Privacy & Security (UK)

The Fred Hollows Foundation (UK) Privacy Statement for UK Website – 2018

The Fred Hollows Foundation (UK) (registered charity number 1140288) (limited company number 07193829). ("We") are committed to protecting and respecting the privacy of everyone we interact with, whether that is general population, partners, donors or staff members.

This document (together with our separate website terms of use, and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding any personal information and how we will treat it. This document is published on our website, socialised to current staff and sent in response to any request for this document.

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). This policy is in line with GDPR.

For the purpose of the GDPR the data controller is: The Fred Hollows Foundation (UK),
9 Rushworth Street
London
SE1 0RB
United Kingdom
 
Any questions regarding this policy or our privacy practices should be addressed to the data controller and sent by email to [email protected] or by writing to the address above.

Contents

Use of ‘Cookies’

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.

Here are the types of cookies present on our website:
  • strictly necessary cookies; are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
  • analytical/performance cookies; allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • targeting cookies; record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
  • functionality cookies; are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control.

You can choose to block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.
Except for strictly necessary cookies, all cookies will expire after one (1) calendar month.

Information we may hold about you

We may collect and process the following data about you:
  • Information you give to us. You may give us information about you by filling in forms on our website (http://www.hollows.org/uk) or by corresponding with us by phone, e-mail, post or otherwise. This includes information you provide when you register to use our website, subscribe to our newsletters and updates, and when you report a problem with our website. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information, personal description or photograph.
  • Information we collect about you. With regard to each of your visits to our website we may automatically collect the following information:
    • Technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
    • Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); projects you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
  • Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
The information regarding employees or potential employees is dealt with separately in this policy.

How we will use the information that we collect from you

We use information held about you in the following ways, to:
  • provide you with information about our work and projects that we are planning and/or are similar to those that you have enquired about;
  • notify you about any changes or developments to our projects;
  • tailor the content from our website so that it is presented in the most effective manner for you and for your computer;
  • process donations, contact you with regard to any donations that you have made and for related issues with those donations;
  • answer any queries or resolve any complaints that are submitted to us.
Information we collect about you. We will use this information:
  • to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to improve our website to ensure that content is presented in the most effective manner for you and for your computer;
  • to allow you to participate in any interactive features, when you choose to do so;
  • as part of our efforts to keep our website safe and secure;
  • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
  • to make suggestions and recommendations to you and other users of our website about projects that may interest you or them.
We may also combine the information you give to us and information we collect about you with information we receive from other sources for the purposes set out above (depending on the types of information we receive).

Disclosure of your information

We may share your personal information with any member of our group, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

We may share your information with selected third parties including:
  • partners;
  • advertisers and advertising networks that require the data to select and serve relevant adverts to you and others;
  • analytics and search engine providers that assist us in the improvement and optimisation of our website;
  • we may disclose your personal information to third parties;
  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • if The Fred Hollows Foundation (UK) or substantially all of its assets are acquired by a third party, in which case personal data held by it will be one of the transferred assets;
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of The Fred Hollows Foundation (UK), our donors, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Where we store your personal information, including transfers

Any physical or electronic information that we collect from you may be transferred to be stored at, a destination outside the European Economic Area ("EEA") including but not limited to Australia. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the processing of your payment details and the provision of support services. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy.

As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the EEA. By way of example, this may happen if any of our servers are located in a country outside of the EEA. These countries may not have similar data protection laws to the United Kingdom. Any occurrence of a transfer we will ensure we take steps to ensure that appropriate security measures are taken with the aim of protecting your rights per this policy and any associated regulation from end to end transfer.

If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
There is no guarantee that any transmission of information via the internet is completely secure for any individual or company. We will do our best to protect your personal data, although we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Your rights regarding your own personal information

We uphold any rights given in legislation or regulation, specifically the UK Data Protection Act 1998[1] and the most recent GDPR.[2]

The GDPR gives any European Union resident the following rights regarding their own personal information as follows:
  • The right to be informed. This right is met by the presence and application of this policy.
  • The right to access your own data. You have the right to access information held about you. An access request will be carried out free of charge unless there are substantial costs to meet your request, in which case you may be charged £10 so we that can facilitate providing you with the information we hold about you. All requests will be answered within thirty (30) calendar days. Please note that we will keep a record of your communications with us to help resolve any issues you raise.
  • The right to rectification. You have the right to ask for any information held about you to be corrected or updated if it is inaccurate.
  • The right to erasure. Where we have gained consent to process your information you may withdraw it anytime at which point we will delete any information held about you.
  • The right to restrict or object to processing (using) your data. Where we have gained consent to process your information for marketing purposes you have the right to ask us to stop. We will usually inform you when we collect your data if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. If we are processing your information because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object.

Legal basis for processing your information

We will only collect and process personal data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you) and “legitimate interests”. We may process your personal data for the purposes of our legitimate interests provided that such processing shall not outweigh your rights and freedoms.

If you have any questions about the lawful bases upon which we collect and use your personal data, please contact our Data Protection Officer.
 

How long we will keep your information

We will delete your information from our systems if we have not had meaningful contact from you for seven (7) years unless we believe your data to still be processed for the relevant propose for which it was collected. Examples of meaningful contact are an additional donation or a request for information about the work carried out by us.
 

Employee Information

These rights also apply to employees of The Fred Hollows Foundation (UK) throughout the lifecycle of their relationship with us.

Those with an interest in working for the organisation
  • What kinds of information we collect. All job applications are made through our global website (http://www.hollows.org/au). During the application process you will provide us with personal data information about you, which is likely to include your, name, address, email address, phone number, education, employment history and membership of professional or trade association. In some cases you may also provide your race, and criminal record history.
  • How we use the information we hold. We will use the information:
    • to contact you regarding the role you have applied for and to assess your suitability for that role and possibly other roles that we feel match your stated skills and interests.
  • Information we receive from other sources. We may receive information about you from other sources such as the references you have provided.
  • How long your information is stored for. The information that we collect from you will be stored for six (6) months from the application submission date, after which all information submitted, physical and digital, will be deleted unless within the six (6) month period you have submitted another job application or been employee by The Fred Hollows Foundation (UK).
Current Employees
  • What kinds of information we collect. Employment with The Fred Hollows Foundation (UK) requires you to give us information about yourself such as name, address, email address, phone number, date of birth, nationality, passport details, drivers licence, employment history, health background and photograph. Background checks, including criminal record checks, and right to work in the UK will also be completed.
  • How we use the information we hold. We will use the information:
    • To administer a range of Human Resources (HR) processes;
    • To assess an your qualifications and suitability, including state of health, for a particular job or task;
    • For remuneration, payroll and pension administration;
    • To establish a contact point in the case of an emergency. This information will only be used in the event of an emergency;
    • To establish your learning and career development requirements;
    • To support the preparation of statistics for various purposes (including the monitoring of equality and diversity issues; see the ‘Sensitive Personal Data’ and ‘Internal reporting’ sections below).
  • How long your information is stored for. The information that we collect from you will be stored securely for the duration of your employment and for up to seven (7) years after the last day of your employment with The Fred Hollows Foundation (UK), or from the last time we have had meaningful contact from you. Examples of meaningful contact are a new job application submission or a request for a reference. This is to fulfil our lawful obligations such as obligations to the Tax authorities or to respond to any litigation. Your information, physical and digital will then be deleted. Some basic information such as name and email address maybe retained to preserve system integrity, in this case the information would be retained for the lifecycle of the system plus seven (7) years.
Past Employees
  • What kinds of information we collect. This information is per the above as a current employee.
  • How we use the information we hold. We will use the information:
    • to contact you regarding your past employment with The Fred Hollows Foundation (UK).
    • to contact you regarding any new opportunities we feel you might be interested in.
    • How long your information is stored for. The information that we collect from you will be stored securely for the duration of your employment and for up to seven (7) years after the last day of your employment with The Fred Hollows Foundation (UK), or from the last time we have had meaningful contact from you. Examples of meaningful contact are a new job application submission or a request for a reference. This is to fulfil our lawful obligations such as obligations to the Tax authorities or to respond to any litigation. Your information, physical and digital will then be deleted. Some basic information such as name and email address maybe retained to preserve system integrity, in this case the information would be retained for the lifecycle of the system plus seven (7) years.
Internal reporting containing employee data
Internal reporting is an important management tool for The Fred Hollows Foundation (UK) to meet statutory reporting requirements, to monitor its policy and performance, to develop equality aims and objectives and provide a better understanding of our diverse working community.

When used for the purposes described, steps are taken to ensure that staff information remains confidential, with only the required and authorised persons having access and that if data is more widely shared, is largely identified and aggregated to ensure no individual identity is revealed, protecting employee’s privacy rights.

Disclosure of employee data
For the performance of the employment contract, we are required to transfer an employee’s personal data to third parties, for example, to pension providers and HM Revenue & Customs.

Sensitive and special personal information collected

We anticipate this being mostly staff data however we may come into contact with data of this nature elsewhere. Sensitive and special personal data within The Fred Hollows Foundation (UK) can include information relating to:
  • The racial or ethnic origin of an individual;
  • Physical or mental health condition;
  • The commission or alleged commission of any offence;
Any proceedings for any offence committed or alleged to have committed, the disposal of such proceedings or the sentence of any court in such proceedings.

Changes to this policy

Any changes we may make to this policy in the future will be published on our website in place of this policy and, where appropriate or where you have agreed to be notified to you by e-mail.

Contact for more information

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to the Data Protection Officer at [email protected]. Please put "Personal Data Query" in the subject line so it comes to the attention of the Data Protection Officer. If at any time you consider that your rights have not been adhered to by The Fred Hollows Foundation (UK) then you may lodge a complaint with The Information Commissioner’s office by visiting their website (https://ico.org.uk/concerns/).
 

[1] http://www.legislation.gov.uk/ukpga/1998/29/contents
[2] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) https://publications.europa.eu/en/publication-detail/-/publication/3e485e15-11bd-11e6-ba9a-01aa75ed71a1/language-en