Your privacy is of the highest importance to us. The Sussex Beacon is committed to keeping your personal data safe and being transparent about what personal data we hold and how we use it.
We ensure that your information is processed in accordance with all applicable laws concerning the protection of personal data. This policy explains:
- Who we are;
- What personal data we collect about you;
- How we use and store your personal data;
- Your rights; and
Who we are
We are The Sussex Beacon, a charity supporting people living with HIV, whose registered charity number is 298388. We are a company registered in England and Wales with the company number 2205876 at the address, The Sussex Beacon, 10 Bevendean Road, Brighton, East Sussex, BN2 4DE.
Collecting personal data
This privacy notice sets out how we process personal data that we collect from you, or that you provide to us, in line with current data protection legislation and other applicable laws. We will treat all your personal data as confidential, however we reserve the right to disclose this data in ways set out in this privacy notice.
Personal Information (or “data”) is any information that can be used to identify you. It can for example, include your name; date of birth; email address; postal address; phone number; payment card details and medical information.
Data Protection law recognises that certain categories of personal information are more sensitive. This is known as sensitive personal data and covers health information, racial or ethnic origin, religious beliefs and political opinions. We do not usually collect such sensitive personal data about our supporters unless there is clear reason for doing so, such as participation in a half marathon, marathon or similar fundraising event to ensure we provide appropriate facilities and support. We may also collect sensitive personal data about you if you self-refer, are referred, or use any of our services for people living with HIV. We will however always make it clear to you that we are collecting this sensitive personal data and the reasons for it.
Personal data we may collect and process:
- Your full name and your title;
- Date of birth;
- Postal address;
- Telephone numbers;
- Email address;
- Bank or payment card details;
- Dietary requirements;
- Medical information;
- Photographs of individuals;
- CCTV footage of those entering our premises;
- Records of correspondence with us;
- Donation and gift aid details; and
- Information you enter onto our websites.
We collect data in the following ways:
- Information you give to us: We collect information from you when, for example, you email us, contact us about our activities, engage with us on social media, phone us, registering to take part in a challenge event including our Brighton Half Marathon, make a donation to us, purchase or donate items in our shops or use our services. Sometimes when you support us your information is collected or processed by a third party for us, for example electronic communication facilitators, database providers and event registration software. Where they are doing so purely for The Sussex Beacon, we will remain responsible for your information at all times and they will not be permitted to use your personal information for their own marketing. We collect only the personal data necessary for the purpose it is being collected, stored and processed.
- Information you allow third parties to share with us: Your information may be shared with us by third parties who, for example, independently organise events such as the London Marathon, or facilitate fundraising such as Just Giving or Virgin Money Giving. These third parties will only share your personal information with us if you have indicated that you wish to support The Sussex Beacon with your consent. You should read their privacy policies to fully understand how they will process your information.
How we use your personal data
The ways in which we use your data depend on why you have provided it. We may use your data in the ways set out below:
- to provide you with the information, support, services or products you have requested from us, including such things as registration into a specific event or merchandise from the Brighton Half Marathon;
- To respond to your enquiries;
- To provide you with information which may interest you, such as newsletters, fundraising activities and resources, voluntary surveys, details of volunteering opportunities and updates on our work;
- To maintain a record of your relationship with us and for internal administrative purposes (including accounting);
- to administer and process payments, including to claim Gift Aid on your donations, and to fulfil the related legal requirements;
- to comply with applicable laws and regulations;
- to improve how we communicate with you, how we fundraise and how we generally operate;
- to keep in contact with you in ways you have requested or agreed to, such as providing fundraising support and resources when you sign up to a challenge event to fundraise for us;
- Notify you about changes to our services or policies;
- for Direct Marketing by email, post or telephone. We may occasionally include information from other organisations who we partner with on various campaigns or projects. More information on how we use your personal data for marketing purposes can be found under the “Marketing” section in this policy;
If you register or have registered to take part in the Brighton Half Marathon we will also use your data to:
- Administer your online account;
- Send you important information about the event including health and safety information;
- Provide our sponsors and event partners with your data if you have consented to us doing so and to receive marketing communications from them;
- To monitor, develop and improve the services we provide to you and your experience of the Brighton Half Marathon website.
We want to ensure we are contacting you with tailored and appropriate communications, ensuring we direct our resources and fundraising activities as effectively as we can and provide the level of support you would expect from us. We also want to communicate with you from time to time to thank you for your support and tell you what we have achieved with the help of your donations or time.
At The Sussex Beacon we want to ensure that you receive the level of marketing communications from us that are right for you, and contain the information you want to receive. The ways in which we market through various channels are set out as follows:
- Email and Text Marketing: If you actively and explicitly consent to us contacting you by email and by text for marketing purposes, and provided us with an email address and/or phone number, we may contact you by these methods about our work, upcoming fundraising events and activities, volunteering opportunities, how you can get involved or make a donation to us.
If you sign up to the Brighton Half Marathon and associated events, we have a legitimate interest to contact you about similar commercial products and services which we think you may be interested in.
You can update your preferences to tailor the information you want to receive, by clicking the ‘update my preferences’ link at the end of our marketing emails or by getting in touch at email@example.com.
You can opt out of these communications at any time by getting in touch at firstname.lastname@example.org, or by clicking the unsubscribe button at the bottom of our marketing emails.
- Post and Telephone Marketing: If you have provided us with your address and phone number we may send you mail or phone you about our work unless you have told us you would prefer not to receive such information. We do actively check phone numbers against the Telephone Preference Service. If your number is on this list we will not contact you by phone unless you have expressed specifically to us that you consent to receive such calls from us.
Retaining your personal data
We retain your personal data only for as long as is required to operate our services in accordance with legal and tax requirements. Once we no long require your data in order to fulfil a service you have asked for, to provide you with the customer service and communication that you would expect, or to satisfy legal requirements we will delete it in a secure manner. If we are relying on consent for a particular method of data processing, we will contact you to renew consent at reasonable intervals.
Sharing personal data
The Sussex Beacon may disclose your personal data to third parties in the following circumstances:
- To provide you with products or services that you have requested, for which we use a separate company to fulfil those services or supply the products.
- If you signed up to the Brighton Half Marathon or associated events, with your consent we may share your personal data with specific third parties for the purposes of marketing to you directly.
We will only share your personal data with third parties who comply with relevant data protection legislation, and we will ensure appropriate controls are in place. We regularly monitor their activities to ensure they continue to comply with law and with our policies.
We will never share, sell or swap your personal data with any third parties for the purposes of their own marketing unless you have explicitly consented to us sharing your data with specifically named third parties.
We will ensure your personal data is only accessible by appropriately trained staff or contractors.
International transfers of personal data
For financial and technical reasons, we may use the services of a supplier or products or services outside of the European Economic Area (EEA), meaning that your personal data is therefore transferred, processed and stored outside of the EEA. Although this includes countries that the European Union authorities do not consider as providing adequate levels of protection of personal data, we will take reasonable steps to ensure that your personal data is kept safe and in accordance with this privacy notice. In such cases, the transfer will be carried out subject to a Data Transfer Agreement in compliance with Data Protection law. For further information, please contact email@example.com.
Legal basis & legitimate interest
When we process your personal data, we will ensure this is done in accordance with at least one of the legal grounds stated within Data Protection Law. These consist of the following:
- We have obtained your affirmative and specific consent to use your personal data for a previously notified purpose, which may include sending you electronic direct marketing by email or text, or to provide you with a product, a service or information that you have requested;
- In some circumstances we may collect and use personal data where it is necessary to fulfil our legitimate interest as a charity. We shall however, always balance our legitimate interests against your rights as an individual and data subject to ensure we use your data in a way you would reasonably expect in accordance with this policy and which does not intrude on your privacy or preferences. Examples of how we may use our legitimate interests include:
- To send you marketing material to you by post or telephone;
- To send marketing communications by email & post to customers who have purchased a place in the Brighton Half Marathon and associated events, about our similar products and services;
- To provide fundraisers with the support and resources they would expect;
- To maintain a record of our relationship with you;
- For administrative purposes;
- To protect our business against fraud and other risks;
- Maintain our customer database and systems.
- Processing your personal data is necessary for the performance of a contract, such as to provide you with products or services you have purchased or requested (For example, if you register into the Brighton Half Marathon);
- We have a legal obligation to use or disclose information relating to you, for example, if we were ordered to do so by a court or regulatory authority;
- Processing is necessary to protect your vital interests; or
- Processing is necessary for the performance of a task which is carried out in the public’s interest, or in exercising official authority.
Your debit and credit card details
If you use your credit or debit card to make a donation to us, buy something or pay for registration in an event either online or in person, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard (PCI DSS). https://www.pcisecuritystandards.org/pci_security/
We do not store your credit or debit card details at all after the transaction is complete. Only staff authorised and trained to take payments will do so.
Cookies are small text files which are stored on your computer by websites that you visit, to help websites work more efficiently and provide us with information. There are four reasons cookies may be stored on your device when visiting a website owned by The Sussex Beacon:
- To enable the website to work correctly for you so you can use the online services provided;
- To remember your preferences and to make the website easier for you to use;
- To enhance the facilities and information on our website; and
- To collect data about your use of our website which are anonymised and used to improve our website.
- Strictly Necessary Cookies – These cookies are essential for you to be able to use certain key functions of the website, such as registering in the event.
- Third Party Cookies – These cookies collect information if you use social media sites or share a page from our website. Some of our pages contain embedded content such as YouTube videos and Twitter & Facebook likes, so you may receive cookies from these websites.
Please be aware we cannot control third party cookies. You can block cookies via the settings on your browser, however this may limit your access to certain websites including our site. To understand more about these third party cookies and their privacy policies please visit the relevant websites below.
|Third Party||Policy Location|
You can find further information about cookies at www.allaboutcookies.org.
If you send any inappropriate, offensive or defamatory content on our website or social media platforms, we may use your personal data to inform relevant third parties including your internet provider or law enforcement.
Under the Data Protection Legislation, you have rights as an individual in relation to the information we hold about you.
You have the right to request that we delete your personal data and stop processing it, if this processing is not necessary/legally required for the purpose you provided it to us then we will do so.
You have the right to ask for a copy of the information we are processing about you by making a ‘Subject Access Request’. If we hold personal data about you, we will:
- Provide a description of the personal data we hold;
- Explain why we are holding the personal data;
- Inform you who this personal data has been shared with;
- And give you a copy of the data.
We do not charge a fee for this service, however we reserve the right to charge reasonable fees for additional copies of information that have already been supplied to you, and for requests that are manifestly unfounded, excessive or repetitive. You can make a subject access request by emailing us as firstname.lastname@example.org.
You have the right to request that your personal data is transmitted electronically to another company in certain circumstances.
If we hold inaccurate or out dated personal information relating to you, you have the right to ask us to rectify that information.
You have the right to request that we do not, or refuse us permission to, process your personal data for the purposes of marketing. We will inform you before collecting your data if we intend to use if for marketing purposes or if we shall share your personal data with third parties.
You have the right to ask us not to continue to process your personal data for marketing purposes by contacting us at email@example.com. Where you have opted in to receive marketing correspondence, you have the right to withdraw your consent at any time or update your preferences of the types of marketing you receive. This can be done via the instructions contained in the marketing correspondence, or by contacting us directly.
To speak to us about any of the above rights please get in touch at firstname.lastname@example.org or 01273 694222. For further information on your rights, you can also view the Information Commissioner’s guidance here.
Links to other websites
This privacy notice is not applicable to links within our websites which link to other websites not owned by The Sussex Beacon. Please read the privacy statements on other websites which you visit.
If you would like to make a complaint about the way we have processed your data, or the information provided in this notice, please contact us at email@example.com or 01273 694222. Alternatively you can contact the Information Commissioner’s Officer via their website.
Changes to this policy
We regularly review this privacy notice and will make any changes available on this page. If we make any significant changes, we will notify you by email. By continuing to use this website you will be deemed to have accepted such changes. This privacy notice was last updated May 2018.
We recommend that you check this page regularly to keep up-to-date.