If your charity collects, holds and/or uses personal data (for example names, addresses, telephone numbers or email addresses about employees, customers or suppliers) in any way then the charity will need to have one or more privacy notices in place (you may see privacy notices called other names, for example, ‘privacy information’ or a ‘fair processing notice’ which all mean the same thing in practice).
A privacy notice explains a number of things to an individual whose personal data the charity is collecting, including:
- why the charity needs their personal data
- what the charity plans to do with the personal data which it collects the charity’s lawful bases for holding and using the personal data
- how long the charity will keep the personal data (we call this the retention period)
- if the charity will share the personal data with a third party (e.g. another charity which assists it in providing its services)
- whether any of the personal data will be transferred outside of the UK and if so, the safeguards put in place to protect the personal data
- the individuals’ personal data rights, such as the right to access personal data
- how the individual can complain to the Information Commissioner’s Office (the UK’s data protection regulator)
This means that the privacy notice cannot be an ‘off the shelf’ document and it is not a case of just adopting a standard template. Instead a privacy notice must be tailored to the specific personal data a charity collects and how it processes that information as processing outside of what is detailed in the privacy notice will not be lawful as it will not have been done in a manner which is transparent.
Finally it is important that the privacy notice is available to the individual at the time they are being asked to provide the personal data to the charity. For example, if your organisation sells goods via a website then the website will request contact and delivery information and also payment information. Therefore before the order is submitted by the customer on your website, the customer should have the charity’s privacy notice brought to their attention so that they can read it (if they wish) and make an informed decision as to whether to proceed with providing your charity their personal data by placing the order.
Disclaimer
This information is intended for general informational purposes only and does not constitute legal advice. We recommend seeking professional advice before taking any action on the information provided. If you would like to discuss your specific circumstances, please feel free to contact us on 0800 2800 421.
