Indus Health Network is committed to protecting and respecting your privacy and security and we believe your personal data is an ‘Amanah’ (Trust) – much like your donations – and are therefore committed to being open and transparent about how we store and use your personal information.
Who are we?
Indus Health Network is a registered charity (number 1154809). The registered address is 7 Bradman House, Abercorn Place, London NW8 9XY.
Lawful bases for collecting your data
Indus Health Network, like all organisations in the European Union, needs a lawful basis to collect and use your personal data. Under article 6 of General Data Protection Regulation (GDPR), there are six lawful grounds for processing data, of which the following are more relevant to Indus Health Network’s activities:
- Consent: where an individual has given us clear consent to process personal data e.g. when we have obtained your consent to contact you by email, phone or SMS.
- Contract: the processing is necessary for a contract we have with an individual e.g. contracts of employment we have staff or in some cases contractual arrangements with volunteers.
- Legal obligation: the processing is necessary for us to comply with the law e.g. we are legally required to hold donor transaction details for Gift Aid and accounting/tax purposes.
- Legitimate interest: the processing is necessary to achieve a legitimate interest e.g. if you donate towards a Hospital Bed, we will share your unique Donor ID and name with our partners to have the permanent plaque engraved with your name on it and to report back to you.
How do we obtain your personal information?
Personal Information is collected from you when interacting with Indus Health Network, for example this could be when you:
- Support our work by donating
- Inform us of your fundraising activities
- Make an enquiry
- Request information from our support team regarding our projects or your sponsored projects
- Share your feedback
- Make a complaint
- Sign up for an event
- Register as a volunteer
- Apply for a job
- Contact us or become involved with us in any other way not listed above
Information from third parties
We may also receive information about you from third parties if you have given them permission to share this information and indicated that you wish to support Indus Health Network, for example, if you set up a fundraising page with ourselves through JustGiving, PayPalGiving, AmazonSmile, FaceBookDonation, sign up to a challenge or register for an event via Eventbrite.
What information do we collect?
When you communicate with us we may collect ‘personal information’. This may include your name, address, email address, telephone numbers, bank account details and whether or not you are a UK tax payer, so we can claim Gift Aid.
Other personal details may be collected, based on the services sought from Indus Health Network.
Sensitive Personal Information
Data protection law recognises that certain categories of personal information as being more sensitive. They are referred as ‘sensitive personal data’ and under GDPR they are known as ‘special categories of personal information’ and covers racial and ethnic information, political opinions, religious beliefs or philosophical beliefs, trade union membership, genetic data and biometric data, health information.
Indus Health Network does not collect sensitive personal data concerning our supporters unless it is deemed necessary to do so – such as participating in challenge events or international trips – to ascertain what services you require in order to offer you the relevant support. Before collecting any sensitive personal information about you, we will make it clear what information we are collecting and why we need it.
All sensitive personal data is stored on a secure database, to which only a limited number of relevant staff have access. It is deleted when no longer relevant, is never shared with third parties, and is available to you at any point should you wish to see it.
How do we use your information?
We mainly will use your information for the following purposes:
- Providing you information about our activities and services
- Keeping you updated of our fundraising campaigns and events
- Responding to your enquiries and complaints
- Providing you with services, products or information you have requested, like project feedback reports
- Processing your donations
- Sending you a receipt to confirm your donation (unless requested otherwise)
- Processing Gift Aid donations
- Process a job or volunteering application
- Staff administration
- Complying with our legal obligations, policies and procedures
- Administering records
We may aggregate and anonymise personal information so that it can no longer be linked to any particular person in order for us protect your personal identity. This anonymised data can be used for a variety of purposes (such as recruiting new supporters) or to identify trends or patterns within our existing supporter base. This data helps inform our actions and improve our campaigns, products, services and materials.
Who do we share your information with?
We will not sell your details to any third parties, but we may sometimes share your information with our trusted service providers who are authorised to act on our behalf and partner organisations who work on our behalf, or whom we work with in partnership to deliver our projects. We may also use companies to deliver services and process your data on our behalf, including the delivery of postal mail, sending emails and text messages, processing card details and analysing stakeholder trends to assist us in offering better services to our supporters.
These ‘data processors’ will only act under our instruction and are subject to pre-contract scrutiny and contractual obligations containing strict data protection agreements, on the conditions of confidentiality and security. Only limited information is shared with them, in order for them to deliver their services. We do not allow these organisations to use your data for their own purposes or disclose it to other third parties without our consent and we will take all reasonable care to ensure that they keep your data secure.
We will also comply with legal requests where disclosure is required or permitted by law (for example to government bodies for tax purposes or law enforcement agencies for the prevention and detection of crime, subject to such bodies providing us with a relevant and lawful request in writing).
How we keep your information up to date
Where possible, we try to keep your records up to date using publicly available sources; for example, using the Post Office’s National Change of Address database and the National Bereavement Register. However, we really appreciate it if you let us know if your contact details change.
How long will we keep your information?
We will hold your personal information on our systems for as long as is necessary for the relevant activity, for example we will keep a record of donations subject to Gift Aid for at least seven years to comply with HMRC rules.
If you request that we stop sending you marketing materials we will keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us.
How do we protect your information?
We ensure that there are appropriate technical controls in place to protect your personal details. For example, our online forms are always encrypted and our network is protected and routinely monitored.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and volunteers.
We use external companies to collect or process personal data on our behalf (such as JustGiving and Eventbrite). We do comprehensive checks on these companies before we work with them, especially regarding how they manage the personal data they collect on our behalf, or have access to.
Despite all of our precautions, no data transmission over the internet can be guaranteed to be 100% secure. So, while we strive to protect your personal information using strict procedures and security features to prevent unauthorised access, we cannot guarantee the security of any information you disclose to us online, and you must understand that you do so at your own risk. However, any payment card details (such as credit or debit cards) we receive through our website are passed securely to our payment processing providers who meet the required Payment Card Industry (PCI) Security Standards. We do not store your credit or debit card details at all following the completion of your transaction. All card details are securely destroyed once the payment or donation has been processed.
While we do not actively collect information from children (under 18s), we appreciate that our supporters are of all ages. Where appropriate, we will always ask for consent from a parent or guardian to collect information about children. All Indus Health Network events will have clear rules on whether or not children can take part, and the collection of data will be managed in accordance with each individual event, with appropriate safeguards in place.
Accessing and updating your personal information
You can request access to any information we hold about you by contacting our support team at Indus Health Network, 7 Bradman House Abercorn Place London NW8 9XY, or emailing us firstname.lastname@example.org or telephone on 0207 993 8082.
Your personal preferences and keeping your data accurate is of utmost importance to us. If at any stage you do not want to hear from us or want to update your details you can write, email or call us on the contact details shared above.
Any email we send you will contain information about how to unsubscribe from email marketing communications. During any phone conversation you have with us, please feel free to let us know how you prefer to be contacted.