Home Your Privacy Matters The National Eye Research Centre is committed to processing your personal information in ways that are transparent, fair, and legal. This Privacy Notice has been designed to meet the requirements of the General Data Protection Regulation (GDPR) as it applies in the UK, tailored by the Data Protection Act (DPA) 2018, and the Fundraising Regulator’s code of Fundraising Practice. It explains what information we collect and why, what we do with your information, what we won’t do with your information, and what rights you have. DATA PROTECTION AND PRIVACY NOTICE We promise our supporters and that we will: Only use your data within the law. Never sell or swap your data. Always respect your wishes about how you would like to be contacted (e.g. by email, post, text, or phone). Only process your data in the management of our relationship with you. You can amend the information we hold about you, including your communication preferences, at any time via the contact details given below in Section 2. 2) DATA CONTROLLER The Data Controller is the National Eye Research Centre (NERC). We are a Charitable Incorporated Organisation (CIO) registered with the Charity Commission for England and Wales under charity number 1156134. The charity is registered with the Information Commissioner’s Office for data protection under registration ZA056032. The Data Protection Officer is the charity’s Chief Executive who can be contacted by: telephone on 0117 325 7757 email at [email protected] writing to The Chief Executive, National Eye Research Centre, Redwood House, Brotherswood Court, Almondsbury Business Park, Bristol, BS32 4QW. 3) LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA: LEGITIMATE INTEREST NERC’s charitable objectives are the relief of sickness and the promotion of good health for the public benefit by funding and supporting research into the causes and treatment of eye disease and blindness (and publishing and disseminating the useful results thereof). We process the information of our donors, ambassadors, volunteers and friends in pursuit of our legitimate interest in fulfilling our charitable objectives and furthering our mission of beating sight loss forever. 4) WHAT PERSONAL INFORMATION DO WE HOLD AND WHERE HAS IT COME FROM? The personal data we hold about you has generally provided by you but may be supplemented by information about you in the public domain. The information that we hold may include: Personal identifiers and biographic information, such as your name, title, gender and date of birth. Your contact details, including postal and email addresses and telephone numbers. Family, spouse and partner details. Relationships to other supporters, or potential supporters, whether individuals, companies or trusts. Your business details and professional activities. Information about your support of NERC, including past and current donations and your intentions about leaving a gift to NERC in your Will (if you have told us about it yourself). We appreciate that you may change your mind at any time, however, and we would amend our records accordingly. An assessment of your willingness and capacity to support us in future. Records of your Gift Aid status (as required by HMRC). Records of communications sent to you by NERC or received from you. Your communication preferences. Records of your volunteering with the charity or attending the charity’s events. Articles in the media about you. Notes from any meetings or interactions we may have had with you. We would ask permission for notetaking while meeting with you and we would share the content of our notes with you at the end of the meeting. Information gathered from your use of the charity’s website, such as signing up to the charity’s email newsletter, making online donations or purchasing tickets for events. Public data sources that we use include, but are not restricted to: The Electoral Roll. Post Office National Change of Address Service. Companies House. Company websites. Property websites. Charity Commission. Office of National Statistics and other government sites containing socio-economic data. We use targeted internet searchers and sources of public data, where relevant, in order to maintain the accuracy of the information listed above, to undertake due diligence in line with NERC’s Gift Acceptance Policy, to meet money laundering regulations, and for fundraising and marketing purposes as detailed below. 5) HOW AND WHY DO WE USE YOUR PERSONAL INFORMATION? NERC is committed to raising funds to invest in research into eye disease in order to combat sight loss and blindness. We are grateful to the large number of people who support eye research through our charity by donating and volunteering. We use your data for various stewardship and fundraising activities, including: Maintaining a record of your donations, volunteering, and your contact with us. Sending you publications such as our newsletters and annual reports to keep you informed about how your donations have been spent. Inviting you to events. Sending you appeals in respect of various eye research projects. Conducting surveys to improve our services and communications to you. Processing donations, Gift Aid, and ticket sales. We want to communicate with you in a way that meets your needs and requests. Depending on the preferences you have already expressed, we might communicate with you by post, telephone, email, or text. Digital tools and analysis may be used to help us improve the effectiveness of our communications with you, including tracking whether emails we send are opened, and which links in a message are clicked. As a fundraising organisation, we undertake data analysis and prospect research to identify potential new supporters, to better understand our existing donors, and to inform our fundraising strategy. This research may be carried out by us or we may ask another specialist fundraising research agency to gather information about you from publicly available sources, for example, Companies House, the Electoral Register, company websites, social networks such as LinkedIn, political and property registers, and news archives. We may use information that you have provided, together with publicly available data, to create a profile of your interests, preferences, and level of potential gifts. This allows us to make appropriate requests to donors who may be able and willing to increase their support, enabling us to raise more funds for eye research faster, and in a more cost-effective way. We steward influential supporters who act as our advocates, share their networks to promote the charity, donate large gifts, or who may wish to do so in the future. We prepare for one-to-one meetings and bespoke events with this small group of supporters to make our contact as relevant and successful as possible. We research an individual’s professional and charitable interests, as well as their likely capacity to support us. We use publicly available data, from reputable sources, where someone would expect their information might be read. Consent for such data processing will be sought on first contact with the individual. 6) INFORMATION WE DO NOT COLLECT ABOUT YOU The charity does not: Store details of your credit or debit cards when used online or over the telephone. Buy lists of personal data in order to tele-match a telephone number to your personal record or data-match an email address to your personal record. We will only have these details about you if you yourself have provided them to us. Hold sensitive personal data about you (e.g. having a disability) unless you have provided that information yourself, for example in telling us that you are visually impaired, (which might be your motivation for supporting our work), or have any access requirements (something we might need to accommodate for, if you are attending an event organised by the charity). 7) KEEPING YOUR DATA SECURE We are committed to protecting your data and will not disclose your personal information to any third parties, except those acting as data processing agents for the charity under strictly controlled contracts, or unless we are required to do so by law enforcement agencies, for example, if money laundering is suspected. Examples of agents processing your data may include the mailing houses we use to send out our newsletters, and fundraising research agencies. The charity retains full responsibility for your personal data while they are being processed by such agents. Any transfers of data to and from such data processors will be done securely and in compliance with The Guide to the General Data Protection Regulation (GDPR) and The Data Protection Act 2018. 8) DATA As a supporter or friend of the charity (e.g. donor, legacy pledger, volunteer, ambassador), we will hold your personal information in support of your relationship with the charity until you ask us to do otherwise, or we believe that you are no longer a supporter of the charity. If six* years have elapsed since you sent a donation and we have not had any communication from you in that time, we will conclude that you no longer wish to be a supporter, unless you have told us that you intend to leave the charity a gift in your Will. If we conclude that you no longer wish to support us, we will remove your address, contact details, and other personal information from our database but will keep an archive record of your name and any donations that you have made to the charity, in case you wish to renew your relationship with us in future. *The length of time we are required to keep Gift Aid data for HMRC auditing purposes. 9) YOUR RIGHTS AND CHANGES TO THIS NOTICE You have the right to: Access the personal data which we hold about you. This is called a subject access request and must be made to the Data Protection Officer, whose contact details are provided in section 2. Have your personal data rectified if they are inaccurate or incomplete – we want to ensure that all information we hold about you is accurate and up to date so please let us know if anything changes. Request that we remove your personal data from our database (please note that in some circumstances we may need to retain certain types of data for a specified period to comply with legal obligations – e.g. HMRC requires us to keep details of donations and Gift Aid for six years). Restrict the processing of your personal data, for example by asking us not to contact you by email or post. Object to the processing of your data for specific purposes, such as receiving newsletters or fundraising appeals. Ask for the transfer of your data electronically to a third party (data portability). Lodge a complaint with the Information Commissioner’s Office. This Privacy Notice was approved by the charity’s Board of Trustees on 21 April 2020 and will be reviewed annually.