Galop Privacy Notice
The purpose of this privacy notice is for Galop to be clear about how your personal information is used.
There are sections within this notice that will be relevant for those who use Galop’s service, those who support or donate, or both.
Individuals have the right to be informed under the requirements set out by the UK GDPR. This right means that organisations like Galop provide clear information about what we do with individuals’ personal data through our privacy notice and at point of collection.
Your personal data
Personal data is information that can be used to identify a living person. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.
Who is the data controller here?
Galop decides how any personal data given to us is processed and for what purposes, Galop is the data controller.
There are time where your data is processed by a third party, for example if you donate through a platform like Just Giving. In these instances, Just Giving would be the Data Processor, but Galop remains Data Controller.
If you have any concerns about your personal data or the way in which it is being used, or want to know what personal data Galop holds that relates to you, you can contact info@galop.org.uk.
How do we process your personal data?
Galop complies with its obligations under the UK General Data Protection Regulation by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Depending on why we have been given your data, we use your personal data for the following purposes:
For service users
- To contact you regarding your case with us.
- To refer you to other trusted services / partner organisations who can provide more suitable help.
For financial and non-financial supporters
- To process a donation, payment or gift aid application
- To inform people of news, events, fundraising activities or jobs opportunities via email
- To process feedback or survey results.
- To understand our supporters better through data analytics and profiling purposes To keep a record of your relationship with us
- To advertise and reach other individuals who may be interested in supporting us through Facebook (Meta) and Google services.
What is the legal basis for processing your personal data?
We will only process your data if we have a legitimate legal reason or legitimate interest to do so. The following are the legal basis for us processing your data:
- Consent of the data subject
(This means you have agreed for us to process your data for a specified purpose) - Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
- Processing is necessary for compliance with a legal obligation
- Processing is necessary to protect the vital interests of a data subject or another person
(this means that there might be a danger to a person’s health or safety) - Processing is necessary for the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
The following are the basis for Galop to use legitimate interest to process your data as a financial or non-financial supporter only:
- Postal communications about our work and fundraising activities
- Research and conduct surveys
- Analyse our supporter base to better understand them and tailor our fundraising and communication to be as relevant as possible
- Targeted advertising
Please note that where we use legitimate interest for the above reasons, you have the right to object to this should you wish to be excluded. You can tell us to exclude you at any time by emailing info@galop.org.uk.
If your personal data contains sensitive information (data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation), we will only process it if we also meet the appropriate following conditions:
- Explicit consent of the data subject
- Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement
- Processing is necessary to protect the vital interests of a data subject or another individual where the data subject is physically or legally incapable of giving consent
- Processing is necessary for the establishment, exercise or defence of legal claims or where courts are acting in their judicial capacity
- Processing is necessary for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes.
Sharing your personal data
For service users only, your personal data will be treated as strictly confidential, and will be shared only with partner organisations that may help with your case. We will only share your data with third parties with your consent, or if there is a genuine risk that you may be a risk to yourself or others.
For supporters, we will not share or sell your personal information with any third party for their own marketing purposes. We do use the services of other companies to help us run our fundraising activities and market research. These suppliers will handle data on our behalf but only under a clear contractual agreement regarding how this is to be done. The personal information that they do have access to will be limited to what is strictly necessary. These may include data analytics agencies, email providers and mailing houses.
How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary and we only retain your data for the following purposes and use the following criteria to determine how long to retain your personal data
- Casework: if your case with us is closed, we will anonymise your data
- Postal communications: we will hold your data until you wish to no longer receive communication through post, and stop sending if you have not responded to a mailing within a 4 year period. You can request to be removed from our mailing list at any time.
- Email newsletters: we will hold your data until you wish to unsubscribe. This can be done at any time and will result in your data being removed from our lists.
- Recruitment: we will hold recruitment data for no longer than 6 months
Your rights and your personal data
Unless subject to an exemption [under the GDPR], you have the following rights with respect to your personal data: –
- The right to request a copy of your personal data that Galop holds about you;
- The right to request that Galop corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for Galop to retain such data;
- The right to withdraw your consent to the processing at any time
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data
- The right to lodge a complaint with the Information Commissioners Office
Further processing
If we wish to use your personal data for a new purpose, not covered by this notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
Changes to our privacy notice
This privacy notice may change from time to time in line with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any notice changes.