HGT Website Privacy Notice
Personal Data You Provide
Your privacy is important to us. By providing personal information such as your name and e-mail address via the forms on this website, you agree to us contacting you with regard to the information provided. By ordering goods through our online shop collect your name and payment details in order to process the payment.
Some forms on our website also include a check box asking you for permission to add you to our mailing list. This is an opt-in mailing list and your personal information will be used solely by us (and all such emails include a link for opt-out).
How We Use Your Personal Data
We use the data you provide via this website to:
- communicate with you, for example: we use contact details such as email address or phone number when responding to enquiries made via online forms
- monitor website trends, for example: we use Google Analytics to help us aggregate traffic so we can monitor how the website is being used
- operate our business more effectively, for example: we seek feedback and use this to help improve our service
- process sales through our on-line shop.
Our “Lawful Reasons” For Processing Your Personal Data
The “General Data Protection Regulation” (GDPR) is the primary piece of legislation defining your rights over our processing of your personal information. The GDPR requires us to declare which of six “lawful reasons” we are relying on when we are processing your personal data: we operate on the basis of “consent” when sending newsletters (you won’t get sent a newsletter unless you have explicitly opted in to receive one).. and we operate on the basis of “legitimate interest” when communicating with you in other ways (e.g. when responding to your enquiry). And when fulfilling orders for purchases we process your information to complete the contract.
How Long We Keep Personal Data
Personal data, with the exception of any financial information which is not stored on the website, may be stored by the website for a period of up to 90 days after which time it is removed automatically.
Transfer of Personal Data
From time to time we may pass personal data such as your name and email address to other services that we use to send out newsletters and other communications (both electronic and print). However, your personal data will remain in the EU or countries considered by the EU to have equivalent policies such as Jersey, Guersey, Switzerland, New Zealand and Canada. Companies based in the USA that have certified with the EU-US Privacy Shield programme are also considered to be permitted destinations by the EU (this includes popular US products like Gmail, DropBox and MailChimp).
Questions or Complaints
In the first instance we hope you will contact us directly with any questions or complaints (contact details are displayed prominently on this website). However, legal rights regarding privacy are the remit of the Information Commissioners Office (ICO) and you will find more information about how to complain here: https://ico.org.uk/concerns/ .
Our Use of Google Analytics
We use Google Analytics to monitor how our website is being used so we can make improvements. Our use of Google Analytics requires us to pass to Google your IP address (but no other information) – Google uses this information to prepare site usage reports for us, but Google may also share this information with other Google services. In particular, Google may use the data collected to contextualize and personalize the ads of its own advertising network. Related information:
For more information please contact us
What Are Cookies?
A cookie is used by a website to send ‘state information’ to a Users’ browser and for the browser to return the state information to the website. The state information can be used for authentication, identification of a User session, User preferences, shopping cart contents, or anything else that can be accomplished through storing text data on the User’s computer.
Cookies cannot be programmed, cannot carry viruses, and cannot install malware on the host computer. However, they can be used to track users’ browsing activities which was a major privacy concern that prompted European and US law makers to take action.
Cookies are used by most websites for a variety of reasons – often very practical reasons to do with the operation of the website. However, they are also used to monitor how people are using the website (which pages are visited and how long is spent on each page). Each “visitor session” is tracked even though no effort is made to try to identify them in person.
The new legislation now states that you must be able to opt-out from having cookies stored on their computer.
What Happens If You Opt-Out
If you decide to disable cookies we record this so you don’t get asked the question again. You will find that most of the website works as expected although functions that rely on cookies are obviously disabled. These functions include using online forms (e.g. our enquiry form) or any feature that requires login. We use a cookie to remember your cookie preferences, this has a couple of consequences:
- If you delete all your cookies you will have to tell us your preference again
- If you use a different device, computer profile or browser you will have to tell us your preference again
For further and more information on HGT data privacy arrangements please contact [email protected]
HGT Data Privacy Notice
This Privacy Notice explains the types of personal data we may collect about you when you interact with us. It also explains how we store and handle that data, and keep it safe. The security of your information is of paramount importance to us and we take every measure to ensure not only that we keep you and your information safe but also that you know everything we do including how we help you exercise all of your data rights.
1. WHO WE ARE AND WHAT WE DO
Hollie Gazzard Trust (HGT) is a charity set up by Hollie’s parents, Nick and Mandy, and her sister Chloe following the murder of 20-year-old Hollie Gazzard in 2014 by an ex-partner.
HGT helps reduce domestic violence and support victims of stalking through creating and delivering programmes on domestic abuse, stalking and promoting healthy relationships to schools and colleges.
In addition, it funds:
- hairdressing training for young people who may not otherwise have the funds to study – Hollie was passionate about hairdressing and HGT enables others to follow their dream; and
- a stalking advocate to support victims of stalking
- The Hollie Gazzard Trust also campaigns to reduce anti-social behaviour and knife crime.
- The ultimate aim of the Trust is to positively change the lives of young people through partnerships in communities, as well as working alongside other charities and professional agencies.
2. THE FIRST POINT OF CONTACT FOR DATA PROTECTION
If you have any concerns or queries about our data protection policies and procedures please contact: [email protected]
3. WHY WE PROCESS DATA
HGT process data so that we can operate the Trust effectively and so that our services run smoothly for every person who contacts us – whether you are a visitor to the website, have contacted us to engage our services or you are a someone we contract with.
For example, we undertake training programmes and raise funds to help the Trust and raise awareness of stalking and domestic violence. In order to do this, we need people’s names and process some financial information.
4. LEGAL BASES FOR PROCESSING YOUR DATA INCLUDING ANY EXPLANATION OF LEGITIMATE INTERESTS
The law on data protection sets out a number of different reasons for which a Trust may collect and process your personal data. Some of these reasons, set out below, are the bases we have for processing your personal data:
In specific situations, we can collect and process your data with your explicit consent.
When collecting your personal data, we always make clear to you which data is necessary in connection with a particular service.
Occasionally we process special category data for example about participants on our training courses – we only do this with their explicit consent.
In certain circumstances, we need your personal data to comply with our contractual obligations.
We need to collect and retain contact and other details so we can for example:
- deliver our service,
- supply you with the goods you purchase from our online shop
- supply you with advice or information
- funding various posts related to the Trusts objective
- to enter into contract with you to supply us with goods or services.
If the law requires us to, we may need to collect and process your data.
For example, we are obliged to retain certain information for HMRC reporting purposes or to comply with other legislative provisions such as reporting to the Charity Commission.
In particular circumstances, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our Trust and which does not materially impact your rights, freedom or interests.
We use legitimate interests as a ground for processing data where we consider that the processing is such that you would expect us to do so:
We retain customer, client and supplier information for 6 years after the end of the accounting period in order maintain a good working relationship with these individuals
When responding to email queries or communication raised through our website – all data would be processed as part of our legitimate interests.
5. WHEN WE COLLECT DATA
The Trust collects information at various times. For example:
- When people arrange training sessions that we run and when you book onto the training sessions your details may either be provided by you or shared with us by those arranging the training
- When you contact us directly via post, email or telephone we may collect your name and contact details
- When entering into contracts with our suppliers we will collect relevant information including contact and finance details
- When you sign up to receive our newsletter or other information
- When you make a donation to the Trust or when you sign up as a supporter.
The HGT website also collects data. This is a list of the pages and points at which your information will potentially be collected
6. WHAT DATA WE COLLECT
HGT processes the following types of information
Contact information including: name, address, phone number, email address
Financial and bank details in order to pay invoices and process payments
In some circumstances we collect and process more personal details when people give information about themselves. We use this information only to facilitate the best relationships with those who we interact with. This could be our suppliers or those who we supply training and advice
Occasionally, we process special category data for example when running training programmes we need to know any medical requirements of participants that could affect them whilst on the course. We only collect this information directly from the participant and with their consent
When you interact with the HGT website, information is also collected. For example, when you donate to us we need to process your bank details and when you make contact with us via the website we will receive your email address and any other information you supply.
HGT also uses Google Analytics – we do not have access to, or collect any information from you other than your IP address which we do not access but is passed directly to Google. The use of google analytics allows us to optimize our website performance.
7. HOW WE USE YOUR PERSONAL DATA
We process data for a variety of reasons. Each of these relate to the running of the Trust and giving all of those who interact with us the best experience possible. Some examples of how we use the data we process include:
- To process orders, deliver contracts or services
- To reply to any queries or questions you may have
- To book training programmes
- To communicate with you where necessary and to send newsletters to you
- To comply with legal requirements such as HMRC and Charity Commission reporting
- To maintain good ongoing customer/client and business relationships
- To protect those who interact with us
- To enable us to maintain a user-friendly website which is optimized for both the user and to enable us to fund our work
8. HOW LONG WE KEEP YOUR PERSONAL DATA
Whenever we collect or process your personal data, we only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or retained for reason detailed below.
Reasons for data retention
Some personal data must be retained in order to protect the company’s interests, comply with regulatory requirements, preserve evidence, and generally conform to good business practices. Personal data may be retained for one or several of the following reasons:
- Business requirements
- Regulatory requirements
- Possible litigation
- Accident investigation
- Security incident investigation
- Intellectual property preservation.
Different types of data will be retained for different periods of time:
Personal customer data: Personal data will be held for as long as the individual is a customer of the company plus 1 year
Personal trustee and employee data: General employee data will be held for the duration of employment and then for 3 years after the last day of contractual employment or cease being a trustee. Employee contracts will be held for 5 years after last day of contractual employment.
Personal tax payments will be held for 6 years after the accounting period
Records of leave will be held for 3 years
Recruitment details: Interview notes of unsuccessful applicants will be held for 1 year after interview. This personal data will then be destroyed
Health and Safety: 3 years for records of major accidents and dangerous occurrences.
Operational data: Most company data will fall in this category. Operational data will be retained for 3 years
Critical data including Tax and VAT: Critical data must be retained for 6 years after the accounting period.
9. HOW WE KEEP YOUR DATA SAFE
We are aware of the need to maintain the highest level of security when processing your personal information. We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way.
We take the following steps to maintain the security of your personal information:
- We keep all of your information in systems that are secure
- We limit access to your personal information to those who have a genuine business need to know it
- We have password protected systems; passwords are automatically generated and held centrally
- All emails and laptops are encrypted
- We maintain firewalls and anti-virus software
- Any data which is accessed off site or on a mobile device is kept locked when not in use and never left unattended.
- Any documentation retained in paper form or kept in our offices is kept in a locked cabinet. The office is also securely alarmed and access is restricted to set individuals.
- We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
10. WHO WE SHARE YOUR DATA WITH
Hollie Gazzard Trust may on occasions pass your personal Information to third parties exclusively to process work on its behalf. Hollie Gazzard Trust requires these parties to agree to process this information based on our instructions and requirements consistent with all data protection law including GDPR. For details of our data sharing and our standard data processing contract please contact our data protection lead at: [email protected]
In summary however, where we use data processors and these might be, for example, our 3rd party accounting apps or contractors or companies who store data for us, we make sure that they also keep your data secure and that they also protect your rights. To this end we make sure that:
We provide only the information they need to perform their specific services
They may only use your data for the exact purposes we specify in our contract with them or where their terms and conditions of processing contain the correct data processor clauses under GDPR
If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Sharing your data with third parties for their own purposes (“joint controllers”) eg HMRC, accountants, legal advisors:
We will only do this in very specific circumstances, for example:
- With your consent
- Where we have a contract in place with the other party
- Where we are obliged to share the information for legal reasons.
Hollie Gazzard Trust do not broker or pass on information gained from your engagement with the agency without your consent.
11. WHERE YOUR DATA IS PROCESSED
We do not transfer data outside of the EEA. Our servers are located in the UK.
From time to time we may pass personal data such as your name and email address to other services that we use to send out newsletters and other communications (both electronic and print).
However, your personal data will remain in the EU or countries considered by the EU to have equivalent policies such as Jersey, Guersey, Switzerland, New Zealand and Cananda. Companies based in the USA that have certified with the EU-US Privacy Shield programme are also considered to be permitted destinations by the EU (this includes popular US products like Gmail, DropBox and MailChimp).
12. YOUR RIGHTS AND WHO TO CONTACT
You have the following rights, which you can exercise free of charge:
The right to be provided with a copy of your personal data
The right to require us to correct any mistakes in your personal data
To be forgotten
The right to require us to delete your personal data—in certain situations
Restriction of processing
The right to require us to restrict processing of your personal data—in certain circumstances, eg if you contest the accuracy of the data
The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
The right to object:
—at any time to your personal data being processed for direct marketing (including profiling);
—in certain other situations to our continued processing of your personal data, eg processing carried out for the purpose of our legitimate interests.
Not to be subject to automated individual decision-making
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
Email: [email protected]
Write to PO Box 2250, Gloucester, GL3 9FD
Telephone 07538 575229
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. You can do this by contacting our data protection lead at: [email protected]
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We will then stop processing your information unless we believe we have a legitimate overriding reason to continue processing.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We will always comply with your request. To ask us to stop direct marketing please contact: our data protection lead at: [email protected]
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
For us to check your identity please:
- let us have enough information to identify you [(eg your full name, address and client or matter reference number)];
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- let us know what right you want to exercise and the information to which your request relates.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to contact the ICO
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites).
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence