Privacy Policy

This privacy policy sets out how Hebridean Whale and Dolphin Trust uses and protects any information that you give us as you browse our website and whenever else you communicate with us. This privacy policy applies to all of our products and services, except those that have a separate privacy policy.

Please read this policy carefully, and any other documents referred to in this policy, to understand how we collect, use and store your personal information.

Data Protection

Data collection allows us to operate efficiently and communicate with our supporters appropriately, allowing us to put our greatest effort into conservation. To achieve this, Hebridean Whale and Dolphin Trust is also committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be personally identified when using this website, or when you interact with our other products and services, then you can be assured that it will only be used in accordance with this privacy policy. This privacy policy complies with the General Data Protection Regulation, which came into force from 25th May 2018.

In order to prevent unauthorised access or disclosure to your personal data, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect, both online and through other channels. We will not sell, distribute or lease your personal information to third parties, other than in the ways described within this privacy policy, unless we have obtained your consent or are required by law to do so.

We always strive to provide a transparent and honest approach regarding how and when we may collect and use your personal data. The overview below summarises the different reasons why we do this. We may not use your personal information for all of these purposes – it will depend on the nature of our relationship with you, and how you interact with our projects, websites, and fundraising activities.

What we collect:

- Contact information including name and email address

- Demographic information such as postcode and age

- Information relevant to sightings, supporter packages and volunteering

What we do with the information we gather:

We require this information to understand your needs and provide you with a better service, for the following reasons:

- To improve and deliver our products and services

- To manage and communicate with our supporters (this includes sending you updates about our work and renewal reminders)

- To validate sightings

- Internal record keeping on projects

- External project reporting (to funders and charity regulators)

- Fundraising and marketing (this may include talking to you about appeals, competitions, retail trading, membership, sponsorship, events or volunteering opportunities. We may also ask if you are able to Gift Aid any of your donations)

- Retail trading (HWDT operates a gift shop, where we may use your personal information for internal record keeping. We may also use your personal information for the recovery of Gift Aid (where you have completed a Gift Aid declaration).

- Staff administration (we process the personal information of our employees for recruitment, staff administration, remuneration, pensions, and performance management purposes.)

Do we process ‘sensitive’ personal information?

Under data protection law, certain categories of personal information are recognised as sensitive, including health information, race, religious beliefs, and political opinions (‘sensitive personal data’). We would only collect sensitive personal data if there is a clear reason for doing so. We currently collect medical information for certain projects (volunteering at an event or participating in a research survey on board our research vessel Silurian) where we need this information to ensure that we provide appropriate facilities, ascertain your ability to participate, and help you get the best out of your experience with us.

Your credit or debit card information

If you use your credit or debit card to donate to us, or buy a supporter package online, we pass your card details securely to our payment-processing partner as part of the payment process. We do this in accordance with the Payment Card Industry Security Standard and don’t store the details on our website or databases.

Where does the information come from?

The vast majority of personal data we hold is given to us directly by our supporters, and volunteers in the course of them interacting with our services, website, or fundraising activities. We may also receive your personal information when you donate to HWDT through third party services such as the Big Give.

Lawful Processing

HWDT needs a lawful basis to collect and use your personal data. The law allows for six legitimate ways to process people’s personal data. Only three of these are relevant to charities for the types of purposes listed above.

• Information is processed on the basis of a person’s consent
• Information is processed on the basis of a contractual relationship
• Information is processed on the basis of the “legitimate Interests” of HWDT

In extreme situations, we may share your personal details with the emergency services if our employees believe it is in your ‘vital interests’ to do so. For example, this would apply when someone experiences a medical emergency on a Silurian survey. We may also share your personal information where we are compelled by law to do so.

1.      Consent

HWDT will ask for your consent to add you to our mailing list to send you updates on HWDT, including our quarterly e newsletter. You will have to positively opt in to direct marketing.

If you have previously agreed to us using your personal information for direct marketing purposes, you may unsubscribe at any time by writing to or emailing us at info@hwdt.org.

2.      Contractual Relationship

The only contractual relationships we have at HWDT is with our staff and volunteers (land based volunteers and Silurian volunteers). You will need to consider the terms and conditions of your individual contracts in regards to data collection and sharing.

3.      Legitimate Interest

The law allows personal data to be legally collected and used if it is necessary for a legitimate business interest of the organisation - as long as its use is fair and balanced and does not unduly impact the rights of the individual concerned.

There are times when it is just not practical to ask a person for consent. In many situations, the best approach for HWDT and our supporters and volunteers is to process personal data because of our legitimate interests, rather than consent.

Legitimate interests for HWDT include:

a.      Governance Purposes

-          Carrying out our charitable purpose

-          Compliance of law enforcement agencies

-          Internal and external audit for financial or regulatory compliance purposes

-          Statutory reporting

b.      Administration Purposes

-          Responding to any solicited enquiry

-          Delivery of requested information and supporter welcome packs

-          Administration of Gift Aid

-          Thank you communications and receipts

-          Administration of existing financial transactions

-           Maintaining “Do not contact lists” (suppression lists)

 

c.       Publicity and Income Generation

 

-          Conventional direct marketing and other forms of marketing, publicity or advertisement, including campaigns and charitable fundraising

-          Analysis, targeting, and segmentation to develop corporate strategy and improve communication efficiency

-          Processing for research purposes (including marketing research)

 

d.      Operational Purposes

 

-          Employee and volunteer recording and monitoring for recruitment, safety, performance management or workforce planning purposes

-          Provision and administration of staff benefits such as pensions

-          Physical security, IT and network security

-          Maintenance of suppression files

-          Processing for historical, scientific or statistical purposes

 

e.      Financial Control Purposes

 

-          Processing of financial transactions and maintaining financial controls

-          Prevention of fraud, misuse of services, or money laundering

-           Administration of legacy donations where HWDT has been named as beneficiary or executor

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect.

Data Retention

We keep identifiable personal data on our records indefinitely for internal record keeping and for the establishment and defence of legal claims.

Data Sharing

HWDT will not exchange or sell your personal information to another organisation for their own marketing purposes. However, there are legitimate situations where we may have to share your personal information with other organisations. An example could be where we are using an external service provided via a mailing services provider. In these situations, the relationship between HWDT and the third party data processor will be governed by a contract and strict security requirements will be in place to protect your personal information.

Data Protection Rights

Where HWDT is using your personal information on the basis of your consent, you have the right to withdraw that consent at any time. You also have the right to ask HWDT to stop using your personal information for direct marketing purposes. Simply contact us at info@hwdt.org and we will amend your contact preferences.

- Right to be Informed – You have the right to be told how your personal information will be used. This policy document used on our communications are intended to be a clear and transparent description of how your data may be used.

- Right of Access – You can write to us at info@hwdt.org asking what information we hold on you and to request a copy of that information. From 25th May 2018 HWDT will have 30 days to comply once we are satisfied you have rights to see the requested records and we have successfully confirmed your identity.

- Right of Erasure – From May 2018, you have the right to be forgotten (i.e. to have your personally identifiable data deleted).

- Right of Rectification – If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated.

- Right to Restrict Processing – In certain situations you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.

- Right to Data Portability – Where we are processing your personal data under your consent the law allows you to request data portability from one service provider to another. This right is largely seen as a way for people to transfer their personal data from one service provider to a competitor.

- Right to Object - You have an absolute right to stop the processing of your personal data for direct marketing purposes

- Right to object to automated decisions – In a situation where a data controller is using your personal data in a computerised model or algorithm to make decisions “that have a legal effect on you”, you have the right to object. This right is more applicable to mortgage or finance situations. HWDT does not undertake complex computerised decision making that produce legal effects.

Notice of Change

We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective 25.05.2018.

Complaints Procedure

To make a complaint about how your data is being used, please approach us directly, by contacting info@hwdt.org or calling 01688 302620 9am-5pm Monday to Friday.

You also have the right to contact the Information Commissioners Office (ICO) if you have any concerns about Data Protection using their help line 0303 123 1113 or at www.ico.org.uk

 

Last updated 23.05.2018