Privacy Policy

Several pieces of legislation apply

The General Data Protection Regulation (The GDPR) ref. 2016/679.

The Data Protection Act 2018, a UK law that sets out rules around personal data.

UK General Data Protection Regulation (UK GDPR) which is the UK’s post-brexit version of the EU GDPR.

You can read more about GDPR on the Information Commissioner’s Office (ICO) web site.

Trauma Aid UK is a not-for-profit organisation (a charity) and we are not required to register with the Information Commisioner’s Office, nor do we have to pay any fees; we do not need to inform the ICO of this.

Trauma Aid UK collects, stores and processes ‘personal information’ (see the ICO description). GDPR applies to ‘personal data’, which means any information relating to an identifiable person.

We seek to follow ICO guidance on the UK GDPR’s seven key principles: Lawfulness, fairness and transparency, Purpose limitation, Data minimisation, Accuracy, Storage limitation, Integrity and confidentiality (security), and, Accountability.

In particular, we set out below how we address Personal Information, in particular:

– the right to be informed;

– the right of access;

– the right to rectification;

– the right to erasure;

– the right to restrict processing;

– the right to object; and,

– the right to data portability (allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way without affecting its usability);

– the right not to be subject to automated decision-making including profiling (Trauma Aid UK does not do this).

In this Privacy Policy we have set out how we have reponded to these rights.

Trauma Aid UK provides a number Services including for instance: News Updates, Event Notifications, Donation Receipts, Volunteer Supervisor notifications, etc.

1. The right to be informed

1.1   We will only collect personal information voluntarily provided by you with your consent when you for instance, enquire about our activities, register as a member with us, subscribe to one of our notifications (for instance our News Updates, Newsletters, and occasional Events), or register as a Volunteer Supervisor. If you sign up for services this is informed consent.

1.2  On News Updates and other notifications distributed with Mailchimp (see 2.5 below) there has always been an UNSUBSCRIBE button.

1.3  If you have provided information to us we will record for instance: First and Last Name; Address; email address; whether you have set up a standing order and the date it is paid; whether Gift Aid is applicable and the date that you signed up to it; donations made (when and how); whether you have been sent a receipt for the donation(s); if you have signed up as a Volunteer Supervisor; occasional brief notes (for instance if the name on the account via which you make donations differs from the First and Last name of your membership). We record the current financial transaction status (e.g. Pending or Completed). We also note whether or not you have elected to receive our News Update/Newsletter (the right to restrict processing applies, i.e. you can request to be unsubscribed from these services).

1.4  We will also hold additional information that you  have provided to us when registering for events (for instance at the annual Consultants’ CPD Workshop) or for our Volunteer Supervisors Register.

1.5  When you make donations through PayPal the transaction details are held within PayPal; similarly any payments to our bank account are held by the bank. We do not hold any financial details within our records bar those already listed in 1.3-1.4.

1.5  Since we hold records of donations this information will be held for a maximum period of six years to meet HM Revenue and Customs requirements.

2. Our use of this information

2.1   Your personal information will only be used to process your requests, to provide you with our services, and to provide you with information relating to our services. These communications are for instance: receipts sent following donations; News Update, Newsletter; and, occasional notifications of events or general communications.

2.2  We generate statistics about membership numbers, numbers paying by standing order etc. and these are regularly presented to Trustees. These statistics are aggregated and anonymised; it is not possible to identify personal details. We also generate statistics around the Volunteer Supervisor Register; again, these are anonymised.

2.3   We have not and will not share your information with any other organisation (except for 2.4 below) without specifically seeking your permission.

2.4  When claiming Gift Aid from HM Revenue and Customs we are required in some instances (many donations are aggregated into daily totals) to provide brief name and address details.

2.5  Data portability has always applied on the Trauma Aid UK website when donors make payments through PayPal, the user does not have to re-enter information into PayPal that has already been securely entered on our website.  News Updates and other notifications are created within a secure on-line service called Mailchimp which is used by many other organisations. Whilst lists are held temporarily on Mailchimp with name and email details they are used only for the purpose of circulating notifications and are subsequently deleted.

3. Access to this information and your right of access

3.1  Information is held and processed on our website, which is held on UK servers, and on a single computer held by the Membership Secretary (who is a Trustee). It is only made available to other Trustees for specific purposes, for instance management of Volunteer Supervisors by the Volunteer Coordinator and Volunteer Administrator, event registrations or to the Treasurer (a Trustee) for Gift Aid and annual account preparation. Processing for receipts is provided on the website and also on the Membership Secretary’s computer.

You have the right to request the information that we hold: already the receipts contain most of this information and email confirmations when you sign up as a Volunteer Supervisor or to an event generally contain this information.

4. Security, rectification and erasure

4.1   We take reasonable precautions to prevent loss, misuse or alteration of information you give us. Our website is held on servers based in the UK and is regularly backed-up securely both on-line (over an https secure service) and off-line. All access to data is password protected (see 4.3 below). You have a right to contact us if you believe any information held by us is incorrect and we will correct it. You may ask us to delete information and we will do so.

4.2  Due to the international nature of our work, some access to our systems is from countries outside of the UK or the European Economic Area (EEA) where there might not be the same level of legislative data protection; however this is a ‘restricted transfer‘ because only Trauma Aid UK volunteers (e.g. Volunteer Regional Coordinators) can access the data.

4.3  We address the risk of unauthorised exposure of all data (wherever accessed) by protecting it with several layers of security: (1) A top level access Password; (2) A Personal User ID (e.g. Volunteer Supervisor ID); (3) A very strong Personal Password; (4) Access restriction dependent on User Role.

4.4   Communications are normally sent by e-mail. For ease of use and compatibility, communications will not be sent in an encrypted form. E-mail unless encrypted is not a fully secure means of communication. Whilst we endeavour to keep our systems and communications protected against viruses and other harmful effects we cannot bear responsibility for all communications being virus-free.

5. Cookies

5.1   A cookie is a small piece of data or message that is sent from a website’s server to your web browser and then might be stored on your hard drive. The Trauma Aid UK web site only uses Functional cookies which are necessary for the web site to operate; we do not use transactional or tracking cookies. Cookies cannot read data off your hard drive or other cookie files.

6. Other information and the right to object

6.1   If you would like us to correct or update any information, or if you would like information deleted from our records, then please email us at contact@traumaaiduk.org

6.2   This privacy policy may be updated from time to time, so please check it periodically.

6.3   Links within our website to other websites are not covered by this privacy policy.

6.4  References to “we”, “us”, “you” or “our” in this Privacy Policy are references to the Trauma Aid UK, a charity registered in England and Wales, number: 1138372.