BPAS – Marketing, External Affairs & Social Media
This privacy notice was last updated on 19th July 2018.
Your ‘personal data’ or ‘personal information’ is any piece of information that would allow us to identify you as an individual. The processing of personal data is governed by the EU General Data Protection Regulation (the “GDPR”) and national laws that implement the GDPR in each European Economic Area (“EEA”) country.
We take your privacy very seriously, and this document sets out what personal information we collect from you in relation to this service, how we intend to use it and what your rights in respect of that information are. By participating in our marketing, fund raising, campaign, donation activities and/or events and using our social media sites, you are accepting and consenting to the practices described in this Privacy Notice.
It is important that you read this Privacy Notice (together with any other privacy notice or fair processing notice we may provide you with on specific occasions when we are collecting or processing personal data about you) and we encourage you to keep copies of all such notices for your records.
Our products and/or services are not intended for children and we do not knowingly collect data relating to children.
The controller of your personal information is British Pregnancy Advisory Service (BPAS), which is a charity and limited company registered in England and Wales under Guarantee No: 1803160 and registered Charity No: 289145 and registered with the UK Information Commissioners Office under data controller number: Z5613684 (“we”, “us”, “our”).
Should you have any query in respect of this Privacy Notice or your personal information, you can contact us at the following:
Data controller: British Pregnancy Advisory Service (BPAS)
Address: 20 Timothys Bridge Road, Stratford Enterprise Park, Stratford-upon-Avon, Warwickshire, CV37 9BF
Telephone: +44 345 365 5050
We may collect, use, store and/or transfer information about your identity, contact details and marketing & communications preferences if you sign up to be a supporter for one of our newsletters, sign a petition or become an e-campaigner (on the website or in person), including:
We may also collect, use, store and/or transfer information about your identity, contact details and profile if you use our social media sites, or interact with us on social media:
If you come to an event or attend one of our training courses, we may collect, use, store and/or transfer information about your identity, contact details, financial and/or transaction data and marketing & communications preferences, such as your:
If you donate or attend a fundraising event, we may collect, use, store and/or transfer information about your identity, contact details, financial and/or transaction data and marketing & communications preferences, such as your:
If you are a member of the press, or an interested party and your information is publicly available then we may collect, use, store and/or transfer information about your identity and contact details, such as your:
We may also process publicly available data based on what people say about us in the press, social media or other websites. We may collect information including what people are saying about women’s health, reproductive health and maternal health. We may do this directly or via a third party who will anonymise the data for us. This data will be processed under our legitimate interests to improve our services. Where possible this data will be anonymised or pseudonymised and kept for no longer than necessary.
We may also collect, use and share aggregated data such as statistical or demographic data for any purpose if you cannot be identified in any way. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any special categories of personal data about you for these services (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences for these services.
We collect your personal information through different methods, including:
o Technical data from analytics providers;
o Contact, financial and transaction data from providers of technical, payment and delivery services;
o Public sources of information on the internet based on what you do (journalists) or your opinions as they relate to our services, and
o Identity and contact data from selected business partners, data brokers or aggregators.
We may purchase lists of data from organisations, from time to time, that can provide data privacy records showing your consent for the use of this data by us. There may also be instances where people make purchases on your behalf and sign you up to our services or information. If this is the case then we will endeavour to contact you within thirty (30) days to let you know this has happened, and you can ask us to stop processing at this point. We may also use your information if you have made this public, are over 18 and may have interacted with us.
We will use your personal information in the following ways and for the following purposes:
You do not have to provide your personal information to us. However, should you choose not to provide it, you will be unable to receive our newsletters or other information from us, join our campaigns, interact with us over social media, come to an event or attend one of our training courses. Where we need to collect personal data by law or under the terms of a contract we have with you (e.g. if you try to purchase a training course or make a donation) and you fail to provide it when requested, we may not be able to perform the contract we have or are trying to enter into with you and may have to cancel the service you have with us (but we will notify you at the time if this is the case).
We maintain strong physical, electronic and procedural safeguards to protect the confidentiality, integrity and availability of your personal information. We have taken appropriate security measures against illegal and/or unauthorised access to your personal information, and against the accidental loss of, or damage to it.
Data is shared as part of providing these services with parties outside of BPAS that allow us to process your data and provide elements of services for us. These parties may include:
Microsoft - Microsoft provide our email service and when you email us this will be controlled under: https://products.office.com/en-us/business/office-365-trust-center-privacy
More Onion –More Onion manages BPAS petitions and email campaigns. More Onion act as a data processor which means we have a contract in place with them, that they cannot do anything with your personal information unless we have instructed them to do so, and that they will not share your personal information with any organisation apart from us. They will retain information securely on our behalf and retain it for the period we instruct.
JustGiving - If you donate to us through Just Giving then you will be subject to their data privacy notice that can be found at: https://www.justgiving.com/info/privacy-policy-versions/privacy-policy-v20
VirginMoneyGiving - If you donate to us through Virgin Money Giving, then you will be subject to their data privacy notice that can be found at: https://uk.virginmoneygiving.com/giving/terms/privacy-policy.jsp
Savoo - If you donate to us through Savoo then you will be subject to their data privacy notice that can be found at: https://www.savoo.co.uk/info/the-legal-stuff/privacy/
HMRC - If you allow us to reclaim GiftAid then we need to check your status with HMRC and apply for the tax rebate, when we do this we exchange information with HMRC and this data will be subject to their data privacy notice that can be found at: https://www.gov.uk/government/publications/data-protection-act-dpa-information-hm-revenue-and-customs-hold-about-you/data-protection-act-dpa-information-hm-revenue-and-customs-hold-about-you
Payment service provider / Bank - If you donate to us; to process your payment, we may need to share information with our partners to process this payment.
We may also need to share your personal information with the following in limited circumstances:
If we sell or buy (or plan to sell or buy) any business or assets or seek investment from a third-party investor, we may disclose your personal data to the investor or prospective seller or buyer of such business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
Any time we provide access to your personal information to someone else, we will ensure that it is adequately secured to protect your privacy and that they comply with the requirements of the applicable data protection legislation.
If you are a resident of a country in the EEA, we may need to transfer your personal information outside of the EEA, for example where our data storage facilities or processing locations are in another country.
Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to it by putting adequate, legally-approved safeguards in place, including at least one of the following:
If you would like more information about our safeguards, please contact us using the details inserted in section 2 above.
Please note that some of the social media companies that we interact with may share your data outside of the EEA. We have no control over this as it is bound by their data privacy notices to you. Please see section 8 above and review their data privacy notices carefully.
We will only retain your personal data for as long as necessary to fulfil the purposes we hold it for, including for the purposes of satisfying any legal, accounting or reporting requirements. In general, we will need to keep the information that we collect from you for the following periods of time:
We may sometimes need to keep a copy of your personal information for a longer period, for example in the event of an incident, to investigate a data breach or to comply with legal requirements. We will never keep your personal information for longer than we consider necessary.
In all cases, your personal information will be securely destroyed once the retention periods described above expire.
You have rights in respect of the personal information we hold on you, including the right to ask us to:
You can object to our use of your personal information for our legitimate purposes at any time.
Should you want to exercise any of those rights, please contact us using the details set out in Section 2 above.
Our partners use automated decision making for the following reasons:
BPAS does not handle these processes directly and they are provided to us. If you would like to know more about these processes and which companies to contact to find out how this data is processed then please contact us using the details set out in Section 2 above. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal data where that reason is compatible with the original purpose.
Should it be necessary to use your personal data for a new, unrelated purpose, we will endeavour to notify you and communicate the legal basis which allows us to do so before starting any new processing.
The exception to this is where use of the personal information is required or permitted by law e.g. generation of reporting information for the government or for another legal reason that may require us to contact you. In this case, we may process your personal information without your knowledge or consent.
You also have the right to lodge a complaint with our supervisory authority, the Information Commissioner’s Office, which can be contacted at the following:
Supervisory Authority: UK Information Commissioner’s Office
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
Telephone: 0303 123 1113
We may need to make changes to this Privacy Notice in the future (for example, to comply with new legal requirements).
Where that is the case, we will provide you with a revised Privacy Notice on our website, which you will be able to access. If required by law, we will seek your prior approval before revising this Privacy Notice.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.