INVESTING IN YOUNG PEOPLE
EMPOWERING YOUNG PEOPLE

Privacy Policy

Our Privacy Notice

We want everyone who supports us or comes to us for support, to feel confident and comfortable with how any personal information you share with us will be looked after or used.  This Privacy Notice sets out how we collect, use and store your personal information (this means any information that identifies or could identify you).

The Privacy Notice is categorised into the following sections for ease of reference:

  • Who we are?
  • When do we collect your personal data?
  • What information do we collect?
  • Why do we collect and use your personal data?
  • In what situations do we collect personal data from other sources
  • In what situations do we share personal data with other organisations
  • What is our legal basis for collecting and using your personal data?
  • Keeping your information safe
  • Data transferred outside the EU
  • How long we hold your information for
  • Your rights

Who we are

Shine Charity is a registered charity which aims to transform the life chances of children, young people and their families, particularly in areas of disadvantage and deprivation.

At Shine we are committed to protecting your privacy we are committed to protecting your personal information making every effort to ensure that your personal information is processed in a fair, open and transparent manner

We are a “data controller” for the purposes of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).  This means that we are responsible for, and control the processing of, your personal information.   

If you have any questions about this privacy statement or information, we hold about you, please contact our Data Protection Lead:

Data Protection Officer
Shine Charity
Shadsworth Road
Blackburn BB1 2HT

Telephone: 01254 674952
Emailinfo@shine-charity.org

When do we collect your personal data?

  • When you make a donation to us.
  • When you sign up to a campaign with us.
  • When you register for or attend one of our events.
  • When you contact us by email, telephone, letter or through our websites (e.g. when you wish to access advice, support, or our other services).
  • When you visit and use our websites (See ‘Use of cookies’ section).
  • When you interact with us on our social media platforms.
  • When you interact with us through third parties (e.g. providing a donation through a third party such as Virgin Money Giving, Just Giving).

What information do we collect?

The information we collect from you directly or from third parties with whom we work, may include:

  • Personal information (i.e. name, DOB).
  • Contact information (i.e. address, email address, telephone number, contact preferences).
  • Characteristics (i.e. gender where appropriate).
  • Financial information (i.e. bank account details, credit card details).
  • Employer details for processing a payroll gift.
  • Taxpayer status for claiming Gift Aid.

Currently we do not collect personal information that would be defined as special category data, which includes medical information, information relating to ethnicity, biometric data, sex life and sexuality, genetics, political opinions, religious and philosophical beliefs, and trade union membership.      

Why do we collect and use your personal data?

  • To process your donations and gift aid declarations.
  • To keep you informed about our activities and ways to support us. Please note:
    • We will only send you marketing materials by email, phone or SMS text if you have provided your consent. You can withdraw your consent at any time (See ‘Your rights over your personal data’ section).
    • We will not send you marketing materials by the post if you have asked us to stop (See ‘Your rights over your personal data’ section).
  • To provide you with the advice, support and services you have requested.
  • To deal with your queries, requests and responses to our projects and campaigns.
  • To send you a confirmation of your donation and event registration.
  • To personalise our services, for example, we may use personal data you have given us and your interactions with our services to help us predict your interests and to send you marketing materials that we think might be of most interest to you.
  • To improve our services, for example, if we are allowed, we may send you a survey to seek your feedback on our services.

In what situations do we collect personal data from other sources?

  • When you agree to support us through a third-party fundraising site such as Virgin Money Giving, Just Giving.
  • When we engage in charitable, or fundraising, projects with partner organisations.
  • When we receive significant donations or support, we may run a background check using publicly available sources or a third-party screening service. We carry out background checks in accordance with our due diligence policies and procedures in order to protect our charitable interests.
  • If we are allowed to send you marketing materials, we may use sources in the public domain to check that your marketing preferences and contact details are accurate and up to date. Examples of such sources include royal mail databases and the fundraising preference system.
  • We may undertake research for high value fundraising using publicly available sources such as national and local press, charities commission, companies’ house and from social media sites like Facebook and LinkedIn. We will only use these sources where the data has been deliberately made public.

In what situations do we share personal data with other organisations?

  • If we receive gift aid from you, we may be required to share your personal data with Her Majesty’s Revenues & Customs (HMRC) to receive the tax rebate.
  • With law enforcement agencies if we receive a valid legal instruction.
  • If you register for one of our events or challenges, we may be required to share your personal data with event organisers for health and safety purposes.
  • If you use a debit or credit card to make a donation or purchase, we will share your personal data with a payment processing partner.
  • If we are allowed to send you marketing materials, we may share your personal data with a marketing company (such as a mailing house) to help us prepare and send out marketing materials on our behalf.
  • If you have agreed to receive marketing emails or SMS texts from us, we may provide your email address and/or mobile phone number in an encrypted format to social media companies, such as Facebook, Instagram, Twitter, LinkedIn, Snapchat or YouTube, or to digital advertising companies that provide services to us by displaying our advertising to you on social media platforms and other websites, as well as identifying audiences with interests similar to yours. If you have opted out from receiving marketing emails or SMS texts from us, this will not prevent our advertisements being shown to you on a randomised basis, through the social media platforms own targeting algorithms, or based on cookie data. To completely stop seeing advertising from us on your social media platforms you will need to review the privacy settings on your social media account.
  • If we receive a significant donation or support, we may run a background check using a third-party screening. We carry out background checks in accordance with our due diligence policies and procedures in order to protect our charitable interests.
  • We contract a limited amount of third parties to store data on our behalf. This may include your personal data. Types of third parties we use include cloud storage, website hosting and software providers.
  • If we are required by law, we may share your personal data with data cleaning companies to ensure that the data we hold about you is accurate and up to date.

 We only share personal data with another organisation if we have a legal basis to do so.

In all the above situations, we will ensure that we have a written contract (or valid legal instruction) in place with the organisation that includes data protection clauses to ensure that they do not use personal data for their own marketing purposes, and have security requirements in place to protect your personal data.

What is our legal basis for collecting and using personal data? 

Where we have your consent.   For example, we will only send you emails, make telephone calls or send you SMS text messages with your consent. You can withdraw this consent at any time (See ‘Your rights over your personal data’ section).

Where the processing is necessary to enter into or fulfil the terms and conditions of a contract. For example, processing your donation made to us.

Where the processing is required under the law.  For example, disclosing your personal data to a law enforcement agency if we receive a valid legal instruction.

Where the processing is in our legitimate interests. For example, we will send you communications and marketing materials via post unless you tell us to stop. (See ‘Your rights over your personal data’ section). We will only rely on this legal basis if your interests and fundamental rights do not override our interest.

Keeping your information safe

We take looking after your information very seriously. We’ve implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.

Unfortunately the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site.

Data transferred outside the EU

Processors that we use may transfer, and hold, personal data outside of the EU.  We will ensure that organisations who process personal data on our behalf only transfer data to countries that the EU deems as having adequate levels of protection in place.  Processors that transfer data to the United States must be covered by the EU-US Privacy Shield.  If a processor is found to be transferring data to a country that does not have adequate protections, or to an organisation that is not covered by the EU-US Privacy Shield, we will terminate our contract/subscription.

How long we hold your information for

Personal data is securely in line with our Records Management and Data Protection policies.  In accordance with data protection legislation, it is only retained for as long as necessary to fulfil the purposes for which it was obtained, and not kept indefinitely. 

Your rights

Consent: If you have given us your consent to use personal data (e.g. marketing), you can withdraw your consent at any time.  Please note that this will not affect any personal data that has been processed prior to withdrawing consent.

Right of access (also known as subject access): You have the right to ask for confirmation of what information we hold relating to you and request a copy of that information.  

Right to object: You have the right to object to our processing of your personal data in certain circumstances.

Right to restrict processing: In certain circumstances, you have the right to ask us to stop making use of the personal information that we retain in our records about you.  

Right of data portability: You have the right to request that a copy of your personal data that we hold is provided to you or a third party in a structured, commonly used, electronic form, so it can be easily transferred.

Right of erasure: (also known as right to be forgotten): In certain circumstances, you have the right to request that we delete your personal information from our records.

Right of rectification: If you believe your personal data that we hold is inaccurate or incomplete, you have the right to request that it is corrected, updated, or completed.

If you wish to exercise any of these rights or want to find out more information, please contact our Data Protection Officer (contact details above).   Shine Charity will consider all requests in line with your legal rights and our legal obligations.   

If you have any concerns about the way we are collecting our using personal data, you should raise your concern with the Data Protection Officer in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns.

Our Privacy Notice (Employees and Volunteers)

We want everyone who is employed by us or who volunteers to feel confident and comfortable with how any personal information you share with us will be looked after or used.  This Privacy Notice sets out how we collect, use, and store your personal information (this means any information that identifies, or could identify, you).

The Privacy Notice is categorised into the following sections for ease of reference:

  • Who we are?
  • When do we collect your personal data?
  • What information do we collect?
  • Why do we collect and use your personal data?
  • In what situations do we collect personal data from other sources
  • In what situations do we share personal data with other organisations
  • What is our legal basis for collecting and using your personal data?
  • Keeping your information safe
  • Data transferred outside the EU
  • How long we hold your information for
  • Your rights

Who we are

Shine Charity is a registered charity which aims to transform the life chances of children, young people and their families, particularly in areas of disadvantage and deprivation.

At Shine we are committed to protecting your privacy we are committed to protecting your personal information making every effort to ensure that your personal information is processed in a fair, open and transparent manner

We are a “data controller” for the purposes of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).  This means that we are responsible for, and control the processing of, your personal information.

If you have any questions about this privacy statement or information, we hold about you, please contact our Data Protection Lead:

Data Protection Officer
Shine Charity
Shadsworth Road
Blackburn BB1 2HT

Telephone: 01254 674952
Emailinfo@shine-charity.org

When do we collect your personal data?

  • You apply for a position with us or contact us in relation to volunteering for us, or fundraising on our behalf.
  • As part of the everyday administration and management of your contract with us. For example:
    • You let us know if there is a change to your personal data.
    • You apply for or notify us of leave.
    • You complete your appraisal.
    • You make a formal complaint or raise a concern about your work with us.
  • As part of the everyday administration of work-related activities. For example:
    • You use an ICT approved or ICT provided system or technology.
    • You are present (CCTV) at one of our sites or sign in at one of our buildings.
    • You register to become involved in work-related activities such as a first aider, fire warden, or registered driver.
    • You attend or complete one of our training courses.
    • You make a formal complaint or raise a concern.
  • When you complete volunteer related activities: For example:
    • You participate in fundraising activities.
    • You attend or complete one of our training courses.
    • You assist in the distribution of charitable gifts.

What information do we collect?

The information we collect from you directly or from third parties with whom we work, may include:

  • Personal information (i.e. name, address, email address, employee number, national insurance number).
  • Characteristics (i.e. age, gender).
  • Special categories of data (i.e. ethnicity, health).
  • CCTV images.
  • Photographs and video recordings.
  • Contract information (i.e. start dates, hours worked, post, roles and salary information).
  • Work absence information (i.e. number of absences and reasons).
  • Performance (i.e. capability and disciplinary matters).
  • Qualifications.
  • Recruitment information.
  • Relevant medical information.
  • Remuneration information (i.e. pension membership, bank information).

Why do we collect and use your personal data?

  • To recruit and select employees and volunteers.
  • To enable payment of salary, tax, pension contributions and expenses.
  • To manage your contract with us. For example, processing leave requests and maintaining appropriate levels of conduct and performance etc.
  • To meet legal obligations. For example, we may process your personal data (including sensitive data such as physical or mental health) to protect your health and safety and to fulfil our equal opportunities obligations etc.
  • To take appropriate action in the event that a formal complaint or concern is raised, including safeguarding.
  • To run background checks in accordance with our due diligence policies and procedures.
  • To plan staffing levels and necessary cover.
  • To plan work and direct volunteer related activities.
  • To keep you informed of, and to improve our strategy, plans, activities and services. For example, we welcome and encourage your feedback, and in some cases might actively seek this.

Other employees might access your personal data where this is required for work or volunteer purposes. Where this is the case, the organisation relies on all employees to access and use personal data in accordance with their obligations under our data protection policy.

In what situations do we collect personal data from other sources?

  • We use the services of a third-party to complete background checks. In addition to this, we may use sources in the public domain to complete these tasks. 

In what situations do we share personal data with other organisations?

  • With Her Majesty’s Revenues & Customs (HMRC) for taxation purposes.
  • With law enforcement agencies if we receive a valid legal instruction.
  • With third parties that we contract to administer HR activities on our behalf including payroll, pension and health/insurance cover providers.
  • If you are involved in an insurance claim, we might share your personal data with insurance companies / brokers.
  • As part of our recruitment and selection processes, we might run a background check on you. This may include sharing your personal data with employment agencies, previous employers, public bodies and our third-party screening and due diligence service.
  • We contract a limited amount of third parties to store data on our behalf. This may include your personal data. Types of third parties we use include cloud storage, website hosting and software providers.

We only share personal data with another organisation if we have a legal basis to do so.

In all the above situations, we will ensure that we have a written contract (or valid legal instruction) in place with the organisation that includes data protection clauses to ensure that they do not use personal data for their own marketing purposes, and have security requirements in place to protect your personal data.

What is our legal basis for collecting and using personal data? 

Where we have your consent to use information. For example, taking and using photographs of you in order to promote our fundraising activities. You can withdraw this consent as any time (See “Your rights over your personal data” section). 

Where the processing is necessary to enter into or fulfil the terms and conditions of a contract. For example, to enable payment of your salary, tax, pension contributions and expenses.

Where the processing is required under the law.  For example, collecting your medical information to protect your health & safety.

Where the processing is in our legitimate interests. For example, using your leave details to plan staffing levels and necessary cover. We will only rely on this legal basis if your interests and fundamental rights do not override our interest.

Where the processing is in your vital life interest. For example, sharing your personal data with emergency services in the event of a medical emergency.

Where any special category data is processed (e.g. medical information and ethnicity) this is done in order to carry out our obligations in relation to the fields of employment, social security and social protection law or for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.    

Keeping your information safe

We take looking after your information very seriously. We’ve implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.

Unfortunately the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site.

Data transferred outside the EU

Processors that we use may transfer, and hold, personal data outside of the EU.  We will ensure that organisations who process personal data on our behalf only transfer data to countries that the EU deems as having adequate levels of protection in place.  Processors that transfer data to the United States must be covered by the EU-US Privacy Shield.  If a processor is found to be transferring data to a country that does not have adequate protections, or to an organisation that is not covered by the EU-US Privacy Shield, we will terminate our contract/subscription.

How long we hold your information for

Personal data is securely in line with our Records Management and Data Protection policies.  In accordance with data protection legislation, it is only retained for as long as necessary to fulfil the purposes for which it was obtained, and not kept indefinitely. 

Your rights

Consent: If you have given us your consent to use personal data (e.g. marketing), you can withdraw your consent at any time.  Please note that this will not affect any personal data that has been processed prior to withdrawing consent.

Right of access (also known as subject access): You have the right to ask for confirmation of what information we hold relating to you and request a copy of that information.  

Right to object: You have the right to object to our processing of your personal data in certain circumstances.

Right to restrict processing: In certain circumstances, you have the right to ask us to stop making use of the personal information that we retain in our records about you.  

Right of data portability: You have the right to request that a copy of your personal data that we hold is provided to you or a third party in a structured, commonly used, electronic form, so it can be easily transferred.

Right of erasure: (also known as right to be forgotten): In certain circumstances, you have the right to request that we delete your personal information from our records.

Right of rectification: If you believe your personal data that we hold is inaccurate or incomplete, you have the right to request that it is corrected, updated, or completed.

If you wish to exercise any of these rights or want to find out more information, please contact our Data Protection Officer (contact details above).   Shine Charity will consider all requests in line with your legal rights and our legal obligations.   

If you have any concerns about the way we are collecting our using personal data, you should raise your concern with the Data Protection Officer in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns.

How to make a complaint

If you are unhappy about how we have processed your personal data or have a privacy concern, we want to know about it. To make a complaint or raise a concern please contact our Data Protection Lead.

Telephone: 01254 674952
Email: info@shine-charity.org
Post: Shine Charity, Shadsworth Road, Blackburn, BB1 2HT

If you are unhappy with how we deal with your complaint or concern you should contact the UK data protection authority, the Information Commissioner’s Office (ICO). The ICO can be contacted at: https://ico.org.uk/global/contact-us/

You also have the right to make your compliant to the ICO direct. However, they may advise you to contact us to see if the matter can be resolved in the first instance.