This website www.finishlinefund.org is owned by the registered charity Finish Line Fund (charity number: 1179170). At the Finish Line Fund, we are committed to maintaining the trust and confidence of all visitors to our website.
Your personal data is important to both you and us and it requires respectful and careful protection. This privacy policy informs you of our privacy practices and of the choices you can make about the way we hold information about you as a website visitor and generally as part of our business. We are committed to complying with the GDPR (2016) and the Data Protection Act (2018) and good business practices. We are both a data controller and a data processor.
This is our privacy policy so please be aware that should you follow a link to another website, you are no longer covered by this policy. It’s a good idea to understand the privacy policy of any website before sharing personal information with it.
What personal data we collect and why
At Finish Line Fund we will only collect the minimum personal information from you. This will be at the point you contact us, ask to be included on a newsletter, ask for further information, apply for funding, become a customer or make a donation. This could include your name, address, telephone numbers, email address, signature and bank account details. We need this information for legitimate, contractual or organisational purposes to provide you with the services that you have requested. We will not use your data for any other purpose unless we have obtained your consent for that specific purpose.
We need this information to process your requests and we do not regard it as excessive. Other relevant details that you provide in relation to the services you receive from us may be added to your data, but anything not required will be deleted immediately. We will not ask for any irrelevant information. We will not hold or process any special category personal data unless you volunteer it as part of a funding application. If your contact details change, please advise us and we will update our records accordingly. We do not carry out automated decision making or any type of automated profiling. We will always process your data in a fair and lawful way in accordance with article 5 and article 6 of the GDPR.
We regularly conduct data flows and a data inventory or data audit which looks at all aspects of the personal data that we process, including the legal basis for processing and any special requirements that the data needs. Any risk assessments (DPIAs) requirements are identified and completed paying particular attention to privacy risks associated with each processing activity: storage, collection, transmission, access and deletion.
We regularly complete Legitimate Interest Assessments to ensure that our marketing activities are considered, appropriate and are in accordance with all relevant legislation.
We will never knowingly collect data from or on children below 13 years old.
Newsletters
As part of the registration process for our monthly e-newsletter, we collect personal information. We use that information for a couple of reasons to tell you about stuff you’ve asked us to tell you about or to contact you under legitimate interest. We don’t rent or trade email lists with other organisations and businesses.
You can unsubscribe to newsletters at any time by clicking the unsubscribe link at the bottom of any of our emails.
When you buy online from us
When you purchase a product through our website your name, address data, email and contact number will be stored in our order processing system. Please be assured that we do not share your personal details with any other company without your consent.
3rd Parties
We use the following 3rd parties to provide goods or services:
https://www.justgiving.com/info/privacy-policy-versions/privacy-policy-v30
https://www.paypal.com/myaccount/privacy/privacyhub
Data Security
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. This is in accordance with our Data Protection Policy. Your data maybe used by the Finish Line Fund team who have a legitimate business need to know such data. We will only process your personal data in accordance with our business processes where the safety of your data is paramount.
Who do we share your personal data with?
We use third parties in conjunction with routine business requirements, accountancy and insurance services.
- With professional advisors such as accountants and insurance, although this information will be very limited;
- In order to conduct checks on you to verify the information you have provided us with where you are being considered for a position or contract with us;
- In the event of a sale of the company or its assets;
- With suppliers but only subject to robust contractual protections;
- If we are legally obliged to do so.
Please note that we do not require your consent to share this information if we suspect criminal or unlawful activity, in these circumstances we will only contact the relevant organisations.
At no point will your personal data be sold to anyone else and if we do need to share your data to a relevant third party, we will obtain your consent first.
Data Breaches
We have procedures in place to deal with any suspected personal data breach and will notify you and any supervisory body of a breach if we are legally required to.
We will not transfer your personal information outside of the EU.
Retaining your data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Our data retention policy considers the amount of data, its nature and sensitivity, the potential risk of harm from unauthorised use or disclosure, the processing purposes and if these can be achieved by other means and legal requirements.
For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers. If you have had no communication with us for at six years, we will delete all your personal information. We also comply with all charity data retention requirements.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you. You will not be recognisable as a natural living person from this anonymised data.
If you contact us via our website, we assume that by contacting us you would like us to respond, your consent is required. In order to process your enquiry we need your contact details to do so.
We will not add your details to any mailing list without you consenting to receive them. If you do opt in to receive update and newsletters from us, you can opt out or unsubscribe at any time. There will be occasions where we do not need your consent to contact you and will rely on a legitimate business reason as in to contact you about services you have expressed an interest in or a contractual obligation to fulfil a business commitment eg to pay you or to provide services.
Your rights
The GDPR provides the following rights for individuals:
Rights | What does this mean? |
1. The right to be informed | You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this Privacy Policy. |
2. The right of access | You have the right to obtain access to your information . This is so you are aware and can check that we are using your information in accordance with data protection law. |
3. The right to rectification | You are entitled to have your information corrected if its inaccurate or incomplete. |
4. The right to erasure | This is also known as the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right, there are exceptions. |
5. The right to restrict processing | You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future. |
6. The right to data portability | You have rights to obtain and reuse your personal data for your own purposes across different services. This is not a normal scenario for companies of our nature but if you have any questions you can contact us. |
7. The right to object to processing | You have the right to object to certain types of automated processing or decision making, including processing for direct marketing or where we are relying on our legitimate interests for processing. |
9. The right to withdraw consent | If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes. |
You have a right to see what information that we hold about you and you can get in contact with our Data Protection Officer to get this information.
Data Subject Access Requests
Under the GDPR you have the right to request a copy of the personal information Finish Line Fund hold about you and to have any inaccuracies corrected or information deleted. You will need to prove your identity with 2 pieces of approved identification which can be a: passport, driving licence, birth certificate, utility bill (from last 3 months), current vehicle registration document, bank statement (from last 3 months) or a rent book (from last 3 months). We will verify your identity, noting how and when we verified it, then we will immediately delete that data. We will send you a form which clarifies what information you are looking for and to verify your identity.
If you can advise of the specific information that you require, we can process your request more quickly. We will respond to your request within one month of you providing information that confirms your identity. You are obviously entitled to all your personal information.
We will respond within one month, giving you a copy of your data, why we have it, who it could be disclosed to, the categories of data it involves, and it will be in a format that you can access easily. You have the right to clarify and correct the information as necessary. It can be deleted providing that it is not required for legal or public interest reasons. If your request is more complex, for example it involves other data subjects and we need their consent to release the relevant information we can extend our response time to three months, but we will inform you of this. If they do not give their consent, we will anonymise this data or remove the relevant detail before sending this to you. We will not charge for data subject access requests unless they are excessive or manifestly unfounded. Then we will charge for administrative time only.
If you are not satisfied with our response, please get in touch and we will do our best to help you.
What are cookies?
Cookies are simple text files that are stored on your computer or mobile device by a website’s server. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier, website’s domain name, and some digits and numbers.
What types of cookies do we use?
Necessary cookies
Necessary cookies allow us to offer you the best possible experience when accessing and navigating through our website and using its features. For example, these cookies let us recognize that you have created an account and have logged into that account.
Functionality cookies
Functionality cookies let us operate the site in accordance with the choices you make. For example, we will recognize your username and remember how you customized the site during future visits.
Analytical cookies
These cookies enable us and third-party services to collect aggregated data for statistical purposes on how our visitors use the website. These cookies do not contain personal information such as names and email addresses and are used to help us improve your user experience of the website.
How to delete cookies?
If you want to restrict or block the cookies that are set by our website, you can do so through your browser setting. Alternatively, you can visit www.internetcookies.org, which contains comprehensive information on how to do this on a wide variety of browsers and devices. You will find general information about cookies and details on how to delete cookies from your device.
Contacting us
If you have any questions about this policy or our use of cookies, please contact us.
Analytics
When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
To find out more about cookies, including how to see what cookies have been set and how to disable them, please visit www.aboutcookies.org or www.allaboutcookies.org.
Concerns
If you have any questions, comments or concerns about your data, then please get in touch and we will do our best to help you.
If you have any concerns about how your data is being used or processed and we have not been able to help you, then you can contact the ICO. Ways to report concerns are detailed on their website: https://ico.org.uk/concerns/ .