Review and change history
Approved by the Board
This Policy sets out how ADF processes the personal data we collect from our members, our staff or any other third parties, via paper filling or our website. It outlines how ADF will comply with the UK Data Protection Act 2018.
Data Protection Principles
ADF will ensure that all personal data are:
- used fairly, lawfully and transparently
- used for specified, explicit purposes
- used in a way that is adequate, relevant and limited to only what is necessary
- accurate and, where necessary, kept up to date
- kept for no longer than is necessary
- handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
Why we collect data?
ADF only collect and process personal data when it is necessary to carry out our business aims and deliver our charitable public benefit objectives. Here are the main ones:
- To recruit people
- To keep a record of our employees / members of staff
- To provide a service you have requested as a member (events, training etc),
- To offer you a personalized experience and understand your needs better,
- To inform you of events or updates you have asked for or contact you if we need to obtain or provide additional information.
We also collect information in order to better inform our teams about prospective donors and to fulfil our fundraising goals as a charity. This is to ensure we are providing appropriate opportunities for people to support our work, should this form of engagement be of interest.
What data do we collect?
ADF collects the following data:
- Contact email and numbe
- Address, (membership only
- CV and profile picture, (membership only
- Website link, (membership only
- Date of Birth, (membership only
- Preferred Pronoun
- Age group, (membership only)
- Access needs, (membership only
- Current employment status
- Job title
ADF processes special category of personal data of members and third parties as it is necessary to pursue the organisation’s mission and provide services for the organisation. We also process special category data of employees as it is necessary to comply with employment and social security law.
This includes the following personal data revealing:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person
- an individual’s health
- a natural person’s sex life or sexual orientation
- criminal convictions or offences
We may collect information about your computer, including your IP address, operating system and browser type, for system administration and to report aggregated information to our stakeholders.
How do we collect your data?
You directly provide ADF with most of the data we collect. We collect data and process data when you:
- Apply for a position at ADF
- Join as a member
- Purchase tickets to our events, masterclasses, workshops etc.
- Sign up to our mailing list
- Voluntary complete a customer survey or provide feedback on any of our message boards or via email
- Use or view our website via your browser’s cookies
ADF will ensure that when we process personal data, we have your consent and that you have been made aware that you have the right to withdraw your consent. Consent must be:
- Specific (not given in respect of multiple unrelated purposes)
- Informed (explained in plain and accessible language)
- Unambiguous and given by a clear affirmative action (meaning opt-in: silence, inactivity or pre-ticked boxes will not be sufficient)
- Freely given: Consent will not be valid if the data subject does not have a genuine and free choice or cannot refuse or withdraw consent without detriment.
We may also collect information from publicly available sources as part of our fundraising practice. This may include obtaining information from individuals working on our behalf such as our development board and from organisations that book fundraising events or have memberships with us for their hospitality packages or corporate workshop events.
How will we use your data?
Who do we share your information with?
ADF will never share, sell, rent or trade your personal information to any third parties for marketing purposes without your prior consent. We will ask for your consent to share personal information with partners. These requests will be specific to the individual organisation so that your consent decision is informed.
Some of our service providers may have access to your data in order to perform services on our behalf – payment processing is a good example of this. Our payment services provider is Stripe. We will share transaction data with our payment services
providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies and practices at URL: Stripe (https://stripe.com/gb/privacy).
At a certain extent, we make sure anyone who provides a service for ADF enters into an agreement with us and meets our standards for data security. They will not use your data for anything other than the clearly defined purpose relating to the service that they are providing.
How do we store your data?
ADF is committed to protecting the personal information you entrust to us. We will take appropriate technical and organisational measures to prevent the loss, modification or misappropriation of your data.
We will keep your information only for as long as is reasonably necessary for the purposes set out in this privacy notice and to fulfil our legal obligations. We will not keep more information than we need. The retention period will vary according to the purpose, for example if purchasing a ticket only, we will typically keep your data for up to ten years from the date of your last transaction. For further information about how long we will keep your information, please contact email@example.com .
What are your data protection rights?
ADF would like to make sure that you are fully aware of your data protection rights.
Every user has the right to:
- be informed about how your data is being used
- access personal data
- have incorrect data updated
- have data erased
- stop or restrict the processing of your data
- data portability (allowing you to get and reuse your data for different services)
- object to how your data is processed in certain circumstances
if you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: firstname.lastname@example.org.
Privacy policies of other websites
Queries and complaints
Address: Theatre Deli – 2 Finsbury Ave – Finsbury – London, EC2M 2PF
Complaining to the Data Protection Regulator
You have the right to complain to the Information Commissioners Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details at: https://ico.org.uk