The European Union General Data Protection Regulation (GDPR) is a set of rules about how companies and organisations should process personal data. GDPR lays out responsibilities for organisations to enure the privacy and protection of personal data and provides you with certain rights. We are committed to respecting your privacy and keeping your personal information safe. This privacy notice tells you what to expect when the RSPCA Lincolnshire Mid and Lincoln Branch collects your personal information. We do not collect sensitive personal information about our volunteers or members of the public.
Who We Are
This privacy notice covers all personal data that is collected by RSPCA Lincolnshire Mid and Lincoln, charity number 224482. We are registered as a Data Controller with the Information Commissioners Office under the Data Protection Act 2018.
What Information We Collect About You
We may collect personal information about you when you:
- Ask about our activities
- Register with us for information
- Volunteer or fundraise for us
- Pledge or make a donation or sign up for an event
- Rehome, adopt or foster an animal from us
- Telephone, write, contact us online or text us or otherwise provide us with your personal information
This can include information such as your name, email address, postal address, IP address, telephone number, mobile number, date of birth or bank account details so we can process donations, or information as to whether you are a taxpayer to help us claim gift aid.
How we may use your information
We will not rent, swap or sell your personal information to other organisations for them to use in their own marketing activities. The legal basis that we rely on for processing your data will depend upon the circumstances in which it is being collected and used, but will in most cases fall into one of the following categories.
- Where you have provided your consent to allow us to use your data in a certain way
- Where the processing is necessary to carry out a contract with you
- Where the processing is necessary in order for us to comply with a legal obligation
- Where it is in our legitimate interests to perform our functions, for example, processing donations or sending you administrative communications where our legitimate interest is to raise funds and to deliver our charitable purposes
Access to your information
Under GDPR you have several rights to request access to your personal data that we store. We may make a small charge for this service. You have the following rights:
Right to access
You have the right to request access to your personal data to verify the lawfulness of the processing.
Right to rectification
You have the right to request inaccurate personal data rectified or completed if it is incomplete.
Right to Erasure or ‘Right to be forgotten’
You have the right to request that personal data be erased.
Right to restrict processing
You have the right to request that your personal data is stored but not processed.
Right to data Portability
The right to data portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used and machine readable format.
Right to Object
You have the right to object to the processing of your personal data.
If you would like to request access to your data or simply want to let us know when your details have changed then you can contact us in the following ways:
We will respond to your data access requests as soon as we possibly can and the GDPR requires us to respond within one calendar month.
We may disclose your personal/sensitive personal information when required to by law, for example, to HMRC for tax purposes or to police forces for the prevention or detection of crime.
Further, we safeguard the sharing of such information by using formalised information sharing agreements with organisations where appropriate, or on an ad hoc basis after ensuring the request and disclosure are legally compliant.
Rehoming an animal from us
When you apply to rehome an animal from us, we’ll need to share personal information such as your name, address and telephone number, to enable a home visit by one of our volunteer home-visitors.
We try to make sure that all animals are microchipped when they’re rehomed from us; this is a legal requirement in relation to dogs. We will share your personal information with a microchip company in case your animal goes missing.
If you rehome a cat or dog from us, we will also share your personal information with our pet insurance provider Pet Plan, so they can offer you four weeks free pet insurance. This insurance is then activated by the adopter.
Volunteers and job applicants
If you apply for a job with us or volunteer, we’ll hold the personal information you provide to process your application.
We may undertake monitoring of recruitment statistics, in line with employment and data protection law. If we need to disclose information to a third party, we will not do so without asking you beforehand unless the disclosure is required by law. For example, if we need to take up a reference, or obtain “disclosure” from the Disclosure & Barring Service.
If you apply to work with us we’ll only hold your data for the purposes of that application. We won’t hold your personal information for any longer than is necessary for the purposes of that application.
Branches may also share volunteer information with us, for the purposes of keeping a register of current volunteers. Further, your personal information will be held and processed so that we can contact you about future volunteering opportunities. We’ll only hold information relating to the nature of your voluntary work and we’ll delete it in accordance with our retention policies.
Visitors to our website
When someone visits www.rspca-lincoln.org.uk, we use third party services (Google Analytics and Facebook Pixel) to collect standard internet log information and details of visitor behaviour patterns.
We do this to find out things such as how our website was accessed, and the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google Analytics or Facebook Pixel to make, any attempt to find out the identities of those visiting our website. If we do want to collect personal information through our website, we will make this clear and explain what we will do with it.
To help us create a more effective website that reflects users’ needs, we use cookie files to collect and record information about how our site is used and collect your IP address (a number that identifies a specific computer or other internet device) for system administration and to report aggregated information.
We ensure your data is kept secure by using up-to-date security features and procedures and we respect the privacy of all visitors to our website.
Children and vulnerable persons
We place great importance on the safety of vulnerable persons. See a copy of our Vulnerable Persons policy RSPCA Fundraising Policy on Vulnerable People (PDF 80KB).
Children’s personal information
We are committed to protecting the privacy of young people who want to fundraise for us or who take part in educational events at schools or who enter our competitions. Our competitions and fundraising events may request specific information about the age of participants. Where appropriate we will seek the consent from a parent, guardian or carer before collecting information about young people under 16.
How long do we keep your data?
- Financial records – 6 years plus the current
- VAT records – 6 years plus the current
- Other tax records – 7 years after year end (this in effect means 8 years). The records need only be those that support the accounts and can be kept with HM Revenues & Customs permission in other formats such as micro film etc
- Contracts – 6 years from expiry
- Deeds – 12 years (except property deeds, which should be kept indefinitely)
- Legal and property records (Inc. property deeds) – indefinitely.
Personal records – the Data Protection Act 1998, Fifth Principle, should apply which states that “Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.”
Trustee minutes – for as long as the organisation exists (these can be scanned and stored electronically)
- Animal acceptance Form – 2 years
- Adoption Records – 2 years
- Home Visiting Records – 18 months
- Microchip Forms – 1 year
- PetPlan Insurance – 1 year
We will check our hard copy and electronic files every 6 months. Any data or records which are found to be outside of the retention periods detailed above will be destroyed. Paper copies will be removed from files and securely shredded. Electronic data will de deleted and then checked to make sure it has also been permanently deleted from a Recycle Bin/Trash facility. This process will be carried out by either the centre manager or the business support officer.