PSU Privacy Policy

 

Last updated 22 May 2018

1. Our privacy policy

This privacy policy explains how the PSU may collect and use the information you give us. We try to make our policy straightforward and easy to understand, but if you have any question or there is something you do not understand about please contact us at it@thepsu.org.uk.

If you are under 18, please seek permission from a parent or guardian before giving personal information to anyone online.

If you do not agree to this policy, please do not give us your information.

2. How we obtain information

We obtain information through our interactions with you and try to be clear when we are doing so. We may also obtain your information through third parties and from public sources. Below, we have tried to list as clearly as possible how your information is obtained from each of these sources.

You have the right to request that your information not be used at any point. To do so, please contact us at friends@thepsu.org.uk. For more information on your rights, please view the ‘Your rights’ section below.

We may obtain information from you through your interactions with us such as when you are:

  • asking about our activities and services
  • visiting our website (view our cookies page for information on how we use them)
  • donating to us
  • signing up to receive newsletters, event updates, or notifications on appeals
  • participating in a fundraising event
  • posting content to our website or social media websites
  • volunteering with us
  • using our client support service
  • meeting with us and having provided information about yourself
  • contacting us through the website or via any other mode such as online, email, phone, SMS, social media or post
We may obtain information from third parties if you gave them permission to share it with us such as when:

  • donating through a third party (e.g. Bt MyDonate, Virgin Money, and JustGiving), the third party may provide us your bank details so that we can process your donation
  • you are completing a challenge event to raise money for the PSU and are using a third party to collect sponsorship (e.g. Bt MyDonate and Virgin Money), the third party may provide us your name and contact details (e.g. email, address, and/or phone number) so that we can provide you support and materials (e.g. a fundraising pack, PSU t-shirt, etc.) and thank you for your contribution
  • using third party lists to help us find trusts, Livery Companies, and corporate foundations we can apply to for funding. We pay for memberships (Trustfunding.org.uk, Funding Central, and WealthWatch) and purchase hardcopy publications (“City of London Directory & Livery Companies Guide 2015” and “The Guide to UK Company Giving 2015/16”)
We may obtain information from public sources to help identify trusts, Livery Companies, foundations, firms, companies, and individuals for possible funding opportunities. Specific individuals may be contacted if they are whom the publicly available information directs us to (e.g. the email address for a partner at a firm).

Public sources we may use include:

  • company websites
  • social networks (e.g. LinkedIn, Facebook, and Twitter)
  • pre-compiled public lists (e.g. The Legal500)

3. The information we collect

The information collected will vary depending on the situation (e.g. donation administration, receiving PSU support for a court case, event registration, etc.), but is intended to be the minimal amount needed for the activity (e.g. providing the service or information requested). We will not sell or rent your personally identifiable information that you provide us.

The personal information collected may include, but is not limited to:

  • name
  • email address
  • postal address (including postcode)
  • phone number
  • bank or credit card details
  • why you have decided to support us
  • other information relevant to supporter/client surveys and/or offers

Certain types of personal information (e.g. health, race, religious beliefs, etc.) are in a special category under data protection laws, because they are considered to be more sensitive. We only collect this type of information if there is a clear reason for us to do so, (e.g. to provide appropriate facilities or support). We will also collect this type of information if you make it public or volunteer it to us (e.g. you tell us while we are supporting you during a client session). Wherever it is practical for us to do so, we will let you know why we are collecting this information and for what purpose.

Clients receiving support from our service are asked to provide us information through our ‘About You’ and ‘Feedback’ forms. The information is anonymized and used to help us better understand how our client service is being used and how we can make it better.

We do not actively collect information from children (under 18s) nor are our events aimed at children, however our supporters are of all ages. Where appropriate, we will ask a parent or guardian for consent prior to collecting their child’s information. Children can only fundraise or partake in an event to benefit the PSU with a parent or guardian.

We do not actively collect and/or use information about your device (e.g. IP address, type of device, etc.) but depending on your device settings, it may be made available to us. Contact your device manufacturer or operating system provider for more information on what information is made available.

Please note, our Applicant Privacy Notice can be found in our Jobs webpage, and our Volunteer Privacy Notice can be found on our Court volunteer application webpage. Staff should speak to their HR team for a copy of our Privacy Notice for staff.

4. How we use this information

We will use your personal information to administer our website, applications, contact databases, client service and marketing material. Examples include:

  • providing information you requested
  • booking an appointment for client support at a PSU office
  • keeping a record of the support a client receives from our service so volunteers will be better informed when providing you support in the future
  • processing a singular or regular donation
  • claiming gift aid on a donation
  • maintaining a list of people who have previously donated or fundraised so we can contact them to see if they are interested in doing so again
  • registering you for an event
  • processing ticket purchases for events
  • maintaining a list of people interested in receiving our quarterly newsletter, Annual Report, information on events and/or information on appeals
  • understanding what activities you have had with us (e.g. donations, event participation, meetings, etc.) and how you prefer to be contacted (email, post, or phone) to ensure we only send you relevant and appropriate communications
  • maintaining a list of people who have explicitly told us that they don’t want to be contacted by us
  • analysing your website behavior in order to improve our website
  • identifying funding opportunities (e.g. trusts, foundations, Livery Companies, companies, firms, etc.)
  • create reports about our service
  • safeguard staff, volunteers, and clients
  • meet legal obligations

At any point, you can let us know how you would like to be contacted and what information you would like to receive, as well as update your communication preferences and opt out of communications, by completing our online Staying in touch form, or emailing friends@thepsu.org.uk.

Most of the time, we will obtain your permission for processing your information, but occasionally we may need to process your personal data without your consent. This will only be done when it is in our legitimate interest, it is legal for us to do so, and it will not infringe your legitimate interest, rights, and/or freedoms.

5. How we protect personal information

The safety and security of your personal information is important to us and we try to implement the safeguards needed to protect it, ensure it is accurate, and keep it up to date such as:

  • Ensuring PSU websites have up to date SSL certificates to secure information transferred from you to the webservers.
  • Ensuring payment gateways (BT MyDonate, Virgin Money Giving, JustGiving, CAF) meet the Payment Card Industry Data Security Standards.
  • Ensuring contracts with third party data processors (e.g. server managers, system support, etc.) have clear expectations and requirements regarding the data they have access to
  • Regular anti-virus scanning of hardware devices.
  • Recycling hardware through certified vendors to ensure secure deletion of any information on hardware being disposed of.
  • Providing GDPR training to staff to increase their knowledge and understanding of best practices for data protection.

Unfortunately no matter what safety measure are implemented, information sent via the internet can never be guaranteed to be fully secure. Even though we do our best to ensure your personal information is safe, we cannot guarantee that the information you provide online or via email is fully secure. Information you send via internet is therefore sent at your own risk.

6. Will we disclose the information we collect to outside parties?

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required to do so by law or for regulatory reasons.

General information may be shared with partners in order to aid our research, with personal identifying information removed (e.g. we may share the total number of attendees to an event or the number of clients completing a survey).

Some of our suppliers may run their operations outside the EU where they are not subject to the same data protection regulations. Where this is the case, we will take steps to confirm they provide an adequate level of protection in line with UK data protection law.

7. Retention of your information

We aim to hold your information for only as long as necessary for the relevant activity (e.g. donation information will be kept for six years in alignment with auditing requirements).

If you opt-out of communications, we normally keep the minimal amount of personal information needed to ensure your request is carried out (e.g. name, email, and address). If you ask us to completely remove all of your information, we will do our best to carry out your request, but may not be able to if we were unable to keep the information required to track your request.

If your personal details change, please help us to keep your information up to date by notifying us at friends@thepsu.org.uk.

8. Your rights

For any personal information of yours that we hold, you have the right to request:

  • That we verify, correct, restrict use of, and/or erase your information. To do so, email friends@thepsu.org.uk. Please note, any information you shared via social media channels may remain after we carry out your requests on your information in our systems.
  • What information you receive (e.g. annual report, thank you letters, invitations to events, etc.) and how you receive it (i.e. phone, email, and/or post). You can provide us your preferences by completing our online Stay in touch form. If you complete the form more than once, we will use the form with the most recent date. Alternatively, email us at friends@thepsu.org.uk.
  • A copy of the information we hold about you by emailing us at it@thepsu.org.uk or write to us at Personal Support Unit, Royal Courts of Justice, Strand, WC2A 2LL. Please include details of the information you want.

You also have the following rights under GDPR regulation, more information on these can be found on the ICO’s (Information Commissioner’s Office) guidance:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

We may require proof of identity prior to fulfilling your request, and we will respect your requests unless we are unable to do so for legal reasons (e.g. inability to delete donation information for auditing reasons). If we are legally unable to carry out your requests, we will notify you along with the reason(s) why. For more details regarding exceptions to your rights, please view the ICO’s guidance.

Complaints regarding our processing of your personal data can be made to the ICO, however we would appreciate the opportunity to address any issues you have with the way we process your data and can be contacted at it@thepsu.org.uk. If you are still unhappy after we have had the chance to discuss your complaint, you have the right to contact the ICO at any time.

9. Privacy policy changes

We are constantly reviewing how we process and protect data. Therefore, changes to our policy may occur at any time, and we reserve the right to amend our Privacy Policy. If we do so, we will post notice of the changes on our website. Please revisit this policy page each time you consider giving personal information.

This privacy policy should be read in conjunction with the PSU’s website terms and conditions.