Purpose of this notice
Bumblebee Conservation Trust (the Trust) is a registered charity in England and Wales 1115634, and in Scotland SC042830. Our registered address is International House, 109-111 Fulham Palace Road, London, W6 8JA.
Our correspondence address is: Bumblebee Conservation Trust, Beta Centre, Stirling University Innovation Park, Stirling FK9 4NF.
We are committed to protecting your privacy. We think it is very important to keep any personal information we have about you secure and confidential. We comply with data protection legal requirements as issued by the General Data Protection Regulations (GDPR) 2018 and with the Privacy and Electronic Communications Regulations (PECR) 2003 (and amendments).
This notice tells you:
- What information we may collect about you.
- How we store your personal information and for how long.
- What we use your personal information for.
- Who (if anyone) we pass it on to and how they use it.
You can use most of the features of our website without disclosing any personal information. A few optional features of this site, such as membership, volunteer registration forms or marketing campaigns ask you to provide some personal information (e.g. name and address, e-mail address).
We will analyse information provided by you in order to determine which communications are most effective, and to help us to reduce our administration costs and increase the funds available for conservation. If we wish to use your personal information for an additional purpose, we will always ask you to agree at the point of collection.
If you have already supplied us with personal information, you can change your instructions at any time by emailing membership@bumblebeeconservation.org or writing to: Bumblebee Conservation Trust, Beta Centre, Stirling University Innovation Park, Stirling FK9 4NF. If you are a member you can also change any of your information and personal preferences via the members’ portal.
This notice focusses on information about the Trust’s customers, this includes members, donors and those who purchase items from our shop. The notice also covers those who volunteer for us and take part in our scientific data collection system, BeeWalk. If you are one of our suppliers, please see the suppliers section at the end of this statement.
Information we may collect from you
We may collect the following personal information about you:
- Your name, address, contact telephone numbers and email address.
- Your children’s age, only so we can tailor our children’s resources to their requirements.
- Details of the services or support that you require, and why you need them.
- Bank details where you decide to pay for membership by Direct Debit.
- Gift Aid declarations.
- Any other information that you may choose to give to us.
- Your personal contact preferences.
- We may collect information from social media where you have given us permission to do so, or if you post on one of our social media pages.
We may get this information from:
- You.
- Someone buying a Gift Membership for you.
- Anyone you ask to give this information to us on your behalf (such as your family or friends).
- Anyone who has a Power of Attorney to act as your attorney.
Where we store your personal information
We are committed to holding your personal information securely. This means only those staff and contractors that need to see it have access. In such instances all contractors have signed Data Protection agreements with the Trust.
Where possible we hold all information in electronic format, on our computer system which can only be accessed by us. Any information passed electronically is encrypted and protected.
Where we receive information from you in paper format we make electronic copies and securely shred the paper originals. If we need to keep information about you on paper, for example due to HMRC rules, this is held securely in our offices or secure archiving facilities.
The Trust operations are based in the UK and we store our data within the European Union. Some organisations which provide services to us may transfer personal data outside of the EEA, but we’ll only allow them to do so if your data is adequately protected.
How long we store information
We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored for depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing emails, we will stop storing your emails for marketing purposes (though we’ll keep a record of your preference not to be emailed).
Unless you ask us not to, we will review and delete your personal information where you have not renewed your membership with us for six years. There are certain documents we must retain for longer for future audit by HMRC.
We continually review what information we hold and delete what is no longer required. We never store payment card information.
What we use your personal information for
- Administering your membership (e.g. sending renewal letters and ‘thank you’ letters, Buzzword membership magazines, AGM notifications)
- Communications about our charitable activities and opportunities for you to support us.
- Fulfilment of orders for goods and services.
- Administration of, and communications about, donations and legacies received.
- Customer/Member audience research and satisfaction surveys.
- In house research, analysis and reporting.
- Quality management.
- Event/training sessions registration.
- E-newsletters, if you have subscribed.
- Where permitted by law, for example for crime prevention or detection, prosecution, or risk assessment or management.
- For the resolution of complaints or other issues. Information we receive about you from others may be confidential to them (not you) until it has been considered.
How we legally process your data
We are processing your data on a ‘legitimate interest’ basis.
Legitimate interest involves a three-part test:
- Identify the legitimate interest. This includes why we collect your data, what we do with it and what information you receive from us as part of our purpose to inform you regarding the Trust’s interests.
- Show that processing your data is necessary. This means we will process your personal information only to meet our legitimate interest.
- Balance this against all individual’s rights. We have to let you know what we are doing with your data and ensure that any data we hold, and process, would not cause you harm in any way. For a detailed definition of legitimate interest, please click this link directing you to the Information Commissions Office (ICO).
We ask you for your contact preferences. These will be used to deliver information to you in the way you prefer.
Fundraising and marketing
As a charity, we rely on donations and support from others to continue our conservation work. From time to time, we will contact members and supporters with fundraising material and communications.
As with other marketing communications, we’ll only contact you specifically about marketing if you’ve opted to receiving marketing from us (and you can, of course, unsubscribe at any time).
Who else we may pass on your information to and receive information from
Normally, we will be the only people who are able to access your personal information. However, there may be times when need to give your details to others: where other companies are used to capture data or undertake fulfilment services on our behalf. These activities are carried out under contract in compliance with the General Data Protection Regulations requirements.
Examples include:
- IT providers who provide support to us to manage the computers, phones, systems or software that we use.
- Consultants and agency staff (where these are needed to help with additional staff needs).
- Our professional advisors and providers of financial services.
- Our insurers (at the point at which we need to tell them about a claim or a potential claim).
- Public Relations companies and other organisations that help us in printing and sending out our newsletters and marketing material.
- Our other suppliers who enable us to provide our services to you, or who provide services on our behalf (including Royal Mail and other carriers).
- Data cleansing service providers who help us to ensure the data we hold is accurate and up to date.
- Banking service providers who provide Direct Debit and single payment systems.
- Your trustees, deputies, attorneys and other legally recognised appointees.
- We also receive personal information from third-party online giving platforms when you fundraise for us, e.g. Just Giving
We may sometimes be required to disclose your personal data by law such as by a regulator with appropriate power, or court order.
We will not share your personal information with anyone who claims to represent you unless we are satisfied that you have appointed them or they act in some recognised official capacity. There may be a delay to us dealing with requests whilst we confirm the caller’s identity, or check that we have your approval to deal with them.
We will not sell, distribute or lease your personal information to third parties unless we are required by law to do so.
Specific category of persons
Volunteers
When you volunteer with the Trust you will complete a volunteer registration form. This form makes it clear what data we collect from you and what we use it for. As a volunteer your details may be passed to a Local Volunteer Coordinator and be used to coordinate attendance at events. Your details may be shared with other volunteers and event organisers. Sensitive personal data. We do not collect or store sensitive personal data (such as information relating to health, beliefs or political affiliation) about supporters and members. However there are some situations where this will occur e.g. if you volunteer with us and have notified us of any medical conditions and details of your next of kin. We take extra care to ensure your privacy rights are protected and we will request explicit consent from you to store this information. Any sensitive data is stored on our supporter database in a protected form that only the necessary personnel have access to. As a volunteer you may receive a volunteer newsletter. The distribution of this communication is issued using our legitimate interest basis. As with all communications you can let us know if you do not wish to receive this newsletter. We will not send you any marketing information in this newsletter.
BeeWalkers
As a BeeWalker we will collect certain personal data when you register. Your name, email address, postcode and county will be recorded. We need this information in order for you to register and record the data from the transect that you walk. When you complete a BeeWalk you will provide us with your results and a location of where the walk took place. This will place you in a certain place at a certain time and is identifiable information that is available to our third party processor that hosts the BeeWalk website. The website is hosted by the Biological Records Centre (BRC) under the umbrella of the Centre for Ecology and Hydrology (CEH). In addition, verified observations will be made available via the National Biodiversity Network (NBN) Gateway. BeeWalk records will be collated alongside other data and made available via the NBN Gateway by the Bumblebee Conservation Trust and the Bees, Wasps and Ants Recording Society. If you do not want your observations to be made available in this way, please do not submit them. As a BeeWalker you may receive a BeeWalk newsletter. The distribution of this communication is issued using our legitimate interest basis. As with all communications you can let us know if you do not wish to receive this newsletter. We will not send you any marketing information in this newsletter.
Landowners/Farmers
We will at times be contacted by farmers and landowners who request our advice. In this respect we will process data on the grounds of the Trust’s legitimate interests. All individuals are able to contact us to let us know how they prefer to be kept informed. These personal preferences are not a basis for processing data. On occasions we will approach farmers and landowners to request their assistance. As above, the basis for processing personal data in this instance will be in the legitimate interests of the Trust e.g. habitat restoration. All individuals are able to contact us to let us know how they prefer to be kept informed. These personal preferences are not a basis for processing data.
Your rights
You have the right to ask us not to process your personal information; however, we may be unable to provide our services to you if we are unable to record and process certain details.
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
- the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as subject access request);
- the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
- the right to have inaccurate data rectified;
- the right to object to your data being used for marketing or profiling; and
- where technically feasible, you have the right to personal data you have provided to us which we process automatically on the basis of your consent or the performance of a contract. This information will be provided in a common electronic format.
Accessing the information we have about you
You have a legal right to access information that we hold about you. You can write to our Data Protection Officer at our registered office address (see below).
You can contact us at any time by email, letter or telephone to change or update your details or obtain a copy of your record.
If you have any problems or queries about your data, please contact us by emailing membership@bumblebeeconservation.org or writing to: Bumblebee Conservation Trust, Beta Centre, Stirling University Innovation Park, Stirling FK9 4NF. Our Data Protection Officer is Tim Reed.
We will respond to your request with within one month of receipt. We may not be able to provide you with your request if your personal information contains details about another person and we do not have their permission to give it to you.
Cookies and tracking
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. Cookies allow non-identifiable personal data to be stored and used to analyse visits to web pages and usage of our websites.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may limit the functionality of the website.
Overall, cookies help us provide you with a better website experience, by enabling us to monitor which pages people find useful and which people do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
The Trust uses traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. The website also uses demographic tracking to identify the overall behaviour of different demographic groups, based on age, gender, location, and interests, to help shape our website, advertising channels, create website reports, and tailor information based on your needs.
Financial security
All online transactions are currently processed through websites that use the SSL (Secure Sockets Layer) protocol for encryption. Most browsers (Microsoft Explorer, Mozilla Firefox, Safari, etc.) support SSL. The link between your browser and the server is secure if your browser displays a small padlock or key symbol somewhere in the frame, or the address bar shows a web address beginning https:// (rather than http://).
When you are using our secure online donation/membership pages you are going through third party payment service providers, contracted by the Trust and who comply with GDPR requirements, the information you give, such as credit card number and contact information, is provided so that the transaction can take place.
When you call the office to pay for membership, merchandise or make a donation over the phone we do not retain any financial information.
Links to third party websites
The Trust website contains hyperlinks to many other websites. This information is supplied in good faith, in case it is of interest or use to our website users.
Bumblebee Conservation Trust is not responsible for the content or functionality of any of these external websites – but please let us know if a link is not working (use the ‘Contact‘ link which can be found at the foot of every webpage).
Visitors to the Bumblebee Conservation Trust website should be aware of the following:
If an external website requests personal information from you (e.g. in connection with an order for goods or services), this information is supplied to, stored and used by the company concerned – it is not covered by the Bumblebee Conservation Trust’s Data Protection Notice. It is good practice to read the privacy notice of any website at which you are considering registering any personal information.
In purchasing goods or services from any of the companies to which the Bumblebee Conservation Trust site links, you are forming a contract with the company(s) concerned (agreeing to their terms and conditions), not the Bumblebee Conservation Trust.
Parents and guardians
We encourage you to be aware of the activities that your children are participating in both offline and online, particularly with regard to third party websites. If your children voluntarily disclose information, this may encourage unsolicited messages. We suggest that you discourage your child from providing any information without your consent.
Notification of change of Privacy Notice
Bumblebee Conservation Trust reserves the right to amend this Privacy Notice at any time. Notice of any change will be posted on our website and will be deemed effective on publication. Your continued use of this website after changes are posted constitutes your acceptance of these Terms and Conditions.
Complaints
You can complain to the Bumblebee Conservation Trust directly by contacting our Data Protection Officer using the details set out above. If wish to make a complaint (including a complaint about fundraising activity) which does not directly relate to your data protection and privacy rights, you can do so in accordance with our charity’s complaint notice.
Our Complaint Procedure can be found in the Legal section of the website. If you require a paper copy please email membership@bumblebeeconservation.org or call 01786 594 130.
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk
Suppliers
If you are one of the Trust’s customers, you do not need to read this section.
If you are one of our suppliers, we will collect, store and use information as follows:
- We will collect such personal information about your staff that you provide to us or that we need for us to work together.
- We will store the information collected in accordance with the “Where We Store Your Information” section, above.
- We will use the information collected as required so that we can work with you.
- We may pass the information on to third parties as required in accordance with the “Who else we may pass on your information to” section above.