This website is one of a number established and operated by Bell Fundraising Ltd. (BFL or we).
By using this website, you consent to the collection and use of your information under the terms of this policy as in force at the time of use.
The purpose of this policy is to demonstrate our commitment to robust data protection processes and to show that we follow the Principles of the Data Protection Act 1998 (the Act) and the General Data Protection Regulation (GDPR).
Bell Fundraising Ltd (“we”) promises to respect any personal data you share with us, or that we get from other organisations and keep it safe. We aim to be clear when we collect your data and not do anything you wouldn’t reasonably expect.
Under the GDPR, the data protection principles set out the main responsibilities for organisations.
Article 5 of the GDPR requires that personal data shall be:
a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Article 5(2) requires that:
“the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
· Data controller: Bell Fundraising Ltd, Unit 97C+D, Harvey Drive, John Wilson Estate,
Whitstable, Kent, CT5 3QZ
· Data Protection Officer: Suzanne Turner, 220 vale Road, Tonbridge, TN9 1SP
t: 01227 376998
The GDPR applies to ‘controllers’ and ‘processors’.
A controller determines the purposes and means of processing personal data.
A processor is responsible for processing personal data on behalf of a controller.
If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.
However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
The GDPR does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.
Personal data that has been pseudonymised – e.g. key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing (see Article 10).
We collect information in the following ways:
· In addition, the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
IWe ensure that there are appropriate technical controls in place to protect your personal details. For example, our online forms are always encrypted, and our network is protected and routinely monitored.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff. Data users are obliged to comply with this policy when processing personal data on our behalf. Any breach of this policy may result in disciplinary action.
None of our suppliers currently run their operations outside the European Economic Area (EEA). However, if a situation should arise where we are obligated to use a supplier that transfers personal data to a country outside the EEA:
We ensure that one of the following conditions applies:
(a) The country to which the personal data are transferred ensures an adequate level of protection for the data subjects' rights and freedoms.
(b) The data subject has given his consent.
(c) The transfer is necessary for one of the reasons set out in the Act, including the performance of a contract between us and the data subject, or to protect the vital interests of the data subject.
(d) The transfer is legally required on important public interest grounds or for the establishment, exercise or defence of legal claims.
(e) The transfer is authorised by the relevant data protection authority where we have adduced adequate safeguards with respect to the protection of the data subjects' privacy, their fundamental rights and freedoms, and the exercise of their rights.
Where possible we use publicly available sources to keep your records up to date; for example, the Post Office’s National Change of Address database and information provided to us by other organisations as described above.
We really appreciate it if you let us know if your contact details change.
You have the right to get a copy of the information that we hold about you. This is known as a subject access request.
This right of subject access means that you can make a request under the Data Protection Act to any organisation processing your personal data. The Act calls these organisations ‘data controllers’.
You can ask us to supply you with copies of both paper and computer records and related information.
We may charge a fee of up to £10.
However, it is important to remember that not all personal information is covered and there are ‘exemptions’ within the Act which may allow us to refuse to comply with your subject access request in certain circumstances.
If you want to access your information, send a description of the information you want to see and proof of your identity by post to:
Bell Fundraising Ltd, Unit 97C+D, Harvey Drive, John Wilson Estate, Whitstable, Kent, CT5 3QZ.
If you have a concern about the way in which we are handling your information; if we:
we believe that we should deal with it. We take your concern seriously and will work with you to try to resolve it.
We do not accept these requests by email, so we can ensure that we only provide personal data to the right person.
You have a right to ask us to stop processing your personal data, if it’s not necessary for the purpose you provided it to us for. Contact Suzanne Turner on 01227 289100 or firstname.lastname@example.org
If you have any questions please send these to email@example.com, and for further information see the Information Commissioner’s Office guidance here https://ico.org.uk/for-the-public/
A cookie is a small file that is put on your computer. This file identifies specific information about your visits to the site. Cookies can only be read, and therefore used, by our web servers. Our cookies do not save or store any personal information as such: they take the form of a unique numerical identifier that enables a computer, but not an individual, to be recognised. Cookies do not detect and cannot access any information you may have on your computer.
If you do opt out in this way you will be able to browse and make use of our website anonymously. However, you may not be able to undertake any transactions with us.
Our system also uses what are known as "session" cookies for the transactional areas of our website. This type of cookie does not save or store, but merely accesses and uses some of the personal information you have previously given us to remember log-in details and facilitate your transactions with us. "Session" cookies are deleted once you log out from the transactional area you entered.
All comments, queries and requests relating to our use of your information are welcomed and should be addressed to:
Bell Fundraising Ltd,
Unit 97C+D, Harvey Drive,
John Wilson Estate,
Kent, CT5 3QZ
T: 01227 289100
This website is owned and operated by Bell Fundraising Ltd. (registered company number 4641570) of Fernleigh, Bullockstone Rd, Herne, Kent, CT6 7NL
V2 Edited 31/08/17