At RecoverMe we understand that the privacy and security of your personal information is an important issue to you and we are committed to protecting it. We aim to be completely transparent on how we collect, process and store your personal information.
The processing of your information is carried out by or on behalf of RecoverMe (who is the ‘controller’ of the personal information collected as set out below).
Please take the time to read this policy carefully. If you have any questions about this it or would like to update your communication preferences, please contact us using any of the methods below:
Phone: 07866 363175
1. How do we obtain your personal information?
i. Directly from you: we collect personal information when you communicate with us using any media or in person. You may give us information to sign up for one of our events, ask about our activities, make a donation to us, purchase our publications or fund raise on our behalf.
ii. Your personal information may also be given to us indirectly by you when it is shared with us by third parties acting on our behalf, for example sub-contractors in technical, payment and delivery services. To the extent we have not done so already, we will notify you when we receive personal information about you from them and tell you how and why we intend to use that personal information.
iii. When information is publicly available: we may collect and combine information that is publicly available with information we already hold to better understand our supporters and improve our work. This may include:
- Information publicly available on social media platforms like Facebook:: we may collect personal information when you have used social media platforms to contact us. Please check your privacy settings or their privacy policies as you might have given us permission to access information from those accounts.
- Information publicly available on newspapers, articles or other websites such as Companies House and Land Registry.
- Information publicly available when researching/ analysis supporters as explained in section 3 below.
iv . When you visit our websites: we automatically collect technical information from your computer or device such as IP address, and via cookies and similar technologies. Please see our Cookies Policy for more information.
We may combine your personal information from one or more of these sources for the purposes set out in this policy.
2. What personal information we collect
We may collect, store and use the following kinds of personal information:
a. Identity data, including your name, username, date of birth (for example, if you make a donation, volunteer, or sign up for an event).
b. Contact data, including your email address, postal address, and phone number (for example, if you sign up to receive updates from us).
c. Financial data, including bank or payment card details (for example, if you make a donation).
d. Transaction data, including details of your giving.
e.Technical data such as your IP address, when you browse our website.
f. Marketing data such as your preferences for receiving communications from us.
g. Media data such as photographs, video and audio recordings.
h. Any other information you provide us as above (see How we obtain your personal information)
3. How we use your personal information
We may use data collected for different purposes. RecoverMe may processes your personal data for the following purposes:
- To keep you informed and obtain your views of our activities;
- To provide you with information about services available to you through RecoverMe, and third parties connected with us either as directed communications or newsletters;
- To process your payments/donations and keep our records updated);
- To process and respond to requests, enquiries and complaints received from you or about you;
- To provide services or information requested by you and any related communications;
- To recommend products and services that we believe will be of interest to you;
- to analyse trends and profiles in order to better understand our performance, improve our services and better meet the needs of our supporters, or to report on the results and impact of our work;
- To administer our website;
- To process employment applications;
- To transfer to service suppliers who undertake processing on our behalf, at our direction or otherwise to transfer any personal information to any other regulator or government body as required;
- For legal obligations (including those arising under contracts) and regulatory compliance;
- For audit purposes and to administer our accounts;
- To detect or prevent fraud, misuse of services or money laundering;
- The enforcement of legal claims;
- For any other purposes which we will notify you about.
- To manage any communication between you and us.
4. Sensitive personal information
Data privacy law identifies certain categories of personal information as sensitive and therefore requiring more protection, for example information about your health. In limited cases, we may collect and/or use your sensitive personal information (also known as special category data). Normally we will only do so where we have your explicit consent, but there may be other circumstances permitted under data privacy law.
For example, we may record that a person is in a vulnerable circumstance in order to comply with requirements under charity law and fundraising regulation to ensure that we do not send fundraising communications to them.
PLEASE BE AWARE THAT if you send RecoverMe unsolicited sensitive personal information, including requests for RecoverMe health related support and information, you do so at your own choice, as we do not have the expertise to provide specialist support in this area. See how we will share your information below.
5. Our legal bases for collecting and using your personal information
In order to lawfully collect, hold and use your personal information, we must rely on one or more of six grounds set out in data privacy law. We consider the following to be relevant to our use:
|Purpose of collection||Information category||Data collected||Purpose for collection||Lawful basis for processing||Data shared with?||Retention period|
|1. To provide you with information||Subject matter information||Name, company name, geographic location, email address, business sector.||To provide appropriate online or email information about products and services that you have requested||Contractual fulfilment||Internally only||Maximum 8 years from the data the information is collected.
6 months if a marketing email is left unopened
|To provide further, related, online or email information and ongoing news updates in relation to the identified area of interest.||Legitimate interest||Internally only|
|Telephone number||Follow-up to ensure requested information meets needs and identify further requirements||Legitimate interest||Internally only|
|Personal contact information as provided through website forms or at trade shows or any other means.||General mailing list subscription||Consent||Internally only|
|2. Transactional information||Transaction details||Name, physical address, email address, telephone number, bank account details (for credit accounts), other medium of content delivery||To process purchase transactions for products and services with customers, and to ensure any transaction issues can be dealt with.||Contractual performance||Internally only||Maximum 8 years from the date of the performance of the contract.
6 months from the data the data subject has input personal information but has not proceeded with a transaction.
8 years for VAT records from the performance of the contract
|For accounting and taxation purposes||Statutory obligation||Internally and professional advisers|
Documentation should any contractual legal claim arise
Internally and professional advisers
|Payment card data||Primary account number (PAN), cardholder name, service code, expiration date||To fulfil purchase requests using payment cards||Contractual performance||Payment card companies, all in line with PCI DSS||Only retained whist authorisation is pending.|
|3. Fulfilment information||Fulfilment data||Name, dietary requirements||Appropriate catering arrangements for training courses||Contractual performance||Internally and training venues||Maximum 6 years from the date of the performance of the contract.|
|Name, contact and identification details||Access to training courses, attendance registers||Contractual performance||Internally and training venues|
|Name, address(es), email address, contact details||Actual delivery of products or services, in physical or digital form, that you may have purchased from us.||Contractual performance||Internally and any third party logistics or supplier companies with whom we contract in order to fulfil these requirements.|
|4. Security||Security information||Technical information, as described above, plus any other information that may be required for this purpose||To protect our websites and infrastructure from cyber attach or other threats and to report and deal with any illegal acts.||Legitimate interest||Internally, forensic and other organisations with whom we might contract for this purpose.||Relevant statutes of limitation|
|5. Communications||Contact information||Names, contact details, identification details||To communicate with you about any issue that you raise with us or which follows from an interaction between us.||Legitimate interest||Internally and, as necessary, with professional advisers.||Relevant statutes of limitation.|
The law allows us to collect and use personal information if it is reasonably necessary to achieve our or others’ legitimate interests (as long as to do so it is fair, balanced and does not unduly impact on your rights). In general, our legitimate interests are the running of a charitable entity and pursuing our mission and vision. This may include charity governance, administration and operational management, and fundraising and campaigning (including sending marketing by post, and analysis in order to develop effective communication and fundraising strategies). When we rely in this lawful basis, we consider and balance any potential impact on you (positive and negative) and on your privacy rights.
6. How long we keep your information
Whatever your relationship with us, we only keep your personal information as long as necessary to fulfill the purposes for which we hold it, including satisfying any legal, accounting or reporting requirements. Usually this will be for a specified amount of time in accordance with our internal retention policy.
That length of time may vary depending on the reasons for which we are processing the personal information and whether we have a legal (for example under financial regulations) or contractual obligation to keep it for a certain amount of time.
Once the retention period has expired, personal information will be confidentially disposed of or permanently deleted.
If you object to further contact from us, we will keep some basic information about you on a ‘suppression list’ in order to comply with your request in the future.
At RecoverMe we undertake proportionate and appropriate measures to ensure security and confidentiality of your personal information. We make sure that your personal information is only accessible by trained staff. Access to sensitive personal information will be restricted to only those individuals that need this data in order to carry out their functions. We also use password protections. These are examples – we ensure appropriate measures are in place proportionate to the risk involved.
Our site is protected by HTTPS, meaning that any personal information that you transfer to us via our website is encrypted and is stored as securely as possible. The transmission of information via the internet is never completely secure, and we cannot guarantee the security of personal information transmitted to us via the internet.
8. Your rights
Where we rely on your consent to use your personal information, you can withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing purposes (change your communication preferences at any time by contacting us). You also have the following rights:
- Right of access - You can request access to personal information we hold about you. Provided we are satisfied that you are entitled to a copy and we have confirmed your identity, we will provide the information subject to any applicable exemptions. If you wish to make the request, please contact us.
- Right of rectification - You have the right to request that we correct inaccurate personal information concerning you. You can ask us to check if you are unsure.
- Right of erasure - In some circumstances you may request we delete your personal information. Note that in many cases we will need to keep limited personal information about you in order to ensure we don’t send you further communications (This is sometimes call the ‘right to be forgotten’).
- Right to restrict processing – You may ask for our use of your personal information to be restricted if there is disagreement about its accuracy or legitimate usage.
- Right to object - You can ask us not to use your personal information for direct marketing purposes (cash appeals, raffles and fundraising campaigns), or where we are using it on the basis of our legitimate interests or for research or statistical purposes. You may opt-out from email marketing by clicking the ‘unsubscribe’ link in our emails or contact us if you wish to no longer receive marketing communication in the post.
- Right to data portability – Where we are processing your personal information by ‘automated means’ and either (i) because we have your consent or (ii) because it is necessary for a contract with you, you may ask us to provide your personal information to you or another service provider in a machine-readable format.
- Rights related to automated decision-making – You have certain rights in relation to decisions made solely on the basis of automated processing of your personal information that has legal or similar effects on you (e.g. automated credit checks).
We may ask you for additional information to confirm your identity before disclosing personal information to you.
9. Changes to this policy
We may need to update this policy from time to time, including to reflect changes in the relevant law or in the way we collect, process and store your data. We will notify you when significant changes will be made to this policy.
10. Contact details and complaints
If you have any queries relating to this policy, please contact us either by email at Michelle@recoverme.org.uk or by writing to us at 8 Monkspath, Walmley, Sutton Coldfield, West Midlands, UK B76 2RX
You are entitled to make a complaint to the ICO at any time. We are always grateful for the opportunity to resolve your concerns before you feel it is necessary to approach the ICO.