DATA PROTECTION AND PRIVACY STATEMENT
Oxford Research Group (ORG) is committed to protecting your privacy and being transparent about what we do with it, no matter how you interact with us. That’s whether you want to donate to us, sign up to our newsletter or want to learn more about what we do.
We are legally obliged to use your information in line with all laws concerning the protection of personal information, including the Data Protection Act 1998, which will be replaced by the General Data Protection Regulation (EU) 2016/679 from 25 May 2018 and the Privacy & Electronic Communications (EC Directive) Regulations 2003.
Processing of your personal information is carried out by or on behalf of ORG, registered as a company (02260840) and as a charity (299436) in England and Wales.
HOW AND WHEN WE COLLECT INFORMATION ABOUT YOU
When you directly give us information
We may collect and store information about you when you interact with us. For example, this could be when you:
- support our work through a donation
- register for an event
- subscribe to our newsletters, news updates, and publications or manage your subscription
- give us feedback
- contact us directly for any reason or if you specifically request that we send you information
- voluntarily provide information to us for other purposes (e.g. by providing business cards to ORG staff or filling in feedback forms for ORG events)
When you indirectly give us information
When you interact with us on social media platforms such as Facebook, Twitter or LinkedIn we may also obtain some personal information about you. The information we receive will depend on the privacy preferences you have set on each platform and the privacy policies of each platform. To change your settings on these platforms, please refer to their privacy notices.
We may obtain information about your visit to our site, for example the pages you visit and how you navigate the site, by using cookies. This type of information helps us to enhance the website and improve its navigability. It also helps us to improve the quality of the online services and information you can access. Please see our cookies policy below for information on this.
INFORMATION WE MAY COLLECT FROM YOU
When you engage with us by phone, mail, in person or online, we may collect and process information about you (referred to in this Privacy Notice as ‘personal information’). This may include the following:
- Email address
- Telephone number
- Date of birth
- Job title and sector
- Why you are interested in ORG
- Timing and amount of donation
- Financial information if you donated to us
- Details of your communication with us
- Other information relevant to user surveys
- Details of your visits to the website including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own purposes or otherwise and the resources that you access
- Employment history, education, skills and references (if applying for a position or internship at ORG)
- Other information relating to you personally which you may choose to provide to us
Data protection law recognises that certain types of personal information are more sensitive. This is known as ‘sensitive’ or ‘special category’ personal information and covers information revealing racial or ethnic origin, religious or philosophical beliefs and political opinions, trade union membership, genetic or biometric data, information concerning health or data concerning a person’s sex life or sexual orientation. We do not collect “sensitive personal data” about you.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
Where we need to collect personal data by law, or where necessary to perform a transaction we have with you and you do not provide that data when requested, we may not be able to perform the transaction we have or are trying to enter into with you. In this case, we may have to cancel the transaction you have with us but we will notify you if this is the case at the time.
IF YOU ARE 16 OR UNDER
If you’re aged 16 or under, you must get your parent/guardian’s permission before you provide any personal information to us.
HOW AND WHY WE USE YOUR PERSONAL INFORMATION
ORG has a number of legal bases for processing personal data, primarily being the legitimate interests of ORG in the provision of subscription services and seeking funds to further its cause. We also process data for which you have given your consent (which you may withdraw at any time by contacting us at email@example.com) and where the use and processing of data is necessary to perform a contract with you.
We only request information necessary for these purposes and use this in a proportionate manner. For example, we will only contact you with updates that you have elected to receive on registration (or as subsequently updated).
In particular, we may use your information for the following purposes:
- Donation processing: We will process personal information you provide in order to administer any one-off or on-going donations you make and claim Gift Aid.
- Responding to a request: If you contact us with a query, we may use your personal information to provide you with information, products or services you have agreed to receive or that we feel may be of interest to you.
- Fundraising or direct marketing: We will only send you marketing information by email, SMS, or phone if you have given us specific consent. If you withdraw your consent and then subsequently opt in to receive marketing information again, then your most recent preference may supersede. If you have responded to a letter of appeal, you may also receive fundraising mail, which you can opt out of at any time by contacting us.
- Providing and developing our website: We may use your personal information to help ensure that content from the Site is presented in the most effective manner for you and for your computer/device, to notify you about changes to our service and to analyse and improve the content and operation of our website and services. We may use IP addresses to identify the location of users, to block disruptive use, to establish the number of visits from different countries.
- Transactional purposes: We will need to use your personal information in order to carry out our obligations arising from any contracts entered into between you and us for goods or services, for example, processing your order and payment for a membership.
- Legal, regulatory and tax compliance: Where required we are subject to a legal obligation, we may process your personal information to fulfil that obligation.
- Administration: We may use your personal information to record and deal with a complaint, record a request not to receive further marketing information and for other essential internal record keeping purposes.
- Consideration of job applications: We will use your personal information to consider any job application you may submit to us.
- Invitation to research projects: We may use your personal information to contact you for market research purposes or to invite you to participate in or contribute to specific research projects being undertaken by ORG (participation is always voluntary).
- Profiling and analysis: We may occasionally for the purposes of our legitimate interests in allowing us to more effectively operate our organisation use your personal information to conduct profiling of our supporters or potential supporters. This will help us target communications in a more focused, efficient and cost effective way, helping us reduce the chances of supporters and potential supporters receiving inappropriate or irrelevant communications. You can object to such use of your personal information for profiling at any time by contacting us at the details set out at the end of this Privacy Notice.
Our profiling and analysis activities can be broken into two categories:
1. Major donor analysis
We may carry out research to determine whether an individual could be a potential major donor. We may use publicly available information from third party sources such as Google; Companies House; published biographies and publicly available LinkedIn profiles. The type of information we collect can include: career overview, gift capacity, areas of interest, history of giving to us and others, how the individual is connected with us and others, public information on any philanthropic activities.
2. Minimising risk
As a registered charity, we are subject to a number of legal and regulatory obligations and standards. The public naturally expect charities to operate in an ethical manner and this is integral to developing high levels of trust and demonstrating our integrity.
This means that we may carry out appropriate due diligence of donors, check donations and implement robust financial controls to help protect the charity from abuse, fraud and/or money laundering.
We may carry out background checks and due diligence on potential donors or anyone planning on making a significant donation or gift before we can accept it.
DISCLOSURE OF YOUR INFORMATION
We will only share your data for the following purposes:
- Third party suppliers. We may need to share your information with our data hosting or service providers that perform services on our behalf and help us to deliver our services, projects, or fundraising activities and appeals. These service providers currently include:
- Highrise (our CRM software provider)
- Mailchimp and Campaign Monitor (Email marketing service)
- Miscellaneous venue providers (on whose property we may host events)
We require these third parties to provide appropriate protection to your personal data, comply strictly with our instructions and data protection laws and use your personal information only for the purpose of providing the services to us.
Some of these service providers may be located in a country other than where you reside, including in the United States, and your personal information may be stored or processed in those countries. Your personal information is subject to the legal requirements of the country in which it is located, including lawful requirements to disclose information to government authorities in those countries. For further information about transatlantic data flow, please visit the website of the European Commission.
- Where legally required. We may also need to disclose your information if required to do so by law, for example, we may disclose your personal information to the government for tax investigation purposes, or to law enforcement agencies for the prevention and detection of crime.
We always aim to ensure that personal information is only used by those third parties for lawful purposes in accordance with this Privacy Notice.
HOW WE PROTECT YOUR INFORMATION
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
Our online forms are always encrypted and our network is protected and routinely monitored.
If you use your credit or debit card to donate to us or make a booking online, we pass your card details securely to our payment processing partners. We do this in accordance with industry standards and do not store the details on our website.
However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of data (including personal information) disclosed or transmitted over public networks.
HOW LONG WILL WE KEEP YOUR INFORMATION
We will keep your personal information in respect of financial transactions for as long as the law requires us to for tax or accounting purposes (which may be up to six years after a particular transaction). In respect of other personal information, we will retain it for no longer than necessary for the purposes for which it was collected, taking into account guidance issued by the Information Commissioner’s Office.
If you request that we stop processing your personal information for the purpose of marketing, we may in some instances need to add your details to a suppression file to enable us to comply with your request not to be contacted.
WHERE YOUR DATA IS HELD
In this regard, whenever we transfer your personal data out of the EEA, we will aim to ensure a similar degree of protection is afforded to it by implementing certain safeguards. For instance, we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe, and, where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
COOKIES AND HOW WE USE THEM
Cookies are small text files stored on your computer or mobile device. They are widely used to make websites work, or work in a better, more efficient way. They do this as websites are able to read and write these files, enabling them to recognise you and important information that will make your use of the website more convenient. For example, cookies allow websites to remember your preference settings.
For more information visit: www.allaboutcookies.org
Yes. We use strictly necessary performance, functionality, and targeting cookies on our website. All information collected via cookies is anonymous and is not linked to personal information.
What types of cookies do we use?
We use cookie categorisation as set out in the International Chamber of Commerce in their UK Cookie Guide, produced in April 2012. The full guide is available to download as a PDF [316KB].
The guide identifies four categories of cookies, as outlined below:
Strictly necessary cookies: These cookies are essential for the user to move around the website and to use its features, e.g. shopping baskets and e-billing.
Performance cookies: These cookies collect information about how the user makes use of the site, e.g. which pages the user visits most. These cookies do not collect information that identifies the user.
Functionality cookies: These cookies remember choices made by the user and enhance the features, e.g. language or user’s location. This cookie is also used to remember a user’s preferences for a font size, or customisable parts of a web page.
Targeting or advertising cookies: These cookies collect information about the users’ browsing habits. This may also include links to social media sites, e.g. Facebook, etc.
How to change your cookie preferences
The ‘Help’ menu in the toolbar of most web browsers will tell you how to change your browser’s cookie settings, including how to have the browser notify you when you receive a new cookie, and how to disable cookies altogether.
For detailed instructions visit: www.allaboutcookies.org/manage-cookies
USE OF LINKS
The website may, from time to time, contain links to and from the websites which may contain information of interest to our readers. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
ACCESS TO PERSONAL INFORMATION
Your principal rights under data protection legislation in respect of the personal data that we hold about you are:
- the right to access that personal data (for which we may charge a small administration fee);
- the right to rectification of that personal data;
- the right to erasure of your personal data;
- the right to restrict and/or object to the processing of your personal data;
- the right to portability (i.e. transfer) of your personal data; and
- the right to withdraw consent to processing of your personal data.
If you would like to access, modify, change, remove or update your personal information or if you have any concerns about our privacy practice, please contact us at firstname.lastname@example.org or call us at 020 7549 0298. We may take reasonable steps to verify your identity before granting access or making corrections to your personal information. Please also provide any additional information that is relevant to the nature of your contact with us, as this will help us to locate your records.
HOW WE PROTECT YOUR PERSONAL INFORMATION
We take reasonable steps to ensure that any information you give us is held on our secure servers or on secure servers operated by a third party with the utmost care and will not be used in ways to which you have not consented. We use reasonable physical, electronic and managerial measures to safeguard your information against loss, theft, unauthorized access, disclosure, copying, use or modification.
Authorised employees, agents and mandatories of ORG who require access to your personal information to fulfil their job requirements will have access to your personal information.
QUESTIONS AND FEEDBACK
Oxford Research Group
56-64 Leonard Street
London EC2A 4LT
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.