PRIVACY AND COOKIES POLICY
Operation Smile United Kingdom is committed to protecting personal information and being transparent about what information we hold on anyone who has been in contact with Operation Smile. We recognise that you, as a visitor to our website, may be concerned about the information you provide to us, and how we treat that information. We also understand that privacy is a human right that benefits us all. Using data fairly is important to us as is using it securely.
The purpose of having a Privacy and Cookies Policy is to give a clear explanation about why and how Operation Smile UK collects and uses any personal information. We ensure that we follow strict guidelines as per the Data Protection Act 2018 and EU General Data Protection Regulations and Privacy & Electronic Communications Regulations 2018. Our aim is to ensure that by respecting the privacy of our data subjects this will bring about benefits to them and in turn Operation Smile UK.
This policy applies to all activities undertaken by Operation Smile UK (OSUK) within the UK and abroad. OSUK collects data to meet its objects as per its Memorandum and Articles of Association 2011 and defined strategic goals and objectives. The processing of data will be handled securely and sensitively to the best of our abilities and in line with our data classification.
OUR DATA SUBJECTS
Our subjects include:
VULNERABLE PERSON’S POLICY
We are committed to protecting vulnerable people and adhere to the following:
• Listening to call recordings from data processors to ensure that individuals whom we believe, based on the conversation, do not have the mental capacity to make sound decisions on donating to OSUK have their gift cancelled or not processed.
• Noting references in correspondence e.g. being forgetful, family concerns about their charitable spend or simply their handwriting and responding appropriately to these issues.
You may request a full copy of OSUK’s Child Protection Policy, which covers all vulnerable people, at any time by post, phone or via email.
We are particularly respectful of the privacy of our young supporters. With regards to the use of the internet we encourage parents/guardians to monitor their children’s internet activities and help us protect their privacy by instructing them never to provide personal information on this or any other site without permission. We will in all circumstances try only to extract necessary information required to undertake our objective.
We have strict policies with regards to our marketing/email communication. We will not knowingly mail or email anyone under the age of 18 with any marketing related content. Communications to under 18s will be limited, and if related to fundraising will be in accordance with that as agreed with the minor and his/her legal guardian. If you are under 18 and wish to fundraise for Operation Smile UK please ensure that you have consent from a parent or guardian before giving us your personal information.
If you have any questions about our Privacy and Cookies Policy or queries on how we use or have used your information, please contact the Data Protection Officer:
By Post: Operation Smile UK Unit A, Genoa House Juniper Drive London SW18 1FY
By Phone: 020 3475 5126
By Email: Email: firstname.lastname@example.org with the subject/reference: DATA PROTECTION
Operation Smile United Kingdom is incorporated as a Company Limited by Guarantee in England and Wales (No. 04317039). It is also registered with the Charity Commission for England and Wales (No. 1091316).
This policy will be reviewed periodically and may be changed/updated to reflect the review. Please ensure that you stay up to date by visiting our website and checking.
INFORMATION COLLECTION AND USE
OSUK as Data Controller, and like most website owners, receives and records information from various sources. The type of information we and/or our third-party providers collect depends on the interaction between you and us. This could be when making a donation, applying for a job/to volunteer or through an online purchase. We gather information through postal communications, visits to our websites or apps, participation with our business/corporate partners, electronic communications, volunteering or communications through social media. We and/or our third-party providers may also collect information publicly available through third party platforms (such as online social media platforms), online databases, or that is otherwise legitimately obtained.
Type of information collected
The type of information collected is also related to the interaction. This may include:
- Your name and bank/card details
- Postal address or email address
- Phone number
- Employment History
- Medical history
- Tax status/Gift Aid eligibility
- Mode of communication preference(s)
We also collect information through cookies and similar technologies. This information is usually de-identified information such as how you arrived at our website, pages you visited or general location. It may further collect information e.g. the device you use to browse our website or apps, the IP Address and related information, browsing history on our website and apps, how you search our website or if you communicated with us. Personal information is only collected if you for instance apply a ‘remember me’ identification for any reason.
OSUK is the sole owner of any information collected either as an organisation or by third-party on its behalf, web based or not.
WHY WE COLLECT YOUR INFORMATION
The information we collect including publicly available information could be used to fulfil our legal and contractual obligations, purpose for which you have submitted your information e.g. processing donations, legitimate interest including sharing with third party agencies that perform functions on our behalf as agreed, enhancing user experience on our website or analysing how visitors to our website use the website (automated information collection) and to meet our overall objective including continuing to share our stories.
We will not sell, share, or rent this information to others except as in meeting our objectives through for example third party outsource contracts/data processors or to the extent as required by law. Third-party contractors/agents are expected to meet our standards and are required to abide by our policies whenever we share or transfer information as agreed.
We will endeavour to undertake privacy impact assessment whenever there is fundamental change in the way we process data, implement suitable records management systems, and log data security incidents. This will enable us to keep rigorous control of information held and your privacy.
Consent will depend on the mode of communication and OSUK will at all times deem consent is given for contact via emails/phone albeit even if implied as in accessing and providing your email/telephone (mobile) number when accessing ‘products/services’ on our website.
We will only contact you with regards to the ‘product/service concerned or similar. For all other email/phone contact we will seek expressed consent via post before communicating with you. Therefore, if you received an email from us, your email address is either listed with us as someone who has expressly shared this address for the purpose of receiving email communications from us, or you have donated to us, purchased from us or otherwise have an existing relationship with us and have consented to receiving communications from us via email/phone.
Consent is deemed given if, having obtained a postal address, communication is sent by post and that the correspondence is related to OSUK’s ‘legitimate interest in pursuance its objects/aims and objectives’. The opportunity to opt in/out will thereby be given to the addressee when this initial correspondence is sent out. Options will then be noted in accordance with your response/choice(s). From time to time we my contact you again via post to enable any changes to be registered if we have not already been informed.
YOUR RIGHTS UNDER THE DATA PROTECTION ACT AND THE GENERAL DATA PROTECTION REGULATION
The collection and use of personal information by us is in accordance with the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR). More information can be found at the Information Commissioner’s Office.
Operation Smile will recognise your rights and endeavour to resolve any issues within 28 days.
Please contact the DPO at Operation Smile UK at the registered address by post or in person, by phone or by email (email: email@example.com SUBJECT: DATA PROTECTION) if you wish to exercise any of these rights.
Please contact Operation Smile UK in the first instance requesting our Complaints policy and to give us a chance to resolve your complaint. Contact us on email at: firstname.lastname@example.org or phone 0203 475 5126
However, if you wish to make a formal complaint to the supervisory authority where you believe there has been an infringement of your rights under the GDPR,or where you are dissatisfied with our resolution, please contact the supervisory authority, Information Commissioner’s Office or telephone 0303 123 1113. You may also make a complaint through the Fundraising Regulator or the Charity Commission as appropriate.
Breaches will be notified to the Information Commissions Office (ICO) as per regulations.
You may request a full copy of our complaints policy at any time.
MODE OF COMMUNICATION PREFERENCE(S)/CHOICES
You can choose how you would like to receive communication including direct marketing mail from us – through postal mail, email, sms and/or telephone. If you choose not to receive direct marketing communications from us, we will honour your choice. This will not affect how we communicate with you in other matters. We respect your time and attention by controlling the frequency of correspondence/communication with you.
You may modify your preferences at any time by phone (020 3475 5126), post to our registered address or via email (email@example.com or by using the automated (unsubscribe) link as instructed via email.
CONTROLLING YOUR PERSONAL INFORMATION
Personal information is information that can identify a person, such as name, address, telephone number, and email address. You may choose to restrict the collection or use of your personal information e.g.
- whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
- If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing, phoning or emailing us.
We will not sell, distribute or release your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
CARD INFORMATION SECURITY
We care about the safety and security of your transaction. We use high grade encryption and the https security protocol to communicate with your browser software. This method is the industry standard security protocol, which makes it extremely difficult for anyone else to intercept the card information you give us. Companies we work with to process card transactions also use high grade encryption and security protocols.
OSUK is PCI Compliant and the monitoring of its web access point/ports is monitored by the IT team in Operation Smile Inc., UK consultants and/or Security Metrics Ltd. Non-compliance is immediately reported to us and we take all necessary steps to fix breaches at the earliest opportunity. We also undertake annual assurances/checks on third-party processors by ensuring that they too are PCI Compliant by asking for confirmation of their current status.
ACCURACY OF INFORMATION
In addition to maintaining privacy and security controls over information you share with us Operation Smile works continually to accurately process your information. We employ error checking procedures to ensure that information is processed completely and accurately. These processes/procedures are reviewed regularly reflecting feedback and comments. During business hours, staff is available to answer questions about your financial transaction or personal information on 020 3475 5126.
CHANGING CONTACT DETAILS OR CONSENT
If your personal details change, please help us to keep your information up-to-date by notifying us. Similarly, if at any time you’d like us to change the way we contact you, if you would prefer that we do not profile your data, or if you would like to opt out of our communications altogether please contact a member of our Supporter Care team to action your request by:
Phone: 020 3475 5126
Post: Operation Smile United Kingdom, Unit A, Genoa House, Juniper Drive, London SW18 1FY
TRANSFERS/VPN and STORAGE/DESTRUCTION OF DATA
Where it is necessary for Operation Smile UK to transfer your information outside non-EU countries and to third party agents within UK as disclosed in our purpose for collection, we will ensure that your information is protected to the same extent as in the European Union through one of the following safeguards:
- Transfer to a non-EU country whose privacy legislation that ensures an adequate level of protection of personal data as determined by the European Commission; or
- Put in place a contract with the service provider/fundraising agent stipulating that they must protect personal data to the same standards required by the European Union and the United Kingdom.
And using a safe and secure transfer process including encryption where necessary.
Virtual logins will be password protected and staff encouraged to use computerised equipment and software provided by OSUK.
RETENTION OF DATA/INFORMATION
Storage of information is important to us because your privacy is paramount.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for or by law. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. Where we provide personal information to third parties, we have similar considerations when agreeing an appropriate retention period.
At the end of an agreed retention period your information will either be securely and confidentially destroyed or anonymised. Anonymisation is the process of either encrypting or removing personal information from data sets, so that it is not possible to identify individuals from the data.
Independent external and internal audits are conducted to ensure the privacy, security and appropriate processing of your information by us.
We have a targeted approach to fundraising to make certain that we are contacting you with the most appropriate content and timing. At times we may using profiling techniques or insight companies to provide us with more general information about you using publicly available information. This helps us better understand who supports us and means we can tailor appropriate communication to those supporters.
You may opt out of your data being used for profiling techniques by contacting us and marking any communication for the attention of the Data Protection Officer.
Our website and microsites may contain links to other sites. Unless we expressly state otherwise, Operation Smile makes no representations whatsoever concerning the content of those sites. The fact that Operation Smile has provided a link to a site is not an endorsement, authorisation, sponsorship, or affiliation with respect to such site, its owners, or its providers. There are risks associated with using any information, software, or products found on the Internet, and Operation Smile cautions you to make sure that you understand these risks before retrieving, using, relying upon, or purchasing anything via the Internet. In addition, we encourage our users read privacy and cookies policies of these linked sites. Operation Smile is not responsible for the privacy practices of other websites. You may not create a link to this site that incorporates or relies upon, in whole or in part, any content from any page on this website, or that incorporates any copyright or otherwise intellectual property of Operation Smile without written permission from Operation Smile
COOKIES – WEBSITE USERS
A cookie is a small data file that a website transfers to your computer’s hard drive with your permission. Once you agree, the file is added and the cookie helps us analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual based on your previous actions. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences, personalising your experience on our website.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to user needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better experience when on our website; it enables us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies on our website. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
By accepting that you have read this policy OSUK deems that consent has been given for it to process data in accordance with said policy – i.e. dropping cookies.
GOOGLE AND FACEBOOK SITE STATS
You may have clicked on an ad for this website that was delivered by Google or similar browser/social media site.
In the case of Google the company measures the performance of the advertising it delivers. By providing a tool to more accurately measure the performance of the ads we deliver, Google (and advertisers) will be able to improve the quality and relevance of the ads that you see.
To measure performance, Google uses small strings of text/file (known as cookies) that are placed on your computer when you click on ads. Cookies typically remain active on your computer for about 30 days. If you visit certain pages of the advertiser’s website during that period, Google and the advertiser will be able to tell that you saw the ad delivered by Google.
All material on webpages under the domain operationsmile.org or operationsmile.org.uk is, unless otherwise stated, the property of Operation Smile Inc. and or OSUK. These materials are protected by copyright and other intellectual property laws. Information received through this website may be displayed, reformatted, and printed for your personal, non-commercial use only. You may not reproduce or retransmit the materials, in whole or in part, in any manner, without the prior written consent of Operation Smile. with the following exception only: You may make single copies of the materials available through this website, solely for your personal, non-commercial use, and only if you preserve any copyright or other notices contained in or associated with them. You may not distribute such copies to others, whether or not in electronic form, whether or not for a charge or other consideration, without prior written consent of the owner of the materials.
THIRD PARTY REQUESTS FOR DATA
Except in exceptional circumstances (as outlined in this process) requests to change donor information including changes to direct debits, standing orders or any other kind of donation, can only be authorised by the donor.
We can only take instructions from a third-party with the express consent of the donor or on evidence of the relevant power of attorney. This is to safeguard the interests of the donor with whom we have a relationship.
A request by a third-party to remove a donor from our mailing list or change mailing preferences may be considered exceptionally if we are convinced the third-party is acting in the best interests of the donor. This may be a judgement based on the donor’s history of giving, any unusual changes in the level of their giving or frequency of giving and any communication we have had with the donor regarding their gifts or mailing preferences. Any direct communication from the donor –verbal or written- which gives concern that the donor may lack capacity to make a sound decision and/or judgement could be taken as support on this. In this context our telemarketing agencies who call on our behalf in fundraising campaigns record conversations with prospective donors and where there is a concern relating to mental capacity these recordings could be used by OSUK for final decision making.
QUESTIONS OR SUGGESTIONS
It is important to us at Operation Smile that we hear what you have to say about our organisation or our policies. If site you have any suggestions, questions, concerns, or complaints or want to let us know what they think about our organisation, please contact us at 020 3475 5126 or email firstname.lastname@example.org.
Updated: August 2020