1. Important information and who we are
The Almshouse Association is committed to protecting your personal data and ensuring that it is only ever used in accordance with your rights and expectations.
When we refer to:
- “we”, “us” or “our”, we mean The Almshouse Association;
- “personal data”, we mean any information relating to an identified or identifiable living individual;
- “processing”, we mean collecting, recording, organising, storing, sharing, destroying or anonymising personal data.
How to contact us and how to complain
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
2. The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect personal data about you in any of these ways:
- When you apply for a job with us;
- When you are a staff member or volunteer;
- When you are engaged by us as a contractor and supply services to us;
- When you are a member;
- When you are a donor or potential donor;
- When you are a beneficiary;
- When you are trustee;
- When you access our website;
- When you contact us, request information or send us feedback.
We may collect personal data from you in person, over the telephone, through the post or online via email or our website, social media platforms or web surveys.
We may also collect personal data about you from other sources such as:
- Former employers, if you apply to work with us;
- DBS check providers, if you are an employee or volunteer and work with adults at risk;
- Via our fundraising consultants, if you are a donor or potential donor;
- Via the Charity Commission, if you are a member.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data including your name, data of birth, username or similar identifier, marital status, title and gender;
- Contact Data including your address, email address and telephone numbers;
- Financial Data including your bank account
- Transaction Data including details about payments to and from you and other details of services you have purchased from us;
- Technical Data including your internet protocol (IP) address and your login data;
- Usage Data including information about how you use our website and services;
- Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences;
- Feedback data including notes of any conversations with you, and details of any comments or complaints you make;
- Health-related data including self-certificate forms and doctors’ notes in relation to sickness absence, if you are an employee;
- Information revealed through a DBS check including information about criminal convictions and offences, if you work or volunteer with adults at risk;
- Other sensitive data you may have disclosed to us such as your racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, sexual orientation or genetic information and biometric data.
Under data protection law, health-related data and the other sensitive data listed above are all considered “special categories” of personal data. This data, as well data concerning criminal convictions and offences, requires higher levels of protection and so is subject to tighter controls.
Depending on the circumstances, we use your personal data so that we may:
- Make a decision about your recruitment or appointment;
- Perform and administer any contract we have entered into with you;
- Pay you or process any donations from you;
- Provide services to you, as a member or beneficiary;
- Receive services from you, as a contractor, volunteer or trustee;
- Communicate with you when you engage with us;
- Improve, assess and evaluate our operations;
- Investigate any complaints;
- Verify your identity;
- Customise our website and its content to your particular preferences.
3. How we use your personal data
We only use your personal data when we have a proper reason for doing so. There are various different legal bases upon which we may rely, depending on what personal data we process and why.
The legal bases we rely on most commonly to process your data include:
- contract: where our use of your personal data is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract;
- legal obligation: where our use of your personal data is necessary for us to comply with the law;
- legitimate interests: where our use of your personal data is necessary to pursue our legitimate interests in a way which might reasonably be expected (that is, to pursue our aims of promoting the establishment, continuation and efficiency and effectiveness of almshouses, and to promote the provision, improvement, upkeep and maintenance of almshouses) and in a way which does not materially impact your rights, freedoms or interests.
In a small number of cases, we may also rely on the following legal bases:
- vital interests: where our use of your personal data is necessary to protect your or someone else’s life, typically in an emergency;
- consent: where you have given us clear consent for us to process your personal data for a specific purpose, where another legal basis cannot be used.
In relation to any “special category” personal data or data concerning criminal convictions and offences, we rely on different reasons to process your personal data. Most commonly these include that the processing is:
- necessary for carrying out our legal obligations relating to employment law;
- necessary in the substantial public interest, and further conditions are met;
- necessary for the establishment, exercise or defence of legal claims;
- carried out in the course of our legitimate activities and relates solely to our members or former members, and personal data is not disclosed outside of the Association;
- carried out with your explicit consent.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
If you have given your consent for us to process your personal data, you have the right to change your mind at any time and withdraw your consent.
Who we share your personal data with
To manage our functions, we work with carefully selected third-party service providers whom we trust to carry out work on our behalf. We do not allow such service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Depending on the circumstances, we routinely share your personal data (where the law allows us in the circumstances set out above) with:
- support companies we use to help us run our operations, for example, IT, cloud storage and backup service providers, and our pension provider, bank, website operator, insurers and accountants/auditors;
- service providers in connection with the running of our training events, seminars and conferences.
- the distributor of our quarterly magazine, Push Mailing, if you are member;
- member charities, in order to assist in the provision of almshouse accommodation and to promote best practice.
We will also share your personal data with third parties:
- if we are legally required to do so, for example, by a law enforcement agency or court;
- to enforce or apply any contract we have with you;
- if it is necessary to protect our rights, property or safety or to protect the rights, property or safety of others;
- if we sell or buy any other organisation or part of it (including the Association, if we are forming a new entity to replace and continue our operations or merging with another organisation), in which case we may disclose your personal data to the prospective seller or buyer so that they may continue using it in the same way.
We strive to provide you with options around marketing.
Marketing from us
You will receive marketing communications from us that promote our aims and objectives if you have requested information from us and you have not opted out of receiving that marketing.
If you are a member, you will receive our quarterly magazine to enable us to pursue our legitimate interest of improving practice within the almshouses sector.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by following the unsubscribe links on any marketing message sent to you or by contacting us at any time at firstname.lastname@example.org, The Almshouse Association, Billingbear Lodge, Maidenhead Road, Wokingham, Berkshire, RG40 5RU or call 01344 452922. We will update our records to reflect your wishes.
What is a cookie?
A cookie is a small file that is sent to your computer or mobile phone which contains information that allows us to recognise that you have used our website before. A cookie typically contains:
- The name of the server the cookie was sent from
- The lifetime of the cookie
- An unique identifier (usually a number)
Our website server sends the cookie and uses this number to recognise you when you return to a site or browse from page to page. Only the server that sends a cookie can read, and therefore use, that cookie. This file is stored on your computer or phone hard drive. All websites can send a cookie to your browser if your browser settings allow it. Many websites do this to track on-line traffic flow.
Cookies can be categorised from their life span:
- Session or temporary cookies: these cookies expire when you close your browser or when the session times out.
- Persistent or permanent cookies: these are usually stored on your hard disk and survive across multiple sessions but do have an expiration date
About the cookies we use
A cookie in no way gives us access to your computer or any personal information about you, other than the data that you choose to share with us.
Cookie Name Expiration Time Purpose
_ga 2 years Used to distinguish users
_gid 24 Hours Used to distinguish users
_gat 1 minute Used to throttle request rate
Accepting and declining cookies
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. Instructions on how to do so will vary from browser to browser, but you can find out more by visiting www.aboutcookies.org
Some features and functionality may be lost if you choose to disable cookies. Please note that you will have to adjust the cookie settings for each browser and device you use to visit The Almshouse Association website.
Use of Google Analytics
The Almshouse Association uses Google Analytics to analyse how many unique visitors we have to our website and how often you may visit. We track your visit to the different pages including the sequence of the pages you view and the time spent on each page.
Google Analytics generates statistical and other information about website use by means of cookies, which are stored on your computer. The information generated relating to our website is used to create reports about the use of the website. Google will store and use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
It is possible to opt out of being tracked by Google Analytics across all websites you visit at: http://tools.google.com/dlpage/gaoptout
4. International transfers
We do not transfer your personal data outside the European Economic Area (EEA).
5. Data security
We take the security of your personal data seriously. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
6. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
Different retention periods apply for different types of personal data. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
At the end of the relevant retention period, your personal data will either be deleted completely, put beyond use or anonymised. Some data about members will be kept in perpetuity as a record of our history and heritage.
Details of retention periods for different types of personal data are available in our retention policy which you can request from us by contacting us.
7. Your rights
You have the following rights, which you can exercise free of charge and on request:
- to access the personal data we hold about you;
- to require us to update or correct the personal data we hold about you;
- to require the erasure of your personal data in certain circumstances;
- to receive the personal data we hold about you in a structured, commonly used and machine-readable format, and to transmit it to a third party in certain situations;
- to object at any time to the processing of your personal data for direct marketing purposes;
- to request the restriction of the processing of your personal data;
- to challenge any automated decisions we make about you;
- to withdraw your consent at any time.
If you wish to exercise any of these rights, please contact The Almshouse Association at email@example.com or write to The Almshouse Association, Billingbear Lodge, Maidenhead Road, Wokingham, Berkshire, RG40 5RU or call 01344 452922, and let us have enough information to identify you.
If you request the personal data that we hold about you, we will respond within one month (unless the complexity and number of requests mean that we need more time).
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
Resources & Further Information