Privacy policy

1. Introduction

Bendrigg Trust (“we”, “our”, “us”) is committed to protecting and respecting your privacy. We take personal information, security and communication preferences seriously. We make sure we protect the information you give us and will never sell it to anyone. This privacy policy explains what personal data we collect, why and how we process it, and the legal basis for processing this information.

 

2. Who we are

We are the Bendrigg Trust, a registered charity (no. 508450) and also a company limited by guarantee (no. 01396557). Our aim is to promote inclusion, encourage independence and build self-confidence through the safe provision of residential courses for disabled and disadvantaged people of any age or ability, throughout the UK.

 

3. How we collect and use your data

We collect and process personal data to allow us to make better decisions, fundraise and market more efficiently, service your bookings and, ultimately, to help us fulfil our charitable purpose. When we collect your personal data, we aim to be clear about our reasons for doing so, and not to do anything that people would not reasonably expect. There are a number of ways that we collect information. Most often this will be directly from you, for example, if you register to attend one of our courses.

We currently collect and process the following information:

If you contact us for any reason, we normally collect your:

  • Name
  • Address
  • Phone Number
  • Email Address


If you are a course participant, we may also collect your:

  • Date of birth
  • Gender
  • Next of kin
  • Previous booking history
  • Medical and dietary information, including any allergies you may have
  • Any other information you provide that helps us to look after you


Any sensitive data is treated in the strictest confidence. We may need to keep this data, and any relevant information from your attendance on one of our courses, for legal purposes.

If you came to us from a school or other institution, we may need to ask staff of that institution for their help in supplying the data we need for you to attend one of our courses.

We may collect and record information relating to people who participate on our courses and their experience with us to create a case study. Individuals’ explicit permission (consent) will be gained before we do this. We do this to improve our marketing and to help attract other participants and supporters. On some occasions this may also be required by grant funders.

If you or your school or institution are not yet a course applicant, we may have found some basic information about you from publicly available sources. We use this information to evaluate your potential interest in our courses and to get in touch with you. We use this information in our legitimate interest as a charity.

During or after your course, we may also collect:

  • Your feedback on the course and your responses to any impact evaluation


We use this information to help us improve our courses and the way we work with you or to evaluate and report on the impact of our work. This is done in our legitimate interest as a charity. We will always ask your permission to use your name in one of our case studies or for our marketing materials.

If you donate, we normally collect your:

  • Bank account details (name, sort code and account number) when you set up a regular gift (for example, a direct debit) or you send us a cheque.


Where appropriate, we may also collect:

  • Credit/debit card details for processing card payments.  These details will not be stored by Bendrigg. Any details taken over the phone will be inputted immediately into the card payment system and will not be recorded elsewhere.
  • Tax-payer status for claiming Gift Aid
  • Your donation history
  • Data that may be required for legacy administration when a supporter leaves a legacy gift to the Bendrigg Trust
  • Correspondence between supporters and ourselves (whether by postal mail, email or by phone)
  • Your contact preferences
  • Information when you complete a form on our website
  • Your posts and messages when you interact with us by social media (for example, Facebook, Twitter, Instagram or LinkedIn)
  • Information through your use of our website, for example, the IP address and details of pages visited.


We may collect and record any other relevant information you share with us about yourself. If you are not yet one of our donors, we might have obtained some information that is in the public domain. This may include published biographical information, philanthropic interests, open postings on social media sites and data from Companies House. We do this to evaluate what support we should ask you for and to help us to engage you in activities that are relevant to your known interests. We use this information in our legitimate interest as a charity that depends on fundraising. We will not use third parties to conduct wealth screening. We will not retain publicly available data relating to donors without their consent, which will be sought at the earliest practical opportunity.

If you attend one of our events where we take photographs or videos, please be aware that your image may be used in digital or print communications about that event.

If your personal details change, or you would like to update your communication preferences please notify us at: sarah@bendrigg.org.uk

 

4. How we use personal data

We will only process personal data for the following purposes:

  • To provide and administer the appropriate courses and care for our visiting groups
  • To use people’s information and their experience with us to create a case study, if they consent to do so
  • To provide you with information about our work, to seek your financial support and to tell you about the impact of your support
  • To ensure we know how individuals prefer to be contacted
  • To keep records of donations made
  • To claim Gift Aid where applicable
  • To contact you for administrative or donation processing reasons
  • To maintain our accounts to fulfil our administrative purposes
  • To respond to requests for information about our work
  • To invite you to attend events we are holding
  • To analyse the personal information we collect about you, including information in the public domain, to help us understand better your interests and the level of your potential donations, so that we can contact you in the most appropriate way
  • To improve our website to ensure that it is kept secure, and that content is presented effectively
  • To recruit and manage our staff and volunteers.


Sensitive information may be obtained for children, young people and vulnerable adults when it is needed to ensure their safety and wellbeing while attending one of our courses. When appropriate, consent from a parent, guardian or carer will be obtained before collecting this information.

If you decide you do not wish to be contacted by us, or if you have preferences about how often you would like to hear from us, please email: sarah@bendrigg.org.uk or call us on 01539 723766.

All our email newsletters have unsubscribe links at the bottom to make it easy for you to opt-out of receiving them.

 

5. How we will share your personal data

We will never sell your data to any third party, nor will we share your data with any other charity, commercial organisation or public body for marketing purposes.

If you make a Gift Aid donation to us, we will share data with HM Revenue and Customs to enable us to claim Gift Aid.

We will only share your data with carefully selected service providers and sub-contractors, for example for fulfilling donations in line with our charitable purposes. These data processors have access to personal information needed to perform their functions, but they may not use it for other purposes. In addition to our supporter database, your data may be loaded into other software such as email marketing platforms.

We may disclose your personal information if we are under a duty to do so to comply with any legal obligation, for example to government bodies and law enforcement agencies.

We will only ever share your data in other circumstances if we have your explicit and informed consent.

 

6. How we keep personal data safe

The storage of all of our data is managed by our ‘Data Protection Officer’, Nick Liley (Centre Director). Most data will be stored electronically on a secure, encrypted, cloud-based storage solution.

All booking information will be stored within our secure cloud-hosted database and/or secure cloud-hosted storage. We keep do not keep this data for longer than necessary and data will be destroyed after the following time periods:

Booking form – 7 years

Medical & consent forms – 12 years

Financial records e.g. invoices – 7 years (legal requirement)

Donor records – 7 years after last donation (Details concerning major donations (greater than £2,000) will be held indefinitely. Records of donors who have expressed an interest in leaving a gift in their Will, will be retained until they expressly state they will not be leaving such a gift or until four financial years have elapsed from our notification of their death).

Supporter data is entered and stored within a secure, encrypted, cloud-hosted database. We do not keep personal information for any longer than absolutely necessary.

We undertake regular reviews into who has access to information we hold to ensure that your information is only accessible by appropriately trained staff and volunteers.

Our online giving platform offers secure payment processing which is conducted by providers who specialise in the secure capture and processing of online transactions. We do not retain any card payment information.

While we make every effort to keep your data safe, no data transmission over the internet is totally secure. We cannot guarantee the security of any information you send us and you do so at your own risk.

We review the data protection policies of any external companies we use to store and process data, for example, Cinolla, MailChimp and Donorfy.

Emails are not always secure, and they may be intercepted or changed after they have been sent. We do not accept liability if this happens. The contents of our emails reflect their author’s views and are not necessarily those of the Bendrigg Trust.

We would report any serious data breach to the Information Commissioner’s Office (ICO) within 72 hours. In the event of your sensitive data being breached we will notify you of this at the earliest opportunity.

 

7. Responsibilities

The administration team will process and manage any personal data that Bendrigg receives. All Bendrigg staff have a responsibility to adhere to the policies and procedures in relation to Privacy and Data Protection. Overall responsibility of the data lies with our ‘Data Protection Officer’, Nick Liley (Centre Director).

 

8. Your data protection rights

You have the right to ask us to stop processing your personal data.

You also have a right to ask us for a copy of the information we hold about you.

If you would like to access the information held by us, please send a description of the information you want to see and proof of your identity by post. We will provide this information within one month from receiving the request. We do not accept these requests by email to ensure that we only provide personal data to the right person. We do not levy a charge for these requests unless they are unfounded or repetitive.

You have a right to instruct us to stop processing your data and delete any information we have on you from our database. We would do this within one month of a request.

For any more information on the above please write to Bendrigg Trust, Bendrigg Lodge, Old Hutton, Kendal LA8 0HW, contact sarah@bendrigg.org.uk or call us on 01539 723766.

You also have the right to lodge a complaint with the data protection regulator, the Information Commissioner’s Office (ICO). For further information on your rights and how to complain to the ICO, please refer to the ICO website – https://ico.org.uk

You can write to the Information Commissioner’s Office at: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or phone: 0303 123 1113.

 

9. Cookies

What is a cookie?

Cookies are small text files placed on your computer, mobile or tablet by websites that you visit. Cookies recognise a computer or mobile device when a user returns to a website it has visited previously.

Why are cookies used?

Cookies help improve the performance of websites and provide website owners with information about how the site is being used. Cookies can also help to improve your user experience.

How we use cookies

We may use session cookies to understand how you navigate around our website. We consider these necessary to the working of the website. If they are disabled, the website may not function correctly.

We do not use cookies to collect any personally identifiable information about you. Should you wish to restrict or block cookies which are set by our website, you can do this through your browser settings. You may also wish to visit https://aboutcookies.org.uk/ which contains detailed information about how you may do this on the most widely used browsers.

We do not use persistent cookies (cookies which remain on your hard drive after you have closed down your web browser) which could track and report on your subsequent browsing patterns.

Google Analytics

We may use Google Analytics to understand how our visitors navigate through the website. User data is aggregated and completely anonymous. You can read about Google’s privacy policy by visiting

https://policies.google.com/privacy?hl=en

Other third-party cookies

We may work with other third-party suppliers which use cookies, such as YouTube to show films on our website. If you disable these cookies it may interfere with your experience on our website.

 

10. Updates to this Privacy Policy

We will make changes to this Privacy Policy as and when required, and we will publish any new version of this Privacy Policy on our website.

If we make any significant changes in the way we treat personal information, we will make this clear on our website or by contacting individuals directly.

We welcome any questions or comments or suggestions regarding this Privacy Policy. Please email us at sarah@bendrigg.org.uk or call us on 01539 723766.

Last updated January 2022