This is the Privacy Notice for Little LifeSavers.
The purpose of this notice is to inform you about how and why your personal data is used so that we at Little LifeSavers are as transparent as possible, and to ensure that you are aware of your rights under UK data protection legislation.
Little LifeSavers is a charity registered with the Charities Commission under registration 1169176.
Our registered address Honeymead, Rectory Lane, Ashington, West Sussex RH20 3LF. We can be contacted at firstname.lastname@example.org or on 0300 300 525
The purpose for processing your data and our basis for doing so
We process your personal data so we can provide schoolchildren, with lifesaving training.
In processing your data, we must establish our legal basis for doing so and the legal basis can be different depending on circumstances in which we process it. References to the basis of processing e.g.,”(Article. 6.1.f)” are a reference to the article of the UK General Data Protection Regulation under which we undertake the processing in question.
If you are a school accessing our charitable service, we will hold the following personal information about you as our point of contact:
- Your full name.
- Your email address.
- Your contact telephone number(s).
- The position you hold in the school.
We process this information so we can provide you with the service we offer you as well as maintain our communication with you. Our legal basis for doing this is Article. 6.1.f – legitimate interest. It is in our legitimate interests of the charity to provide lifesaving skills to school pupils.
We will also use your contact data to send occasional updates via email to both customers and anyone who has signed up to receive these on our website. If you are an existing recipient, we are permitted to send you email marketing as we have already collected your data during the course providing you a service. You can withdraw your consent at any time by using the ‘unsubscribe’ function on the email.
If you sign up to receive notifications from us, then we ask your consent (Article. 6.1.a) to do this. You may withdraw your consent at any time by using the ‘unsubscribe’ function.
If you wish to become a volunteer with us, then we will collect the following information from you:
- Full name.
- Date of birth.
- Identification verification in the form of a utility bill, passport and driving licence.
- Disclosure and Barring Service conviction checks.
- Email address.
- Postal address.
- Telephone number(s).
We process this information to establish a volunteering contract with you, our legal basis for doing this is Article. 6.1.b – performance of a contract. We ask you to sign an agreement to abide by our principles and aims, so this is necessary to establish and maintain that agreement between us.
We process criminal conviction data under Article 6.1.b – (Contract) plus Schedule 1 Part 2 Section 18 of the Data Protection Act 2018. It is our legal responsibility to ensure that persons under the age of18 are not exposed to potential harm.
Where we require your data in the pursuance of a contract, if you fail to provide that data, we will not be able to engage your services.
Recipients of your data
As a general principle, we will not transfer your personal data to other recipients without your permission. There are some exceptions to this:
- It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate. Lawful basis is Art 6.1.c Legal Obligation
- We do use an external accountancy service and they have limited visibility of your personal business data for the administration of company financial affairs. The lawful basis for this is Art 6.1.f, we have a legitimate interest to allow our accountant to have limited access to our client personal data to manage our accounts.
Data collected by third parties on our behalf
We manage our contact data through online applications, and this data is hosted by NuFocus UK Ltd in the UK.
Our website is managed by Digibubble Ltd. they maintain the contact records within the website database. In administering this function and to provide security of that data, your IP address will be recorded in the log records as well as the date and time of access. The UK GDPR requires technical measures to be put in place to secure personal data, so this additional data is collected in compliance with that legal obligation.
We use Signiflow as a means of transferring data securely as well as providing authenticate digital signatures and we use Mailchimp for our email marketing platform.
For those organisations that process data on our behalf, we ensure that data processing agreements are in place as required by the UK GDPR.
Transferring your data outside of the UK
We do not transfer or process data outside the UK unless the processor we use requires it. If your data is sent out of the UK, we ensure that there are approved mechanisms to do so under Article 46 UK GDPR, such as adequacy decisions, standard contractual clauses or in exceptional circumstances, derogations.
We will retain your data only for the time we require it for the purposes stated and / or where we have a legal obligation or other legitimate purpose.
If you are a school representative, we will retain your data for 3 years after the last meaningful contact with you. If you are a volunteer, we will retain your data for 12 months after you finish offering your services.
Data required to comply with HMRC audit requirements will be retained for 7 years.
If you are interested in our work and have signed up to receive our updates, we will keep your information for 2 years from last meaningful contact unless you have asked us to stop contacting you. If this is the case, we will remove you from the mailing list but will keep the minimum of data to ensure you are not added back into it.
The UK GDPR requires us to implement technical and organisational measures to protect your data. We use Transport Layer Security (TLS, also known as SSL) to encrypt any data you supply to us through our website.
- Your rights
The UK GDPR provides you with several rights in relation to the data of your we process. The rights relevant to our activities are:
- You have the right to get access to and copies of your personal data.
- You can in certain circumstances, restrict our processing of your data and request us to erase it (although we may have to retain some for legal reasons).
- You can ask us to rectify any inaccurate information we may be holding.
If you want to exercise any of these rights, contact us on the above email address.
You also have the right to lodge a complaint about our processing with a supervisory authority — the UK’s Information Commissioner’s Office.
Information Commissioner’s Office
Telephone: 0303 123 1113