Privacy Policy

Privacy Policy: 16.04.18

We are Handmade Parade CIC (Company No 7134000) and we are committed to safeguarding your privacy.  At all times we aim to respect any personal data you share with us, or that we receive from other organisations, and keep it safe. This Privacy Policy sets out our data collection and processing practices and your options regarding the ways in which your personal information is used.

Should you need to contact anyone at Handmade Parade regarding this policy please address your query to:

Write to: Handmade Parade, Unit 5 Victoria Works, Victoria Road, Hebden Bridge, HX7 8LN

Email: info@handmadeproductions.org.uk

Phone: 01422 844154

This Policy contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal data. Our privacy policy is reviewed regularly to ensure that it reflects how we use your information. Any changes will be notified to you by updating this policy so please check back to see if any changes have been made that are important to you. Where appropriate changes will be notified to you by email.

This privacy policy was last updated on 26/04/2018

The provision of your personal data to us is voluntary. Providing us with your personal data means you will be able to receive our expert resources, participate in our programmes, access our training, attend our meetings, make a donation, participate in our programmes, apply for employment,  volunteering or other work with us.

How we collect personal information about you:

We may collect personal information from you when you interact with Handmade Parade. There are lots of different examples of interaction which include: If you enquire about our work, or our events, if you make a donation, or apply for a job or volunteer with us or otherwise provide us with personal information. This may be when you phone us, email us, visit our website, sign up to attend an event or training session, through the post or in person.

You may give us personal information DIRECTLY

  • To access specialist resources
  • To attend our training
  • To attend meetings or events
  • When you share information from our website on social media (such as ; Facebook, Twitter, LinkedIn)
  • When you apply for employment, volunteering of other work
  • When you purchase or book any products or services from us
  • When you register for any of the programmes we deliver

You may also give us personal information INDIRECTLY:

  • When you visit our WEBSITE we use cookies to identify you which enable us to personalise your online experience (for example by remembering your log in details). Please refer to our Cookies Policy for details on the way our use of cookies affects your personal data. Your information may be shared with us by, others including users of our services and other stakeholders, accrediting bodies, employment agencies, when you follow us or otherwise interact with on or via Twitter, when you like and/or join our page on Facebook or interact with us in other ways on or via Facebook through these companies.

You may give permission to OTHER ORGANISATIONS to share it or it is PUBLICLY AVAILABLE INFORMATION

  • We may combine information you provide to us with information available from external publicly available sources.
  • Depending on your privacy settings for social media services, we may also access information from those accounts or services.

We use this information to gain a better understanding of you and to improve our communications, our business offer and fundraising activities.

These activities may include measures of wealth when it is available from public registers or other external sources. We may, from time to time, use third party suppliers to undertake these activities on our behalf. This helps us to understand a bit more about the people who support us so that we can make appropriate requests to those who may be able and willing to give more than they already do, enabling us to raise funds sooner and in a more tailored way than we otherwise would.

What information do we collect?

We may collect, store and use the following kinds of personal data:

  • Your name and contact details
  • The organisation(s) you work for
  • Postal address
  • Telephone number
  • E-mail address
  • Social media identity
  • Information about the services you use
  • Services and products of interest to you
  • Marketing and/or communication preferences
  • information about your computer and about your visits to and use of this website including your IP address, geographical location, browser type, referral source, length of visit and number of page views;
  • Any other information you have chosen to share with us

However, we may request other information where it is appropriate and relevant, for example

  • Details of why you have decided to contact us and notes relating to any discussions in person or electronically
  • Your bank details or debit/credit card details for processing payments;
  • Photographic images of your likeness
  • Details of your interests and participation in our work, surveys you have completed, etc

Do we process sensitive personal information?

Applicable law recognises certain categories of personal information as sensitive and therefore require more protection including information for equal opportunities monitoring (where appropriate). We may also collect and store sensitive personal data if there is a clear reason for doing so; and will only do so with your explicit consent or where the law requires us to do this.

How and why will we use your personal data?

Personal data, however it has been provided to us, will be used for the purposes specified in this Policy or in relevant parts of the website.

We may use your personal information to:

  • Enable you to use any and/or all of the services we offer;
  • Send you information about our work, campaigns, programmes and any other information, products or services that we provide. The channels we will use to do this are: phone, email, direct mail and digital advertisements (this will not be done without your consent and you may specify which channels of communication you prefer);
  • Provide you with the services, products, programmes or information you have requested;
  • Improve your browsing experience by personalising your interaction with our website;
  • Handle the administration of any donation or other payment you make via credit/debit card, cheque, standing order or BACS transfer;
  • Collect payments from you and send statements and/or receipts to you;
  • Handle the administration of your employment, volunteering or any other work you apply for and are engaged on;
  • Conduct research into the impact of our campaigns;
  • Deal with enquiries and complaints made by or about you relating to the website or us in general;
  • Make applications for accreditation by third parties, where you have registered and/or
  • Audit and/or administer our accounts.

Supporter and Stakeholder research/profiling

We may use your personal information to undertake research to gather further information about you from publicly accessible sources. This helps us to get a better understanding of your background, interests and preferences in order to improve our communications and/or interactions with you, to help ensure they are targeted to be relevant and appropriate, and to provide information (sometimes through third parties) about our services which we consider may be of interest to you.

Facebook & Instagram marketing

We may use some of your personal information to participate in Facebook’s Custom Audience , Lookalike Audience and programs, which enable us to display adverts to both existing and prospective  supporters when they visit Facebook or Instagram. We may provide your email address to Facebook so they can determine whether you are a registered Facebook or Instagram account holder with them. Our adverts may then appear when you access Facebook or Instagram. Some of your data is sent in an encrypted format that is deleted by Facebook (a) if it does not match with a Facebook or Instagram account or (b) after they confirm you are a registered account holder.

For more detailed information please see

https://www.facebook.com/business/help/744354708981227   and Facebook’s data policy at https://en-gb.facebook.com/policy.php.

Twitter marketing

We may use some of your personal information to participate in Twitter’s Tailored Audience programs, which enable us to display adverts to both existing and prospective supporters when they visit Twitter. We may provide your email address, and mobile phone number to Twitter so they can determine whether you are a registered account holder with them. Our adverts may then appear when you access Twitter. Some of your data is sent in an encrypted format that is deleted by Twitter (a) if it does not match with a Twitter account or (b) after they confirm you are a registered account holder.

For more detailed information please see https://legal.twitter.com/ads-terms/us.html#twitteradsprogramt%26cs and https://legal.twitter.com/ads-terms/us.html#twitterconversiontrackingprogramt%26cs

Linkedin marketing

We may use some of your personal information to participate in Linkedin’s Contact targeting and Website Retargeting programs, which enable us to display adverts to both existing and prospective  supporters when they visit Linkedin. We may provide your email address to Linkedin so they can determine whether you are a registered account holder with them. Our adverts may then appear when you access Linkedin. Some of your data is sent in an encrypted format that is deleted by Linkedin (a) if it does not match with a Linkedinaccount or (b) after they confirm you are a registered account holder.

For more detailed information please see https://www.linkedin.com/legal/sas-terms

Google Analytics

We may use some of your personal information to analyse our digital performance, for example to see how our website can be improved to help us achieve the purposes set out in section 11 below, to record how you are using our website or to assess the popularity of marketing campaigns.

For more information on how we use your personal information in relation to Google Analytics, please view our cookie policy by clicking this link.  Our cookie policy also contains information about how you can opt-out of the collection of information for such purposes.

Communications, fundraising and marketing

Where you have provided us with your physical address, we will contact you by post; and where you have provided appropriate consent, also by telephone and e-mail, with targeted communications to let you know about our work, events, campaigns and other activities that we consider may be of particular interest; about the work of Handmade Parade and to ask for donations or other support.

Donations and other payments

All financial transactions carried out on our website are handled through PayPal and Eventbrite, third party payment services providers. We recommend that you read their privacy policy (available at https://www.eventbrite.com/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_US and https://www.paypal.com/gb/webapps/mpp/ua/privacy-full) prior to effecting any transactions with us We will provide your personal data to these organisations only to the extent necessary for the purposes of processing payments for transactions you enter into with us. We reserve the right to change our third party payment service providers subject to the needs of our business, without need for notice, this Privacy Policy should therefore be checked regularly for updates. We do not store your financial details for any of these web based payments.

Children’s data

We may process data of people under the age of 16 that participate in our programmes.  Where we do this information will be encrypted and access to this information limited to those staff requiring it in order to run the programme and provide necessary reporting only to our funders.  We will securely store this information for a reasonable period and as required by company, funder or for legal reasons.

Other disclosures

We will disclose your information to regulatory and/or government bodies and/or law enforcement agencies upon request only when required to do so in order to satisfy legal obligations which are binding on us.

Security of and access to your personal data

We take the security of your personal information extremely seriously. We’ve implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and offline, from improper access, use, alteration, destruction and loss.

Your information is only accessible by appropriately trained staff, volunteers and contractors, or contracted agencies and/or suppliers who are processing data on our behalf.

We may also merge or partner with other organisations and in so doing transfer and/or acquire personal data.

We may transfer and/or store personal data collected from you to and/or at a destination outside the European Economic Area (“EEA”). Please note that some countries outside of the EEA have a lower standard of protection for personal data, including lower security requirements and fewer rights for individuals. Such personal data may be processed by agencies and/or suppliers operating outside the EEA. If we transfer and/or store your personal data outside the EEA we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your personal data and will use best practice guides and recommended legal agreements to do this.

Otherwise than as set out in this Privacy Policy, we will only ever share your data with your informed consent.

 Your rights

Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for direct marketing purposes or to be unsubscribed from our email list at any time. You also have the following rights:

  • Right to be informed
    • You have the right to be told how your personal information will be used. This Policy and other policies and statements used on our website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used.
  • Right of access
    • You can write to us to ask for confirmation of what information we hold on you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we have 40 days to comply. As from 25 May 2018, we will have 30 days to comply.
  • Right of erasure
    • As from 25 May 2018, you can ask us for your personal information to be deleted from our records. In many cases we would propose to suppress further communications with you, rather than delete it so that we have evidence of your request for audit purposes.
  • Right of rectification
    • If you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated.
  • Right to restrict processing
    • You have the right to ask for processing of your personal data to be restricted if there is disagreement about its accuracy or legitimate usage.
  • Right to data portability
    • to the extent required by the General Data Protection Regulations (“GDPR”) where we are processing your personal information under your consent, because such processing is necessary for the performance of a contract to which you are party, to take steps at your request prior to entering into a contact or by automated means, you may ask us to provide this information to you – or another service provider – in a machine-readable format.

To exercise these rights, please send a description of the personal information in question using the contact details below. Where we consider that the information with which you have provided us does not enable us to identify the personal information in question, we reserve the right to ask for personal identification and/or further information.

Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you consult ICO guidance – https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ – or please contact us using the details below.

You are further entitled to make a complaint about us or the way we have processed your data to the Information Commissioner’s Office (“ICO”). For further information on how to exercise this right, please see the guidance at https://ico.org.uk/for-the-public/personal-information. The contact details of the ICO can be found here: https://ico.org.uk/global/contact-us/.

Lawful processing

We are required to have one or more lawful grounds to process your personal information. Only 4 of these are relevant to us:

  1. Personal information is processed on the basis of a person’s consent
  2. Personal information is processed on the basis of a contractual relationship
  3. Personal information is processed on the basis of legal obligations
  4. Personal information is processed on the basis of legitimate interests

(1) Consent
We will ask for your consent to use your information to contact you by phone, send you electronic or postal communications such as newsletters and marketing and fundraising emails, for targeted advertising and profiling, and if you ever share sensitive personal information with us.  Where our programmes are enhanced by the sharing of information (ie Local Volunteer Support Network, training) we will ask your consent to share with other relevant parties.

(2) Contractual relationships
Most of our interactions with subscribers and website users are voluntary and not contractual. However, sometimes it will be necessary to process personal information so that we can enter contractual relationships with people. For example, if you apply for employment or to volunteer with us, if you book on our events, participate in programmes or purchase something via our online shop.

(3) Legal obligations
Sometimes we will be obliged to process your personal information due to legal obligations which are binding on us. We will only ever do so when strictly necessary.

(4) Legitimate interests
Applicable law allows personal information to be collected and used if it is reasonably necessary for our legitimate activities (as long as its use is fair, balanced and does not unduly impact individuals’ rights).

We will rely on this ground to process your personal data when it is not practical or appropriate to ask for consent.

Achieving our purposes

  • These include (but are not limited to) promoting any philanthropic or benevolent purpose including without limitation to promote creativity as a lifelong skill.

Governance

  • Internal and external audit for financial or regulatory compliance purposes
  • Statutory reporting

Publicity and income generation

  • Conventional direct marketing and other forms of marketing, publicity or advertisement
  • Unsolicited commercial or non-commercial messages, including campaigns, newsletters, income generation or charitable fundraising
  • Analysis, targeting and segmentation to develop and promote or strategy and improve communication efficiency
  • Dissemination of our work through our website, publications, conferences, training events and social media
  • Personalisation used to tailor and enhance your experience of our communications

Operational Management

  • Employee, contractor and volunteer recording and monitoring for recruitment, safety, performance management or workforce planning purposes
  • Provision and administration of staff benefits such as pensions
  • Physical security, IT and network security
  • Maintenance of suppression files
  • Processing for historical, scientific or statistical purpose

Purely administrative purposes

  • Responding to enquiries
  • Delivery of requested products or information
  • Communications designed to administer existing services including administration of programmes and financial transactions
  • Thank you communications and receipts
  • Maintaining a supporter database and suppression lists

Financial Management and control

  • Processing financial transactions and maintaining financial controls
  • Prevention of fraud, misuse of services, or money laundering
  • Enforcement of legal claims
  • Reporting criminal acts and compliance with law enforcement agencies

When we use your personal information, we will consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information legally and fairly.

Data retention

In general, unless still required in connection with the purpose(s) for which it was collected and/or is processed as outlined in our Data Retention Schedule, we remove your personal information from our records.  However, if before that date your personal information is no longer required in connection with such purpose(s), we are no longer lawfully entitled to process it or you validly exercise your right of erasure, we will remove it from our records at the relevant time.

In the event that you ask us to stop sending you direct marketing/fundraising/other electronic communications, we will keep your name on our internal suppression list to ensure that you are not contacted again.

Policy amendments

We keep this Privacy Policy under regular review and reserve the right to update from time-to-time by posting an updated version on our website, not least because of changes in applicable law. We recommend that you check this Privacy Policy occasionally to ensure you remain happy with it. We may also notify you of any important changes to our privacy policy by email.

Third party websites

We link our website directly to other sites. This Privacy Policy does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website.  Updating your information on third party websites will not be shared with us unless you givee Parade consent or there is a legal or contractual reason for processing.

Updating information

You may ask us at any time to update your details, correct or remove information you think is inaccurate or to check the information we hold about you by contacting us via post or email

Breaches

 Any data breaches will be reported to the Information Commissioners Office (ICO) within 72 hours. You will also be notified any breach, the nature of this, what has happened, the likely consequences and any action being taken by us. You will also be provided with contact details of the person to refer to for more information.

Contact

The Executive Director is our Registered Data Controller and our Data Processing Officer.  Please let us know if you have any queries or concerns whatsoever about the way in which your data is being processed by either emailing us at info@handmadeproductions.org.uk, telephone 01422 844154 or writing to us at Unit 5 Victoria Works, Victoria Road, Hebden Bridge, HX7 8LN