The processing of your information is carried out by or on behalf of Family Holiday Association. The Family Holiday Association is a registered charity in England and Wales (800262) and Scotland (SC048203). Registered Company Number 02301337.
This policy has been designed to meet the requirements laid out in UK Data Protection Act 2018 (DPA), the UK General Data Protection Regulation (UKGDPR) and other relevant authorities.
You can call us on 020 3117 0650 and email us via email@example.com
Your acceptance of this policy, and our right to change it.
By using the Family Holiday Association websites, referral and holiday booking forms, social media pages, entering a competition or providing your information you consent to our collection and use of the information you provide in the way(s) set out in this notice. If you do not agree to this notice please do not use our websites, social media pages or referral and holiday services.
We review our privacy notice regularly and we may make changes to it from time to time. Any changes we make to the notice will appear here and will apply to all future processing of data, including data that is already being processed by the Family Holiday Association. This notice was last updated March 2021.
- We collect information that is either personal data (as outlined above) or non-personal data (such as web pages accessed).
- We may also collect special category personal data. For example, information about health conditions for families where it may mean we need to take this into account with planning a holiday. We record information about ages of children to support us to provide appropriate services and show the impact we have had as a charity.
- We collect information about (including but not limited to) the people we provide breaks for, referrers, partners and suppliers, donors and supporters, website visitors, survey respondents, volunteers and employees.
- We collect information to provide services or goods, to provide information, to fundraise for our work, for administration, research, analysis and for the prevention/detection of crime.
- We only collect the information that we need to provide the best possible service.
- We do our very best to keep personal information secure. For example, we use a secure internet connection whenever we collect personal data online.
- Information is stored by us on computers located in the UK. In addition, we may process your data in other countries both within and outside the European Economic Area but only where tightly controlled by appropriate contractual arrangements.
- We never sell your data, and we will never share it with another company or charity for their own marketing purposes.
- We only share data where we are required by law or with carefully selected partners who do work for us. All our partners are required by their contract or terms of service to treat your data legally and fairly and to use data only for the required purpose. They have clear instructions about how to use it and we have the right to check how they are complying with our instructions.
What is personal data?
Personal data is information that can be used to help identify an individual, directly or indirectly, such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. Special category data includes information about medical conditions or information about children.
1 Why we use your information.
We will only use your information where we have a legal basis and will always respect your rights. Where we use your information, it may be because you have consented to us doing so or because we consider we have a legitimate interest to do so.
Where we do rely on a legitimate interest to use your information, we will always ensure that this is done in a way that is not intrusive or does not cause distress.
We may also use your information because we have a legal obligation to do so or because we need to fulfil a contractual obligation.
Some examples of what we mean by this include:
- You have given us your consent to use the information for a specified purpose, such as sending you marketing emails.
- We have a legal obligation to use your information, for example to claim Gift Aid or to book a break with a provider.
- We need to use your information to fulfil a contract with you – such as providing an auction prize or booking a break.
- We are using your information in pursuit of a legitimate interest, for example writing to you to tell you about our services and ask for your support in helping us to deliver breaks for families.
Other reasons include:
- To pursue our charitable purpose to deliver our mission and vision (including booking breaks and day trips)
- To raise vital funds for our work
- To ensure we meet our regulatory requirements as a charity
- To manage our ongoing relationship with our supporters and anyone we work with such as referrers
- To manage our financial transactions and prevent fraud
2 How we use your information.
2.1 To respond to any requests, complaints or queries you make to us. If you contact us directly, we will use the information you give to us to handle your enquiry or request. This may include responding to your query or feedback or sending you relevant information or fundraising materials. It could also include enquiries about breaks, referrals and the services we provide. We may also keep a record of conversations we have with you, feedback you provide and any marketing materials we send out to you. This can help us to handle queries more efficiently.
2.2 To process any donations you make, claim any relevant Gift Aid and maintain a record of your past or potential future financial contributions. This includes keeping a record of any pledges, gift agreements or any other indications that you are planning to donate to the Family Holiday Association. We keep a record of any donations we receive for audit purposes, and as we are legally required to keep information related to Gift Aid. We may need to use your information to prevent fraud. We may also use your information to administer any lotteries or auctions you participate in, for example, contacting you to let you know you have won a prize.
2.3 To provide you with information and support for any events, fundraising and campaigning activities or volunteering opportunities you sign up to, registering or enquiring about an event, activity or campaign. This includes signing up for our emails.
- Registering for an event: If you have completed a form to register or enquire about an event or activity, or to sign up to one of our campaigns plus given us consent to contact you, we will consider this as a request to send you details about the event, activity or campaign.
- Providing your contact information: Where you provide contact details for events, we will provide information and support by post, phone, mobile messaging, email, via social media, and any other channels for which you have given consent. When you have asked for details for any reason, we will send you information including, where relevant, ideas for fundraising and reminders on key information about the activity. You can change your contact preferences at any time by getting in touch with us at firstname.lastname@example.org. Where appropriate, we will use the information you provide to identify any help we can offer, specific to the activity you have signed up for and to provide necessary information to event organisers. Where this includes information about sensitive topics such as your health, we will only use this information if you have given us explicit consent to do so. We may also receive information through event organisers or through third party websites (for example JustGiving) so we know you are fundraising for us.
- Subscribing to our emails: where you provide your email address and any other contact details as part of registering to receive emails, you are providing consent for us to contact you via email. To stop receiving emails, use the unsubscribe link which appears in every email, or contact us via email@example.com. We use a third-party email provider to design and send our emails, and we use tracking within emails to provide overview statistics about open rate, click through and link clicks. This is to help us improve our communications and report on engagement rates for our activity.
2.4 To provide you with information about breaks, day trips, advice or guidance for referrers and so on. This includes
- Registering as a referrer – we collect your name, place of work, job title and geographic information to be able to provide you with information relevant to families you may be working with and our campaign offers. Your data will be used to contact you about break offers, specific families and holidays you may have applied for and to stay in contact with you about the wider work of the charity.
- Applying for a break – we collect information about the family you wish to nominate for a break, and will be required to provide names, addresses and other identifying information about families. This may include special category data such as a child or family members health condition, for the purposes of ensuring the breaks we provide meet a families needs. Referrers are required to discuss with their clients (families) the data we have asked for and how we plan to use it.
- Asking for feedback and staying in touch – we will use family and referrer information to stay in touch after a break and ask for feedback about the experience. We will also use this data to stay in touch with families about the wider work of the charity. We monitor feedback for quality and improvement purposes and use anonymised feedback for marketing and fundraising purposes. Where families have opted to provide us with stories, images and other content they will be asked to complete a permission form which identifies how we can use this information. We rely on legitimate interest to stay in touch directly, with families after their break though families may also opt in to remain in touch via social media and other channels.
2.5 To manage our recruitment. When applying for a staff or voluntary role with us, online, through a third-party portal or through a recruitment agency, the personal data you provide as part of the recruitment process will only be held and processed for the purpose of the selection processes and in connection with any subsequent employment unless otherwise indicated.
By submitting your personal information, you will be asked to give your consent for us to hold and use the data for the purposes being consented to. You will be asked to provide certain information including your name, contact details, employment history and qualifications. This information is mandatory so we can fairly consider your application, communicate with you about your application and where successful, follow up with references or meet our statutory and internal monitoring and reporting responsibilities.
We may also view social media profiles such as LinkedIn, Facebook and Twitter, to the extent that it is relevant to your application or candidate selection. Unsuccessful applicant data may be held confidentially within our files for up to six months before it is deleted.
2.6 To process financial transactions. The Family Holiday Association process payment information by several methods. These include regular donations, one-off donations and legacy donations and may be undertaken using cash, cheque, bank transfer, direct debit, card payment at a point of sale or contactless device, wireless payment, remote payment (such as over the telephone) and third-party fundraising tools such as Just Giving (plus others). Where payments are made using a debit or credit card, the charity does not store or retain the card information (PAN, CVV2,). All direct debits are covered by the Direct Debit Guarantee. We also use financial transactions to pay suppliers and service providers.
3 How we use your information and tell you about our work
3.1 To send you marketing communications by email, mobile messaging, or direct message on social media, where you have agreed to receive this. Where you have provided an email address, mobile phone number, or details of your social media profiles and consented to being contacted in this way, we will send you information by those channels – including by direct message through social media – covering ways to give or raise money for us, campaign for us, to volunteer for us, updates on breaks and other areas of our work. This may include promoting the work of partner organisations that we believe will benefit us and our charitable cause. We never give your information to partner organisations and third parties without your prior consent.
3.2 To contact you by phone and post where it is appropriate and relevant, and you have provided us with a telephone number or a postal address. We will occasionally call or write to you to tell you about ways to give or raise money for us, to volunteer for us, the breaks we are offering and our wider work.
We do this as we consider it as a legitimate interest to promote our charitable cause and communicate with you about ways you can support us. We will not contact you by phone for marketing purposes if your number is registered with the Telephone Preference Service, unless you have agreed to receive calls from us. We will not contact you by mail if you have registered your address with the Mailing Preference Service.
3.3 To manage your contact preferences. You can tell us to stop contacting you, or change the way in which we do so, by getting in touch with us using the details on our website, or by emailing firstname.lastname@example.org. We will keep a record of any requests to stop receiving information from us to ensure that we do not communicate with you in the future, unless you tell us you want to hear from us again.
3.4 To help us speak to you in a way that is relevant to you, and to understand our supporters more broadly. We try to ensure that our communications are as effective as possible. This means communicating with people in different ways, appropriate to them.
On occasion, we will use information you have given us, for example the record of your previous donations to us and the type of activity you have been involved with, to tailor our communications with you about future activities. We will also use information about how you use our website or interact with our emails so we can make them more effective.
In certain circumstances we will use information about you from publicly available sources – such as online registries, websites, media or social media, or personal introductions – to understand more about your interests and preferences so that we can better tailor our communications – telling you about the things you are likely to be interested in or letting you know of ways to fundraise with us which are relevant to you. We may do this by looking at your career information, peer networks, demographic information, hobbies and interests or other information.
We will also use broad demographic information such as statistics and analysis from third parties to better understand how our own supporter base compares to the general population. This helps us to decide who to send our communications to and is useful to ensure the communications you receive are relevant to you.
We will analyse anonymised data from our database so that we can understand our supporters. For example, we may use tools like Mosaic which gives us broad demographic and behavioural data at postcode level. Insights like this help us understand supporters, create segments and categorise our supporters so they get a better experience.
Some of our supporters may choose to give us some higher donations. We use in-house research, and where relevant, work with third party agencies (such as Experian) to help us identify people who may be able to support us with a higher gift. We use information you have given us, and from publicly available records such as the electoral roll, land records, ‘rich lists’, Who’s Who and Companies House records, as well as social media profiles. We may also collect information on your interests or articles about you from newspapers and magazines. We use this information to tailor our communication with you and invite potential supporters to meetings, groups and events which may be of interest to them.
If you would prefer we didn’t use your information in this way, then you have the right to tell us to stop and can do so by getting in touch with us using the details in the Get in touch section or emailing email@example.com
3.5 To target our digital and social media marketing and website activity. If you visit our website, we log the IP address of the computer you are using in order to protect our servers against abuse and malicious activity. The logs are deleted every 30 days. Other information is used to measure the performance of our website, how many visitors (traffic) we receive, how users move around the site (we also use third party sites like Hotjar to help with this).
When you access our website, some cookies are saved to your computer, for example if you have chosen a particular landing setting or created a user account. You can also turn off your cookies so that we can’t access this information. For more information, please read our Cookies Policy here.
We may also use the information you provide us with to target our digital and social media advertising effectively. This could include securely providing contact details such as your name and email address to digital advertising networks or social media companies, including but not limited to Facebook, Google and Twitter. For example, we may use your information to enable us to display adverts, or to find potential supporters who have similar characteristics to you.
Any information we share with social media companies will be shared in an encrypted format and will not be used for their own purposes. You can stop your information being used for this by contacting us at firstname.lastname@example.org
Where you have asked us not to use your information for targeted digital advertising, you may still see adverts related to our work. This is because the social media site or advertising network may select you based on information they hold, such as your age and location, or websites you have visited, without using information that has been provided by us.
You can control the kind of advertising which you see through the settings in the relevant social media site. You can also control other advertising messages by changing your browser settings and opting out via networks such as Digital Advertising Alliance.
3.6 Use of any images, videos of, or other information you tell us about something you have done for the Family Holiday Association.
If you share information about the fundraising or campaigning activities you have done for us, or your personal experiences, by post, email or over social media, we may want to use this to help us promote our events and activities in the future. If you are participating in an event with us, we’ll ask if you are happy to be included in our pictures – please tell us if you are not. In other cases, we will obtain the necessary permission to use this information or share this via social media – if you have already posted information yourself via social media about your engagement with us, we may repost your information.
3.7 To undertake our wider work. We maintain a record of information relating to areas of our wider work. This could include examples of offers you have made to donate items for a holiday or day trip, donations of time or money via a company or partner or offers to provide us with discounts and other offers. This information is stored because it is critical to help us reach our charitable goal. This will include keeping a record of contact details such as address, telephone number and email address as well as the offers you have made, and any networks or connections you have shared with us.
3.8 To comply with the law. As with all charities, we ensure that our activities comply with the law. Therefore, we may need to share or use your personal information if we are required to do so by law (for example, in response to a warrant or court order) and we may use information from other sources for the purposes of fraud prevention, for example to comply with money laundering regulations, or to protect people’s rights, property or safety.
If certain levels of donation are made, the Fundraising Regulator’s Code of Fundraising Practice requires us, and all charities in the UK, to perform checks. More details can be found at www.fundraisingregulator.org.uk.
4 Keeping your details up to date
We always use information you have provided for us to keep your records up to date and respect your preferences when you express them. We also sometimes us publicly available information to ensure information is up to date, for example, Mailing Preference Service, Telephone Preference Service, Post Office National Change of Address database.
We may use other services to cross-check the accuracy of the contact details we hold for you. You can let us know if you move to a new house or your details change by contacting us at email@example.com
5 What we do if you choose to tell us about your experiences with us
Where you have provided information about your experience of our fundraising events, holidays or day trips, or feedback on us (such as how we look after you), through surveys, focus group, questionnaire, or when we are talking to you by phone or email, we will explain what the information will be used for and whether it will be held anonymously or not. If the information will be held in a way that could be connected to you personally (such as a case study or story), we will ask your permission to store and use what you tell us.
We will use this information for the purposes explained to you when we ask you about taking part. For example, to better understand the issues that are important to our supporters which helps shape our communications and activities. We may compare statistics related to our supporters to information about the general population, to help our understanding.
Where you provide more detailed information, we may want to use this in our communications including PR and media activity, digital and social media, campaigning, fundraising materials and internal communications, to help us raise awareness of the charity, fundraising and the delivery and impact of breaks and day trips.
We will never use your story without obtaining your consent first. If a suitable opportunity arises for us to use the information you have given us in a way which we do not feel is covered by our normal agreements (such as for a broadcast media interview), we will contact you to discuss the use of your story in further detail. We will fully explain how we would like to use your information, so that we may obtain your fully informed consent.
Where you have given appropriate consent, we will use information you have shared to send you communications which are relevant to, for example to better support you in an activity you are doing for us; or to ensure that we do not send you any communications or ask you to take part in any activity that would not be appropriate.
The Family Holiday Association ensures that all “consented to” media coverage is accurate. However, once this media coverage is released to the wider internet, we are unable to physically control any “consented to” media coverage and therefore cannot be held liable for its misuse. We will make every effort to ensure that your “consented to” media is protected and used on the internet in a positive and accurate manner where and when possible. Where your “consented to” media coverage has been released to the internet the charity indemnifies itself from all, damages and claims of any kind connected with the use, distribution or disclosure of any photographs, films, videotapes, electronic recordings, art work, or other information regarding participants and the wish, through any media whatsoever, including but not limited to the internet, electronic media, and print publications other than where the charity is deemed as the primary cause of the misuse of your “consented to” media coverage data.
6 Sharing your information with other organisations.
We will never share your information with third parties for their own purposes, unless this is explained to you at the time we collect your information, you give us your permission to, or we are legally required to do so.
For example, we are legally required to provide your data to HMRC if you have agreed to us claiming Gift Aid on your behalf. We may need to provide information to a third party to fulfil and auction prize or offer, or to help deliver a holiday or day trip.
We may also use suppliers known as ‘data processors’ to process data on our behalf, for example, to send out mailings and fulfil orders. When enlisting the services of such suppliers we ensure that they are under a contractual obligation to only use your information in accordance with our instructions and for no other purposes.
7 Transferring your information out of the UK
Sometimes organisations who work on our behalf may manage information outside the UK or European Economic Area (EEA). In those circumstances, we will make sure that we have a valid reason for doing so under current Data Protection legislation and have relevant contractual agreements in place with them.
8 How long we keep your information for
As a rule, we will hold your information for a period of three years from the end of your relationship with the charity in accordance with our data retention policy.
- Examples here are for families who have agreed to share their story, this would be three years from after the date of your holiday or day trip, from the date you signed a consent form unless you have given us new consent, or agree we can use your data for longer
- For supporters, three years could be three years since the date of your last gift or communication with the charity. If you have told us you plan to leave us a gift in your will we will keep your information on our system for longer.
- In some circumstances, we may hold your data for a shorter period, for example information related to unsuccessful job applications is destroyed after six months.
- In some circumstances, we may hold data for longer, for example this will be longer, for example pension information of former employees, information related to Gift Aid to comply with the relevant legislation.
Family Holiday Association is a charity that was founded in 1975. We hold many historic records, which enable us to learn about the work of the charity over the decades and improve how we make decisions in the future.
In order to ensure that we have an ongoing record of our activities which may be of interest and importance in years to come, we keep certain information indefinitely. If this information contains personal data, efforts will be made to contact anyone featured before publication (for example at the time of an anniversary or celebration), where this is not possible high ethical standards will be applied to appropriate presentation of stories and to ensure the information, we are sharing is necessary, relevant and appropriate.
If you would like to know how long we will hold any specific information, then please contact firstname.lastname@example.org and we can provide further details.
9 Your Rights
9.1 Your data rights. The General Data Protection Regulations (GDPR) stipulates that you have the following rights. We are happy to explain how we can help you with any requests around these rights or explain them in more detail for you.
- Information Right – the right to receive the information contained in this policy and our data collection forms about the way we process your personal data.
- Personal Data Access Right – the right to know that we are processing your personal data and, in most circumstances, to have a copy of the personal data of yours that we hold. You can also ask for certain other details such as what purpose we process your data for and how long we hold it.
- Personal Data Correction Right – You have the right to request that we correct inaccurate data or complete incomplete data that we hold on you.
- Personal Data Erasure Right – Known as the Right to be forgotten. In certain circumstances you may request that we erase your personal data held by us.
- Personal Data Restriction Right – You have the right to restrict the way we process your personal data in certain circumstances, for example if: you contest the accuracy of the data, if our processing is unlawful, to pursue legal claims, where we are relying on legitimate interests to process data.
- Data Processing Objection Right – You have the right to object to us processing your data for (i) direct marketing purposes (ii) scientific or historical research or statistical purposes and (iii) purposes of profiling related to direct marketing or based on our legitimate interests or on the performance of a task in the public interest
- Data Portability Right – you have the right to receive a copy of certain personal data or to have it transferred to another organisation in some circumstances
9.2 Right to Withdraw Consent at any time. Where we use your personal information based on your prior consent, or where you have given us permission to send you marketing communications by email, mobile messaging and by direct message on social media, you can withdraw your consent at any time by contacting email@example.com
If you have any complaints about how we handle your personal data, please contact us so we can resolve the issue, where possible. If you need to make a complaint, you can find out more about how you can do this in our Complaints Policy. You also have the right to lodge a complaint about any use of your information with the Information Commissioners Office, the UK data protection regulator. Where you have a complaint about the way in which we have used your personal information in our fundraising, you can also complain to the Fundraising Regulator.
11 How we keep your information secure
We take appropriate measures to ensure data is held confidentially and with integrity in systems. Our staff are trained in the correct procedures for managing and handling data and our processes are regularly reviewed.
Our systems hold data securely – we protect your data in a range of ways including secure servers, firewalls and encryptions. We follow industry standard compliance requirements (such as PCI compliance (for payment card processing). We keep data files in restricted, password-controlled formats, which are stored on our internal systems (such as specialist data management systems, as well as secure files).
Where we work with third parties who may provide us with data (for example Just Giving or payroll giving agencies) or hold your data via a third-party system (for example our email marketing tool), we ensure our suppliers are compliant with the current regulations and have proper systems and processes in place to fulfil their legal and contractual obligations.
We may update this policy to reflect changes in how we use your information. You may wish to check this policy each time you provide us with your information. Where appropriate, we will provide you with notice of any significant changes to how we use your information, for example an email to update.
Other useful information:
- Freedom of Information – The Family Holiday Association is not a ‘public authority’ as defined under the Freedom of Information Act and so we don’t respond to Freedom of Information requests made under the Act. We will happily respond to supporter, family or referrer questions which are appropriate, our concern is to make sure we don’t spend donated resources unwisely in ways that are not in the spirit of our mission.
- Children’s data – We do keep some children’s data on our database, so that we can send families on holiday. We always ask the referrer, parent or guardian, store it appropriately and we don’t use it for other activities like fundraising.
- Links to third-party websites – We list links to other websites in our own website if we believe they may be of use or interest to our website visitors. This privacy notice is for our own websites – we are not responsible for third party websites, their policies, or activities. We have provided links in good faith and are not responsible for the content of other websites. Do read their privacy policies before sharing personal data or financial information.
- Other people’s data – Some of the services we offer allow you to provide the personal data of other people (for example tagging people on photos on social media). Before providing anyone else’s data, please ensure they are happy for you to do so. Under no circumstances must you make public another person’s home address, email address, or phone number without their consent.
- Feedback – We welcome feedback and comments about our work. If you have any questions or comments about our work please get in touch via firstname.lastname@example.org