locate your personal data and to confirm your identity.

 

By completing this form, you are making a subject access request under data protection legislation for personal data collected, processed, and held about you by us that you are entitled to receive.

 

 

Declaration

 

By signing below, you confirm that you are the data subject named in this Subject Access Request Form. You warrant that you are the individual named and will fully indemnify Charity Extra for all losses and expenses incurred if you are not. We cannot accept subject access requests in respect of your personal data from anyone else, including members of your family.

 

Name:
Signature:
Date: