This Privacy Notice tells you what to expect when Development Partners collects your personal information. It serves as a description of our data protection policy, setting out why and how we process personal information, in order to comply with data protection legislation. We may change this policy from time to time in line with changing legislation. This policy is also reviewed annually and was last updated in May 2019.
Our contact details:
· Development Partners UK Ltd
Park Farm Technology Centre
· 0845 130 1621
· Main point of contact for data protection matters is Judy Niner, Managing Director, firstname.lastname@example.org
We are registered as a data controller under the Data Protection Act 1998, and our Data Protection Register number is: Z8078572
What type of information we have
We may collect and process the following personal information:
· Name, job title, and the name of the organisation you work for.
· Contact information including your email address, phone numbers, organisation address, in some cases your home address (if you have shared it with us).
· Publically available information about your current interests, activities, your personal and professional networks.
How we get the information, why we have it, and what we do with it
Most of the personal information we process is provided to us directly by you for one of the following reasons set out below. We do not disclose personal data to any third parties or external organisations other than data controllers we are sub-contracted to (i.e. our clients who have asked us to carry out prospect or donor research).
Current and former employees and associate consultants
When individuals apply to work for or with Development Partners, we will only use the information they supply to us to process their application. We also take and keep on file professional references, as well as copies of their qualifications. These details may be stored electronically and on paper. Personal information about unsuccessful candidates is held for 3 months after the recruitment exercise has been completed and is destroyed or deleted.
Once a person has taken up employment or an associate consultant position with us, we will set up a file relating to their relationship with us. The information contained in this will be kept securely and will only be used for purposes directly relevant to that person’s employment or subcontracted work. It is not shared with third parties. Once their work relationship with us has ended, we retain the file in accordance with the requirements of our retention schedule and then delete it or destroy it.
The lawful grounds for processing this data are that it is in our legitimate interest to do so.
When we do business with someone representing a client organisation, we need to record and store his or her contact details to enable client management and contract delivery. This data processing is necessary for the delivery of a contract and we rely on our legitimate interest as the legal basis for storing and processing it. The data is held for the duration of the contract and for 6 years following its conclusion, in order to comply with HMRC record keeping requirements.
New business enquiries
When a telephone or email enquiry is made, we capture and record basic information about the organisation the enquirer represents. We may keep a paper copy of the telephone notes for up to one year, after which it is destroyed, or, in the case of enquirers who become our clients, for longer periods as required. Emails are deleted after 5 years.
Our website has an enquiry contact page that captures basic information about the enquirer and the nature of their enquiry. This is held by GoDaddy on servers in the USA in order to help us service the enquiry. When an enquiry lapses or progresses to a contract, it is deleted from our system.
Separate to all the other personal information we hold (which has been directly given to us by the individual), occasionally, we are asked by client charities to identify or research ‘high net worth individuals’ who may be interested in donating to the charity or not-for-profit organisation. In this regard, we act as a data processor and we enter into a Data Processor Agreement with the client (the data controller).
This type of work typically involves reviewing publicly available information (such as LinkedIn, corporate biographies, other publications) and producing a small summary. We do not include any special category data. Before doing so we will ensure that our client has established their lawful basis for storing and processing this information, has communicated this in their publically available Privacy Notice, and has a policy in place for how they intend to share their Privacy Notice with new prospects and supporters.
The information we collect is then provided to the client charity (the data controller), which may subsequently approach the people identified, at which point they give them the option to opt-out of any further contact or research.
The data we collect is stored in password protected electronic files, on a secure file-sharing platform, and deleted 3 months after the end of the client contract. It is not retained, used for purposes other than those of the client, or sold on to other organisations. We are happy to hear from people who do not wish to be the subject of any prospect research that we undertake, so that they can opt out of any future research. The lawful grounds for processing this data are that it is in our legitimate interest to do so as part of our business relating to fundraising research.
Our website employs cookies to help us understand how visitors navigate it, which pages they land on, which pages are the most read, which pages visitors leave from, how long people spend on the website, which countries visitors are based in and which browsers they are using. You can choose to accept or decline cookies.
How we store your information
We have implemented security procedures, rules and technical measures to protect the personal data that we have under our control from:
§ unauthorised access;
§ improper use or disclosure;
§ unauthorised modification.
Any personal information is securely stored in electronic files on Egnyte, a secure file-sharing platform. All our employees, associates and data processors, who have access to, and are associated with the processing of personal data, are legally obliged to respect the confidentiality of our clients’ and contacts’ personal data.
We do not retain your personal data longer than is either reasonable or legally permissible. We have different retention periods for different categories of data much of which is detailed in this document under the relevant section. Please contact us if you would like more information on our retention periods.
Your data protection rights
Under data protection law, you have rights including:
· Your right of access - You have the right to ask us for copies of your personal information.
· Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
· Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
· Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
· Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
· Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. If you wish to make a request please contact Judy Niner at email@example.com or 0845 130 1621 or write to:
Development Partners UK Ltd
Park Farm Technology Centre
Complaints and enquiries
We try to meet the highest standards when collecting and using personal information. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We are happy to provide any additional information or explanation. Any requests for this should be sent to the address above.
If after contacting us about data issues, a data subject still has grounds for complaint, they are able to take the matter up with the Information Commissioner, with which we are registered.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113