PURPOSE OF THIS PRIVACY NOTICE
In this privacy notice, we provide you with information on how we collect and use (process) your personal information.
Please note that we may use additional privacy notices to supplement this notice (for example, if you use a Comic Relief App). We will always bring any additional privacy notice to your attention.
WHO WE ARE
Charity Projects is a registered charity in England and Wales (charity number: 326568) and Scotland (charity number SC039730). We operate under the name of Comic Relief. We also have a trading entity, Comic Relief Limited (registered number: 01967154). In this notice we refer to these entities as “Comic Relief” or “we”, “us” or “our”.
We are responsible for looking after your personal information.
Our Head of Assurance is our Data Protection Officer and is responsible for any questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your rights, please contact our Head of Assurance using the contact details set out below.
Our full details if you wish to contact us are:
Full name of legal entity: Charity Projects t/a Comic Relief Name or title: Head of Assurance Email address: DPO@comicrelief.com Postal address: 1st Floor, 89 Albert Embankment, London, SE1 7TP Telephone number: +44 (0) 20 7820 2000
RIGHT TO COMPLAIN
You have the right to make a complaint or raise any concerns you have that relate to our approach to your personal information to the Information Commissioner’s Office (ICO – the ICO is the UK regulatory authority for data protection issues (www.ico.org.uk)). We would appreciate it if you could please let us know if you contact the ICO. If you feel able to contact us before you contact the ICO, we will take your concerns seriously and we will work with you to resolve any issues that you have (noting that we will tell you if you should refer the issue to the ICO and that we may also need to tell the ICO).
CHANGES TO THE PRIVACY NOTICE
Please note that we may update this privacy notice from time to time and will publish any update on our websites. If we make significant changes to this notice, we will directly inform you of these changes where reasonably practicable (for example, if we have your email address, we will email you).
PLEASE INFORM US OF CHANGES TO YOUR PERSONAL INFORMATION
It is important that the personal information we hold about you is accurate and current. You can updated your details using the Update your preferences form or please Contact Us to provide an update if your personal information changes.
Personal information is any information relating to an identified or identifiable individual. We may collect, use, store and transfer different kinds of personal information about you when we engage with you, including:
Identity information including your name, gender, date of birth, username, and social media ID’s or similar identifiers.
Contact information including your billing address, delivery address, email address and telephone numbers.
Donation/Transaction information including details about donations you have made and payments to and from you (including bank and credit card information), tax details for Gift Aid and other details of products and services you have purchased from us.
Technical information including your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Profile information including your username and password, your interests, preferences, feedback and survey responses.
Usage information including information about how you use our website, products and services.
Marketing and Communications information including your preferences for receiving marketing from us and our third parties and your communication preferences.
Information about your organisation and its employees and stakeholders including, where applicable, your directors, trustees, office addresses, email addresses, phone numbers and bank details. In some cases, we may need further details such as date of birth or home address of key persons. If we request further details of beneficiaries or volunteers, we will discuss this with you and ensure that this is obtained in accordance with data protection laws.
Where we refer to personal information in this notice, it might include any/all of the above.
We also collect, use and share aggregated information. This includes statistical or demographic data. Aggregated information may be derived from your personal information but is not usually considered personal information as this data does not directly or indirectly reveal your identity. For example, we may aggregate usage information to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated information with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this privacy notice.
We do not generally collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). There may be occasions where we collect a limited amount of health information (for example, if you take part in any event which requires physical activity, we may ask for certain medical information to ensure you are able to safety participate in the event). We will only collect such health information where we have your explicit consent.
We collect personal information in the following ways:
Directly from you - this includes where you donate or fundraise, sign up to one of our events, purchase products from our on-line shop, communicate with us or download any of our Apps.
Indirectly from third parties' fundraising sites - this includes the information you have shared with them (for example Just Giving or Virgin Money Giving). These sites may pass your data to us where you have indicated that you wish to support us.
To build our understanding we may receive information from reputable public sources (for example, from newspapers, postings on LinkedIn or information held on Companies House), as well as information from third party organisations we engage to help us understand individuals preferences and potential to provide us with donations, and to run any due diligence checks on our funded partners.
Cookies (and automated technologies or interactions) – we may automatically collect technical information about your equipment, browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies. Please see below for more information on cookies.
Third parties - we may receive personal information about you from various third parties including technical data from analytics partners like Google, from advertising networks like Yieldify, from search engine providers like Bing Webmaster Tools, from technical, payment and delivery service providers like Worldpay and lifestyle and demographic insight data from third party segmentation/marketing partners.
Third Party Websites – when you use our websites or otherwise engage with us, you may receive links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we would please encourage you to read the privacy notice of every website you visit as that will govern how that website will process your personal information.
Third Party Platforms for funded partners – when you use our funding management system and any related tools or applications, we may use the information provided in order to contact you in connection with your activities and the funding, run any necessary verification, due diligence, fraud or monitoring checks, and arrange payment of the funding.
UK data protection law (the General Data Protection Regulation) requires us to have a “legal basis” for processing (using) your personal data. The legal basis we rely on are:
Where we have your specific consent to use your personal information for a specific purpose (for example, where we contact you by email).
Where we process your personal information for our legitimate interests (or those of a third party). Please see “Legitimate Interests” – below.
Where the processing of personal information is necessary to perform a contract with you (for example, where you have purchased a product from us).
Where the processing of personal information is necessary to comply with a legal or regulatory obligation that applies to us (for example, in some instances, we may be required to share your information with the Charity Commission, Information Commissionaires Office, other regulators or law enforcement agencies) or to use your information for due diligence or ethical screening purposes.
We will not sell your personal information (and we also do not buy personal information). We only wish to contact you in a way that is consistent with our relationship (how you would expect to be contacted and with materials you would expect to receive from us).
Our communications may include information about our objective and work, the activities we fund and the impact of your support as well as requests for donations, fundraising or other support. We will use your personal information to tailor and target our communications to you.
We will use your personal information:
To send you marketing emails or SMS texts where we have your consent.
To contact you by phone.
To send you marketing and fundraising communications by post (or to otherwise engage with you) based on our legitimate interests (or those of a third party). For more information on this, please see “Legitimate Interests” below.
So that we can fundraise effectively and efficiently (for example, by analysing and segmenting our supporters by location, demographics, previous donations or previous activities and to identify your interests and motivations and the level of support you may potentially be able to give to us).
For research and analysis purposes – this may include inviting you to participate in surveys or research or analysing usage data from our website to improve our content or user experience.
For our charitable purposes (for example, where we tell stories to explain our objectives and the work we do).
For the provision of services or administration – this may include:
Dealing with donations, including communications to confirm and say thank you, for Gift Aid or for other administrative reasons relating to your donation.
Dealing with any transaction you enter into with us and for us to fulfil any contract with you (for example, where you purchase from our websites).
Managing our events.
Dealing with entries into competitions and prize draws and any applicable prizes.
Preparing reports about our work, services and events.
When you contact us (for example, to ask questions).
If you provide any content to us.
Administering our websites and monitoring website use (to enable us to improve user experience).
Responding to your enquiries, contacts or requests about your personal information.
Notifying you about changes or updates to the website, our services or our funding processes (as applicable).
Displaying content in a device appropriate way (for example, if you are using a mobile).
For internal record keeping (we will keep a record of our relationship).
Carrying out fraud prevention (and money laundering checks), undertaking credit risk activities and in relation to legal claims we take or defend.
Managing the page you have set up to support your donations to us (your giving page) or any other accounts you hold with us. If you have already provided us with your personal details to take part in our campaigns (for example, when setting up a giving page, or ordering from our shop), and you indicate you want to take part in another campaign (for example, by entering an event or setting up a new fundraising page) we will use the details you gave us previously to save you having to give them to us again.
In relation to our funding (including in relation to funding applications and the activities we fund). For example, we may contact applicants to discuss their applications and funded partners to discuss their obligations under their Conditions of Funding (including reporting), their activities and how we can assist them.
To safeguard those who work for or with us (or we otherwise engage with).
To process and administer your application for a job (or to volunteer).
BUILDING OUR UNDERSTANDING
We will build our understanding of you, including by using profiling and screening techniques so that we understand your background, interests, motivations and your potential to make donations. We will use your information, information from reputable public sources (for example, newspapers, LinkedIn and Companies House) and from third parties we engage (who provide a service to better understand individual’s preferences and potential to donate). We build our understanding to enable us to tailor and target our communication and engagement with you to ensure that:
we are providing you with the best and most relevant experience
we make the best use of our resource (and do not waste resource by directing our engagement activities to those who do not wish to be so engaged)
If you do not wish for us to build our understanding of you in this way, please Contact Us to let us know.
When we use our legitimate interests as the legal basis for processing your personal information, we will consider and balance any potential impact on you and your rights before we process your personal information. We will only then proceed where we believe our interests are not overridden by the impact on you. Our legitimate interests include the interests of our organisation in conducting and managing our operations to enable us to give you the best service and the best and most secure experience, and where we believe it to be in the public interest to process your personal information. Specific examples of this include:
Sending you information and marketing materials to your postal address
Analysis and profiling of our supporters
Using third party sources to keep your postal address up to date
Use of personal information to monitor use of our website (and apps) for technical purposes
In relation to funded partners, monitoring and evaluating funding, activities and compliance with their Conditions of Funding, audit checks and conducting organisational checks and verifications for fraud or error detection
WE RESPECT YOUR PREFERENCES
If you would like us to:
Stop using your personal information for any of the purposes set out above and/or
Stop sending you marketing materials or other communication
You can manage your preferences using our preference centre.
You can also unsubscribe from our communications (including marketing communications) by following the directions to ‘unsubscribe’ set out in the communication.
Please see section 9 below for more information as to your rights in relation to your personal information.
We will deem specific consent you have provided us in relation to email marketing materials to be valid for the period of 24 months from your last engagement with us. Where we rely on legitimate interest as the legal basis for contacting you (for example, by post), we may extend this period to 48 months from your last engagement with us. Engagement includes, but is not exclusive to, opening emails, making a donation or other fundraising activity.
CHANGE OF PURPOSE
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please Contact us.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may share your personal information with the following third parties set out below:
Worldpay: If you make a donation or payment on our site, cookies are used by Worldpay to enable your visit to be identified between page loads, and to make sure that at the payment point only your specific computer can continue with payment. These cookies are destroyed each time you close your browser.
Google Analytics: We use a service called Google Analytics which collects information about how visitors use our site. We use the information to promote our campaigns online (including via search and display advertising and using a feature called “remarketing” (displaying relevant ads to people who have visited our site whilst they browse other sites), as well as to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from, and the pages they visited. Google Analytics also provides high level visitor demographics and interests data taken from the Google Ads Display Network. This additional information helps us better understand our audience and improve the services we offer.
Yieldify: We use a web analytics tool called Yieldify, which takes an anonymous sample of users and records their actions on the website (e.g. mouse clicks). The service is anonymous and does not collect personal information. Yieldify helps us identify areas of the website in which we can improve the user journey.
Analytics, search engine and marketing/segmentation providers: We may share data with analytics and search engine providers who assist in the optimisation of our site and our services. We also work with marketing/segmentation specialists (who may provide us with lifestyle and demographic insights to enable us to tailor and target our communications).
Professional advisors: Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
HMRC / Other Regulators: Where we are under a legal duty to disclose of share your personal information in order to comply with legal obligations, including to HM Revenue & Customs, regulators and other authorities (who require reporting of processing activities in certain circumstances, including in relation to Gift Aid).
Government: We receive funding from various sources, including government entities (such as the UK Department for Digital, Culture, Media & Sport (DCMS) and the UK Department for International Development). These organisations and their appointed agents may process data of funded partners and their sub-funded partners on our behalf including for monitoring, evaluation and audit purposes, and to conduct organisational checks and verifications for fraud or error detection. They may contact you to discuss these matters. If DCMS is processing personal data for the purpose of post funding award assurance (fraud and error detection and recovery) they will also become a joint controller of the data along with Comic Relief. DCMS will be using a task carried out in the public interest as the legal basis for processing the data.
Partners: We work with various partners, including suppliers and subcontractors who will process data on our behalf. These suppliers include those who provide us with IT services, system administration, our funding management system and related tools or applications, as well as other services as well as other services (including market research).
Legal Rights: To enforce and protect our legal rights, or the safety of those who work for us, or with us, our beneficiaries, donors or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction. If we merge (or if we were to sell any part of our operations) including where Comic Relief or its assets are acquired by another charity or other third party, personal data will be one of the transferred assets.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions. Some of our partners run their operations outside of the EEA (European Economic Area) and this may include countries who have different data protection laws. We will always take steps to make sure appropriate protections are in place (in accordance with UK data protection law) and that information is safeguarded. This includes ensuring the appropriate transfer mechanisms are in place, such as the relevant third party being EU-US Privacy Shield certified, having Binding Corporate Rules in place, or entering into Standard Contractual Clauses with us.
We will collect personal information and engage with you in accordance with this privacy notice (for example, if you set up a giving page with us), however, please note, if you are under 18, you must have your parent or guardian's permission before you provide us with any personal information. If you are 14 or under we will require a parent or guardian’s email address before we engage with you and we will then contact such parent or guardian to verify that we may engage with you (and will typically then collect the parent or guardians’ personal information and not that of the child).
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties on a need to know basis. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and to enable us to continue to tell our story and promote the work of our funded partners (which will include reference to archive material).
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. Where we provide personal information to third parties, we have similar considerations when agreeing an appropriate retention period.
At the end of an agreed retention period your information will either be securely and confidentially destroyed or anonymised. Anonymisation is the process of either encrypting or removing personal information from data sets, so that it is not possible to identify individuals from the data.
Under certain circumstances, you have rights under data protection laws in relation to your personal information:
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information in certain circumstances e.g. where it is no longer necessary for us to retain it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal information where we are relying on the legitimate interest basis (or those of a third party) or where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal information which override your rights and freedoms.
Request restriction of processing of your personal information in certain circumstances.
Request the portability of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
If you decide not to provide us with your data or to withdraw consent (where we are relying on consent to process your personal information), we may not be able to provide certain products, services or funding to you.
If you wish to exercise any of the rights set out above, please contact us on firstname.lastname@example.org(opens in new window).
NO FEE USUALLY REQUIRED
You will not have to pay a fee to access your personal information (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
WHAT WE MAY NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
TIME LIMIT TO RESPOND
We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer than 30 days if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.