Your privacy is important to us
Shelter Community is committed to protecting your data and your privacy. We aim to ensure that any information you give us is held securely and safely.
As you use our service, visit our website, get in touch with us, or take part in our campaigns and activities, we collect information. This enables us to provide our services and improve the quality and relevance of our communications with supporters.
However you interact with us, we will never share your information with another organisation for their own marketing purposes and we will never sell your information for any reason whatsoever.
This policy explains how we collect, use and store your personal information. If you have any questions about this policy or how your data is handled, please contact us:
Changes to the privacy notice and your duty to inform us of changes
We will keep this privacy notice under regular review to ensure it represents an accurate reflection of the way we use your personal information.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
What Information do we collect and why do we collect it?
The main reason we will use personal information is to help us effectively carry out our charitable activity to provide safe accommodation for young people. However, we also use personal data to help us raise funds to support our work, and to help us manage our staff and volunteers.
We will always try to be clear, honest and open with you whenever we collect and use your personal data.
Like all organisations in the UK, we need a lawful basis to collect and use personal data. The law allows for six legitimate purposes which organisations can rely on to legally process people’s personal data. Of these, only three are relevant to us for the type of activities listed above:
- Information is processed based on an individual’s consent.
- Information is processed in line with a contractual relationship.
- Information is processed on it being a legitimate interest for us to do so.
Where you give us consent to process your data we will always keep a clear record of how and when this consent was obtained.
Marketing/Fundraising: We will always ask for your consent to send you marketing by email, SMS or other digital means. We will also ask you for your consent before contacting you by telephone for the purpose of marketing or fundraising.
Sensitive personal data: Should we ever ask you to provide any sensitive personal data about yourself, for example, any health condition that may be relevant, we will always seek your explicit consent to process this data.
Recruitment: For those applying for a job or volunteering position with us, we will ask for your consent to contact third parties such as referees, to undertake a DBS check if appropriate, or for other vetting purposes.
b) Contractual relationships
The majority of our relationships with supporters and beneficiaries are voluntary and not contractual. This purpose primarily relates to how we process the data that we hold in relation to our staff, and in some circumstances, our volunteers.
c) Legitimate interests
The law allows personal data to be legally collected and used by an organisation if it is necessary for a legitimate business (or in our case charitable) interest of the organisation – as long as its use is fair and balanced and does not unduly impact the rights of the individual concerned. This basis covers the majority of the personal information we collect.
What are our legitimate interests?
Delivery of our charitable object to provide safe accommodation for young people.
- Reporting criminal acts and compliance with the legal instructions of law enforcement agencies.
- Internal and external audit for financial, quality or regulatory compliance.
- Statutory reporting.
Publicity and income generation:
- Conventional direct marketing by direct mail and other forms or marketing, publicity or advertisement.
- Unsolicited communications to Churches and other organisations with whom we work closely in order to publicise our appeals and campaigns.
- Personalisation to tailor and enhance the supporter experience in our digital and postal communications.
- Analysis, targeting and segmentation to develop fundraising strategy and improve communication efficiency.
- Processing for research purposes.
- Employee and volunteer recording and monitoring for recruitment, safety, performance management or workforce planning purposes.
- Provision and administration of staff benefits such as pensions.
- Physical security, IT and network security.
- Processing for historical, research or statistical purposes.
Financial management and control:
- Processing of financial transactions and maintaining financial controls.
- Prevention of fraud, misuse of services, or money laundering.
- Enforcement of legal claims.
Purely administrative purposes:
- Responding to any solicited enquiry from any of our stakeholders.
- Delivery of requested products, resources or information packs.
- Administration of direct debits and other existing financial transactions.
- Administration of Gift Aid.
- Providing ‘thank you’ communications and receipts.
- Maintaining ‘do not contact’ lists
When we use your personal information, we will always consider if it is fair and balanced to do so and whether it would be within your reasonable expectations that we would use your data in this way.
We will balance your rights and our legitimate interests to ensure that the way in which we use your data never goes beyond what you would expect and is not unduly intrusive or unfair.
Your data rights
Where we are using your personal information based on your consent, you have the right to withdraw that consent at any time. You also have the right to ask us to stop using your personal information for direct marketing purposes.
The law also gives you a number of other rights in relation to your personal data. Contact us and we will amend your details accordingly.
Right to be Informed: You have the right to be told how your personal information will be used. This policy document, and shorter summary statements used on our forms and other communications, are intended to be a clear and transparent description of how your data may be used.
Right of Access: You can write us asking what information we hold on you and to request a copy of that information. We have 30 days to comply once we are satisfied you have rights to see the requested records and we have successfully confirmed your identity.
Right of erasure: In certain circumstances you have the right to be forgotten (i.e. to have your personally identifiable data deleted). In many cases however, we are required by law or other regulations to retain your data. If this applies, we will ensure that your data remains secure and is not used for any purpose other than those allowed. Please contact us if you have any questions about this.
Right of rectification: If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated.
Right to restrict processing: In certain situations, you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.
Right to data portability: Where we are processing your personal data under your consent the law allows you to request data portability from one service provider to another. This right is largely seen as a way for people to transfer their personal data from one service provider to a competitor and is unlikely to be relevant to your relationship with us.
Right to object: You have an absolute right to stop the processing of your personal data for direct marketing purposes.
Right to object to automated decisions: In a situation where a data controller is using your personal data in a computerised model or algorithm to make decisions ‘that have a legal effect on you’, you have the right to object. This right is more applicable to mortgage or finance situations. We do not use your data in such a way and so this right is not relevant in your relationship with us.
We will never sell personal information and will never share it with another organisation for their own marketing purposes. However, there are a number of situations where we use third party suppliers – for example to send out emails on our behalf. Shelter Community always ensures that these providers are compliant with data protection regulations, and we delete information from these suppliers as soon as possible when it’s no longer needed. If you have any questions please contact us.
The only circumstances in which we will share personal data with others is if you are one of the users of our charitable services and you consent for us to share your information as part of the process of helping you.
However, in all cases we may be obliged to share personal information when we are compelled to do so by a legal authority acting in compliance with the law.
We remove personal data from our systems in line with our data retention policy below. The length of time each category of data will be retained will vary on how long we need to process it, the reason it is collected, and in line with any statutory requirements. After this point the data will either be deleted or rendered anonymous.
Service User Enquiries: If anyone contacts us to enquire about our service with a view to use our services, we will keep their personal data for a maximum of 6 months. This is to ensure we are able to respond to their enquiry.
Referrals from third parties: We receive personal information about potential service users from third parties who wish to refer individuals to us for support. We will hold the information we are given for a maximum 6 months unless the individual becomes a client. This is to ensure we are able to respond to their enquiry.
Client records: If someone becomes a service user, we will keep their records for a maximum of 6 years after they no longer use our services. This is to ensure we can provide further assistance if a service user subsequently needs our help again, and for regulatory and audit reasons to ensure that we are able to manage any future complaints or enquiries.
Staff and Volunteer records: If someone becomes a member of our team, we will keep their personnel records for a maximum of 6 years after they cease working/volunteering for us in order to comply with employment regulations and for audit purposes.
Donor records: We will keep records of our donors for a maximum of 6 years after their last donation in order to comply with HMRC and charity law regulations, and for financial audit purposes.
Supporter / Marketing records: We will keep the contact details of those who have consented to receiving news and updates from us until they tell us that they no longer which to receive such information.
Recruitment records: Where you provide personal data and sensitive personal data when applying for a job or volunteering opportunity, such as the information on your CV, we will process, store and disclose this personal data to support the recruitment process. CVs and application details will be stored for a period of 6 months for audit purposes before being deleted, unless the individual becomes an employee.
We collect data using cookies. A cookie is a text file that is sent from our website/s as soon as you visit the site. It is stored on your computer’s hard drive and helps us to identify your computer (not you) and collects information in an aggregate, anonymous way.
The cookie data that we collect we may use to:
- Customise the content on our website/s and to help us understand visitor’s current and future needs
- Process any requests, applications or transactions you may make
- Aid internal administration and analysis
Managing cookies: Most browsers allow you to turn off the cookie function. To do this you can look at the help function on your browser.
Third party cookies: We occasionally work with third party suppliers who set cookies on our website to enable them to provide us with services. These are mainly used for reporting and advertising purposes so we can improve the way we communicate.
We occasionally use websites such as YouTube and Vimeo to embed videos and you may be sent cookies from these websites. We do not control the setting of these cookies, so we suggest you check the third-party website for more information about their cookies and how to manage them.
As some of these services may be based outside of the UK and the European Union, they may not fall under the jurisdiction of UK courts. If you are concerned about this you can change your cookie settings (see above).