Privacy policy

1.   Introduction     

This privacy notice provides you with details of how we collect and process your personal data. 

Taxpayers Against Poverty Ltd is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice). 

 

Our full contact details are:  

Full name of legal entity: Taxpayers Against Poverty Ltd 

Email address: .(JavaScript must be enabled to view this email address) 

Postal address: 93 Campbell Road, London N17 0BF

 

This privacy policy was last updated in December 2019 

 

2. What type of information we have 

We currently collect and process the following information depending on the nature of your interaction with us: 

  1. your full name 
  2. contact details such as your postal address, telephone number(s), and email address 
  3. date of birth 
  4. National Insurance number 
  5. records of your correspondence and engagement with us 
  6. donation history  
  7. information you may enter on our website 
  8. photographs, video or audio recordings 
  9. occupation 
  10. your Internet Protocol (IP) address, and details of which version of web browser you used 
  11. information on how you use our website, using cookies and page tagging techniques 
  12. other information you share with us 

We use Paypal and GoGardless to process donation payments and we do not have access to your financial information such as your debit card details. 

Please note that we do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.  

Please also note that our activities are not for children and we do not collect information on children. 

Please let us know if at any time your personal information changes by emailing us at .(JavaScript must be enabled to view this email address) so that the information we hold about you is accurate and up to date. 

3. How we get the information  

This information may be collected via: 

  1. any paper forms you complete
  2. post, telephone, email conversations, or face-to-face interactions
  3. digital forms completed via our website, or online surveys 
  4. third-party companies and websites such as MailChimp and Paypal, Go Cardless and Google Analytics 
  5. publicly available sources 
  6. communication via social media 

4. Why do we have your information and the lawful bases we rely on for processing this information 

4.1 To keep you up to date with our campaigns, events, and any fundraising activities 

We may communicate with you over the phone, post, website, email and social media platform. 

We send the following information by email. 

  • updates about our work  
  • information about our campaigning activities including how you can support such campaigns and updates about the progress of our campaigns 
  • requests for donations, and updates on the impact that your fundraising activities have had on our work 
  • information about events that we organise around the issues that we are campaigning for.  
  • information about how you can help support us, along with updates on the impact of your work 

We will obtain your consent to contact you by email, phone or post. You can withdraw your consent, unsubscribe from or update your marketing preferences at any point by emailing us at .(JavaScript must be enabled to view this email address) or by clicking the unsubscribe link at the bottom of our electronic newsletter. 

4.2. In order to record donation receive 

We need to collect your information in order to process donation received for our accounting purposes. We have a legal obligation to HMRC to process this information. 

4.3. In order to manage an event 

We will need your contact details to check against your event registration and to manage event attendance. We have a legitimate business interest to ensure that attendees who have registered for the event are allowed into the event and to ensure those registered receive correct and up to date information about the event. 

4.2. In order to administer communication 

We will communicate with you by post, telephone, and email in relation to administrative and transactional matters. For example, where we need to contact you about your donation if there is a problem with a payment or to inform you of an urgent update about an event you have registered to attend. We have a legitimate business interest to ensure we are communicating well with our supporters and responding to enquiries. 

4.3. To analyse how you use our website

Our website uses cookies to customise your website experience, to track activity on our website, to enable information from third-party service providers such as Twitter and Youtube to be viewed on our website, and to collect information that we think will help us make changes to our website in order to attract more visitors to our website. Please see our Cookies Policy for more information. You can choose to disallow cookies that are not required for the running of our website. We have a legitimate business interest to ensure that our website is properly administered, relevant to visitors, and to decide on our strategy to attract more visitors to our website  

4.4. To manage volunteer and board of director’s roles 

When you apply for a role with us, your personal data is only used to process your application. If you are unsuccessful, your information will be deleted within 12 months from the application deadline. You can ask us to remove your data before this time. Successful applicants will have a file compiled relating to the role and the information is kept secure and only used for the purpose of administering the role. We will retain a file in accordance with the requirements of our insurance policies, HMRC and Companies House when the role ends, and then delete it from our files. We have a contractual and legal obligation to maintain records of volunteers and board of directors. 

4.5. To manage professional contacts 

We may collect data about professional contacts and partners with whom we work in order to manage the working relationship. We also maintain a record of contact details such as address, telephone number and email addresses related to MPs and other holders of public office, to enable us to carry out our campaigning activity in furtherance of our charitable aims. We have a legitimate interest to maintain working relationships in order to run our organisation, and to achieve our charitable aims. 

5. Disclosure of your personal data  

We will not share any of your personal data with any third party – except where: 

  • the transfer is to a secure data processor, which carries out data processing operations on our behalf  
  • we are required to do so by law, for example to law enforcement or regulatory bodies where this is required or allowed under the relevant legislation 
  • it is necessary to protect the vital interests of an individual 
  • we have obtained your consent

We will never share or sell your personal data to a third-party organisation for its marketing, fundraising or campaigning purposes. 

6. Use of data processors 

We may use a third-party supplier to manage our website, digital newsletter, social media platforms, to provide IT and system administration services, bookkeeping and accounting services. We may also from time to time require the services of professional advisers such as lawyers or insurers. 

We are careful with the selection of our suppliers, ensuring that they use data in accordance to the data protection legislation, and in accordance with a data processing agreement entered into between us and the supplier. 

7. International Transfer 

We currently use the following providers that are US-based providers that are part of the EU-US Privacy Shield: 

  • Google 
  • MailChimp 
  • Microsoft 
  • Eventbrite 

We also use Paypal, a US-based provider that uses Binding Corporate Rules (“BCRs”) for internal transfers of certain types of personal data and Standard Contractual Clauses (“SCCs”) for transfers to and from third parties to meet the GDPR requirements of international transfer. 

8.  Data Security

We have put in place security measures to prevent your personal data from unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions, and they must keep it confidential. 

9. Data Retention

We will keep your personal data for as long as necessary to fulfil the purposes we collected it for. We will need to keep some of your personal data for the purposes of satisfying any legal, accounting, or reporting requirements. For example, for accounting purposes, the law requires us to keep information on donations for six years after the donation.  

10. Your data protection rights

Under data protection law, you have rights including: 

  • Your right of access - You have the right to ask us for copies of your personal information.  
  • Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.  
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.  
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.  
  • Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances. 
  • Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances. 

If you wish to exercise any of the rights set out above, please email us at .(JavaScript must be enabled to view this email address)

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances. 

We will need to confirm your identity and ensure that your personal data is disclosed only to you or to someone whom you have given permission to receive it on your behalf. We may also need to obtain more information about your request. 

We aim to respond to legitimate requests within one month. If it takes us longer than a month, we will notify you. 

11. How to complain

If you are not happy with any aspect of how we collect and use your data, please may you contact us first to see if we can resolve it for you.  

You have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).  

The ICO’s address:             

Information Commissioner’s Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire 
SK9 5AF 

Helpline number: 0303 123 1113