GDPR Privacy Policy

Introduction

At the Sunlight Development Trust, we want the most vulnerable and isolated people in Medway to get the right support to help them with their education, employment and health and wellbeing issues.

We aim to reduce social isolation in the community by promoting, enabling, embracing and facilitating inclusive activities and making a positive difference to peoples’ lives through the provision of education, training, employment, welfare, health, social, cultural and recreational activities.

Above all, we want to make a positive impact on the lives of people and the communities in which they live.

We respect your privacy. 

We want you to have the best experience on our website, whilst keeping your information and data secure. We encourage you to read this policy carefully and contact us with any questions or concerns about your privacy practices.

This privacy policy covers our website, https://www.sunlighttrust.org.uk and other ways in which we collect and store personal data.

The following questions and answers should help you to understand what information we collect, how it is used and what happens to it.

This privacy statement is as comprehensive as possible however it is not an exhaustive list of every aspect of data collection and processing.  We would be happy to provide further information or explanation about our services.  If you have any questions, please do get in touch with us.

Who we are?

We are the Sunlight Development Trust (Sunlight) operating out of 105 Richmond Road, Gillingham ME7 1LX.  The data protection officer is Steve Claringbold. 

Our UK Registered Charity Number is 1126266 and our Company Registration Number is 05692427.

What information do we collect?

Why do we collect your data and how do we collect it?

We will collect the personal data or sensitive personal data needed in order to communicate with you and to provide and administer services to you.  The type and amount of data collected will depend on the nature of your interaction with Sunlight.

We collect information about you that you give us directly by calling our offices or helpline, filling in forms on our website, attending drop in sessions or events, by completing surveys or forms, or by corresponding with us on social media, by phone, email or otherwise.

If you visit our web pages, we will gather Non-Personal Information, such as IP address, pages viewed, and files downloaded. This helps us to monitor the site’s performance, determine how many people visit the site, identify what pages are most popular, and how regularly people visit. This helps us create a better experience for visitors.  Personal Information, such as name, address, telephone number, email address is only collected in connection with specific enquiries through our Contacts Us page. We can receive information from your use of our website as it collects technical information such as the IP address.  Our website uses cookies to distinguish you from other users of our website, this helps us to provide you with a good experience and helps us to improve our website, these may be stored in your web browser or on your device.

We need to process data about the people to whom we provide support, and to those who support us through campaigns, donations or volunteering.  Sunlight are committed to protecting the privacy of our stakeholders and take care to safeguard it.  This privacy statement outlines what data is collected, how it will be used, and what your rights are as a data subject.

We may also receive information about you from third parties; this may be another support agency which is referring a service user to us, from sponsorship forms or fundraising websites, or from other publicly available sources.

What data do we collect?

The data we collect will vary based on the nature of your relationship and interaction with Sunlight.

  • Your full name
  • Contact details including postal address and address history 
  • Mobile and telephone numbers
  • Email addresses
  • Gender
  • Date of birth
  • National insurance number
  • NHS number
  • Disabilities, allergies and medication
  • Drug or alcohol use
  • Relationship status
  • If you are a care leaver or a looked after child
  • Your economic status including benefits information
  • Your work and education history, including if you were a member of the armed forces
  • Correspondence or contact you have with us
  • Your engagement with services
  • Next of kin or emergency contact information
  • Details of other agencies or providers you are working with

We may also collect sensitive personal data such as details about your physical or mental health, religion, sexual orientation, ethnicity, race, political and philosophical beliefs and criminal records.

You have the option to give us a password (e.g. mother’s maiden name, place of birth, or memorable word) to add to your file which we will use as a security question if you call us regarding your data.

Calls to our offices may be recorded and this is for training purposes, to provide quality assurance, to help with complaint investigations, and to enable us to improve the services we offer.  You will be informed that your call will be recorded prior to any data collection.

What happens to your personal information?

Your information, including emails, may be passed internally within Sunlight and our professional advisers to ensure you are connected with the right services or people.  All these services and people are bound by Sunlight’s strict confidentiality code. 

Unless we have your express consent, we will not disclose personal data to external third parties unless it is required for: 

  • The purpose of completing your transaction with us (i.e. engagement with services, fulfilment of enquiries, etc).
  • It is to a secure data processor carrying out processing activities on our behalf
  • We are required to do so by law, for example to regulatory bodies or law enforcement, or in order to enforce or apply our rights to protect the charity, for example in cases of suspected fraud or defamation
  • It is necessary to protect the vital interests of an individual, for example where we believe you or another person might be in danger
  • We have obtained your explicit consent to share it

We ensure that all such external third parties have sound data protection policies and systems.

We have the right to disclose your data when we are legally obliged to do so.

We are required to share some information with our funders and commissioners for monitoring and quality assurance, and we also use anonymised data for internal equality and monitoring.

We do not sell, rent or trade your personal information to third parties for marketing purposes without your express consent.

Donors and supporters

We may collect any, but not necessarily all, of the following information depending on the nature of your support and communication preferences:

  • Your full name, titles and honours
  • Contact details including postal address, mobile and telephone numbers, and email addresses
  • Date of birth
  • Social media details
  • Occupation or place of work
  • And any other biographical information you choose to share with us including relational links

We do not see or store card payment details for any donations made online through our website.  Where a donation is made over the phone, we will input the details to the same secure websites on your behalf.

We strongly advise against sending payment details by email.  If we receive an email containing any payment information this will be immediately processed and the email deleted.  Paper donation forms are always destroyed once we have processed and recorded donation details on our database.

If you choose to include Gift Aid with a donation, we are obliged to ask for your UK taxpayer status and full postal address including postcode.

Supporter engagement:

We keep records of your correspondence and engagement with us which may include details about invitations to events, attending events or participation in fundraising events.

If you attend an event we are organising, we may ask you to provide information such as dietary and accessibility information, but this is only noted for the purpose of the event and will be deleted after the event.

Vulnerable donors and supporters:

We are committed to protecting vulnerable donors and supporters.  Rarely, we may also collect sensitive personal data on an individual where we believe a person to be vulnerable in order to comply with requirements under charity law and best practice as directed by the Fundraising Regulator.  

How we use your data

Service users

If you are receiving advice, support, or a service from us we will need to process your data in order to fulfil our obligations to you in providing this service.  The information you give us lets us know what support you need, and we keep a record of what support you have been given and how this has helped.  We will offer you suitable opportunities based on your needs or may be able to refer you to other services provided by Sunlight or our delivery network which would be of benefit to you.

We will invite you to participate in activities such as service user involvement forums and feedback groups and will ask for your feedback when you exit our services.

We will use data for statistical reporting in order to assess the quality of our services, to identify trends which help us improve existing services and develop new services, and to ensure we are meeting our contractual requirements.  Statistical reports will not include any personal information which could be used to identify individuals.

Donors and supporters

When you donate to Sunlight, we will use your payment and contact details, donation amount, date and time of payment to process that payment and take any follow-up administration actions such as sending a thank you letter or email unless you ask us not to acknowledge the donation.

We will keep a record of all your donations, giving history and gift aid details on a secure database, 

Staying in touch:

As a charity providing vital services to the vulnerable people in Medway we cannot survive without the trust, confidence, support and generosity of the general public, major philanthropists, the business community, and grant-making trusts and foundations.  In our endeavours to seek your support and funding for our work we need to keep you up-to-date with our fundraising, marketing and campaigning news and activities.

We may use a range of activities and channels to contact current donors as well as to attract the support of prospective new donors – including our website, digital platforms, emails, fundraising challenges, fundraising events and receptions, direct mail appeals, meetings and phone conversations.

We will obtain your consent to contact you by email and text message for fundraising appeals and marketing purposes.

We will send you fundraising appeals and marketing by post, based on it being within our legitimate interests to do so if you have donated to us within the last two years, unless you have opted out.

Presently, we only call people for administrative purposes.  If we want to make marketing calls for fundraising appeals, we will contact existing donors and supporters by phone on the same legitimate interest basis unless you are registered with the Telephone Preference Service or have opted out of receiving marketing communications.  We will obtain consent from all new donors and supporters to make marketing calls.

We will contact you:

  • with news and updates about our work including our newsletter 
  • about fundraising appeals and activities including requests for donations, information about gift aid, information on how you can leave us a gift in your will, how you can raise money on our behalf, attend or take part in fundraising events and challenges, and how your donations and fundraising support have a positive impact on our work and service users
  • with details and invitations about our special supporter events including talks, workshops, seminars, conferences, receptions and functions

We will not use companies or individuals to:

  • knock on people’s doors to ask for donations of any kind be it cash, card payments or gifts in kind
  • approach people in the street asking for bank details
  • ‘cold-call’ people to ask for donations over the phone

Research and analysis

Supporter research and analysis

We take seriously our duty to ensure that charitable donations are spent wisely, and that means doing some research and analysis to inform our decisions, set strategic objectives, develop fundraising and marketing strategies, forecast income and set budgets.

Analysing our supporter base to identify, communicate and engage with philanthropists and people who might choose to give significantly high levels of donations

We may undertake in-house desk research and engage specialist research companies to help us identify and engage with people who may wish to have a closer and more informed relationship with the charity and join our major donor funding programme by making a significant gift.

We may use information provided by you and that which is publicly available from sources such as Companies House, company websites, grant-making trusts and foundations websites, cultural and heritage websites, regional and local organisations websites like Kent Ambassadors, political and property registers, social network sites such as Linked In, and media archives.  We may gather information on board memberships, governorships, trusteeships, directorships, patronages, typical earnings in each industry or sector, hobbies, honours and publicly available news on philanthropic giving in articles published in print or online.

This information is vital to help us tailor our communication with you and to ensure it is relevant and timely.  It helps us to understand you better so that we can make appropriate requests for significant financial support and send relevant invitations to join meetings, development groups and attend events which may be of interest. It provides a tailored, bespoke, positive experience for prospective philanthropists and high-net-worth supporters.  We may also carry out research in this way to identify individuals not on our supporter database who may have an affinity to our cause but with whom we are not already in touch.

Under data protection legislation, you have the right to object to your data being processed in this way.  If you wish to opt out of being identified as a high net worth individual, please contact us at info@sunlighttrust.org.uk

We are also legally required to carry out checks on individuals who donate large donations, to comply with our duties in respect of anti-money laundering legislation and the prevention of fraud.

Applying to work or volunteer with us

If you apply to work or volunteer with us your personal data will be collected to administer your application, and for equality and diversity monitoring.  Personal data on all applicants is held for 12 months, unsuccessful applicant data is disposed of securely after 12 months while successful applicant data will be retained in personnel files.

We will need to share the data of successful applicants who are being offered a role in order to contact referees or to carry out a DBS check (role dependent); our application form requests your consent in order to allow us to do this.

Website and social media

We use cookies on our website, a cookie is a small data file that is downloaded from a website onto your computer hard drive. A cookie allows us to recognise that you have used the site before but will not contain any other personal data.  Cookies help us to understand how we can improve our services to our clients and supporters.  Cookies do not allow us to identify users personally.

If you do not want cookies to be stored on your PC, you can adjust your privacy settings. All browsers allow you to manage these settings, which are usually found under the “Preferences” or “Tools” menu. You can find out more information about individual browser settings at www.aboutcookies.org

Our website contains links to other websites of interest and we enable you to share information through social networking sites such as Facebook and Twitter. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement.

We may use your personal information to inform relevant third parties such as your internet provider or law enforcement agencies in the that event you post or send any content that we believe to be inappropriate, offensive, or in breach of data protection laws.

Professional contacts

We will collect data on professional contacts and partners with whom we work or to whom we provide professional services (e.g. training).  We may send our professional partners information and updates about our work and such contacts may opt out of receiving this information at any time.

Business to business fundraising contacts:

We have the means to maintain a record of information related to businesses and their Directors, grant-making trusts and foundations and their Trustees, statutory funding bodies, MPs, local Councillors and other holders of public office in order to undertake fundraising and campaigning activities in furtherance of our charitable aims.  This will include a ‘point of contact’ name, a record of contact details such as postal and email addresses, phone numbers and publicly available information which will enable us to develop and manage positive ‘business to business’ working relationships with these individuals and individuals working for these organisations.

Retention of your data

We do not keep personal data longer than necessary.  In determining how long to keep personal date we refer to the data retention procedures of local authorities and national bodies and will keep data and consider any legal requirements, legitimate interests, and guidance issued by regulatory bodies such as the Information Commissioners Office.  Once the retention period has expired, we will securely dispose of data either by confidential waste disposal, anonymisation, or permanent deletion.

Service users

We generally keep records of people we have worked with for up to 7 years after their last engagement with us.  There are exceptions for those who are care leavers or have been a looked after child where the law specifies that we must hold these records until the person’s 75th birthday, or where there are contractual requirements in place from funders who may require that we retain some data for longer periods.

Donors and supporters

We will store data relating to donors and supporters who have acted upon campaigning actions for seven years after their last donation or engagement.

If you request to receive no further contact from us, we will keep some basic information about you to avoid sending you unwanted materials in the future.  If your data includes your giving history and financial details, we will anonymise the data if it needs to be used for monitoring or forecasting reports.

If you have gift aided your donations, under current HMRC rules we are obliged by law to retain your gift aid declarations and details of any donations for six years after the date of your last donation.

Security of your data

We have appropriate operational and technical measures in place to protect your personal data and ensure its confidentiality, integrity, and availability.  All information provided to Sunlight is stored securely and accessible only to those who are authorised to have access to it.  We will take all reasonable steps and measures to ensure that the information you give us is protected against loss, misuse, unauthorised access or disclosure.

In the unlikely event that a data breach should occur, the charity has a data breach procedure in place which details our responsibilities to swiftly mitigate and rectify any breach, and to report to the ICO and data subjects as required.

We keep all our service user and volunteers’ data in a secure cabinet.  This is protected so that only authorised staff have access to view the records.  We keep all our staff data in a secure cabinet, this is protected so that only authorised staff have access to view relevant records.  We have no HR function carrying out automated decision making for service users, volunteers or staff.

We may use your personal information to inform relevant third parties such as your internet provider or law enforcement agencies in the that event you post or send any content that we believe to be inappropriate, offensive, or in breach of data protection laws.

Use of data processors

We may use third party suppliers to manage mailing for fundraising appeals, campaigning, to conduct research or surveys, or for secure storage of personal information on our behalf where appropriate technical and security measures are in place.

Transfer of data outside the European Union

In the unlikely event we were required to transfer data outside the EEA this would be done so in a secure manner and only where there is an adequate level of protection for the rights of data subjects in the receiving country, for example the EU-US Privacy Shield.

Your rights and complaints

Sunlight’s Data Subject Rights procedure gives you the full rights and protections under GDPR to access, rectify, erase, restrict, port, object, or complain regarding your data.  The procedure and details on how to exercise your rights can be found here: link

About us

Our registered address is: 105 Richmond Road, Gillingham, Kent. ME7 1LX.  You can contact us on 01634 581511 or by email to info@sunlighttrust.org.uk

Sunlight is registered with the Information Commissioners Office and can be found on the ICO’s register of data controllers under the registration number Z1574305

This statement was last updated November 2018.  If any significant changes are made to the way in which we use your data, we will update this privacy statement and make you aware in our next communication with you.


Download this document here: GDPR Privacy Policy