Privacy
At SpecialEffect we take your privacy seriously and this privacy statement explains what personal data or information we collect from you via this our website and how we use it.
Who are we?
SpecialEffect is a registered charity (1121004) and our registered office address is: SpecialEffect, Units 9-12, Southill Business Park, Cornbury Park, Charlbury, Oxfordshire, OX7 3EW. SpecialEffect is a registered data controller (ICO registration number Z1643859).
What personal data or information do we collect?
We may collect personal data about service users, prospective service users, family members, guardians, carers, PAs, healthcare professionals, donors, supporters, event participants, corporate sponsors, partners, job applicants, our current and former employees, our current and former volunteers and suppliers. The personal information we collect may include your name, address, email address, IP address, and information regarding what pages you access on this website and when.
How do we collect data or information from you?
We collect personal information about you when you:
- Make a donation to us
- Fundraise on our behalf (e.g. through taking part in an event)
- Work with us as a service user
- Make an enquiry via our website or via the telephone
- Use our website
- Enquire about a job opportunity
- Volunteer for us
- Work for or with us
- Exchange business cards with a member of our staff
How is your information used?
We collect your personal data or information to operate the charity effectively and provide you with a high-quality service. We may use your information:
- To deliver tailored services to you at your request
- To answer enquiries that you make to us
- To process a job or volunteer application
- To fulfil our obligations as an employer
- To provide benefits to you as an employee
- To adhere to regulations set out by the Charities Commission
- To manage fundraising events you are taking part in
- To keep you informed about the work we’re doing, following a donation you have made
- To send you our newsletter, if you have consented to receive it
- To maintain security of our office and IT infrastructure
- To invoice you, and to track payments you make or payments made to you
- To track donations you have made to us
We believe that all these purposes are justified on the basis of our legitimate interests in running and promoting the charity, our contractual requirements to deliver agreed services to you (or your family member), and our legal obligations, both as a charity and responsible employer. The exception is for sending email marketing, which we carry out on the basis of consent. If you would like to know more, please read below:
Service Users
As one of our services users, we may hold the following information about you:
- Name, date of birth, and contact information
- Information relating to your health
- Demographic information such as postcode, interests and preferences
- Information and documents relating to the service we are providing, including communications with you
- Photographs or videos of you using the equipment
- Contact information for your family members/guardians/ carers/PAs/healthcare professionals
We store your information and communications (written and verbal) in our CRM (Harlequin) on our secure servers based in the UK. We may also hold paper copies of your information, stored securely at our Charlbury office. Communications with you will be stored in our email system, which we use Microsoft Office 365 to manage.
We will retain your information for the duration of our relationship with you, then for a maximum of 40 years afterwards, if required for audit purposes. If you have agreed for us to use your experience with SpecialEffect as a case study to help us promote the charity, we may continue to hold your data beyond the typical 40 year period.
We currently use third-party online tools: Dropbox Business for our back up and to store large files and videos, which may contain some of your information. Dropbox Business uses servers that are based in the US, therefore personal information is transferred outside of the EEA. For more information please view Dropbox’s Privacy Policy. Google Documents are sometimes used to store information, some of which may be about our service users. For more information, please view Google’s Privacy Policy.
Prospective Service Users
As we ask for information about you to find out if we can help you, we may hold the following information about you:
- Name, date of birth, and contact information
- Information relating to your health
- Demographic information such as postcode, interests and preferences
- Information and documents relating to the service we may be able to provide, including communications with you
We store your information in our CRM (Harlequin) on our secure servers based in the UK. We may also hold paper copies of your information, stored securely at our Charlbury office. Communications with you will be stored in our email system, which we use Microsoft Office 365 to manage.
We will retain your information to enable us to assess whether we can help you and for the duration of our relationship with you, then for a maximum of 2 years afterwards, if required for audit purposes.
We currently use third-party online tools: Dropbox Business for our back up and to store large files and videos, which may contain some of your information. Dropbox Business uses servers that are based in the US, therefore personal information is transferred outside of the EEA. For more information please view Dropbox’s Privacy Policy. Google Documents are sometimes used to store information, some of which may be about our service users. For more information, please view Google’s Privacy Policy.
Job Applicants
When you apply for a job with us, we may hold the following information about you:
- Name, date of birth, and contact information
- Information relating to your qualifications and experience
- Demographic information such as postcode
- References where we take them up
- Information and documents relating to the review, interview and selection process, including communications with you
We store your information on our secure servers based in the UK. We may also hold paper copies of your information stored securely in the Charlbury Office. We will also store communications with you relating to the interview process in our email system, which we use Microsoft Office 365 to manage.
We will retain your personal data relating to the review, interview and selection process for a minimum period of 6 months and a maximum period of 1 year after the interview date.
We currently use third-party online tools: Dropbox Business for our back up and to store large files and videos, which may contain some of your information. Dropbox Business uses servers that are based in the US, therefore personal information is transferred outside of the EEA. For more information please view Dropbox’s Privacy Policy.
Current and Former Employees
When you work for us, we may hold the following information about you:
- Name, date of birth, and contact information
- National insurance number and Unique Tax Reference (UTR) if applicable
- Information relating to your qualifications and experience
- Demographic information such as postcode
- Information and documents relating to your performance and supervision as an employee of the charity, including communications with you
- Your photograph, including Passport and Driving Licence
- Financial information, such as bank details, pension scheme and salary details
- Information about your next of kin
- Health information
- Criminal convictions
We store your information on our secure servers based in the UK and in hard copy in a secure filing cabinet in the Charlbury office. We will also store communications with you in our email system, based in the UK, which we use Microsoft Office 365 to manage.
We will retain your personal data for the duration of your employment and for a period of 7 years after you leave the charity. However, we will retain pension records for 10 years after benefit ceases. Beyond this point, we only retain minimal information about you to confirm the period of time you were employed by the charity for reference purposes. We share your information with HMRC, and our chosen pension / benefits providers. Information about Trustees/Directors and Senior Management of the charity will be held indefinitely for historical purposes.
We currently use third-party online tools: Dropbox Business for our back up and to store large files and videos, which may contain some of your information. Dropbox Business uses servers that are based in the US, therefore personal information is transferred outside of the EEA. For more information please view Dropbox’s Privacy Policy.
Current and Former Volunteers
When you volunteer for us, we may hold the following information about you:
- Name, date of birth, and contact information
- Information relating to your experience
- Demographic information such as postcode
- Information and documents relating to your role as a volunteer for SpecialEffect, including our communications with you
- Photographs of you when volunteering at an event for us
- Information about your next of kin
- Health information
We store your information in our CRM (Harlequin) on our secure servers based in the UK. We also store your information as files on our secure servers based in the UK and in hard copy in a secure filing cabinet in the Charlbury office. We will also store communications with you in our email system, which we use Microsoft Office 365 to manage.
We will retain your personal data for the duration of your time volunteering with us and for a period of 4 years after you leave the charity.
We currently use third-party online tools: Dropbox Business for our back up and to store large files and videos, which may contain some of your information. Dropbox Business uses servers that are based in the US, therefore personal information is transferred outside of the EEA. For more information please view Dropbox’s Privacy Policy.
Individual Donors, Supporters and Fundraising Event Participants
When you sign up to or join us at an event either run by SpecialEffect or by someone else but in aid of SpecialEffect, we may hold the following information about you:
- Name, date of birth and contact information
- Information relating to your business activities (if relevant)
- Demographic information such as postcode, preferences and interests
- Information relating to you which helps ensure you enjoy the event, such as your dietary or access requirements and including our communications with you
- Billing and payment information
- Donation information
- Health related information, where events involve physical activity
- Photographs of you supporting or participating in fundraising activities
We store your information in our CRM (Harlequin) on our own secure servers hosted in the UK. We may also hold paper copies of your information stored in the Charlbury Office. Communications with you will be stored in our email system, which we use Microsoft Office 365 to manage.
We will retain your personal data for the duration of your time supporting us and for a period of 4 years after the Charity’s last communication with you.
We currently use third-party online tools: Dropbox Business for our back up and to store large files and videos, which may contain some of your information. Dropbox Business uses servers that are based in the US, therefore personal information is transferred outside of the EEA. For more information please view Dropbox’s Privacy Policy. We also use Online fundraising and donation platforms such as JustGiving, PayPal etc. This will vary for each event, so please see individual Privacy Policies based on which platform you are using or which event you are taking part.
Corporate Sponsors
If your business is supporting SpecialEffect as a charity of the year or on an ongoing basis, we may hold the following information about you, if you are involved in their activities:
- Name and business contact information
- Information relating to your business activities (if relevant)
- Demographic information such as postcode, preferences and interests
- Information relating to you about your fundraising activities and including our communications with you
- Billing and payment information
- Donation information
- Photographs of you supporting or participating in fundraising activities
We store your information in our CRM (Harlequin) on our own secure servers hosted in the UK. We may also hold paper copies of your information stored securely in the Charlbury Office. Communications with you will be stored in our email system, which we use Microsoft Office 365 to manage.
We will retain your personal data for the duration of your time supporting us and for a period of 4 years after the Charity’s last communication with you.
We currently use third-party online tools: Dropbox Business for our back up and to store large files and videos, which may contain some of your information. Dropbox Business uses servers that are based in the US, therefore personal information is transferred outside of the EEA. For more information please view Dropbox’s Privacy Policy.
Suppliers
When you work with the charity as a supplier, we may hold the following information about you:
- Name and business contact information
- Information relating to your qualifications and experience
- Demographic information such as postcode
- Information relating to your business activities
- Information and documents relating to the services or products you offer, including our communications with you
- Financial information
We store your information in our accounting programme (QuickBooks) on our secure servers based in the UK. We may also hold paper copies of your information stored securely in the Charlbury Office. We will also store communications with you in our email system, which we use Microsoft Office 365 to manage.
We will retain your information for the duration of our relationship with you and for 7 years after the last financial transaction we made with you.
We currently use third-party online tools: Dropbox Business for our back up and to store large files and videos, which may contain some of your information. Dropbox Business uses servers that are based in the US, therefore personal information is transferred outside of the EEA. For more information please view Dropbox’s Privacy Policy.
Who has access to your information?
We do not sell or rent your personal data or information to any third party or share your information with third parties for their marketing purposes.
We will disclose your data or information if required by law, for example by a court order or for the prevention of fraud or other crime.
We may pass your information on to third party service providers, agents or subcontractors for the purposes of completing a task or providing services to you on our behalf. However, we disclose only the personal information necessary to deliver that service and have a contract in place that requires them to keep your information secure and not to use it for other purposes.
We do use third party providers for our IT Support, Accounting and Payroll Services, CRM system, Website and Backup system. We also sometimes use external consultants for projects. If you require more information on these, please contact us on dataprotection@specialeffect.org.uk.
Transfers outside of the European Economic Area
Your personal information in the European Economic Area (EEA) is protected by data protection laws, but other countries do not necessarily protect your personal information in the same way. The EEA covers all countries in the EU plus Norway, Liechtenstein and Iceland. SpecialEffect uses some online tools which host data outside of the EEA. Prior to selecting such tools, we review their privacy policy and check that the company is signed up to the EU-US Privacy Shield agreement. Companies who have signed up to this agreement commit to securing personal data in line with EU data protection legislation.
Your rights
- You have certain rights over the processing of your personal information by SpecialEffect. These are:
- The right to be informed, which is what this privacy policy is for
- The right to access the data we hold about you
- The right to object to direct marketing
- The right to object to processing carried out on the basis of legitimate interests
- The right to erasure (in some circumstances)
- The right to data portability
- The right to have your data rectified if it is inaccurate or incomplete
- The right to have your data restricted or blocked from processing
We ask for your consent to send you direct marketing or fundraising information, and will always provide you with the opportunity to amend your preferences or to opt-out of receiving future marketing communications from us. We will always thank you for any donation you make to us, without a request for further donations.
How you can update your information
The accuracy of your information is important to us. If you change your contact details or if you want to update any of the information we hold on you, please email us at: dataprotection@specialeffect.org.uk or by post at: Data Protection Lead, SpecialEffect, Units 9-12, Southill Business Park, Cornbury Park, Charlbury, Oxfordshire, OX7 3EW
How you can access your personal information
You have the right to ask for a copy of the personal information SpecialEffect hold relating to you. To do this please contact dataprotection@specialeffect.org.uk or by post at: Data Protection Lead, SpecialEffect, Units 9-12, Southill Business Park, Cornbury Park, Charlbury, Oxfordshire, OX7 3EW
You also have the right to lodge a complaint about our processing of your personal data with the UK’s Information Commissioner’s Office.
Keeping your data secure
When you give us personal information we take steps to ensure that it’s treated securely and strive to protect it on our internal systems. SpecialEffect mitigates the risk of hosting your information on our secure server by storing it in a locked room in a secure building, with limited access.
Contacting us via email
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government standards. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Use of Cookies by this website
This website uses the cookies to collect non-personal information including standard internet log information and details of your behavioural patterns upon visiting our site. This is done to enable us to provide visitors to our websites with a better experience, identify preferences, diagnose technical problems, analyse trends and generally to help improve our website.
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help us analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for our website operators and providing other services relating to website activity and internet usage.
Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website
To opt-out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout.
Links to other websites
Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
More questions?
To contact SpecialEffect with a data protection query regarding the processing of your personal data, please email dataprotection@specialeffect.org.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 10/08/2021.