1. INTRODUCTION – a summary
WACT is committed to protecting your privacy and security. This policy explains how and why we use your personal data, to ensure you remain informed and in control of your information.
Following the coming into force of the General Data Protection Regulation) in May 2018 we rely on you giving us your consent about how we can contact you. This means you’ll have the choice as to whether you want to receive such communications and be able to select how you want to receive them (post, email, phone or SMS).
You can decide not to receive communications or change how we contact you at any time. If you wish to do so, please contact us by email (firstname.lastname@example.org), by post WACT Northern Office, Bridge End, Somerswey, Shalford, Guildford GU4 8EQ) or by telephone 01483 505566).
It’s important that you read the full policy to understand what information we hold, how we may use it, and what your rights are. The following is a short summary:
We collect information that is either personal data (email address, name, telephone number, postal address) or non-personal data (such as IP addresses, website pages accessed, etc)
We collect information about members, supporters, website users, volunteers and employees.
We collect information in order to provide information about our work and activities, to fundraise, to provide services or goods, for administration
,and for limited research into and analysis of our members and donors, and for the prevention and detection of crime.
We only collect the information that we need or that would be useful to us in providing the best possible service.
We do our very best to keep personal information secure, including the use of appropriate security technology.
We never sell your data and we will never share it with another company or charity for marketing purposes, and will only ever share it with organisations we work with where necessary or required by law and to provide services and if its privacy and security are guaranteed.
2. WHO ARE WE?
“We” and “Us” is the Wey & Arun Canal Trust Ltd (WACT) (charity no 265331) and our trading subsidiary W&A Enterprises Ltd (WAEL). Your personal data (i.e. any information which identifies you, or which can be identified as relating to you personally) will be collected and used by WACT.
For the purposes of data protection law, WACT will be the controller.
3. WHAT INFORMATION WE COLLECT
Personal data you provide
We collect data you provide to us when becoming a Member or volunteer, making a donation, asking for information about us or when buying goods or services from us or applying for a licence to use the canal. This data will consist of:
personal details (name / email address / postal address / telephone number etc
financial information (payment information such as credit/debit card or direct debit details, and whether donations are gift-aided. Please see Section 8 below for more information on payment security); and
in the case of volunteers, details of your interests, skills, preferences and emergency contacts. In certain circumstances we may need further information for safeguarding purposes.
If you purchase WACT membership as joint members details will be recorded and the relationship to one another will be recorded.
Information created by your involvement with us
We collect details of how you’ve helped us by volunteering or being involved with our campaigns and activities.
Information from third parties
We may sometimes receive personal data about individuals from third parties as for example if you are a member of another organisation collaborating with us on a restoration project.
Sensitive personal data
We do not collect or store sensitive personal data (such as information relating to beliefs or political affiliation) about supporters, members, donors or volunteers. However exceptionally we may collect information about health matters if you volunteer with us or if you have an accident on one of our volunteering activities, in which case we’ll take extra care to ensure your privacy rights are protected.
Accidents or incidents
If an accident or incident occurs on our property (including our vessels) or on property to which we have been given access or on a working party organised by us or at one of our events or involving one of our staff (including volunteers) then we’ll keep a record of this which may include personal data and sensitive information. This information will be retained for legal reasons such as in relation to an insurance or legal claim).
We may collect information from social media where you have given us permission to do so, or if you post on one of our social media pages.
4. HOW WE USE INFORMATION
We only ever use your personal data with your consent, or where it is necessary in order to:
enter into, or perform, a contract with you;
comply with a legal duty;
protect your vital interests;
for our own (or a third party’s) lawful interests, provided your rights don’t override these.
In any event, we’ll only use your information for the purpose or purposes it was collected for (or else for closely related purposes):
We use personal data to communicate with people, to promote WACT and WAEL and to help with fundraising. This includes keeping you up to date with our news, activities, campaigns and fundraising. For further information on this please see Section 6 (Marketing).
We use personal data for administrative purposes (i.e. to carry out our charity work). This includes:
receiving donations (e.g. direct debits or gift-aid instructions);
maintaining databases of our volunteers, members, donors, supporters and licensees;
performing our obligations under membership contracts;
fulfilling orders for goods or services (whether placed online, over the phone or in person);
helping us respect your choices and preferences (e.g. if you ask not to receive marketing material, we’ll keep a record of this).
Internal research and analysis
We may carry out research and analysis on our supporters, donors and volunteers, to determine the success of campaigns and appeals, better understand behaviour and responses and identify patterns and trends. This helps inform our approach towards campaigning and makes WACT a stronger and more effective organisation. Understanding our supporters, their interests and what they care about also helps us provide a better experience (e.g. through more relevant communications).
5. DISCLOSING AND SHARING DATA
We will never sell your personal data.
We may share limited contact information (e.g. postal or email address) with subcontractors or suppliers who provide us with services such as the production and distribution of our marketing materials or the supply and delivery of goods you may have ordered through us.
Occasionally, where we partner with other organisations, for example in jointly organised events, we may also share information about people involved in such events, such as names and contact details, with them. We’ll only share information when necessary.
We will only ever share your data with such organisations where necessary and if the privacy and security of your data are guaranteed.
Marketing includes providing or sharing information about our campaigns, events, news, public boat trips, fundraising, volunteering opportunities, canal restoration and maintenance working parties.
Members and supporters are asked to “opt-in” for most communications. This includes all our marketing communications. You therefore have the choice as to whether you want to receive these messages and how you want to receive them (by post or email) although not all communications will be available in all formats.
You can decide not to receive communications or change how we contact you at any time. If you wish to do so, please contact us by email (email@example.com), by post (WACT Northern Office, Bridge End, Somerswey, Shalford, Guildford GU4 8EQ) or by telephone on 01483 505566 .
Newsletters and magazines
Wey-South magazine is sent to all our members quarterly by post or by email with a link to a web-based .pdf file.
Wey & Arun Canal News is published twice a year and includes news of restoration progress. It is sent by post or email to both members and non-members.
A monthly newsletter is sent by email to any member or non-member on request.
Working Party News is sent monthly by post and email and is aimed principally at volunteers.
Boat Group Bulletin is sent monthly by email to boat crew, cabin crew and skippers.
You can choose to unsubscribe from receiving any of the newsletters and magazines.
As a charity, we rely on donations and financial and other support to continue our work. From time to time, we will contact members and supporters with fundraising material and communications. As with other marketing communications, we’ll only contact you specifically about fundraising if you’ve opted in to receiving marketing from us (and you can, of course, opt out at any time).
7. RESEARCH AND PROFILING
This section explains how and why we use personal data to build profiles which enable us to understand our supporters, improve our relationship with them, and provide a better supporter experience.
Analysis, profiling and grouping
We may on occasions analyse our supporters to determine common characteristics and preferences. We do this by assessing various types of information including behaviour (e.g. previous responses) or demographic information (e.g. location) or information on preferences and interests. By doing this, we can ensure that you are provided with communications and information which is likely to be relevant to you, and that we aren’t wasting resources on contacting people with information which isn’t relevant to them.
We may aggregate and anonymise personal data so that it can no longer be linked to any particular person, to provide data as to canal use (as in relation to canoe licenses which we share with British Canoeing), hours of volunteer work (as in relation to grant aid) and location of membership . This information can be used for a variety of purposes, such as recruiting new supporters, or to identify trends or patterns within our existing supporter base. This information helps inform our actions and improve our campaigns, products/services and materials.
8. HOW WE PROTECT DATA
We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use or disclosure of, your personal information.
Membership subscription standing order mandates are sent directly to your bank for processing. We do not retain your bank details on the membership register. A copy of the mandate is held until your first payment has been received and is then deleted.
All electronic forms that we use that request financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.
If you use a credit card to donate, purchase a membership or purchase something on-line we will pass your credit card details securely to our payment providers (currently Stripe). Other payment methods (i.e. Direct Debit & PayPal) are handled in a similar manner. We comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and never store card or account details electronically.
Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk.
Where we store information
Our operations are based in the UK and we store our data either within the UK or on secure cloud storage facilities with Egnyte Inc, a company based in the USA. Some organisations which provide services to us may transfer personal data outside of the EEA, but we’ll only allow them to do so if we believe your data is adequately protected.
How long we store information
We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored for depends on the information in question and what it is being used for. We may also be required to store data to satisfy legal requirements, for financial audit purposes or to satisfy insurance requirements.
If you ask us not to send you marketing emails, we may retain your email address to ensure that we don’t send marketing material to that e-mail address (though we’ll keep a record of your preference not to be emailed). We may also retain your email address for other purposes, such as for administration if you are a member of WACT.
We continually review what information we hold and delete what is no longer required. We never store payment card information on paper.
10. KEEPING YOU IN CONTROL
You have the following rights:
the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as a subject access request);
the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
the right to have inaccurate data corrected;
the right to object to your data being used for marketing or profiling; and
where technically feasible, you have the right to personal data you have provided to us which we process automatically on the basis of your consent or the performance of a contract. This information will be provided in a common electronic format.
There are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
If you would like further information on your rights or wish to exercise them, please contact us by email (firstname.lastname@example.org), by post (WACT Northern Office, Bridge End, Somerswey, Shalford, Guildford GU4 8EQ) or by phone (01483 505566) .
You can complain to us directly by contacting us using the details set out above.
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk
11. SOCIAL MEDIA PLATFORMS
Communication, engagement and actions taken through social media platforms that we participate on are subject to the terms and conditions as well as the privacy policies held with each social media platform respectively.
You are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to your own privacy and personal details. We will never ask for personal or sensitive information through social media platforms and encourage you, should you wish to discuss sensitive details, to communicate through primary communication channels such as by telephone or email.
We use social sharing buttons which help share web content directly from web pages to the social media platform in question. You are advised before using such social sharing buttons that you do so at your own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Our website uses ‘cookies’ to provide you with the best possible experience and to make use of certain functionality. This does not entail the collection of any personal information identifying you.
Your browser lets you choose whether or not to accept, or be warned before accepting, cookies. You will find these settings in your browser’s settings.
For further information about cookies see our cookies policy