Policies and Statements

Privacy Policy

  1. Who are we?
    South West Wildlife Fundraising Ltd (SWWFL) is a wholly owned subsidiary of 8 Wildlife Trusts in the South and West of England; Avon Wildlife Trust, Devon Wildlife Trust, Dorset Wildlife Trust, Gloucestershire Wildlife Trust, Hampshire & Isle of Wight Wildlife Trust, Somerset Wildlife Trust, Wiltshire Wildlife Trust and Worcestershire Wildlife Trust (referred to as the owning Trusts). We are a limited company (Company no. 08529465) and as a collaborative organisation with the Wildlife Trusts we look after their membership fundraising.
  2. Our commitment to your privacy
    1. When you sign up to membership to one of our owning Trusts, SWWFL obtains information about you. This statement explains how we look after that information and what we do with it.
    2. We have a legal duty under the General Data Protection Regulations (GDPR) to reasonably protect personal information about you. We also must ensure that the data we hold is accurate, adequate, relevant and not excessive. We will pass your details to the Wildlife Trust(s) that you have agreed to support. We will only contact you again if there is an issue setting up the membership with the information you have provided, otherwise you will next be contacted by the Wildlife Trust(s) who will provide details of their Privacy Statement. We will only hold onto limited details for the purpose of charging our owner Trusts, paying our Membership Recruiters, performance management of our staff in order to maintain the efficient operation of the organisation. After a stated period, this data will be anonymised for performance and effectiveness reporting purposes only.
    3. All of the information we hold comes directly from you. Whenever we collect information from you, we will make it clear which information is required in order to provide you with the membership you have chosen. You do not have to provide us with any additional information unless you choose to. We store your information securely on our computer system, we restrict access to those who have a need to know, and we train our staff in handling the information securely.
    4. We always send your data to our owner Trusts securely, to minimise the risk of it being intercepted by unknown individuals and/or organisations. Any third parties we work with at no point ‘own’ your data, so you will never hear from them independently and they will always delete your data from their systems when they have completed the task in hand.
    5. We will never sell your personal data.
    6. Should you wish to find out more about the information we hold about you, or about our privacy policy, please contact us:

      Data Protection Office
      South West Wildlife Fundraising Ltd
      Cricklepit Mill
      Commercial Road
      Exeter
      EX2 4AB

      Tel: 01392 420124

      Our office hours are Monday – Friday, 9am – 5pm.
  3. Key Terms
    Any references to South West Wildlife Fundraising Ltd, SWWFL, ‘we’ or ‘us’ in this and Related Policies refer to SWWFL the company – a registered company in England and Wales (registered charity number 8529465).

    The following are some of the key terms that apply in this document. These are definitions used by the Information Commissioner’s Office (ICO), the UK’s independent body set up to uphold information rights (www.ico.org.uk)
    1. Automated Processing: any form of Automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. Profiling is an example of Automated Processing.
    2. Data Subject: this is you. As the data subject, we respect your right to control your data.
    3. Data Controller: this is us, the Devon Wildlife Trust. With your permission, we determine why and how your personal data is used (as outlined in this document).
    4. Data Processor: this is a person, or organisation, who processes your data on our behalf (eg pension provider).
    5. Legitimate Interest: is one of the Lawful reasons for Processing Personal Data. It is where we determine that the Processing is necessary for us to pursue our legitimate interests and is lawful so long as the fundamental rights and freedoms of the individual are not overridden. We must have a clear and documented rationale for processing on this basis and an individual has the right to opt-out of any kind of communications that we send them on a Legitimate Interest basis. Other lawful basis for processing include consent; contractual; legal and vital interest.
    6. Personal Data: any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data includes Sensitive Personal Data and Pseudonymised Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person's actions or behaviour.
  4. Why do we collect your personal data?
    1. We use your personal data to keep in order for the Wildlife Trusts we service to enable them to set up your membership. They will contact you after we pass your personal data over to the Trust(s) with their privacy policy as they will use your data for other purposes than SWWFL eg to administer your membership and keep in touch.
    2. SWWFL will only ever get in touch with you if there is an issue with the initial information provided which means we are unable to pass your information over to the Trust to set up your membership or if there is an initial failed direct debit payment.
    3. We will only hold onto limited details for the purpose of charging our owner Trusts, paying our Membership Recruiters, performance management of our staff in order to maintain the efficient operation of the organisation. After a requisite period, this data will be anonymised for performance and effectiveness reporting purposes only.
    4. We will only ever collect, store and use your personal data when we have an identified purpose and reason to do so. The ICO refers to this as a ‘lawful basis’. Further information about why we collect your personal data is outlined below.
  5. How do we store your data?
    1. Security
      All of the personal data we process is processed by our staff in the UK. This will be done in accordance with guidance issued by the Information Commissioner’s Office.
      Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.
    2. Data Retention policy
      We will only use and store information for as long as it required for the purposes it was collected for. We continually review what information we hold, and delete what is no longer required.
      If your membership is cancelled, for whatever reason, we have a 3 month clawback with our owner Trusts. We retain data to fulfil this clawback agreement, but do not retain personal information past this point.
  6. How is your personal information collected?
    All of the information we hold comes directly from you. Whenever we collect information from you, we will make it clear which information is required in order to provide you with the membership you have chosen. You do not have to provide us with any additional information unless you choose to.
  7. How we will use information about you?
    We will send most of your information securely onto the Trust you wish to support. We will only hold onto limited details for the purpose of charging our owner Trusts, paying our Membership Recruiters, performance management of our staff in order to maintain the efficient operation of the organisation. After a stated period, this data will be anonymised for performance and effectiveness reporting purposes only.
  8. If you fail to provide personal information
    If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (ie ability to become a member).
  9. Right to access to personal data
    1. SWWFL recognises that all individuals who are the subject of personal data held by SWWFL have the right to control their data. Your rights are:
      1. The right to be informed
        This privacy statement outlines how we capture, store and use your data. If you have any questions about any elements of this policy, please contact us.
      2. The right of access
        If you wish to obtain a record of the personal data we hold about you, through a Subject Access Request, we will respond within one month
      3. The right to rectification
        If we have captured information about you consider to be inaccurate or incomplete, we will update it.
      4. The right to erase
        You can ask us to remove or randomise your personal details from our records.
        Certain exemptions apply:
        The right to erasure does not apply if processing is necessary for one of the following reasons:
        1. To exercise the right of freedom of expression and information.
        2. To comply with a legal obligation.
        3. For the performance of a task carried out in the public interest or in the exercise of official authority.
        4. For archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or for the establishment, exercise or defence of legal claims.
      5. The right to restrict processing
        You can ask us to stop using your personal data.
      6. The right to data portability
        You can ask to obtain your personal data from us for your own purposes.
      7. The right to object
        You can ask to be excluded from marketing activity.
      8. Rights in relation to automated decision making and profiling
        We respect your right not to be subject to a decision that is based on automated processing.
    2. These rights are subject to certain exemptions which are set out in the Regulations. Any person who wishes to exercise this right should make a request in writing to the Chief Executive.
    3. Unless we are under a legal obligation to release data, or the individual has given us permission, personal information will only be released to the Individual to whom it relates. The disclosure of such information to anyone else without their consent may be a criminal offence. Any employee who is in doubt regarding a subject access request should check with the Chief Executive. Information must under no circumstances be sent outside of the UK without the prior permission of the Chief Executive.
    4. We aim to comply with requests for access to personal information as quickly as possible, but in any case, within the legal maximum of one month.
  10. Making a complaint
    SWWFL want to exceed your expectation in everything we do. However, we know that there may be times when we do not meet our own high standards. When this happens, we want to hear about it, in order to deal with the situation as quickly as possible and put measures in place to stop it happening again.

    We take complaints very seriously and we treat them as an opportunity to develop our approach. This is why we are always very grateful to hear from people who are willing to take the time to help us improve.

    Our policy is:
    1. To provide a fair complaints procedure that is clear and easy to use for anyone wishing to make a complaint.
    2. To publicise the existence of our complaints procedure so that people know how to contact us to make a complaint.
    3. To make sure everyone in our organisation knows what to do if a complaint is received.
    4. To make sure all complaints are investigated fairly and in a timely way.
    5. To make sure that complaints are, wherever possible, resolved and that relationships are repaired.
    6. To learn from complaints and feedback to help us to improve what we do.
  11. Confidentiality
    All complaint information will be handled sensitively, in line with relevant data protection requirements.
  12. Responsibility
    Overall responsibility for this policy and its implementation lies with our Chief Executive and Board of Directors.
  13. Information Commissioner’s Office
    For further assistance with complaints regarding your data, please contact the Information Commissioner’s Office, whose remit covers the UK.

    Information Commissioner’s Office
    Wycliffe House
    Water Lane
    Wilmslow
    SK9 5AF

    Telephone: 0303 123 1113
    Email: casework@ico.org.uk
  14. Leaving our website
    We are not responsible for the privacy practices or the content of any other websites linked to our website. If you have followed a link from this website to another website you may be supplying information to a third party.
  15. Get in touch
    Should you wish to find out more about the information we hold about you, or about our privacy policy, please contact us:

    Data Protection Officer
    South West Wildlife Fundraising Ltd
    Cricklepit Mill
    Commercial Road
    Exeter
    EX2 4AB

    Tel: 01392 420124

    Our office hours are Monday – Friday, 9am – 5pm.

 

Cookie Policy

Our website uses a few ’Cookies’.

  1. What’s a Cookie?
    A Cookie is a small data file that the website creates and stores on your browser for the duration of your visit - and in some case for longer until it expires naturally (typically within a few weeks - but could be as much as 12 months), or is deleted by you the user clearing your browser history/cache. Modern browsers have functions built in that can do this automatically every time you close the browser should you wish to use that option.
  2. What are they for?
    1. Some Cookies allow the website to function properly and are essential for that purpose - in order to allow you to move from page to page smoothly and interruption free and things such as Contact Forms to function. Because these Cookies are essential to the operation of the website, they do not require additional consent from the website visitor in order to function. Plus - somewhat ironically, the Cookie Notice that appears at the bottom of the site - needs a Cookie in order to function.
    2. Other Cookies are for collecting website traffic statistics which are important to help the website owner to make the site and it's content better for the visitor, these Cookies are often provided by third parties like Google Analytics or other visitor tracking services. On this website They do not collect any Personal Identifiable Information and therefore the information they collect is Completely Anonymous. This can include information about the region of the world the visitor is located, the duration of the visit, the pages visited during that visit, the method of arrival to the website (via a search engine, social media link or other link), the browser and O/S of the visitor and whether it was a desktop or smartphone/tablet.
  3. Can I be identified with this information?
    In short, No. It is impossible to detect an individual from any of the website traffic data collected as the visitor's IP address (your devices ID on the internet) is permanently anonymized before the data is delivered to the visitor tracking service to collate the information. Also, even if this data was not anonymized - because the data is collated into statistics - it would still be impossible to identify a specific individual from the resulting website traffic information. Because of this anonymization these Cookies already comply with the GDPR and therefore do not require additional consent from the website visitor in order to function.
  4. Any other Cookies
    This website does not use any superfluous or other Cookies for Advertising, Marketing etc. purposes and therefore does not require an 'Opt-In' function at your first point of access to the website.

 

Legitimate Interest Statement - Venues & Events

  1. Introduction
    This statement forms part of our Data Protection policies. It is focused on contact information we hold for venues and events that we book in the course of our ongoing business activities.
    These may be business contacts (business to business) or personal contacts (volunteers and individuals who organise events in their own time). If we hold personal information for any of these contacts, they are covered by GDPR.
  2. Definitions:
    1. Legitimate Interest: Where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing.
    2. The right to be informed: to know how we capture, store and use and individual’s personal data.
  3. How do we establish that we can use legitimate interest for these contacts?
    In order to apply legitimate interest for over venues and events contacts, we have applied the 3 part test (source: ico.org.uk);
    1. We have a lawful reason for processing this personal data;
      1. We hold this data so SWWFL can book venues and events for our Membership recruiters to attend with their information stand.
      2. We book venues and events in advance so we have permission to attend under the Institute of Fundraising Private site guidelines. It is also SWWFL good practice to obtain consents to attend in advance.
    2. We have identified there is a specific interest underlying the processing and have ensured that the process is necessary for that purpose;
      1. We will use this information to book venues and events.
      2. We may make contact if we have a query regarding a booking.
      3. We may use this information to thank venues for allowing us to attend.
    3. Having met the requirements of the first two parts, we then apply the balancing test. The personal information will be used in a business context and the processing is unlikely to have a significant impact on them personally;
      1. We will only use this information in a business context. Our venue co-ordinators are employed by SWWFL and have received training on the use of venues and events contacts.
    In carrying out our test we establish that we do not use the personal information to make direct marketing calls and so legitimate interest applies to this information.

    If you intend to process the personal data of your business contacts we remember that individuals’ rights, including the right to be informed, still apply.
  4. How we store personal information
    1. All venues and events contacts are recorded as electronic data. We do keep paper records of venue and events contacts.
    2. All databases or documents that contain personal data are logged on our Personal Data Log. The Log details the data held, for what purpose, where it is stored, who has access to it and who is responsible for its maintenance.
    3. We minimise the number of places where personal data is stored on our system., personal data relating to venues and events contact are stored securely on our single CRM Database (Salesforce) which required password access.
    4. All employees and workers are responsible for ensuring that any personal data that they hold is stored securely and that personal information is not disclosed either orally or in writing or otherwise to any unauthorised third party. Care is taken to ensure that information displayed on a computer screen cannot be read by any unauthorised person.
    5. Any appointed third party processors will be required to provide sufficient guarantees for their data security measures and compliance with them (for example the backups of our data). A contract will be in place with each supplier, which requires them to dispose of data securely and to provide suitable evidence of this. Checks will be made to ensure that secure data disposal facilities are in place and regular monitoring will take place.
    6. Any employee who discovers personal or sensitive data ¡n an inappropriate place (for example unknowingly sent to the wrong printer) should immediately pass this to their line manager, ensuring that its contents are not revealed to anyone else.
  5. Password Protocols
    1. Access to Database is restricted through the use of passwords. Relevant folders are further restricted through the use of password protection. Access to Salesforce is restricted through the use of passwords, with permissions restricted with the principle of providing the minimal justifiable access.
    2. Passwords used to secure personal data will be:
      1. Minimum of 10 characters long
      2. A mix of alphanumeric characters
    3. Database passwords will be changed every 3 months.
  6. Emails
    1. We may also make contact via email. Email traffic is by default not secure. All emails containing personal data will only be saved when absolutely necessary.
    2. They will be saved in password protected folders in the relevant area of a secure drive then deleted immediately from Outlook.
    3. Personal data will not be transferred to any third party by email. Cloud based solutions will be used, but where email is unavoidable, data will be encrypted.

 

Legitimate Interest Statement - Wildlife Trust Members

1. Introduction

South West Wildlife Fundraising Ltd (SWWFL) is a wholly owned subsidiary of 8 Wildlife Trusts in the South and West of England; Avon Wildlife Trust, Devon Wildlife Trust, Dorset Wildlife Trust, Gloucestershire Wildlife Trust, Hampshire & Isle of Wight Wildlife Trust, Somerset Wildlife Trust, Wiltshire Wildlife Trust and Worcestershire Wildlife Trust (referred to as the owning Trusts). We are a limited company (Company no. 08529465) and as a collaborative organisation with the Wildlife Trusts we look after their membership fundraising.

This statement forms part of our Data Protection policies. It is focused on contact information we hold on behalf of the Wildlife Trusts for the purpose of setting up membership. For this information we are a data processor on behalf of the Wildlife Trusts.

From time to time SWWFL may need to contact members of the public regarding the information they have been given to set up a Wildlife Trust membership if there is an administrative error.

2. Definitions

Legitimate Interest: Where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing.The right to be informed: to know how we capture, store and use and individual’s personal data.

3. How do we establish that we can use legitimate interest for these contacts? 

In order to apply legitimate interest for over Trust membership data, we have applied the 3 part test (source: ico.org.uk);

1. We have a lawful reason for processing this personal data;

  • SWWFL’s sole purpose is to recruit members for the Wildlife Trusts. We process the data on behalf of the Trust so members of the public are able to engage with membership of the Wildlife Trusts. For this we have Data processing agreements in place with the Trusts

2.We have identified there is a specific interest underlying the processing and have ensured that the process is necessary for that purpose;

  • We only collect this information on behalf of the Trusts.
  • We will only contact you if there is a problem with some of the information you have provided which means we are unable to set up a Wildlife Trust membership.  

3. Having met the requirements of the first two parts, we then apply the balancing test. The personal information will be used in a business context and the processing is unlikely to have a significant impact on them personally;

  • We will only use this information in a business context. Our Membership Recruiters are employed by SWWFL and have received training on the use of membership information.
  • You will only receive contract if you have given consent and if there is a problem with the information you have provided, you will not be asked for additional information, just rectification of the existing information.

In carrying out our test we establish that we do not use the personal information to make direct marketing calls and so legitimate interest applies to this information.

We remember that individuals’ rights, including the right to be informed, still apply and full details can be found in our Privacy Notice (GDPR 7).

4. How we store personal information

4.1  All Wildlife Trust membership data is recorded as electronic data. We do not keep paper records of Wildlife Trust membership data. Any forms are collected on behalf of the Trust and are forwarded on to them on a weekly basis.

4.2  All databases or documents that contain personal data are logged on our Personal Data Log.  The Log details the data held, for what purpose, where it is stored, who has access to it and who is responsible for its maintenance.

4.3  We minimise the number of places where personal data is stored on our system., personal data relating to Wildlife Trust membership are stored securely on our single CRM Database (Salesforce) which required password access.

4.4  All employees and workers are responsible for ensuring that any personal data that they hold is stored securely and that personal information is not disclosed either orally or in writing or otherwise to any unauthorised third party. Care is taken to ensure that information displayed on a computer screen cannot be read by any unauthorised person.

4.5   Any employee who discovers personal or sensitive data ¡n an inappropriate place (for example unknowingly sent to the wrong printer) should immediately pass this to their line manager, ensuring that its contents are not revealed to anyone else.

5. Password Protocols

5.1  Access to Database is restricted through the use of passwords. Relevant folders are further restricted through the use of password protection. Access to Salesforce is restricted through the use of passwords, with permissions restricted with the principle of providing the minimal justifiable access.

5.2  Passwords used to secure personal data will be:

  • Minimum of 10 characters long
  • A mix of alphanumeric characters

5.3  Database passwords will be changed every 3 months.

6. Emails

6.1  We may also make contact via email. Email traffic is by default not secure. All emails containing personal data will only be saved when absolutely necessary.

6.2  They will be saved in password protected folders in the relevant area of our secure drive then deleted immediately from Outlook.

6.3  Personal data will not be transferred to any third party by email. Cloud based solutions will be used, but where email is unavoidable, data will be encrypted.


 

SWWFL Fundraising Complaints Policy

  1. Introduction
    All of us at SWWFL try to exceed expectation in everything we do. We strongly believe that feedback is a positive way to learn about our customers, find out how we’re doing and motivate colleagues by gaining a sense of what we collectively achieve. We’re fortunate to frequently receive positive feedback from members, our venue partners and people interested in the work that we do which is lovely to hear about. We are committed to meeting the requirements of the Code of Fundraising Practice and are organisational Members of the Institute of Fundraising to help SWWFL grow and develop within a best practice framework. However, we know that there may be times when we do not meet our own high standards. When this happens, we want to hear about it in order to deal with the situation as quickly as possible and put measures in place to stop it happening again.
  2. Our approach to complaints
    1. Being able to make a complaint and have it properly investigated by the charity/organisation instils confidence in our supporters and members of the public.
    2. It shows we are a responsible, accountable and transparent organisation.
    3. It saves time for everyone in the long-run if concerns are tackled early on and resolved satisfactorily.
    4. It helps us to measure and monitor our services and quality.
    5. It enhances our reputation as a fair, caring and honest.
    6. Complaints should be welcomed, not feared – all feedback is constructive.
  3. Handling complaints
    1. Stage 1: SWWFL tries to resolve the complaint
      Any complaints can be raised with SWWFL in the first instance or, if sufficiently serious, to the Fundraising Regulator (‘FR’). Generally it is expected that the responsible organisation takes ownership of the complaint and is passed to the FR only if the matter cannot be resolved satisfactorily.
      1. How to complain
        Register the complaint with SWWFL (in writing by post, by email, or by phone) within three months of the incident occurring:
        Post: SWWFL, Cricklepit Mill, Commercial Road, Exeter, EX2 4AB
        Email: finance@swwfl.co.uk
        Phone: (01392) 428895 or (01392) 420124
      2. Complaint is made
        We will acknowledge your complaint and provide you with a copy of the Complaints form, if not already having received full information in writing/email, together with a copy of the SWWFL complaints procedure and the Fundraising Promise within 5 working days. We will generally endeavour to investigate the complaint, subject to being able to contact the complainant and all relevant parties (annual leave and other factors may sometimes impact this) within 14 working days. Hence we will allow up to 28 days in these circumstances.
      3. When the investigation is completed
        We will tell you of the outcome of the investigation in writing within 28 days of acknowledgement of receipt of the complaint.
      4. Record of the complaint
        SWWFL will keep a record of the complaint for at least 24 months from the date the complaint was made and will make the record available for inspection by the Fundraising Regulator if required. A full complaints report will be sent to the SWWFL Board on a quarterly basis in order to review; with an emphasis on identifying trends and measures to improve our practices.
      5. If the outcome is not seen as satisfactory
        You can escalate the complaint by raising you concerns with The Fundraising Regulator within two months of receiving SWWFL’s final response.
    2. Stage 2: The Fundraising Regulator tries to resolve the complaint
      If the complaint is not satisfactorily resolved, then it can be passed to the Fundraising Regulator. They will investigate the complaint and work with SWWFL and yourself to try to resolve the problem.
      Once the Fundraising Regulator has received the complaint, they will contact us to inform us of the complaint and to gather information from us regarding the issue.
      SWWFL will provide the Fundraising Regulator with any fundraising materials as necessary and will cooperate fully and comply with any remedy proposed by the Fundraising Regulator.
      The Regulator will investigate the complaint and try to resolve it with all parties concerned within 30 days.
    3. Stage 3: The Fundraising Regulator upholds or rejects a complaint
      If you are still not satisfied with the outcome you can ask the Fundraising Regulator to adjudicate.
      The Fundraising Regulator will review the complaint and report their conclusion within 60 days. The Regulator has the discretion to specify that either no further action is appropriate or to censure SWWFL and prescribe one or more sanctions. The Fundraising Regulator will try to pursue the case to a satisfactory conclusion for both parties.
© 2017 South West Wildlife Fundraising - All rights reserved. website designed by:  The Number 27