top of page

Thriving Through Recreation Privacy Policy, 2024/2025

Funders, Donors and Website Users

​

Purpose

​

Thriving Through Recreation is a Charitable Incorporated Organisation registered with the Charities Commission in England and Wales (1204822). This privacy notice describes how we collect and process your personal information if you make a donation or use our website. We only collect the data that we need to award grants and run our charity.

​

Who is This Policy For?

​

This policy is for funders, donors and website users.

 

Principles of Data Protection

​

Thriving Through Recreation regards the lawful and correct treatment of personal information as critical to its successful operation. 

​

Thriving Through Recreation fully endorses and adheres to the principles of Data Protection as set out in the Data Protection Act (2018) and the General Data Protection Regulations (GDPR). 

​

The GDPR outlines seven key principles for anyone who processes personal data. These are:

  • Ensure that data is fairly and lawfully processed.

  • Process data only for limited purposes.

  • Ensure that all data processed is adequate, relevant and not excessive.

  • Ensure that data processed is accurate.

  • Ensure that data is not kept for longer than is necessary.

  • Process the data in accordance with the data subject’s rights.

  • Ensure that data is secure.

  • Ensure that data is not transferred to other countries without adequate protection.

Thriving Through Recreation is registered with the Information Commissioner’s Office (ICO) and will renew this registration as required. 

​

All our trustees, staff, and volunteers are aware of data protection policies, and the legal requirements. Thriving Through Recreation will monitor changes to data protection legislation and implement them to remain compliant.

​

The Data We Collect

 

Personal information is any information that can be used to identify a living person. We may also collect special category data, which includes information about racial or ethnic origin, sexual life or orientation, religious beliefs, physical or mental health/condition, and details of proceedings in connection with an offence or an alleged offence.

 

We can collect and process the following information about you:

 

As a visitor to our website or if you contact us via the website

  • Contact Data, including first and last name, address, email address, telephone number.

  • Communications Data, including emails and records of conversations.

  • Technical Data, including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the device you use.

  • Usage Data including information about your use of our service, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); elements you viewed; page response times; download errors; length of visits; interaction information (such as scrolling, clicks, and mouse-overs).

​

As a donor or grant funder or if you subscribe to our newsletter

  • Contact Data, including first and last name, residential address, email address, business address, and telephone number.

  • Communications Data, including emails, content submitted via website, and records of conversations.

  • Financial Data, including payment instructions, may include bank account or card details, billing address, gift aid details.

  • Donation Data, including details about donations you have made to us.

  • Marketing Data, including information about your direct marketing preferences, for example whether you have agreed to receive marketing emails or newsletters from us.

  • Evaluation Data, including feedback you share with us when you participate in any reviews, questionnaires and surveys.

 

We also collect, process and use aggregated data, for example statistical or demographic data to monitor and evaluate the impact of our marketing and grant-giving strategy. Aggregated data may be derived from your personal data but is not considered personal data in law, as the data does not directly or indirectly reveal your identity.

​

If we combine or connect aggregated data with your personal data so that it is possible to identify you directly or indirectly, we treat this data as personal data in accordance with this privacy policy.

​

How We Collect your Personal Information

​

We collect data from you in different ways.

​

As a visitor to our website or if you contact us via the website:

  • Direct Interactions – you may give us your contact and communications data by submitting information on our website. This includes personal data you provide when you enquire about our charity or otherwise show an interest in the work that we do. 

  • Automated technologies or interactions – As you interact with our website, we may automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.

  • We may also collect data using third party sources, such as evaluation data, when you participate in surveys using SurveyMonkey and other research activities. Technical and usage data from Wix analytics, who support our website and provide server monitoring tools, may be based outside the EEA.

 

As a donor or grant funder or if you subscribe to our newsletter:

  • Direct Interactions - You may give us your Contact, Communications, Financial, and Donation Data by submitting information on our website or corresponding with us by phone, post, email, or otherwise. This includes personal data you provide when we are discussing and processing donations from you.

  • Third Parties or Publicly Available Sources - We may also collect data from third party sources. For example a. Contact, Financial, and Donation Data from providers of donation websites such as Just Giving; b. Marketing Data where you subscribe or unsubscribe from our direct marketing email communications or email newsletters; c. Contact Data from publicly available sources such as Companies House and the Electoral Register.

 

Why We Collect your data

 

We only use your personal data when the law allows us to, in ways you would reasonably expect from us. Under the UK General Data Protection Regulation, the lawful bases we most commonly rely on for processing your personal information are where it is necessary for our legitimate interests and where you have given us consent. When special category personal data is processed, a lawful basis and additional condition will be satisfied.

 

In some circumstances we need to collect personal in order to comply with the law, or to process a donation. If you do not provide that data when requested, we may not be able to fulfil our role in that respect.

Details of how we use your data, the type of data, and the legal justification we rely on to process your data is set out below:

 

Purpose

To administer our charity and manage our relationship with you.

Type of Data

  • Contact

  • Communication

Lawful Basis for Processing

Necessary for our legitimate interests to promote our charitable services, to answer website enquiries, to tailor our charity offerings appropriately, to keep our records updated and to study how our charity is operating.

 

Purpose

To administer our charity and protect our charity and website, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data.

Type of Data

  • Contact

  • Technical

Lawful Basis for Processing

Necessary for our legitimate interests for running our charity, provision of administration and IT services, network security, and to prevent fraud. 

​

Purpose

To process your donation or grant and to otherwise administer our charity.

Type of Data

  • Contact

  • Communications

  • Technical

  • Usage

  • Financial

  • Donation

  • Aggregated

Lawful Basis for Processing

Necessary for our legitimate interests for running our charity, providing grants, providing administrative and IT services, preventing fraud, and network security.

 

Purpose

To deliver relevant website content and marketing, and to use data analytics to improve our website, our services and our support to grant recipients.

Type of Data

  • Contact

  • Communications

  • Technical

  • Usage

  • Aggregated

Lawful Basis for Processing

Necessary for our legitimate interests to keep our website updated and relevant, to develop our charity, and to monitor and improve our grant awards system.

Consent, using cookies on our website.

​

Purpose

To send marketing material, raise public awareness, inform strategy and drive fundraising.

Type of Data

  • Contact

  • Marketing

  • Evaluation

  • Aggregated

Lawful Basis for Processing

Necessary for our legitimate interests to raise public awareness, shape our eligibility criteria and grant awards process, and drive fundraising activities.

Consent, to take part in surveys, receive communications and emails, or fundraising activities.

 

Who we share your information with

 

There may be circumstances in which Thriving Through Recreation is required by law to pass information to external authorities or organisations. These authorities and organisations will have their own policies relating to the protection of any data that they receive or collect.

 

Personal data is indirectly shared with Google LLC, Microsoft, and Wix as providers of email, cloud storage, and website systems. Their servers may be located around the world, and they have their own technical safeguards in place to protect your data.

 

How we store your information

 

Hard copy data, records and personal information are stored in locked filing cabinets. No hard copies of personal data will leave Thriving Through Recreation’s registered premises. Unwanted paper copies of data will be shredded.

 

Digital copies of data are stored on password protected laptops, tablets and mobile phones, or within password protected software accounts. Passwords are only known to specified Thriving Through Recreation staff and volunteers. Back-Up copies of personal data is stored on the Microsoft One Drive Cloud.

 

Your information is securely stored in the EEA apart from data that is processed by Google when you complete the application form using Google Forms and Microsoft One Drive Cloud, which may be stored elsewhere in the world. Any technical or usage data is stored on Wix servers that are located around the world. 

 

We have appropriate security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those employees, volunteers and other third parties who have a need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. 

 

We have a procedure to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

How long we keep your information

 

The secure disposal of redundant data is an integral element of compliance with legal requirements.

 

We will only keep your personal data for as long as necessary to fulfil the purposes for which we collected it, including satisfying any legal, accounting, or reporting requirements. 

 

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes. In this case, we may use this information indefinitely without further notice to you.

 

Your Data Protection Rights

 

Under data protection law, you have rights, including:

 

  • Your Right of Access: you have the right to ask us for copies of your personal data.

  • Your right to rectification: you have the right to ask us to rectify personal data you think is inaccurate. you also have the right to ask us to complete information you think is incomplete. We may need to verify the accuracy of the new information that you give us.

  • Your right to erasure: you have the right to ask us to erase your personal data in certain circumstances. We may not always be able to comply with your request of erasure for specific legal reasons which we will tell you, if applicable, at the time of your request.

  • Your right to restriction of processing: you have the right to ask us to restrict the processing of your personal data in the certain circumstances. These may include a) if you want us to establish the data’s accuracy; b) where our use of the data is unlawful but you do not want us to erase it; c) where you need us to hold the data even if we no longer require it as you need to establish, exercise or defend legal claims; or d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

  • Your right to object to processing: you have the right to object to the processing of your personal data in certain circumstances. This includes when we are relying on a legitimate interest, but you feel that us processing this data will impact on your fundamental rights and freedoms. In some cases, we may be able to show that we have compelling legitimate grounds to process your information which override your rights and freedoms.

  • Your right to data portability: you have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.

  • Your right to withdraw consent: when we solely use consent as our lawful basis you have the right to withdraw our consent.

 

You don’t usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you. Occasionally, if your request is particularly complicated, it may take us longer than a month to respond. In this instance, we will always keep you informed.

​

To make a data protection rights request, please contact us using the contact details in item 9 of this privacy policy. In some cases, we may ask for specific information from you to confirm your identity and confirm your right to access your personal data. This is to ensure that personal data is never disclosed to anyone who does not have the right to receive it. 

If you have concerns about our use of your personal data, you can make a complaint to us using the contact details in item 9 of this privacy policy.

​

If you remain unhappy with how we have used your data, after raising a complaint with us, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection. Further information can be found at https://www.ico.org.uk/.

 

How to Contact Us

 

If you have any questions about your personal data that are not explained here, please feel free to contact us at contact@thrivingthroughrecreation.co.uk.

 

Privacy Notice Changes

 

This Privacy Policy was last updated on 10 September 2024.

bottom of page