PRIVACY AND COOKIES POLICY
Operation Smile United Kingdom is committed to protecting personal information and being transparent about what information we hold on anyone who has been in contact with Operation Smile. We recognise that you, as a visitor to our website, may be concerned about the information you provide to us, and how we treat that information. We also understand that privacy is a human right that benefits us all. Using data fairly is important to us as is using it securely.
The purpose of having a Privacy and Cookies Policy is to give a clear explanation about why and how Operation Smile UK collects and uses any personal information. We ensure that we follow strict guidelines as per the EU General Data Protection Regulations 2017 and Privacy & Electronic Communications Regulations 2011. Our aim is to ensure that by respecting the privacy of our data subjects this will bring about benefits to them and in turn Operation Smile UK.
This policy applies to all activities undertaken by Operation Smile UK (OSUK) within the UK and abroad. OSUK collects data to meet its objects as per its Memorandum and Articles of Association 2011 and defined strategic goals and objectives. The processing of data will be handled securely and sensitively to the best of our abilities and in line with our data classification.
OUR DATA SUBJECTS
Our subjects include:
VULNERABLE PERSON’S POLICY
We are committed to protecting vulnerable people and adhere to the following:
- Listening to call recordings from data processors to ensure that individuals whom we believe, based on the conversation, do not have the mental capacity to make a sound decisions on donating to OSUK have their gift cancelled or not processed.
- Noting references in correspondence e.g. being forgetful, family concerns about their charitable spend or simply their handwriting and responding appropriately to these issues.
You may request a full copy of OSUK’s Child Protection Policy, which covers all vulnerable people, at any time by post, phone or via email.
We are particularly respectful of the privacy of our young supporters. With regards to the use of the internet we encourage parents/guardians to monitor their children's internet activities and help us protect their privacy by instructing them never to provide personal information on this or any other site without permission. We will in all circumstances try only to extract necessary information required to undertake our objective.
We have strict policies with regards to our marketing/email communication. We will not knowingly mail or email anyone under the age of 18 with any marketing related content. Communications to under 18s will be limited, and if related to fundraising will be in accordance with that as agreed with the minor and his/her legal guardian. If you are under 18 and wish to fundraise for Operation Smile UK please ensure you have consent from a parent or guardian before giving us your personal information.
If you have any questions about our Privacy and Cookies Policy or queries on how we use or have used your information please contact the Data Protection Officer:
Operation Smile UK
10 The Broadway
020 3475 5126
Email: email@example.com with the subject/reference: DATA PROTECTION
Operation Smile United Kingdom is incorporated as a Company Limited by Guarantee in the England and Wales (No. 04317039). It is also registered with the Charity Commission for England and Wales (No. 1091316).
This policy will be reviewed periodically and may be changed/updated to reflect the review. Please ensure that you stay up to date by visiting our website and checking.
INFORMATION COLLECTION AND USE
OSUK as Data Controller, and like most website owners receives and records information from various sources. The type of information we and/or our third party providers collect depends on the interaction between you and us. This could be when making a donation, applying for a job/to volunteer or through an online purchase. We gather information through postal communications, visits to our websites or apps, participation with our business/corporate partners, electronic communications, volunteering or communications through social media. We and/or our third party providers may also collect information publicly available through third party platforms (such as online social media platforms), online databases, or that is otherwise legitimately obtained.
Type of information collected
The type of information collected is also related to the interaction. This may include:
- Your name and bank/card details
· Postal address or email address
· Phone number
· Employment History
· Medical history
· Tax status/Gift Aid eligibility
- Mode of communication preference(s)
We also collect information through cookies and similar technologies. These information are usually de-identified information such as how you arrived at our website, pages you visited or general location. It may further collect information e.g. the device you use to browse our website or apps, the IP Address and related information, browsing history on our website and apps, how you search our website or if you communicated with us. Personal information is only collected if you for instance apply a ‘remember me’ identification for any reason.
OSUK is the sole owner of any information collected either as an organisation or by third party on its behalf, web based or not.
This information is used for the purposes of meeting our object/objectives and meeting your objective for contacting us. We will not sell, share, or rent this information to others except as in meeting our objectives through for example third party outsource contracts/data processors or to the extent as required by law. Third party contractors are expected to meet our standards and are required to abide by our policies.
We will endeavour to undertake privacy impact assessment whenever there is fundamental change in the way we process data, implement suitable records management systems, and log data security incidents. This will enable us to keep rigorous control of information held and your privacy.
Consent will depend on the mode of communication and OSUK will at all times deem consent is given for contact via emails/phone albeit even if implied as in providing your email/telephone (mobile) number when accessing ‘products/services’ on our website.
We will only contact you with regards to the ‘product/service concerned or similar. For all other email/phone contact we will seek expressed consent via post before communicating with you. Therefore, if you received an email from us, your email address is either listed with us as someone who has expressly shared this address for the purpose of receiving email communications from us, or you have donated to us, purchased from us or otherwise have an existing relationship with us and have consented to receiving communications from us via email/phone.
Consent is deemed given if, having obtained a postal address, communication is sent by post and that the correspondence is related to OSUK’s ‘legitimate interest in pursuance its objects/aims and objectives’. The opportunity to opt in/out will thereby be given to the addressee when this initial correspondence is sent out. Options will then be noted in accordance with your response/choice(s). From time to time we my contact you again via post to enable any changes to be registered if we have not already been informed.
DATA SUBJECT RIGHTS
- Data subjects have the following rights:
· Right to Erasure
· Right to Access/Portability Requests
· Right to Rectification (change or correct personal information)
- Right to reduction in time limit and fee access removal
For more information on your rights and control of your data please visit:
Operation Smile will recognise your rights and endeavour to resolve any issues within 28 days.
Please contact the DPO at Operation Smile UK at the registered address by post or in person, by phone or by email (email: firstname.lastname@example.org SUBJECT: DATA PROTECTION) if you wish to exercise any of these rights.
MODE OF COMMUNICATION PREFERENCE(S)/CHOICES
You can choose how you would like to receive communication including direct marketing mail from us – through postal mail, email, sms and/or telephone. If you choose not to receive direct marketing communications from us we will honour your choice. This will not affect how we communicate with you in other matters. We respect your time and attention by controlling the frequency of correspondence/communication with you.
You may modify your preferences at any time by phone (020 3475 5126), post to our registered address or via email (email@example.com) or by using the automated (unsubscribe) link as instructed via email.
CONTROLLING YOUR PERSONAL INFORMATION
Personal information is information that can identify a person, such as name, address, telephone number, and email address.
You may choose to restrict the collection or use of your personal information e.g.
- whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
- If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing, phoning or emailing us.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
CARD INFORMATION SECURITY
We care about the safety and security of your transaction. We use high grade encryption and the https security protocol to communicate with your browser software. This method is the industry standard security protocol, which makes it extremely difficult for anyone else to intercept the card information you give us. Companies we work with to process card transactions also use high grade encryption and security protocols.
OSUK is PCI Compliant and the monitoring of its web access point/ports is monitored by the IT team in Operation Smile Inc. and/or Security Metrics Ltd. Non-compliance is immediately reported to us and we take all necessary steps to fix breaches at the earliest opportunity. We also undertake annual assurances/checks on third party processors by ensuring that they too are PCI Compliant by asking for confirmation of current status.
ACCURACY OF INFORMATION
In addition to maintaining privacy and security controls over information you share with us, Operation Smile works continually to accurately process your information. We employ error checking procedures to ensure that information is processed completely and accurately. These processes/procedures are reviewed regularly reflecting feedbacks and comments. During business hours, staff is available to answer questions about your financial transaction or personal information on 020 3475 5126.
INTERNATIONAL TRANSFERS/VPN and STORAGE/DESTRUCTION OF DATA
Where it is necessary for OSUK to transfer information abroad OSUK is committed to using a safe and secure transfer process including encryption where necessary. We will also seek to ensure that recipients have a data protection policy which meets our requirements or that they adhere to OSUK’s Data Protection Policy/standards. Virtual logins will be password protected and staff are encouraged to use computerised equipment and software provided by OSUK. Storage of information is important to us because your privacy is paramount. We will store information in the safest possible way that we can and protect information in transit with suitable access codes/passwords. Risk assessments will be undertaken whenever necessary to guarantee adequate protection/reduce risk of interception by unauthorised ‘persons’. At all times we will endeavour to use administrative, technical and physical measures to protect your personal information. We will take reasonable steps to securely destroy or permanently de-identify personal information when we no longer need it. Information will only be held for as long as our policies allow or as required by law. Data held on hardware no longer in use/required by OSUK will be destroyed by a competent IT Support and Management Service company.
Independent external and internal audits are conducted to ensure the privacy, security and appropriate processing of your information by us.
We have a targeted approach to fundraising to make certain that we are contacting you with the most appropriate content and timing. At times we may using profiling techniques or insight companies to provide us with more general information about you using publically available information. This helps us better understand who supports us and means we can tailor appropriate communication to those supporters.
You may opt out of your data being used for profiling techniques by contacting us and marking any communication for the attention of the Data Protection Officer.
If you are unhappy with any aspect of our work, have a specific complaint or any comments please do get in touch with us. We will be happy to speak with you and try to resolve any issues.
We will at all times try to convey through induction and annual training an awareness to staff and volunteers of the importance of data protection. We record complaints received, pass this onto the relevant department, have the complaint reviewed and resolved. However, if a resolution cannot be reached you can escalate your complaint either to the Fundraising Regulator or the Charity Commission as appropriate.
Breaches will be notified to the Information Commissions Office (ICO) as per regulations.
You may request a full copy of our complaints policy at any time.
Our website and microsites may contain links to other sites. Unless we expressly state otherwise, Operation Smile makes no representations whatsoever concerning the content of those sites. The fact that Operation Smile has provided a link to a site is not an endorsement, authorisation, sponsorship, or affiliation with respect to such site, its owners, or its providers. There are risks associated with using any information, software, or products found on the Internet, and Operation Smile cautions you to make sure that you understand these risks before retrieving, using, relying upon, or purchasing anything via the Internet. In addition, we encourage our users read privacy and cookies policies of these linked sites. Operation Smile is not responsible for the privacy practices of other websites.
You may not create a link to this site that incorporates or relies upon, in whole or in part, any content from any page on this website, or that incorporates any copyright or otherwise intellectual property of Operation Smile without written permission from Operation Smile
COOKIES – WEBSITE USERS
A cookie is a small data file that a website transfers to your computer's hard drive with your permission. Once you agree, the file is added and the cookie helps us analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual based on your previous actions. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences, personalising your experience on our website.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to user needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better experience when on our website; it enables us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies on our website. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
By accepting that you have read this policy OSUK deems that consent has been given for it to process data in accordance with said policy – i.e. dropping cookies.
GOOGLE AND FACEBOOK SITE STATS
You may have clicked on an ad for this website that was delivered by Google or similar browser/social media site.
In the case of Google the company measures the performance of the advertising it delivers. By providing a tool to more accurately measure the performance of the ads we deliver, Google (and advertisers) will be able to improve the quality and relevance of the ads that you see.
To measure performance, Google uses small strings of text/file (known as cookies) that are placed on your computer when you click on ads. Cookies typically remain active on your computer for about 30 days. If you visit certain pages of the advertiser's website during that period, Google and the advertiser will be able to tell that you saw the ad delivered by Google.
All material on webpages under the domain operationsmile.org is, unless otherwise stated, the property of Operation Smile Inc. and or OSUK. These materials are protected by copyright and other intellectual property laws. Information received through this website may be displayed, reformatted, and printed for your personal, non-commercial use only. You may not reproduce or retransmit the materials, in whole or in part, in any manner, without the prior written consent of Operation Smile, Inc. with the following exception only: You may make single copies of the materials available through this website, solely for your personal, non-commercial use, and only if you preserve any copyright or other notices contained in or associated with them. You may not distribute such copies to others, whether or not in electronic form, whether or not for a charge or other consideration, without prior written consent of the owner of the materials.
THIRD PARTY REQUESTS FOR DATA
Except in exceptional circumstances (as outlined in this process) requests to change donor information including changes to direct debits, standing orders or any other kind of donation, can only be authorised by the donor.
We can only take instructions from a third party with the express consent of the donor or on evidence of the relevant power of attorney. This is to safeguard the interests of the donor with whom we have a relationship.
A request by a third party to remove a donor from our mailing list or change mailing preferences may be considered exceptionally if we are convinced the third party is acting in the best interests of the donor. This may be a judgement based on the donor’s history of giving, any unusual changes in the level of their giving or frequency of giving and any communication we have had with the donor regarding their gifts or mailing preferences. Any direct communication from the donor –verbal or written- which gives concern that the donor may lack capacity to make a sound decision and/or judgement could be taken as support on this. In this context our telemarketing agencies who call on our behalf in fundraising campaigns record conversations with prospective donors and where there is a concern relating to mental capacity these recordings could be used by OSUK for final decision making.
QUESTIONS OR SUGGESTIONS
It is important to us at Operation Smile that we hear what you have to say about our organisation or our policies. If site you have any suggestions, questions, concerns, or complaints or want to let us know what they think about our organisation, please contact us at 020 3475 5126 or email firstname.lastname@example.org