Our Privacy Policy

Introduction and Scope


This policy outlines Wiseheart Project’s commitment to data protection and compliance with the UK Data Protection Act. Wiseheart Project is a “data controller” for the purposes of the Data Protection Act 2018 and the UK General Data Protection Regulation. This means that we are responsible for the processing of personal information.

  • Data protection is the practice of safeguarding personal information by applying data protection principles and complying with the Data Protection Act.

  • The Data Protection Act is a UK law that regulates the processing of personal data.

  • The UK Information Commissioner's Office (ICO) provides guidelines on data protection that Wiseheart Project will follow. 

The purpose of this policy is to ensure that all personal data held by the charity is processed lawfully, fairly, and transparently, and that the rights of data subjects are protected. This policy applies to all individuals working on behalf of Wiseheart Project, including trustees, staff, and volunteers.

Terms

  • UK GDPR: The UK General Data Protection Regulation, which outlines the rules for processing personal data in the UK.

  • Data Processor: An individual or organisation that processes personal data on behalf of a data controller.

  • Data Controller: An individual or organisation that determines how and why personal data is processed.

  • Data Subject: An individual whose personal data is being processed.

  • Processing: Any operation performed on personal data, including collection, storage, use, and disclosure.

  • Personal Data: Any information that can identify a living individual, such as name, address, or email address.

  • Sensitive Personal Data: Personal data that requires extra protection, such as health information or ethnic origin.

  • Direct Marketing: Any communication aimed at promoting a product or service directly to an individual.

  • PECR: The Privacy and Electronic Communications Regulations, which govern electronic direct marketing.

  • Valid Consent: Consent given freely, specifically, and informed, and can be withdrawn at any time.

  • Legitimate Business Purpose: A lawful reason for processing personal data that is necessary for the legitimate interests of the data controller or a third party.

Data Protection Lead


Wiseheart Project’s Data Protection Lead can be contacted at hello@wiseheartproject.com. They are responsible for overseeing data protection, leading on any incident investigation, and reporting. They will also ensure that all staff and volunteers are provided with any induction, on the job or other training and made aware of their data protection responsibilities.

Data Protection Principles


Any data Wiseheart Project collects, stores or processes is

  • Processed lawfully, fairly and in a transparent manner.

    • There are several grounds on which data may be collected, including consent

    • We are clear that our collection of data is legitimate, and we have obtained consent to hold an individual’s data, where appropriate.

    • We are open and honest about how and why we collect data and individuals have a right to access their data.

  • Collected for specified, explicit and legitimate purposes and not used for any other purpose.

    • We are clear on what data we will collect and the purpose for which it will be used.

    • And only collect data that we need.

  • Adequate, relevant and limited to what is necessary.

    • We collect all the data we need to get the job done.

    • And none that we don’t need

  • Accurate and, where necessary, kept up to date.

    • We ensure that what we collect is accurate and have processes and/or checks to ensure that data which needs to be kept up to date is, such as beneficiary, staff, or volunteer records.

    • We correct any mistakes promptly.

  • Kept for no longer than is necessary.

    • We understand what data we need to retain, for how long and why.

    • We only hold data only for as long as we need to.

    • That includes both hard copy and electronic data.

    • Some data must be kept for specific periods of time (eg accounting, H&SW).

    • We have processes that ensure data no longer needed is destroyed.

  • Processed to ensure appropriate security, not only to protect against unlawful use, but also loss or damage.

    • Data is held securely, so that it can only be accessed by those who need to do so.  For example, paper documents are locked away, access to online folders in shared drives is restricted to those who need it, IT systems are password protected, and sensitive documents that may be shared are password protected.

  • Kept safe.

    • Staff understand what they must and must not do to safeguard against cyber-attack, and that passwords must be strong and not written down or shared.

  • Recoverable.

    • We have adequate data back-up and disaster recovery processes.

How We Collect Data


We want to make sure our staff, volunteers, guests and participants receive the communications that are most relevant to them, be it through visiting our website or receiving emails, post or phone calls. We want to make sure they receive the best attention when they book on an event, contact our team or make a donation.

We collect information from individuals in the following ways:

When they interact with us directly: 
This could be if they ask us about our activities, register with us for a programme or event, make a donation to us, ask a question via email or social media, complete a survey providing feedback on our services, apply for a job or volunteering opportunity or otherwise provide us with their personal information. This includes when they phone us, visit our website or get in touch through the post, or in person.

When they interact with us through third parties:
This could be if they provide a donation through a third party such as Just Giving or one of the other third parties that we work with.

When they visit our website:
We gather general information which might include which pages they visit most often and which services, events or information is of most interest to them. We may also track which pages they visit when they click on links in emails from us. We also use cookies to help our site run effectively.

We use this information to personalise the way our website is presented when they visit to make improvements and to ensure we provide the best service and experience for them. Wherever possible we use anonymous information which does not identify individual visitors to our website.

Information We Collect and Why We Use It


Personal Information
Personal information we collect includes details such as names, dates of birth, email addresses, postal addresses, telephone numbers and credit/debit card details (for booking payments and donations), as well as information provided in any communications between us and an individual. Individuals give us this information while making a donation, registering for an event, or any of the other ways to interact with us.

We will mainly use this information:

  • To process donations or other payments, to claim Gift Aid on donations and verify any financial transactions.

  • To provide services or goods

  • To update our clients with important administrative messages about donations, events or services.

  • To comply with the Charities (Protection and Social Investment) Act 2016 and follow the recommendations of the official regulator of charities, the Charity Commission, which require us to identify and verify the identity of supporters who make major gifts so we can assess any risks associated with accepting their donations.

  • To keep a record of our clients’ relationship with us.

  • To administer volunteering or other agreements with us

Without this information, we will not be able to process donations, programme bookings or provide services.

We may also use personal information:

  • To contact individuals about our work and how they can support Wiseheart Project.

  • To invite individuals to participate in surveys or research.

  • To analyse our supporter base in order to improve our marketing and outreach.

Sensitive Personal Information


When registering for some of our programmes, we will ask participants to share sensitive personal information, such as health information. When they provide us with any Sensitive Personal Information by email or by other means, we will treat that information with extra care and confidentiality and always in accordance with this policy.

We will only use this information for the purposes of facilitating that individual’s experience on our programme and will not pass the information on to anyone else, except in exceptional circumstances. Examples of this might include anyone reporting serious issues such as physical abuse or exploitation, in which case we will always inform the individual involved before sharing the information with a third party such as law enforcement or support services.

Legal basis for using information


In some cases, we will only use personal information where we have consent or because we need to use it in order to fulfil a contract, for example with those booked onto one of our programmes.

However, there are other lawful reasons that allow us to process personal information and one of those is called 'legitimate interests'. This means that the reason that we are processing information is because there is a legitimate interest for Wiseheart Project to process personal information to help us in our work.

Whenever we process Personal Information under the 'legitimate interest' lawful basis we make sure that we take into account the rights and interests of the individual and will not process any personal information if we feel that there is an imbalance.

Some examples of where we have a legitimate interest to process Personal information are where we:

  • contact individuals about programmes we feel they may be interested in based on their previous communications or activity

  • use personal information for data analytics, conducting research to better understand who our supporters are, improving our services, for our legal purposes (for example, dealing with complaints and claims), or for complying with guidance from the Charity Commission.

Cookies


Our site uses cookies to distinguish individual visitors from other users of our site. This helps us to provide our visitors with a good experience when browsing our site and also allows us to improve our site.

A cookie consists of information sent by a web server to a web browser, and is stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

We may use both “session” cookies and “persistent” cookies on the website. We will use the session cookies to: keep track of visitors whilst they navigate the website. We will use the persistent cookies to: enable our website to recognise visitors when they visit.

  • Session cookies will be deleted from a visitor’s computer when they close their browser.

  • Persistent cookies will remain stored on their computer until deleted, or until they reach a specified expiry date.

We use similar technologies to identify when our emails are opened. This allows us to identify whether our marketing campaigns are effective, and we consider that we have a legitimate interest in doing so.

We use Google Analytics to analyse the use of our website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google’s privacy policy is available at: http://www.google.com/privacypolicy.html.

Individuals can always withdraw their consent by clearing cookies from the cache in their computer and rejecting them next time they visit our site.

Marketing


We will only contact individuals about our work and how they can support Wiseheart Project by phone, email, text or WhatsApp message, if they have agreed for us to contact them in this manner.

If an individual agrees for us to contact them through one of these channels we may send them information about our work and how they can support us. As well as sharing our latest news, we may contact them about events and fundraising for Wiseheart Project.

Anyone can update their choices or stop us from sending communications at any time by contacting hello@wiseheartproject.com or clicking the unsubscribe link at the bottom of the relevant communication.

When an individual updates their communication preferences it can take up to 28 days to take effect across all of our systems.

Sharing of Information


The personal information we collect will be used by Wiseheart Project’s staff, contractors and volunteers in order to support an individual’s time with us or to engage them in a continued relationship with our charity.

We will never sell or share any personal information with anyone else, nor do we sell information about the web-browsing activities of our website visitors.

Wiseheart Project may however share personal information with our trusted partners and suppliers who work with us or on our behalf to deliver our services, but processing of this information is always carried out under our instruction. We make sure that they store the data securely, delete it when they no longer need it and never use it for any other purposes. Some examples of where we may share personal information are with our partners who help us to process donations and claim Gift Aid and the companies who supply our cloud-based CRM software.

We enter into contracts with these service providers that require them to comply with Data Protection Laws and ensure that they have appropriate controls in place to secure your information.

Keeping Information Safe


We take looking after personal information very seriously and have implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.

Unfortunately, the transmission of information using the internet is not completely secure. Although we do our best to protect personal information sent to us this way, we cannot guarantee the security of data transmitted to our site.

Any debit or credit card details which we receive on our website are passed securely to Stripe, our payment processing partner, according to the Payment Card Industry Security Standards.

How Long We Hold Information For


We only keep information as long as is reasonable and necessary for the relevant activity. For example, there are statutory regulations that dictate how long we must keep Gift Aid details for, where as any personal sensitive information (such as details of health conditions and/or medication) shared with us in the booking of a programme, is deleted as soon as that programme is completed.

Data Breach


If there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, we will investigate the circumstances of any loss or breach, to identify if any action needs to be taken. 

Action might include changes in procedures, where there will help to prevent a re-occurrence or disciplinary or other action, in the event of negligence.

We will notify the Information Commissioner’s Office (ICO) within 72 hours, of a breach if it is likely to result in a risk to the rights and freedoms of individuals.

Children


As people under 13 years of age are not legally able to give consent, any information held about people under the age of 13, is only collected, stored and processed with a parent’s or guardian’s consent.

People Who Are Not Competent


In the case of someone who is not able to give consent for the collection, storage or processing of their data, any information held about them, is only collected, stored and processed with the consent of the person who is authorised to make decisions on their behalf, such as a Lasting Power of Attorney.

Rights of Individuals


Individuals have various rights in respect of the personal information we hold about them. If an individual wishes to exercise any of these rights or make a complaint, they can do so by contacting our Data Protection Lead at info@wiseheartproject.co.

Individuals can also make a complaint to the Information Commissioner’s Office at https://ico.org.uk

Fundraising


Wiseheart Project will ensure that our fundraising complies with the Data Protection Act and ICO guidelines and the Fundraising Regulator guidelines including, if applicable, direct marketing and PECR.  We will respect the privacy and contact preferences of our donors.

Fundraising Preference Service


We will respect the privacy and contact preferences of our donors. We will respond promptly to requests to cease contacts or complaints and act to address their causes.

Changes to this Policy


Any changes we may make to this Privacy Policy in the future will be posted on this page and, where appropriate, notified to our supporters by email.