Missing People is registered with the Information Commissioner’s Office (ICO) as a Data Controller which means we are responsible for how we use the data we hold. We have a data protection officer (DPO) who is responsible for ensuring that the charity protects your data and abides by the Data Protection Act 1998 and, from May 2018, the new Data Protection Act. The DPO can be contacted through firstname.lastname@example.org and will provide more information about our policies if required.
In order to fund our vital work Missing People relies on the generosity of supporters like you. The charity carefully manages personal data about its supporters in order to keep you informed about the charity. We do this according to data protection law and best practice. Missing People keeps your personal information, i.e. information from which you can be identified, on a secure database to which only we have access.
Once we are in contact with you we will always ask for your consent to store data about you and we will only communicate with you in the ways you have asked us to. Sometimes, we may hold data about a prospective supporter before we receive that consent. In this situation, we apply a legitimate interest legal basis. You can withdraw your consent or object to our processing by contacting email@example.com or you can update your communication preferences by using our web form.
We provide our supporters with the option to Opt in or Out of further communications. If you do not let us know your preference we may continue to engage with you through post and telephone, using contact information you have previously provided.
The data we collect: We will usually ask for your name, date of birth and contact details so we can uniquely identify and contact you. We may also ask about your reasons for supporting the charity and your experience of supporting us so that we can develop our supporter care.
Directly: You may give us your information when, for example, you make a donation, sign up for an event or when you contact us regarding fundraising. Occasionally, when you support us your information is provided by someone working on our behalf (e.g. a professional fundraising agency), but we are responsible for your data at all times.
Indirectly: When you sign up for an event to support us, or sponsor someone who is, or join an initiative such as Child Rescue Alert your data may be shared with us by the organiser. They will only do this with your consent. Such data would typically comprise name, date of birth and contact details.
We may also collect publicly available information about you so that we can better understand why you might be supporting us now or might in the future, how you could help further and how we can communicate with you most effectively. Such information helps us use our resources more efficiently. We may ask professional fund-raising companies to help us gather the information from sources like news articles, Companies House, Who’s Who, LinkedIn and company websites. When processing data gathered in this way about people from whom we have not yet received a communication we do so using the legitimate interests legal basis. All our mass communications will include an Opt-in/out consent request so that subsequent communications can be covered by the legal basis of consent.
We use your data to:
To help raise funds cost-effectively we may analyse your data on our database to ensure our communications are relevant and timely, and to improve our supporter care.
We will not sell or rent your data to anyone and may only share it occasionally with reputable third parties to try to ensure accuracy of data by checking it against publicly available sources.
We will hold your information safely to ensure that we can respect your preferences for being contacted by us. We will also hold data to fulfil statutory obligations e.g. for Gift Aid.
If you have any concerns about the data we hold about you and what we do with it you can e-mail us at firstname.lastname@example.org and we will respond quickly. We respect your rights under data protection law, e.g. rights to data access, to rectification, to request erasure, to restrict processing and to object, and will implement them subject to any conflict with the rights of others. You also have the right to seek compensation if harm has occurred.