Website privacy policy
1. What is your personal data and how does the law regulate our use of it?
“Personal data” is information relating to you as a living, identifiable individual. We refer to this as “your data”.
The UK-GDPR and Data Protection Act 2018, (DPA 2018) requires The Abingdon Bridge as data controller for your data to:
-
process your data in a lawful, fair and transparent way.
-
only collect your data for explicit and legitimate purposes.
-
only collect data that is relevant and limited to the purpose(s) we have told you about.
-
ensure that your data is accurate and up to date.
-
ensure that your data is only kept as long as necessary for the purpose(s) we have told you about.
-
ensure that appropriate security measures are used to protect your data.
2. Information about you
We may collect personal information from you when you:
-
make a donation.
-
enquire about the website, our services.
-
request or share information through the Website.
-
register for any of our mailing lists; and/or
-
contact us through the Website, or any other channel.
This personal information may include but is not limited to the following information about you:
-
your name (including your first name(s) and surname);
-
your email address.
-
your address.
-
your phone number.
-
your bank details.
-
your date of birth
-
other details about you that you or others provide to us.
3. How we use this information
(a) Your personal information will only be used by us to:
-
process your requests or payments.
-
respond to your questions or comments.
-
provide or administer services, e-newsletters, or helpful materials.
-
display your comment on the website.
-
provide you with information relating to The Abingdon Bridge, or that we feel may be of interest to you.
-
maintain our organisational records; or
-
ensure you are on the correct mailing list(s) and that we have parental consent where required by law.
(b) When you subscribe to our e-newsletter we ask you for consent to store your information and to contact you. We will only send you our newsletter for as long as you continue to consent.
(c) If you do not want to receive information from us, contact us by email at info@theabingdonbridge.org.uk. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes.
(d) The Abingdon Bridge will not share your personal details with third parties, except where companies are providing services on our behalf, such as processing donations or orders. For example, when you make an online donation via JustGiving, you are going through to a partner company and the information you give, such as your credit card number and contact information, is provided so that the transaction can take place.
4. Your rights under Data Protection Law
You have the following rights under Data Protection Law:
-
The right to access – You have the right to request us to give you copies of the personal information we have about you.
-
The right to rectification – If the information we hold for you is incomplete or wrong, you have the right to request a correction.
-
The right to erasure – Where we have no overruling legal basis or legitimate reason to carry on processing your personal information, you may ask that we delete your personal information.
-
The right to restrict processing – You have the right to ask that we restrict the processing of your personal information, under certain conditions.
-
The right to object to processing – You have the right to object to processing if we can process your information because the processing is part of our public tasks or is in our legitimate interests.
-
The right to data portability – This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at: info@theabingdonbridge.org.uk. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance. Further guidance on your rights is available from the ICO.
5. The lawful basis on which we process your data
The UK-GDPR and DPA 2018 require that we provide you with information about the lawful basis on which we process your personal data, and for what purpose(s).
The lawful basis for processing your personal data is contained within Article 6 of the UK-GDPR which states:
Processing shall be lawful only if and to the extent that at least one of the following applies:
-
The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
-
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
-
Processing is necessary for compliance with a legal obligation to which the controller is subject.
-
Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
-
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
-
Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
6. Sharing your data
We do not, and will not, sell your data to third parties. We will only share it with third parties if we are allowed or required to do so by law.
Examples of bodies to whom we are required by law to disclose certain data include, but are not limited to:
UK agencies with duties relating to the prevention and detection of crime, apprehension and prosecution of offenders, safeguarding, or national security.
Why?
We may share data with government departments, crime prevention and law enforcement agencies when required or considered appropriate in the circumstances and with the proper consideration of your rights and freedoms (in cases where the law places a duty on us to report).
Where personal information is shared with third parties, we will seek to share the minimum amount of information necessary to fulfil the purpose.
8. Data retention
We retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, accounting, regulatory, disciplinary, or reporting requirements.
9. Security
We adopt data collection, storage, processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored with respect to our Site.
Our Site uses SSL web security in conjunction with TLS 1.2 to keep connections secure and private. Data that we have collected is held on protected devices, including where it is held as part of a back-up version. We use two-factor authentication to prevent unauthorised access, alteration, disclosure, or destruction of the data. Our website is monitored 24/7 for any suspicious activity and we continually conduct software security reviews.
10. Cookies
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree.
We use two types of cookies: i) functional cookies, without which the functionality of our website would be reduced and ii) optional cookies used, for example, for website analysis.
We only use optional cookies if we have obtained your prior consent. When you first access our website, a banner will appear, asking you to give us your consent to the setting of optional cookies.
You may at any time switch off any functional cookies in your browser settings but you may then not be able to access all or parts of our website.
Our website uses Google Analytics, which allows Google to analyse your use of our website on our behalf. The information which Google collects will be transmitted to a server of Google in the US where it will be stored and analysed. The relevant results will be made available to us in anonymised form.
Last Update: 30 November 2023