Privacy Policy
This document contains the following:
- MEND Privacy Policy
- Data Retention Policy
- Accountability Statement
Who we are
MEND is a not for profit organisation in England and we are also a company limited by guarantee (company number 09094528).
This Privacy Policy relates to information which is obtained by MEND and for which MEND is the Data Controller.
MEND’s Purpose
MEND is a not-for-profit company that helps to empower and encourage British Muslims within local communities to be more actively involved in British media and politics.
Our supporters help us to achieve this in a variety of ways, primarily by:
- Fundraising and donating money in order to support our programme of work
- Campaigning for change, through signing petitions, writing letters, and taking part in other campaigning actions
- Organising events to raise awareness about MEND’s activities and the contribution of Muslims to British Society.
We take active steps to make sure that our supporters are aware of the ways in which they can help us achieve our overall purpose.
Why we hold and process supporters’ personal data
We hold and process supporters’ personal data for a number of reasons:
- To keep a record of donations made and actions taken by our supporters and our communications with them
- To send our supporters marketing information about our projects, fundraising activities and appeals where we have their consent or are otherwise allowed to
- To fulfil contractual obligations entered into with supporters e.g. direct debits and standing order
- To support volunteers, whether at MEND events, at exhibitions or participating in any other events
- To record campaigning actions by supporters
- To support community-based fundraising and campaigning
- To ensure we do not send unwanted information to supporters or members of the public who have informed us they do not wish to be contacted
When and why we will send you personalised marketing communications
MEND will only contact you for marketing purposes – for example keep you up to date on our work, or let you know of ways in which you can support that work – where we have your consent or we are otherwise allowed to do so.
We will make it easy for you to tell us if you would like to receive marketing communications from us and hear more about our work and the ways in which you would like to receive this information (post, email and phone). We will not send you marketing material if you tell us that you do not wish to receive it.
Where you give us your consent to send marketing information, we will wherever possible let you know how long this consent will last. Unless we have grounds for believing that a longer period is reasonable and have explained this to you, we will understand your consent to last for 6 years. After this time, in order for us to continue to update you, we will need your refreshed consent. You can update or withdraw your consent at any time, for individual channels of communication, or for all channels.
The retention period aligns with our political activities, which are built around the assumption of an election every five years, with one year of post-election activities. Please see the Data Retention document for further details.
Consent lasting more than 6 years
We will generally treat any marketing consent you give us as lasting for 6 years, but where you have given us a donation, be it monthly or a one-off, unless you withdraw your consent, we will treat consent as enduring until you cancel your donation, if giving monthly. Your consent will expire 6 years after the last donation. This is to enable us to keep you up to date with the impact of your donation, and to ask whether alternative means of support would be of interest.
How and when we collect information about you
MEND may collect your personal data in the following circumstances:
1) When you give it to us DIRECTLY
You may give us your personal data directly when you make a donation, sign up for one of our events, attend, when you communicate with us.
2) When you give it to us INDIRECTLY
You may give us your information indirectly when you donate online via GoCardless and PayPal. These independent third parties provide access to your non-financial data to MEND in order to provide you an update.
Sometimes your personal data is collected by an organisation working on our behalf, but as they are acting on our behalf we are the “data controller” and responsible for the security and proper processing of that data.
3) When you access MEND’s Social Media
We might also obtain your personal data through your use of social media such as Facebook, WhatsApp, Twitter or LinkedIn, depending on your settings or the privacy policies of these social media and messaging services. To change your settings on these services, please refer to their privacy notices, which will tell you how to do this.
https://www.facebook.com/policy.php
https://twitter.com/en/privacy
https://www.whatsapp.com/legal/#privacy-policy
https://www.linkedin.com/legal/privacy-policy
4) When the information is publicly available
We might also obtain personal data about individuals who may be interested in giving major gifts to charities or organisations like MEND. In this scenario, MEND may seek to find out more about these individuals, their interests and motivations for giving through publicly available information. This information may include newspaper or other media coverage, open postings on social media sites such as LinkedIn, and data from Companies House. MEND will not retain publicly available data relating to major donors without their consent, which will be sought at the earliest practical opportunity.
5) When we use cookies
Cookies are a useful way for us to understand how supporters use our web site and/or use the MEND app. When you visit our web site or use the MEND app we will collect data from your computer or other device such as a smart phone or tablet through the use of “cookies”. Cookies are created by your web browser when you visit our website. Every time you go back to the MEND website, your browser will send the cookie file back to the website’s server. They improve your experience of using our website, for example, by remembering your preference settings so that you are presented with information likely to be most relevant to you, and by measuring your use of the website to enable us to continuously improve our website to ensure that it meets your needs. Cookies can also be used to show you relevant MEND content on social media services such as Facebook – these are known as ‘retargeting’ or ‘advertising’ cookies.
You may wish to visit www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies. For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.
Please be aware that restricting cookies may impact on the functionality of the MEND website.
If you visit our website as an anonymous visitor (e.g. you switch off cookies), MEND may still collect certain information from your browser, such as the IP address (an IP address is a number that can uniquely identify a computer or other internet device).
The MEND website contains hyperlinks to websites owned and operated by other organisations. These include other media organisations (such as the BBC), research organisations and think tanks. These third-party websites have their own privacy policies, including policies on their use of cookies, and we urge you to review them. They will govern the use of personal information you submit or which is collected by cookies whilst visiting these websites. We cannot accept any responsibility or liability for the privacy practices of such third-party websites and your use of such websites is at your own risk.
What information might MEND collect about you?
We only collect personal data relevant to the type of transactions you have with MEND.
For example, when you contact MEND to make a donation, purchase an item online, take a campaign action, or sign up to any of MEND’s activities or online content, such as newsletters, competitions, or message boards, or you telephone, email, write to or text MEND, or engage with MEND via social media channels, we may receive and retain personal information about you.
The information we collect is relevant to the type of transaction you are entering into with details such as your name, email address, postal address, telephone or mobile number, bank account details to process donations.
Sensitive Personal Data
All sensitive personal data is stored on a secure database or password protected files, to which only a limited number of relevant staff have access. It is deleted when no longer relevant, is never shared with third parties without permission, and is available to you at any point should you wish to see it.
How will MEND use your personal data?
MEND will use your personal information for the following purposes:
1) For administrative reasons, including:
- “service administration”, which means that MEND may contact you for reasons related to administering any donations you have made, the completion of commercial or other transactions you have entered into with MEND or the activity or online content you have signed up for;
- to confirm receipt of donations (unless you have asked us not to do this), and to say thank you and provide details of how your donation might be used.
- in relation to correspondence you have entered into with us whether by letter, email, text, social media, message board or any other means, and to contact you about any content you provide;
- for internal record keeping so as to keep a record of your relationship with us;
- to keep your data up to date – for instance we use the Royal Mail’s data on postal address changes to ensure that we can maintain contact with you where we believe you are happy to be contacted by post, we also use services which notify us of the recently deceased to avoid any distress that continued communications would cause;
- to implement any instruction you give us to with regard to withdrawing consent to send marketing information or informing us through the Fundraising Preference Service that you do not wish to receive any marketing information;
- to use IP addresses to identify the location of users, to block disruptive use and to establish the number of visits from different countries.
2) For MEND’s own marketing and fundraising reasons.
3) For market research
- to invite you to participate in surveys or research about MEND or our work (participation is always voluntary);
- to analyse and improve the activities and content offered by the MEND website to provide you with the most user-friendly navigation experience. We may also use and disclose information in an anonymous aggregate way (so that no individuals are identified) for marketing and strategic development purposes.
Will we share your personal data with anyone else?
We will only use your information within MEND for the purposes for which it was obtained. MEND will not, under any circumstances, share or sell your personal data with any third party for their own marketing purposes, and you will not receive marketing from any other companies, charities or other organisations as a result of giving your details to us.
MEND’s suppliers
We may need to share your information with service providers who help us to deliver our projects, activities and appeals. These “data processors” will only act under our instruction and are subject to pre-contract scrutiny and contractual obligations containing strict data protection clauses. We do not allow these organisations to use your data for their own purposes or disclose it to other third parties without our consent and we will take all reasonable care to ensure that they keep your data secure.
Facebook and other Social Media Sites
We may also use your email address and phone number to match to your account on Facebook or other social media sites in order to show you MEND content while using these services. We only do this where you have opted in to marketing emails or phone calls and we keep your data secure by encrypting it. No data we hold about you is retained by the third party.
In addition, we may also use your email address and phone number to link to Facebook or other social media sites in order to identify other users of these sites whom we believe would be interested in MEND, and we may then show them MEND content. No data we hold about you is retained by the third party.
There are two ways to prevent this use of your data, you can either update your preferences at MEND by opting out of the relevant channel of communication or you can do this via the social media site:
Facebook: https://www.facebook.com/help/568137493302217
LinkedIn: https://www.linkedin.com/help/linkedin/answer/62931
Twitter: https://business.twitter.com/en/help/troubleshooting/how-twitter-ads-work.html
Updating your preferences with MEND will not guarantee that you never see MEND content on social media, since the social media site may select you based on other criteria and without your data having been provided by MEND.
Where legally required
We will also comply with legal requests where disclosure is required or permitted by law (for example to government bodies for tax purposes or law enforcement agencies for the prevention and detection of crime, subject to such bodies providing us with a relevant request in writing).
Your data is only processed outside the EU where MEND has verified that appropriate standards and safeguards are in place.
How long will MEND keep your personal information?
We will hold your personal information on our systems for as long as is necessary for the relevant activity.
If you request that we stop sending you marketing materials we will keep a record of appropriate information to enable us to comply with your request not to be contacted by us.
Where you contribute material to us, e.g. user generated content or in response to a particular campaign we will only keep your content for as long as is reasonably required for the purpose(s) for which it was submitted unless otherwise stated at the point of generation.
Please see the Data Retention document for further details.
How to control what we send you or request we update your personal information?
The accuracy of your information is really important to us. We want to ensure that we are able to communicate with you in ways that you are happy with, and to provide you with information that is of interest.
If you wish to change how we communicate with you, or update the information we hold, then please contact us:
- email us at [email protected]
Additionally, you can opt out of marketing emails at any time by clicking the unsubscribe link in any marketing email from MEND.
How long will it take for these changes to be effective?
We endeavour to meet the following service levels where supporters request we do not send them marketing information:
- Email – 24 hours from receipt of email
- Telephone – one working day from receipt of request to opt out
- Mail – 28 days from receipt of ‘do not mail’ request. This period is longer than for other channels due to the production times for mailing campaigns, and in most cases we would expect the change to be effective much more quickly.
Under the GDPR you have the right to request a copy of the personal information we hold about you and to have any inaccuracies corrected free of charge.
Please address requests and questions about this Privacy Policy by contacting our team via email at [email protected].
How MEND keeps your data safe?
We ensure that there are appropriate technical controls in place to protect your personal details. For example, our online forms are always encrypted and our network is protected and routinely monitored.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
We use external companies to collect or process personal data on our behalf. We do comprehensive checks on these companies before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they collect on our behalf, or have access to. We have a robust partner monitoring framework to ensure these contractual obligations are met.
How to make complaints about this policy or raise privacy concerns?
If you would like more information or have any questions about this policy, please contact our team by email at [email protected].
You also have the right to make a complaint direct to the UK’s data protection authority, the Information Commissioner’s Office (ICO). The ICO can be contacted at: https://ico.org.uk/global/contact-us/
Concerns can be also be logged via the ICO website.
For more information on how we are accountable for data, please see our Accountability Statement.
Changes to MEND’s privacy policy?
This Privacy Policy may be updated from time to time so you may wish to check it each time you submit personal information to MEND. The date of the most recent revisions will appear on this page. If you do not agree to these changes, please do not continue to use the MEND website to submit personal information to MEND. If material changes are made to the Privacy Policy we will notify you by placing a prominent notice on the website.
DATA RETENTION POLICY
Overview
A Data Retention Policy form outlines the period of time information can be held. Data shall be maintained for as long as there is an operational need.
Purpose
This policy addresses the requirements surrounding Data Retention as set out by the General Data Protection Regulation (GDPR) and how MEND meets its obligations to individuals and the law regarding the retention of personal data.
Scope
This policy specifically applies to:
- Staff, volunteers, consultants, contractors and, as appropriated, partnership organisations, partner staff and third parties
- Records that are created, handled, stored or processed by MEND
Policy
This document sets out MEND’s policy for the disposal and retention of records. It applies to all records, both in paper and electronic form.
Personal data shall not be kept for longer than is necessary for a given purpose.
Data Storage Guidelines
All sensitive personal data is stored on a secure database or password protected files, to which only a limited number of relevant staff have access. It is deleted when no longer relevant, is never shared with third parties without permission, and is available to you at any point should you wish to see it.
Data Retention Period
Six years as standard; exceptions apply where appropriate.
Author
Na’eem Ibn Farooq
Owner
Head of Operations
Accountability Statement
At MEND, we regularly review our data protection policies, staff guidance and practice. By doing this, we ensure that we continue to be compliant with the law. It also means that our intended processing remains clearly explain, necessary and transparent. When Consent is required, we gather it in accordance with the law, and always consider the Rights of others before proceeding. Data is only shared by us where we have a defined purpose to do so and a data sharing agreement is in place. We welcome any enquiries from the public with regards to any personal information that we may hold.
On a regular basis, we assess the risks associated with processing data to ensure we are upholding the Rights and Freedoms of each individual. Before choosing to process data in a new way, we carry out thorough risk assessments. We maintain extensive records of our processing which includes incident logs. This helps us to measure our compliance and identify any weaknesses in our procedures.
We also monitor case law and the guidance of the ICO and EDPB. We are constantly reviewing our security measures (both technical and physical) and ensuring that appropriate safeguards are in place. We implement the Principle of Least Privilege (PoLP) to limit access to data to the minimum required to perform each role in the organisation. We also train our staff on the essentials of data protection.
Last updated: 21/02/2020