Purpose of this policy
Bumblebee Conservation Trust (BBCT) is a registered charity in England and Wales 1115634, and in Scotland SC042830. Our registered address is Lakeside Centre, Lakeside Country Park, Wide Lane, Eastleigh, Hampshire, SO50 5PE.
We are committed to protecting your privacy. We think it is very important to keep any personal information we have about you secure and confidential. We comply with data protection legal requirements as issued by the General Data Protection Regulations (GDPR) 2018 and with the Privacy and Electronic Communications Regulations (PECR) 2003 (and amendments).
This policy tells you:
- What information we may collect about you.
- How we store your personal information and for how long.
- What we use your personal information for.
- Who (if anyone) we pass it on to and how they use it.
You can use most of the features of our website without disclosing any personal information. A few optional features of this site, such as membership and volunteer registration forms, ask you to provide some personal information (e.g. name and address, e-mail address). Our member’s portal requires a user identification and password set by you. We do not retain your password and you can change this at any time.
We will analyse information provided by you in order to determine which communications are most effective, and to help us to reduce our administration costs and increase the funds available for conservation. If we wish to use your personal information for an additional purpose, we will always ask you to agree at the point of collection.
If you have already supplied us with personal information, you can change your instructions at any time by emailing email@example.com or writing to: Bumblebee Conservation Trust, Beta Centre, Stirling University Innovation Park, Stirling FK9 4NF. If you are a member you can also change any of your information and personal preferences via the member’s portal.
This policy focusses on information about BBCT’s customers, this includes members, donors and those who purchase items from our shop. The policy also covers those who volunteer for us and take part in our scientific data collection system, BeeWalk. If you are one of our suppliers, please see the suppliers section at the end of this statement.
Information we may collect from you
We may collect the following personal information about you:
- Your name, address, contact telephone numbers and email address
- Your children’s age, only so we can tailor our children’s resources to their requirements.
- Details of the services or support that you require, and why you need them.
- Bank details where you decide to pay for membership by Direct Debit.
- Gift Aid declarations.
- Any other information that you may choose to give to us.
- Your personal contact preferences.
- We may collect information from social media where you have given us permission to do so, or if you post on one of our social media pages.
We may get this information from:
- Someone buying a Gift Membership for you.
- Anyone you ask to give this information to us on your behalf (such as your family or friends).
- Anyone who has a Power of Attorney to act as your attorney.
Where we store your personal information
We are committed to holding your personal information securely. This means only those of our staff and contractors that need to see it have access. Where personal information is held electronically, it is held on our computer system that is owned and controlled by BBCT. Your information can only be accessed by us.
Sometimes we have to keep information about you on paper as well. Paper copies are held at our offices in filing cabinets that are locked. We have a legal requirement to retain Gift Aid declarations and any paper applications for seven years after which they are shredded securely. Sometimes we will make electronic copies of paper documents or type up information from them. These documents or information are then stored on our computer system securely and we shred the paper originals.
We do also use computers (including laptops and tablets) outside our offices and they are secure; password protected and always under our control. Any information passed electronically is encrypted and protected.
The BBCT operations are based in the UK and we store our data within the European Union. Some organisations which provide services to us may transfer personal data outside of the EEA, but we’ll only allow them to do if your data is adequately protected.
For example, some of our systems use Microsoft products. As a US company, it may be that using their products result in personal data being transferred to or accessible from the US. However, we’ll allow this as we are certain personal data will still be adequately protected (as Microsoft is certified under the USA’s Privacy Shield scheme).
How long we store information
We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored for depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing emails, we will stop storing your emails for marketing purposes (though we’ll keep a record of your preference not to be emailed).
Unless you ask us not to, we will review and delete your personal information where you have not renewed your membership with us for four years. There are certain documents we must retain for longer such as Gift Aid declarations for future audit by HMRC.
We continually review what information we hold and delete what is no longer required. We never store payment card information.
What we use your personal information for
- Administering your membership – renewal letters and ‘thank you’ letters.
- Buzzword membership magazine mailing.
- AGM notification and organisation.
- Communications about conservation, volunteering and campaigns.
- Fulfilment of orders for goods and services.
- Administration of donations and legacies.
- Donations received will receive a thank you letter.
- Customer/Member satisfaction surveys.
- In house research and analysis.
- Quality management.
- Keeping you up to date about our activities and opportunities that you can take to support us and our work.
- Telling you about our charitable activities.
- Event/training sessions registration.
- Monthly e-newsletter, if you have subscribed.
- Bombus Review supplement, if you have subscribed.
- Where permitted by law, for example for crime prevention or detection, prosecution, or risk assessment or management.
- For the resolution of complaints or other issues. Information we receive about you from others may be confidential to them (not you) until it has been considered.
How we legally process your data
We are processing your data on a “legitimate interest” basis.
Legitimate interest involves a three-part test.
- Identify the legitimate interest. This includes why we collect your data, what we do with it and what information you receive from us as part of our purpose to inform you regarding the Trust’s interests.
- Show that processing your data is necessary. This means we will process your personal information only to meet our legitimate interest.
- Balance this against all individual’s rights. We have to let you know what we are doing with your data and ensure that any data we hold, and process, would not cause you harm in any way.
For a detailed definition of legitimate interest please see the link below direction you to the Information Commissions Office (ICO) https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/
We ask you for your contact preferences. These will be used to deliver information to you in the way you prefer. However, Buzzword will be issued by post unless you have specifically asked us to send this electronically. Renewal letters and our Cash Appeal mailing will always be issued by post. Bombus Review and our e-newsletter will always be issued electronically.
Fundraising and marketing
As a charity, we rely on donations and support from others to continue our conservation work. From time to time, we will contact members and supporters with fundraising material and communications. The only request you will receive will be as part of our annual Cash Appeal. This is issued to all members and donors who are still active within our database in accordance with our record retention policy. The Cash Appeal is processed under a legitimate interest basis.
As with other marketing communications, we’ll only contact you specifically about marketing if you’ve opted into to receiving marketing from us (and you can, of course, unsubscribe at any time). Our e-newsletter is issued using Mail Chimp and we will be requesting permission from all of our subscribers to continue to issue the e-newsletter and at this stage we will confirm what marketing information it will include.
Who else we may pass on your information to and receive information from
Normally, we will be the only people who are able to access your personal information. However, there may be times when need to give your details to others, such as:
- IT providers who provide support to us to manage the computers, phones, systems or software that we use. We do not currently have an external IT department.
- Consultants, agency staff and recruitment agencies (where these are needed to help with additional staff needs).
- Our professional advisors and providers of financial services.
- Our insurers (at the point at which we need to tell them about a claim or a potential claim).
- Public Relations companies and other organisations that help us in printing and sending out our newsletters and marketing material.
- Companies who help us to monitor our premises and internal systems, including premises security and CCTV.
- Our other suppliers who enable us to provide our services to you, or who provide services on our behalf (including Royal Mail and other carriers).
- Your trustees, deputies, attorneys and other legally recognised appointees.
Specifically, we have agreements in place with the following third parties:
- Donorflex (Care Data Systems) who provide technical support for our supporter database.
- BRG Direct Ltd who provide data cleanse services
- SmartDebit who provide our Direct Debit regular payment system.
- PayPal who provide our donation and membership single payment system.
- Charities Aid Foundation (CAF) Bank – one of our banking service providers.
- Bank of Scotland – one of our banking service providers.
- Eventbrite who provide booking services for our AGM.
- Our auditors who are Johnson Carmichael at the time of writing.
- SAGE accounting software technical support.
- Zurich Insurers who cover our volunteers and staff at events.
- University of Stirling who host our server.
We also receive personal information from the following when you fundraise for us:
- Just Giving
- Virgin Money
- BT Donate
We may sometimes be required to disclose your personal data by law such as by a regulator with appropriate power, or court order.
We will not share your personal information with anyone who claims to represent you unless we are satisfied that you have appointed them or they act in some recognised official capacity. There may be a delay to us dealing with requests whilst we confirm the caller’s identity, or check that we have your approval to deal with them.
Where other companies are used to capture data or undertake fulfilment services on our behalf, these activities are carried out under contract in compliance with the General Data Protection Regulations requirements.
We will not sell, distribute or lease your personal information to third parties unless are required by law to do so.
Specific category of persons
When you volunteer with the BBCT you will complete a volunteer registration form. This form makes it clear what data we collect from you and what we use it for. As a volunteer your details will be passed to the Local Volunteer Coordinator and be used to coordinate attendance at events. Your details may be shared with other volunteers and event organisers.
Sensitive personal data. We do not collect or store sensitive personal data (such as information relating to health, beliefs or political affiliation) about supporters and members. However there are some situations where this will occur e.g. if you volunteer with us and have notified us of any medical conditions and details of your next of kin. We take extra care to ensure your privacy rights are protected and we will request explicit consent from you to store this information. Any sensitive data is stored on our supporter database in a protected form that only the necessary personnel have access to.
As a volunteer you may receive a volunteer newsletter. The distribution of this communication is issued using our legitimate interest basis. As with all communications you can let us know if you do not wish to receive this newsletter. We will not send you any marketing information in this newsletter.
As a BeeWalker we will collect certain personal data when you register. Your name, email address, postcode and county will be recorded. We need this information in order for you to register and record the data from the transect that you walk. When you complete a BeeWalk you will provide us with your results and a location of where the walk took place. This will place you in a certain place at a certain time and is identifiable information that is available to our third party processor that hosts the BeeWalk website. The website is hosted by the Biological Records Centre (BRC) under the umbrella of the Centre for Ecology and Hydrology (CEH).
As a BeeWalker you may receive a BeeWalk newsletter. The distribution of this communication is issued using our legitimate interest basis. As with all communications you can let us know if you do not wish to receive this newsletter. We will not send you any marketing information in this newsletter.
We will at times be contacted by farmers and landowners who request our advice. In this respect we will process data on the grounds of the Trusts legitimate interests. All individuals are able to contact us to let us know how they prefer to be kept informed. These personal preferences are not a basis for processing data.
On occasions we will approach farmers and landowners to request their assistance. As above, the basis for processing personal data in this instance will be in the legitimate interests of the Trust e.g. habitat restoration. All individuals are able to contact us to let us know how they prefer to be kept informed. These personal preferences are not a basis for processing data.
You have the right to ask us not to process your personal information; however, we may be unable to provide our services to you if we are unable to record and process certain details.
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
- the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as subject access request);
- the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
- the right to have inaccurate data rectified;
- the right to object to your data being used for marketing or profiling; and
- where technically feasible, you have the right to personal data you have provided to us which we process automatically on the basis of your consent or the performance of a contract. This information will be provided in a common electronic format.
Accessing the information we have about you
You have a legal right to access information that we hold about you. You can write to our Data Protection Officer at our registered office address (see below).
You can contact us at any time by email, letter or telephone to change or update your details or obtain a copy of your record.
If you have any problems or queries about your data, please contact us by emailing firstname.lastname@example.org or writing to: Bumblebee Conservation Trust, Beta Centre, Stirling University Innovation Park, Stirling FK9 4NF. Our data protection officer is Claire Wales, Fundraising Manager.
We will respond to your request with within one month of receipt. We may not be able to provide you with your request if your personal information contains details about another person and we do not have their permission to give it to you.
Parents and guardians
We encourage you to be aware of the activities that your children are participating in both offline and online, particularly with regard to third party websites. If your children voluntarily disclose information, this may encourage unsolicited messages. We suggest that you discourage your child from providing any information without your consent.
Cookies and tracking
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Bumblebee Conservation Trust uses traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may limit the functionality of the website.
All online transactions are currently processed through PayPal and SmartDebit (for membership payments) and Charities Aid Foundation (CAF) and PayPal for donations. These websites use the SSL (Secure Sockets Layer) protocol for encryption. Most browsers (Microsoft Explorer, Mozilla Firefox, Safari, etc.) support SSL. The link between your browser and the server is secure if your browser displays a small padlock or key symbol somewhere in the frame, or the address bar shows a web address beginning https:// (rather than http://).
When you are using our secure online donation/membership pages you are going through PayPal or SmartDebit, and the information you give such as credit card number and contact information, is provided so that the transaction can take place. PayPal and SmartDebit are contracted to work for the Bumblebee Conservation Trust and the companies comply with GDPR requirements.
When you call the office to pay for membership, merchandise or make a donation over the phone we do not retain any financial information.
Links to third party websites
The Bumblebee Conservation Trust website contains hyperlinks to many other websites. This information is supplied in good faith, in case it is of interest or use, to our website users.
Bumblebee Conservation Trust is not responsible for the content or functionality of any of these external websites – but please let us know if a link is not working (use the ‘Contact’ link which can be found at the top of every webpage).
Visitors to the Bumblebee Conservation Trust website should be aware of the following:
- In purchasing goods or services from any of the companies to which the Bumblebee Conservation Trust site links, you are forming a contract with the company(s) concerned (agreeing to their terms and conditions), not the Bumblebee Conservation Trust.
You can complain to the Bumblebee Conservation Trust directly by contacting our data protection officer using the details set out above. If wish to make a complaint (including a complaint about fundraising activity) which does not directly relate to your data protection and privacy rights, you can do so in accordance with our charity’s complaint policy.
Our Complaint Procedure can be found in the Legal section of the website. If you require a paper copy please email email@example.com or call 01786 594 130.
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk
If you are one of The Bumblebee Conservation Trust’s customers, you do not need to read this section.
If you are one of our suppliers, we will collect, store and use information as follows:
- We will collect such personal information about your staff that you provide to us or that we need for us to work together.
- We will store the information collected in accordance with the “Where We Store Your Information” section, above.
- We will use the information collected as required so that we can work with you.
- We may pass the information on to third parties as required in accordance with the “Who else we may pass on your information to” section above.
Updated 13th June 2018