This policy was last updated 28/04/2018.
Four Paws Animal Rescue South Wales (FPARSW) take your privacy seriously and in this policy we explain why we use your personal data and how we store it.
You can decide not to receive communications or change how we contact you at any time, if you wish to do so the quickest way is by emailing us on firstname.lastname@example.org or writing to Four Paws Animal Rescue South Wales, P O Box 57, Newport NP11 9AE.
Your personal data (i.e. any information which identifies you, or which can be identified as relating to personally) will be collected and used by Four Paws Animal Rescue South Wales (charity no. 1117893, registered in England & Wales).
Our registered office address is Four Paws Animal Rescue South Wales, P O Box 57, Newport NP11 9AE.
Collecting personal information
We may collect, store and use the following kinds of personal information:
- Information about your computer and about your visits to and use of this website. (using cookies)
- Information that you provide to us when registering with our website, filling in an application form, volunteer form or relinquishment form (Such as your name, address, email address and telephone number).
- Demographic information such as postcode, preferences and interests.
Any volunteering involvement with FPARSW will result in a personnel file being created on our system for safeguarding and legal purposes. We may hold information such as emergency contact information and medical conditions.
If you donate to us and complete a giftaid declaration, we will hold this on file for the length which is required by law (7 years).
Sensitive personal data
We do not normally collect or store sensitive personal data (such as information relating to health) about volunteers or members of the public, however there are some situations where this will occur e.g. if you have an accident while volunteering or at one of our event stalls or premises. If this does occur we’ll take extra care to ensure your privacy rights are protected.
Using personal information
Personal information submitted to us through our website may be used in the following ways:
- Internal record keeping.
- For legal reasons such as government returns (e.g. tax returns) and where requested to by a authorising body (e.g. the police)
- We will not supply your personal information to any third party for the purpose of marketing.
Disclosing personal information
- We may disclose your personal information to any of our employees or volunteers for the purposes set out in this policy. All of our volunteers have agreed to handle data in accordance with data protection laws.
- We may disclose your personal information:
- If required to do so by law;
- In connection with any legal proceedings;
How we protect and store personal information
We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use or disclosure of your personal information.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our volunteers receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.
By filling in one of our forms you will be submitting data to either Google, Shelter Manager or Mailchimp. See below for information about their data storage.
Some of our systems use Google products. As a US company, it may be that using their products result in personal data being transferred to or accessible from the US. However, we’ll allow this as we are certain personal data will still be adequately protected (as Google is certified under the USA’s Privacy Shield scheme, it is also ISO27001, 27017 and 27018 compliant which are internationally accepted security standards).
Shelter Manager operates servers in the United Kingdom and as such already use industry standard encryption to protect data during transit and at rest to ISO 27001 standards of both physical and electronic security.
For large binary data, such as images, scans of paperwork and stored documents, these are stored in Amazon S3. Large binary objects may be stored in a different region from our server. All objects are encrypted and locked down such that only their servers can access them.
How secure is Shelter Managers data?
Shelter Manager use nothing but industry-standard SSL for all communications between your browser and their servers, they use a highly secure 10,000 iteration PBKDF2 algorithm for password storage and they regularly conduct pen-testing for SQL injection, XSS and CRSF attacks. Where possible all data is encrypted at rest with industry standard AES-256 encryption.
MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework. We are committed to subjecting all Personal Information received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome. A list of Privacy Shield participants is maintained by the Department of Commerce and is available at: https://www.privacyshield.gov/list.
We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored for depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing emails, we will stop storing your emails for marketing purposes.
Another example, if you complete a volunteer application form we will keep that information on file for as long as you’re an active volunteer with FPARSW.
Please refer to the privacy brief on the individual forms to see how long we keep its data for.
We continually review what information we hold and delete what is no longer required.
Keeping you in control
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
- The right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as subject access request).
- The right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason).
- The right to have inaccurate data rectified.
- The right to object to your data being used for marketing and where technically feasible, you have the right to personal data you have provided to us which we process automatically on the basis of your consent or the performance of a contract. This information will be provided in a common electronic format.Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
If you have a complaint relating to data protection and/or privacy rights please contact the trustees at email@example.com or via post to Four Paws Animal Rescue South Wales, P O Box 57, Newport NP11 9AE.
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk
Changes to this policy