At Blue Cross, we are committed to protecting your privacy. This Policy explains how and why we use your personal data (i.e. any information which identifies you, or which can be identified as relating to you personally), to ensure that you remain informed and in control at all times. We will never sell your personal data. We will only ever share it with organisations who help us deliver our projects where strictly necessary and only if they comply fully with data protection law.
If you have any data protection questions in relation to this Policy, about how we use your personal data in general, or if you would like to make a request to exercise any of the rights you have over your personal data (see section 11 of this policy for more details), please send them to the Data Protection Officer at Blue Cross. The Data Protection Officer can be contacted by e-mailing [email protected], calling 0300 777 1897 or in writing to:
The Data Protection Officer
Shilton road, Burford,
Oxfordshire, OX18 4PF
How to Contact us
If you are a Blue Cross supporter and would like to update the personal data we hold about you or wish to opt out of receiving marketing communications from us, you can let us know by writing to Customer Services at Blue Cross, Shilton Road, Burford, Oxfordshire, OX18 4PF or by email [email protected] or phoning us on 0300 790 9903.
2. ABOUT BLUE CROSS
We are Blue Cross, a registered charity (charity no. 224392 in England and Wales or SC040154 in Scotland). Like many charities, we are a company limited by guarantee (company no. 00363197). We also have a wholly-owned subsidiary, Blue Cross Trading Company Limited, a company registered in England and Wales (company no. 2203092), which only operates in ways which help to further our charitable aims. Our registered office is at Shilton Road, Burford, Oxfordshire, OX18 4PF. For the purposes of data protection law, we are a controller of your personal data. This means we make decisions about how and why it is used, and have a duty to ensure your rights are protected.
Blue Cross is a charity that has been helping sick, injured, abandoned and homeless pets since 1897. We help thousands of pets in need, providing veterinary care, expert behaviour help and finding them loving homes. We also give advice and education for current and future pet owners and offer pet bereavement support.
3. INFORMATION WE COLLECT ABOUT YOU
3.1 Personal data you provide
We collect the personal data you provide to us. This includes information you give when you sign up to our newsletter or a campaign, make a donation, volunteer with us, contact us about a pet for rehoming or bring your pet into one of our animal hospitals, clinics or a veterinary practice that we work in partnership with, request pet care advice, register or participate in an event, purchase goods or services, or send an email to us.
The personal data we collect may include:
- personal details (name, date of birth, email, address, telephone etc);
- financial information (payment information such as credit/debit card or direct debit details, and whether donations are gift-aided); and
- details of your preferences and interests e.g. which species you are most interested in.
If you sponsor a pet as a gift for someone else, or are the parent of one of our younger volunteers,
your details will be recorded, as will your relationship to that person.
3.2 Personal data created through your involvement with us
Your activities and involvement with Blue Cross will result in personal data about you being created. This may include details of pets you have rehomed, how you have helped us as a volunteer, and your involvement with one of our appeals. If you decide to donate to us, we will keep a record of when, how much you have donated, and through what medium e.g. an appeal, sponsoring a pet, or via a charitable trust. If you choose to Gift Aid with a donation to us, then we will ask for your address and UK taxpayer status as this information is needed to fulfil our obligations under tax and charity law. It will also be shared with HMRC for tax regulation purposes.
3.3 Personal data we generate
From time to time, we conduct research and analysis on the information we hold, which can in turn generate personal data. For example, by analysing your interests and involvement with our work we may be able to build a profile which helps us decide which of our communications are most likely to interest you. Section 6 contains more information about how we use information for profiling and targeted communications.
3.4 Information from third parties
We sometimes receive personal data about individuals from third parties such as vet practices and other animal welfare organisations with whom we work to rehome pets and to provide veterinary services. If you participate in an event organised by an external party or make a donation through a donation aggregator like JustGiving, then they may pass personal data about you to us. Also, as explained in Section 6 we may use third parties to help us conduct research and analysis on personal data which can result in new personal data being created.
3.5 Special Categories of Personal Data
We do not normally collect any special categories of personal data about you, such as your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Nor do we collect any information about criminal offences and convictions. However there are some situations where we will collect special categories of personal data such as your health if you are participating in a fundraising activity like running a marathon. If we do need to collect this sort of data, we’ll take extra care to ensure that your privacy rights are protected.
3.6 Accidents or incidents
If an accident or incident occurs on our property or involving one of our staff (including volunteers), our record of what happened and the action we have taken as a result may include personal data and special categories of personal data.
4 HOW WE USE PERSONAL DATA
We only ever use your personal data with your consent, or where it is necessary in order to:
- enter into, or perform, a contract with you such as when you purchase a product from our catalogue;
- comply with a legal duty such as under the gift aid scheme where we are required to inform you of the proceeds of your donated items in our shops;
- protect your vital interests for example in a life or death situation; or
- for our own (or a third party’s) legitimate interests, provided your rights don’t override these for example sending direct marketing communications by post unless you tell us that you don’t want to receive them from us.
In any event, we’ll only use your information for the purpose or purposes it was collected for (or else for closely related purposes).
We use personal data for administrative purposes, i.e. to carry on our charitable work. These include:
- sending appointment reminders to clients of our animal hospitals or veterinary clinics, or providing health updates;
- keeping records of veterinary clients or those in receipt of veterinary grants;
- if you participate in an event organised by us, keeping you updated;
- processing donations and gift-aid declarations;
- managing feedback and complaints;
- maintaining databases of our volunteers and donors, e.g. to make sure that the personal data they contain is accurate and up to date;
- fulfilling orders for goods or services, whether placed online, over the phone or in person;
- helping us respect your choices and preferences, e.g. if you ask not to receive marketing communications, we will keep a record of this);
- asking you to take part in a survey; or
- enabling you to participate in a prize draw or competition.
4.2 Using your information to enforce and comply with the law
We must ensure our activities comply with the law. Therefore we may need to share your personal data if we are required to do so by law, e.g.in connection with a court order. We may use your personal data for other purposes such as fraud prevention, to comply with money laundering regulations and to protect people’s rights, property or safety.
If certain levels of financial donations are made, the Fundraising Regulator’s Code of Fundraising Practice requires all charities in the UK to perform certain checks regarding the individual who has made the donation. More details can be found at www.fundraisingregulator.org.uk
Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.
4.3 Our Legitimate Interests
We may process your personal data on the basis of our legitimate interests, provided that your fundamental rights do not override those interests. Our legitimate interests are:
- to keep our records updated;
- to administer our relationship with you;
- to determine how our limited resources might be used in the most effective way;
- to protect our security, guard against fraud and other wrongdoing; and
- to inform our marketing and maximise support engagement and participation
4.4 Who we share your personal information with and why
We take all reasonable efforts to keep your details safe and secure and will only share them with suppliers or professional agents working on our behalf, for example professional fundraising organisations who send out our fundraising or marketing materials or telephone agencies making fundraising calls on our behalf.
We carefully select our partners and will only share information with them if we are confident that they will protect it and comply with data protection law. We will always have a contract in place with them that assures this.
We will never share your details with other organisations to use for their own marketing purposes.
We may also use other companies to provide services and process your personal information on our behalf including delivering postal mail, making telephone calls to our supporters, sending emails, sending SMS messages, processing credit card payments and analysing our supporter information (as set out in section 6) to help us communicate with you in the most appropriate way.
We may share your personal information with veterinary practices to provide the products or services you’ve requested or require from us, but only to the extent strictly necessary.
We use a separate company (Suttons Consumer Products Limited) to manage and fulfil orders to customers from our catalogue and online Blue Cross shop. We also use them to manage the distribution of our catalogue to our supporters.
5.1 What does “Marketing” mean?
Marketing includes news and information about:
- our charity, aims, ideals and what we stand for;
- our pet rehoming, veterinary and behaviour work;
- appeals and fundraising (including details of how to leave a legacy, donations etc.);
- our events and activities; and
- products, services and offers (our own, and occasionally those of third parties which may interest you).
As a charity, we rely on donations and support from others to continue our important work. From time to time, we will contact existing donors with fundraising communications. This might occur after a predetermined period, relate to an appeal, or suggest ways you can raise funds for us. This could range from taking part in a sponsored event to buying a product or service where Blue Cross will receive some of the proceeds e.g. a pet insurance package.
We will contact you by email where you have consented for us to do so.
We many contact you by phone if you have consented for us to do so or where we have called you in the past and you have not objected. If you are registered on the Telephone Preference Service (“TPS”) we will only call you if we have your consent to do so.
If you have provided us with your postal address we may write to you about our work unless you tell us that you would prefer not to hear from us in this way.
We will not use your information for marketing communications if you have indicated that you do not wish to be contacted for such purposes. You can let us know at any time if you’d like to change your preferences or stop receiving communications altogether; please use the details in section 1 to let us know your preferences.
If you receive our e-newsletters, you can use the unsubscribe link in any of the emails we send to stop receiving these.
If you ask us not to contact you, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future.
6 TARGETING OUR COMMUNICATIONS AND RESEARCHING OUR SUPPORTERS
Our supporters make all of our vital work for pets in need possible, especially as we receive no government funding. We have a duty to make sure that we are spending your donations wisely and that means doing some research and analysis to inform our decisions. We are continually striving to understand our supporters better, and communicate in the most appropriate and relevant way we can.
In order to work out who to contact, we, or a company working on our behalf, may analyse the personal data you provide to us in order to tailor our communications with you and make our appeals more relevant and cost-effective. Specifically, we carry out the following activities:-
6.1 Donor Grouping
We may use freely-available information about a certain geographical area in order to better predict what residents of that area would be interested in e.g. residents of Oxford are unlikely to be interested in a new hospital which is opening up in Cornwall. We may also combine these demographic indicators with information you give us e.g. the types of appeals you have responded to in the past, in order to build a more accurate profile of the area. We may obtain likely indicators of interest or financial status based on your postcode rather than at an individual level. However, this information won’t be specific to you.
Profiling is a common technique used in direct marketing and involves analysing data to improve targeting of communications.
We use profiling to analyse our supporter base. For example, we keep track of the amount, frequency and value of each person’s donation, and where possible, what the donation relates to. This information helps us to ensure communications are relevant and timely and to send different communications to people who might choose to support us in a significant way.
Our Major Donor team undertake in-house research and sometimes use other organisations to help us identify people who may be able to support us with larger gifts. Where available, we may sometimes supplement personal data you have given us with data that is in the public domain, (such as directorships you hold as listed on Companies House, or press articles) which relate to you or your business. We may also use wealth indicators such as property values or shareholdings too. If collected, we would only use this information to tailor our communications and invite potential and current supporters to meetings, groups and events which might be of special interest.
6.3 Anonymised Personal Data
We may aggregate and anonymise personal data so that it can no longer be linked to any particular person. This information can be used for a variety of purposes, such as targeting new donors, or to identify trends or patterns within our existing supporter base. This information helps inform our actions and improve our appeals, products/services and materials.
7 OUR WEBSITE AND COOKIES
We do not collect or process personal data about visitors to our website unless they choose to provide it, such as when signing up to our newsletter.
We may collect personal data about visitors to our website as this helps us optimise and improve it for everyone. This information might include your internet protocol address, the browser being used, the device (e.g. its operating system) and the connection type (e.g. the Internet service provider). However, none of this information is likely to directly identify you.
Read more about our cookies policy.
We will retain remarketing data from Google for 30 days and for up to 180 days for Facebook.
7.3 Opting Out
If you do not wish to see adverts, you can:
- set preferences for how Facebook advertises to you using your Facebook ad preferences.
7.4 Hyperlinks to other websites
8 KEEPING YOUR INFORMATION SAFE
We employ a variety of physical and technical measures to keep your personal data safe and to prevent unauthorised access to, or use or disclosure of it. Electronic data and databases are stored on secure computer systems and we control who has access to them (using both physical and electronic means). Our staff and volunteers receive data protection training, and we have a set of detailed data protection procedures which they are required to follow when handling personal data.
We cannot absolutely guarantee the security of the internet, external networks or your own device, accordingly any online communications (e.g. information provided by email or through our website) are at your own risk.
9 STORAGE AND RETENTION
We only store personal data as long as it is required for the purpose(s) we collected it for (or for a related compatible purpose, such as keeping a record of a donation). Legal requirements mean that we have to retain certain items of personal data for a given period of time e.g. gift aid declarations must be retained for seven years. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of it, the purposes for which we process it and whether we can achieve those purposes through other means, together with the applicable legal requirements. We regularly review what data we have and delete that which is no longer necessary. In certain situations you have the right to request that your personal data be deleted (the ‘right to be forgotten’); please see section 11 for further details.
Details of retention periods for different aspects of your personal data are available in our retention policy and schedule which you can request by contacting us.
Except as set out below, we normally only store personal data within the European Economic Area (EEA). If one of our subcontractors (such as a payment processor) needs to transfer it outside of the EEA then we will take steps to make sure adequate levels of privacy protection, in line with UK data protection law, are in place. These safeguards will usually be contractual and/or the result of a European Union decision which allows the transfer (for example, a US organisation which is certified under the EU-US Privacy Shield framework).
10 CHILDREN’S PERSONAL DATA
We are committed to protecting the privacy of the young people that volunteer, fundraise, attend events organised by us and at schools or clubs or engage on our website. Where appropriate we will ask and obtain the consent of a parent or guardian.
11 YOUR RIGHTS
We want you to remain in control of your personal information. Part of this is making sure you understand your legal rights, which are as follows:
(a) where data is processed on the basis of consent, the right to withdraw that consent;
(b) the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of it (subject access);
(c) the right to have inaccurate data rectified;
(d) the right to object to your data being used for marketing or profiling, or on the basis of our or a third party’s legitimate interests;
(e) the right to restrict how your personal information is used; and
(f) the right to be forgotten, which allows you to have your data erased in certain circumstances. Please note this is not an absolute right and may not apply if we need to continue using it for a lawful reason.
(g) the right to data portability, which allows individuals to obtain and reuse the personal data they have supplied to Blue Cross for their own purposes across different services in a safe and secure way.
If you would like further information on your rights or wish to exercise them, please write to the Data Protection Officer using the details given in section 1, with details of your request.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so (for example, because the personal data no longer exists or there is an exception which applies to your request).
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner's Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk
12 UPDATES TO THIS POLICY
We may update this Policy at any time. When we do, we will post a notification on our website and revise the updated date at the bottom of this page. We encourage you to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we hold.
This Policy was last updated on 17 May 2018