Legal

Privacy Notice

The Biojemmss Organisation UK, CIO

Personal information and what we do with it

The Biojemmss Organisation UK is a charitable incorporated organisation (registered number 1177603) whose registered address is First Floor, 47 Lawrence Street, York, YO10 3BU (the “Charity”). The Charity needs personal information about you to run the charity effectively.

In legal terms, the Charity is a ’data controller’ in respect of this information. This means that we need to tell you some things about the personal information we have about you and what your rights are in relation to it.

In this notice, you will see information about what the Charity does with your personal information, and also what third parties engaged by the Charity do with it. We describe who to contact if you wish to exercise your rights under data protection laws in relation to the joint use we make of your information. Except where stated otherwise, ‘we’ means the Charity.

If you have any queries relating to this notice or data privacy in general, please contact the Charity or the ICO (Information Commissioners Office) using the details provided at the end of this notice.

What personal information we have

We normally hold some or all of the following types of personal information:

  • Your name, date of birth, and bank account information (e.g. if you are paying a regular donation to the Charity).
  • Contact details (including your address, phone number and email address).

We may sometimes use other information about you. This could include information which you disclose to us in confidence; for example, relating to a health concern or details about your personal relationships. We might also have information about criminal convictions and offences, but usually only in relation to our safeguarding obligations under law, for example if you volunteer on a team that needs DBS checks.

Where we get personal information from

Most of the information we have comes directly from you. In addition, Mail Chimp, who administer the Charity’s web-and mobile-based applications on our behalf, may obtain information from you and provide it for us to access it via their service. Sometimes we get information from other sources: for example, from government departments such as HMRC (e.g. in respect of gift aid); and from publicly accessible sources.

If we ask you for other information in the future, we will explain about the implications of providing it and the consequences for you if you do not do so.

Why we hold personal information and how we share it

The trustees of the Charity are responsible for determining the purposes for which processing of your personal data is done. The trustees may delegate the day-to-day running of the Charity to employees of the Charity. However, the trustees retain ultimate responsibility for how your personal data is used. The trustees do not determine the purposes of processing your data with anyone else.

We must run the Charity in accordance with the Charity’s governing documentation (much of which can be found on the Charity Commission) and must also meet other legal requirements in relation to the running of the Charity.

We will use your personal information to comply with these legal obligations, to establish and defend our legal rights, and to prevent and detect crimes such as abuse of vulnerable individuals or fraud. We may need to share your personal information with other people for this reason, such as courts and law enforcement agencies.

We also have a legitimate interest in ensuring that the Charity is properly run. This includes: monitoring financial giving; ensuring a safe environment for staff, volunteers and beneficiaries of the Charity; entering into contracts, such as insurance contracts; communicating with you about the activities of the Charity; and ensuring that the expected standards of Charity governance are met (including standards set out in Charity Commission guidance).

In order to achieve this, we may need to share your personal information with various people, including: other charities or trustee directors we are affiliated with; Mail Chimp; the Charity’s professional advisers; auditors and independent examiners; insurers; HMRC; the Charity Commission; and IT and data storage providers and other service providers.

The Charity (as a Christian organisation) may collect or receive information from you about your religious beliefs, health or other very personal information. However, we are only permitted to use or process such data in the course of our legitimate activities and as long as we put appropriate safeguards in place. We would not normally share this very personal data with third parties, however, where we need to, we are required to seek your consent to disclosure to third parties.

We recognise the importance of identifying and supporting supporters in vulnerable circumstances. If supporters in vulnerable circumstances are identified, personal information may be recorded so that we may respond appropriately in future, for example by ceasing fundraising requests or no longer making calls.

Please note that, sometimes, there may be reasons of public interest or law which enable us to use your health (or other very personal information) without your consent. We will only share your data where it is necessary to run the Charity in a sensible way. If we are only relying on your consent to process this information, you can withdraw your consent at any time by contacting us using the contact details given below. This may affect what we can do for you unless we have another lawful reason for using your information. We may also share your personal information with someone else where you have given your consent.

How to contact the other people we give your personal information to

Most of the people mentioned above just use your personal information in the way we tell them. However, others may make their own decisions about the way they use this information to provide their services, perform their functions, or comply with their regulatory requirements. (In practice, we anticipate this will primarily be statutory bodies, such as HMRC.) In such a case, they have responsibilities as data controllers in their own right. This means that they are subject to the same legal obligations as us in relation to your information, and the rights you have in relation to your information apply to them, too.

If you want any more information from any of the people who receive your personal information from us, or to exercise any rights in relation to the information they hold, please contact us and we will put you in touch with them.

How long we keep your personal information for

We need to keep some of your personal information long enough to make sure that we can satisfy our legal obligations in relation to the Charity.

We keep your information for long enough to ensure that, if a query arises in the future, we have enough information to deal with it where we have a legal obligation to do so. To meet this aim, the majority of the personal information that we hold will be kept for a period 6 years from when you stop engaging with the Charity.

However, some information may be kept for a longer or shorter period depending on how long we sensibly think we need it to deal with queries (from you or other persons who are entitled to your data), complaints, and our legal obligations mentioned above. We have set out the relevant retention periods in our Data Privacy Policy and Data Record, which is available upon request.

Your rights in relation to your personal information

You have rights in relation to the personal information we have about you. You have the right to:

  • make a request to have your personal information corrected if it is inaccurate, and completed if it is incomplete;
  • in particular circumstances, restrict the processing of your information;
  • in particular circumstances, ask to have your information erased;
  • request access to your information and to obtain information about how we process it;
  • in particular circumstances, move, copy or transfer your information;
  • in particular circumstances, object to us processing your information;
  • not be subject to automated decision-making including profiling where it produces legal or other significant effects on you.

You can exercise all of these rights free of charge except in some very limited circumstances, and we will explain these to you where they are relevant.

To exercise these rights, please use our contact details, which are set out below. We can also supply more information about these rights to you, on request.

Keeping your information safe

When we pass your information to a third party, we seek to ensure that they have appropriate security measures in place to keep your information safe and to comply with general principles in relation to data protection.

Rarely, some of the people we share your information with may process it overseas. This means thatyour personal information may on occasion be transferred outside the UK and the European Economic Area. Some countries already provide adequate legal protection for your personal information, but in other countries, additional steps will need to be taken to protect it.

You can contact us for more information about the safeguards we use to ensure that your personal information is adequately protected in these circumstances (including how to obtain copies of this information).

Queries and further information

If you want more information about what we do with your information and what your rights are, please contact us at:

GDPR

C/o The Biojemmss Organisation UK, First Floor, 47 Lawrence Street, York, YO10 3BU

Email:info@biojemmss.com

If you have concerns about the way we handle your personal information, you can contact the Information Commissioner’s Office or raise a complaint at www.ico.org.uk/concerns, or call its helpline on 0303 123 1113.