Stormbreak - Privacy Notice
The privacy and security of your personal information is extremely important to Stormbreak. This privacy notice explains how and why we use your personal data, to make sure you stay informed and can be confident about giving us your information.
We keep this notice updated and published on our website to show you all the things we do with your personal data.
2. Who we are
Stormbreak will be the Data Controller for the personal information you provide. In this notice, whenever you see the words ‘we’, ‘us’, ‘our’, or ‘the Charity’ it refers to Stormbreak.
Stormbreak is a Registered Charity in England and Wales (No. 1182771).
3. Why we collect your personal information
Your personal data is any information which identifies you, or which can be identified as relating to you personally. This includes personal details (name, date of birth, email, address, telephone number); financial information relating to donations or memberships (credit or debit card, direct debit details, gift-aid), and your opinions and attitudes, activities and events, and your experiences.
We collect information relating to your use of the website (technical data), in accordance with our Cookies Policy.
Other than technical data, we only collect the personal information that you voluntarily provide us. This will be in connection with specific activities such as subscriptions to newsletters; organising events; consent forms for the use of images; processing donations, conducting research, registering for an account on our website, entering the competition, prizes or surveys
4. How we collect your personal information
You can give us your personal information by:
- Filling in forms or subscribing to a newsletter
- Entering a competition, promotion or survey
- Corresponding with us (by phone, email)
- Joining as a supporter/member
- Making a donation
- Registering for an account on our website
If we don’t need your personal information, we won’t ask you for it. If we use your personal information for research or analysis, we will always keep your details anonymous.
We won’t knowingly send marketing or fundraising emails, letters or telephone calls to people under the age of 18.
5. Special category data
The law recognises some types of personal information as particularly sensitive (special category data), this includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Special category data requires higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information.
As part of our usual course of business, we do not collect any special category data about you or your child. Nor do we collect any information about criminal convictions and offences. However, we may process information:
- relating to a health condition or disability in order to meet our legal obligation to make reasonable adjustments in the provision of our services;
- to ensure meaningful equal opportunity and diversity and inclusion monitoring and reporting;
- where it is needed to protect your vital interests (or someone else's interests) and you are not capable of giving your consent;
- where it is necessary to establish, exercise or defend a legal claim;
- where you have manifestly made the information public (for example via any interactive service on our website); or
- otherwise with your explicit consent. For example, if you choose to register for an account on our website, you may voluntarily provide us with special category data about you or your child. In which case you consent to use it for the purpose it was given.
6. Who we may share your personal information with
Personal information collected and processed by us may be shared with the following groups, where necessary:
- trustees and employees of Stormbreak
- consultants who conduct research on our behalf
- staff from our partners (you will be informed beforehand)
We may also share your information with other third parties as follows:
- HMRC or other government or law enforcement agencies;
- if we sell any business or assets, in which case we may disclose your personal information to the prospective buyer of such business or assets;
- if we have a legal obligation to do so; or
- for the purposes of fraud protection and credit risk reduction.
The categories of third parties listed above use your personal information for their own purposes and are responsible for their own compliance with data protection legislation.
We also share your personal information with third-party service providers who provide services to the Charity, such as our CRM host server, IT support and maintenance service, cloud storage provider and email exchange server, and other businesses that provide certain services on our behalf. All of our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal information for their own purposes.
We won’t share or sell your personal information to anyone else.
7. The legal basis for using your information
According to the General Data Protection Regulations (GDPR) and the Data Protection Act 2018, we must have reasons to collect and use your personal information.
The legal reasons why we need to collect and use your personal information are:
- Legitimate interest: we process personal information to the extent this is necessary for our legitimate interests (provided that your interests and fundamental rights do not override those interests). Where we rely on legitimate interests, our interests are providing you with access to our website including online mental health movement sessions.
- Contract: we may process your personal information to the extent necessary to complete any contract you have entered a contract
- Consent: We may process your personal information (including special category information) if you have given us explicit
Below are the main ways we’ll use your information, depending on the nature of our relationship with you.
7a. Marketing communications
We’d like to use your details to keep in touch about things that may matter to you. This might be about taking part in Stormbreaks, volunteering with us, events and activities, or fundraising.
We’ll only send these to you if you agree to receive them and we will never share your information with companies outside the Charity for inclusion in their marketing.
We’ll always act upon your choice of how you want to receive communications (for example, by email, post or phone). However, there are some communications that we need to send. These are essential to fulfil our promises to you, for example, transaction messaging if you’re a donor or supporter.
Sending marketing communications is within our legitimate interests to promote the Charity and our purposes.
7b. Fundraising, donations and legacy pledges
Where we have your permission, we may invite you to support the vital work we are doing to help children’s mental health. This might be by making a donation, getting involved in fundraising activities or leaving a gift in your will.
We may invite some supporters to attend special events to find out more about the ways in which donations, gifts and legacies can make a difference to specific projects and to our cause. We’ll also send you updates on the impact that you make by supporting us in this way.
If you make a donation, we’ll use any personal information you give us to record the nature and amount of your gift, claim gift aid where you’ve told us you’re eligible and thank you for your gift.
If you’ve told us that you’re planning to, or thinking about, leaving us a gift in your will, we’ll use the information you give us to keep a record of this – including the purpose of your gift.
If we have a conversation or interaction with you (or with someone who contacts us in relation to your will, for example, your solicitor), we’ll note these interactions throughout your relationship with us, as this helps to ensure your gift is directed as you wanted.
As part of our ongoing fundraising and prospecting activities, we may use publicly available information to research potential donor prospects. If we believe individuals identified through this research may have an affinity to the charitable cause we may pursue contact with them through an invitation to an event or letter of enquiry.
Charity Commission rules require us to be assured of the provenance of funds and any conditions attached to them. We follow a due diligence process which involves researching the financial soundness, credibility, reputation and ethical principles of donors who’ve made, or are likely to make, a significant donation to the Charity.
Fundraising is within our legitimate interests to promote and support the purposes of the Charity.
We carry out research with our supporters, staff and volunteers to get feedback on their experience with us. We use this feedback to improve the experiences that we offer and ensure we know what is relevant and interesting to you.
If you choose to take part in research, we’ll tell you what information we will collect, why and how we’ll use it. All the research we conduct is optional and you can choose not to take part. For some of our research, we may ask you to provide sensitive personal information (e.g. ethnicity). You don’t have to provide this information and we also provide a ‘prefer not to say’ option. We only use it at an aggregate level for reporting (e.g. equal opportunities monitoring).
7d. Online services
We provide free online mentally healthy movement sessions for children under the supervision of a responsible adult. You can choose to register for an account if you are over the age of 18.
You do not have to provide any information to access our content, but if you choose to register for an account we will collect any information you voluntarily provide. This may include your first name, last name, username or similar identifier, and email address. We may ask you for information about your child, all of which is completely voluntary, to help us monitor our services. This may include: first name or nickname, gender, school and age.
We use this information for both our and your legitimate interests of enabling us to monitor your child's progress and to issue completion certificates for sessions they have completed. We only do this with your consent.
If you are a school that has registered with us and has provided details of children who have completed sessions we will share the progress of those children on an anonymised basis.
If you or your child have entered a competition on the website we use the information you provide for the purpose of running the competition, and announcing the winners. When we run competitions you do not have to provide your child's full name, you may use a nickname.
We may also collect any feedback you provide about our sessions. We may monitor your use of the website and which online sessions you have watched.
8. How is your personal information kept safe?
Protecting your personal information is extremely important to us. Access to your personal information is only provided to our staff and third parties who help us to process personal information.
We have put in place:
- appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
- procedures to deal with any suspected data security breach, and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Any personal information that you submit to us will be held on secure servers based within the UK or the European Economic Area (EEA).
If we are required to transfer your information outside the EEA, we have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection.
By registering with us from outside the EEA you consent to such transfer as necessary to enable use of our service. If you are based outside the EEA we may transfer personal information to any correspondence address you provide to us.
9. How long we will keep your information
We will only use and store your information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information and what it is being used for, but in most cases this will be for no longer than six years after our last contact with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
10. Your rights
You have the following rights:
- to be told what we are doing with your personal information. We do this by providing you with this privacy notice;
- to correct or update the personal information we hold about you.
- to object to the processing of your personal information;
- to request a copy of the personal information we hold about you;
- to ask us to delete the information that we hold about you where there is no good reason for us continuing to process it;
- to ask us to stop processing your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground and where there is no good reason for us continuing to process it;
- to ask us to restrict how we use your personal information for a period of time if you claim that it is inaccurate and we want to verify the position or in some limited other circumstances;
- to ask us to send your personal information to another organisation in a computer-readable format;
- to complain to the Information Commissioner's office if you are unhappy with our use of your personal data: you can do this at https://ico.org.uk/concerns/. Do contact us straight away if you consider that we are not handling your personal information properly so we can try and sort the problem out.
If we delete your personal information or restrict our use of it, we may not be able to provide our services to you.
If you want to exercise any of your rights or update your marketing preferences, please contact firstname.lastname@example.org. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).
30 July 2020