Join Tommy Club
Join Tommy Club

PRIVACY POLICY

Introduction This website is owned and managed by Royal British Legion Industries (RBLI).  We are a charity registered  in England and Wales under the charity registration number 210063. We are also a company limited by guarantee registered in England and Wales under company number 00158479.  Our main trading address is Hall Road, Aylesford, Kent ME20 7NL. We at RBLI take the privacy of our beneficiaries, customers, supporters and volunteers very seriously.  We are strongly committed to protecting your privacy and every reasonable effort is taken to ensure that your information is kept secure and intact. This policy describes how RBLI collects and uses personal information about the people who visit our websites and who give us their data over the phone, face-to-face, and in writing. This policy also states how and why we use data, how we store it and how individual personal preferences can be amended. The terms of this policy may change, so please check it from time to time. This version published on 10th April 2018 supersedes all previous versions. By using our website, you are accepting and consenting to the practices described in this policy. If you have any queries about this policy please contact: The Data Protection Officer RBLI Hall Road Aylesford Kent  ME20 7NL E-Mail: [email protected] RBLI, as the Data Controller, is registered with the Office of the Information Commissioner under the Data Protection Act 1998, registration number Z6761919. RBLI Privacy Statement The General Data Protection Regulation (GDPR) provides the legal framework that defines how personal information can be used. RBLI is fully committed to complying with the principles set out in GDPR and has a legal duty to protect any information we collect from you. Please read this privacy policy to understand how we use your data. In summary: Your personal information is only used for the purpose for which we collect it. Only information that we need is collected. Fundraising communication will be limited to a maximum of 72 months if we do not hear from you during this time. Your personal information is only seen by those who need it to do their jobs. We will only disclose data when we have your consent, or where we are obliged to disclose personal data by law, or as expressly permitted under the GDPR (through contract, legal obligation, vital interests; public task, or on the basis of legitimate interests). We will keep your information up to date. Inaccurate or misleading data will be corrected as soon as possible after being drawn to our attention. Personal information is retained only for as long as it is required for the purpose collected. Your information will be protected from unauthorised or accidental disclosure and processed in an appropriate manner to maintain its integrity and confidentiality. We will provide you with a copy of your personal information on request (please see below for information on access rights and requests). These principles apply whether we hold your information on paper or in electronic form. How do we collect information? If you provide goods or services to RBLI, we will collect information in line with your contract for services. We may also collect technical information relating to your use of our website, including your browser type or the Internet Protocol (IP) address used to connect your computer to the internet. We also gather general information about the use of our website, such as which pages users visit most often and which services, events or facilities are of most interest. We may also track which pages users visit when they click on links in emails.  Information gathered this way will only be used by us to improve our online presence and offerings that we believe will be of use to our site visitors. We obtain personal information from you when you enquire about our activities – including fundraising and trading –  when you register with us, send or receive an email, make a donation to us, ask a question or otherwise provide us with personal information. We may also receive information about you from third parties, for example from mailing list brokers. We will only ever collect the information that we need, including data that will be useful to help improve our services. The information is either needed to fulfil your request or to enable us to provide you with a more personalised service. You don’t have to disclose any of this information to browse our sites. What information do we collect? The personal information we collect might include name, date of birth, email address, postal address, telephone number and credit/debit card details. We may also collect special categories of personal data such as information about your health if this is required for the purpose you have contacted RBLI. We collect special categories of personal data only if we are permitted to do so by data protection law, and we have additional measures in place to protect this data.  This may include an individual’s Regiment or Corps. We also gather general non-personal information about the use of our website, such as which pages users visit most often, and which are of most interest. We may also track which pages users visit when they click on links in RBLI emails. Wherever possible we use aggregated or anonymous information which does not identify individual visitors to our website. Please see the section below on Cookies. Why do we collect this information? We collect this information for the purpose of promoting the aims of the Charity and communicating effectively and appropriately with our supporters and, in particular, providing support to our beneficiaries. The lawful basis for which we process your information can be one or more of the following, depending on the subject and context. your consent; processing is necessary for the performance of a contract to which you are a party. If you fail to provide this information we may be unable to perform the contract; processing is necessary for compliance with our legal obligations, for example to comply with our obligations as an employer to disclose employee salary details to HMRC; processing is necessary to protect your interests or that of another person; processing is necessary for the performance of a task carried out in the public interest; processing is necessary for the purpose of the legitimate interest pursued by us or a third party, except where your rights as a data subject override our legitimate interest. The legitimate interest we rely upon is subject to a assessment based on the specific context and circumstances. We will communicate to data subjects the specific basis for legal processing that has been adopted for a particular processing activity. How do we use this information? We will use the information you provide in the ways set out below: promote the aims of RBLI; to provide and personalise our services to beneficiaries; to communicate with our supporters, dealing with your enquiries and requests, recording any contact with you; to provide you with information that you have indicated an interest in, for example information about our campaigns, volunteering, fundraising and trading activities and how you can donate to us; we may use this information to personalise the way our website is presented when users visit it, to make improvements to our website and to ensure we provide the best service for users; to claim Gift Aid on your donations; to conduct market research; Segmentation, so that we can offer supporters information relevant to them; for administrative purposes. If you enter your contact details in one of our online event registration forms, we may use this information to contact you even if you don’t “send” or “submit” the form. We will only do this to see if we can help with any problems you might be experiencing with the form or with our websites. Do we share your information with anybody else? We may share your personal information with our suppliers, who we engage to process data on our behalf. In such cases information is only shared for the purpose of providing services on our behalf relating to communications, or agreements between yourself and RBLI. Such processing is conducted under relevant Data Processing Agreements. We also may need to disclose your information if required to do so by law or as expressly permitted under applicable data protection legislation. We do not sell personal details to other charities or other third parties. Our websites may include links to websites run by other organisations. RBLI is not responsible for the privacy practices of these other websites so you should read their privacy policies carefully before sharing any personal or financial data. Storing and protecting your information We recognise the concerns that many people have about providing personal information online, but we  place great importance on the security of all personally identifiable information associated with our beneficiaries, supporters, staff and volunteers. We have security measures in place to protect against the loss, misuse and alteration or destruction of personal data under our control. Information is stored by us on computers located in the UK. We may also store information on paper files. All of our online forms are protected by encryption. We also use a secure server when you make a donation or payment via our website. However, no data transmission over the internet is 100% secure. As a result, whilst we cannot absolutely guarantee that loss, misuse or alteration of data will not occur while it is under our control, we use our best efforts to prevent this and protect your personal information. RBLI uses a set of controls to provide protection from the most prevalent cyber security threats. We will keep your information only for as long as we need it to provide you with the goods, services or information you have requested, to administer your relationship with us, to inform our research or the preferences of our supporters, to comply with the law and tax accounting rules, or to ensure that we do not communicate with people who have asked us not to. When your information is no longer required, we will always dispose of it securely, in accordance with our Records Retention Policy. Payment Card Information RBLI does not store any sensitive payment card data in our systems. The Charity has an active PCI-DSS compliance programme in place. This is the international standard for safe card payment processes. Transfer of Information Outside of the EU Given that the Internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data on an international basis. This means for instance that data you pass to us may be processed outside the European Economic Area, although the data will always be held securely and we will take steps to ensure that any third-party organisation we engage to process data on our behalf provides an adequate level of protection in accordance with GDPR. By submitting your personal information, you agree to this transfer, storing or processing at a location outside the EEA. Under 13s RBLI is concerned to protect the privacy of children aged under 13. We will seek consent from a parent or guardian before collecting personal information about a child aged under 13.  We will not knowingly request or collect from a child any information online that can be traced to the child, such as an email address, name, or information about the child’s family. Unless a parent or guardian consents to such use in advance, we will not knowingly use information that a child provides to us for any fundraising or promotional purpose. Your Rights You have a right to object to RBLI processing your personal information (‘right to object’) at any time where we rely on our legitimate interests for doing so.  Such a request must be sent to the Data Protection Officer at RBLI, Hall Road, Aylesford Kent ME20 7NL. You also have a right to object to us processing your data for the purposes of marketing. RBLI always acts upon your choices around what type of communications you want to receive and how you want to receive them. You have a choice about whether you want to receive information about the Charity’s work and fundraising and trading activities. We make it easy for you to tell us how you want us to communicate, in a way that suits you.   We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted. You can change your marketing preferences for what you receive from us and how, at any time, by contacting: Data Protection Officer RBLI Hall Road Aylesford Kent  ME20 7NL Tel: 01622 795900 E-mail: [email protected] You May Contact the Data Protection Officer for any of the following You have a right to ask us to confirm whether we are processing information about you, and to request access to this information (‘right of access’). If you would like to submit Data Subject Access request please email [email protected] to obtain a form. You can also use this form if you are requesting information on behalf of somebody else. We will ask you for proof of your identity before we can act upon your request. To obtain a copy of the personal information we hold about you, please write to us or submit your form to the Data Protection Officer. You may ask us, or we may ask you, to rectify information you or we think is inaccurate, and you may also ask us to remove information which is inaccurate or complete information which is incomplete (‘right to rectification’). If you inform us that your personal data is inaccurate, we will inform relevant third parties with whom we have shared your data so they may update their own records. If your personal details change, please help us to keep your information up to date by contacting the Data Protection Officer. You have a right to obtain your personal data from us and reuse it for your own purposes, perhaps for another service, without hindering the usability of the data (‘right of portability’). This right does not apply where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. You have a right to seek the erasure of your data (often referred to as the ‘right to be forgotten’). You may wish to exercise this right for any reason, for example where it is no longer necessary for us to continue holding or processing your personal data you may withdraw your consent. You should note that we are entitled to and reserve the right to retain your data for statistical purposes. This right is not absolute, as we may need to continue processing this information, for example, to comply with our legal obligations, or for reasons of public interest. You have a right to ask us to restrict our processing of your information (‘right to restriction’) if: you contest its accuracy and we need to verify whether it is accurate the processing is unlawful and you ask us to restrict use of it instead of erasing it we no longer need the information for the purpose of processing, but you need it to establish or defend legal claims you have objected to processing of your information being necessary for the performance of a task carried out in the public interest, or for the purposes of our legitimate interests. The restriction would apply while we carry out an assessment of the impacts on your rights and our legitimate interests. you exercise your right to restrict processing, we would still need to process your information for the purpose of exercising or defending legal claims, protecting the rights of another person or for public interest reasons. If you would like to exercise any of your rights above, please contact the Data Protection Officer at our address, unless we have provided specific contact details in respect of one of the rights we have set out. We will act in accordance with your instructions as soon as reasonably possible and there will be no charge. You have a right to report any of your concerns about our use of your data to the Information Commissioner’s Office. You may do so by calling their helpline at 0303 123 1113. Cookie Usage RBLI website uses cookies, tracking pixels and related technologies. Cookies are small data files that are served by our platform and stored on your device. Our site uses cookies dropped by us or third parties for a variety of purposes including to operate and personalise the website. Cookies help us to provide you with a better experience by allowing us to understand what areas of the website are of interest to our visitors (e.g. via Google analytics). Our cookies aren’t used to identify you personally. They collect anonymous information on the pages visited and we do not use advertising cookies. Most browsers will allow you to turn off cookies. Please note however that turning off cookies can and may restrict your use of our website. To learn more about cookies and how to manage them, visit AboutCookies.org When you first visit our site, you are given the option to opt-out of cookies but please be aware that this may negatively impact on your ability to view and use content on our website. Trademarks and copyright RBLI website contains material which is protected by copyright and/or other intellectual property rights. All copyright and intellectual property rights including the names, images and logos are owned by RBLI unless otherwise stated. All rights are reserved. You are responsible for complying with all applicable copyright laws. We permit you to make copies of information on RBLI website as necessary incidental acts during your viewing and you may take a print for your personal use of so much of the site as is reasonable for private purposes. All other uses are prohibited. Nothing in these terms shall be construed as conferring any right to use any trademark, logo, patent right or copyright of RBLI. Changes We may change the terms of this privacy statement on occasion, but will not reduce your rights under this Privacy Policy without your explicit consent. If we do so, we will post the changes here, so please check from time to time. We will also keep prior versions of this Privacy Policy in an archive. By continuing to use our websites you will be deemed to have accepted such changes. If you have any questions about this policy or how we use data please contact the Data Protection Officer at the above address or via email to [email protected] . Data Protection Regulator Further information and advice about data protection is available from: The Office of the Information Commissioner Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Tel: +44 (0) 01625 545 745 Website: www.ico.org.uk Fundraising Preference Service RBLI is committed to empowering our supporters to manage their information. The Fundraising Preference Service (FPS) enables donors to take control of their charitable giving and conversations; and we want to help you use the service effectively. RBLI supports the Fundraising Regulator and its efforts to develop the Fundraising Preference Service as a means of rebuilding trust between charities and the public. The Charity is committed to upholding fundraising best practice and being as transparent as possible with our donors. This policy will be reviewed regularly.  Any queries regarding this policy, or comments, should be addressed to the Data Protection Officer.