Privacy Notice

‘Students for Kids International Projects’ Privacy Notice

What’s included in this privacy notice?

Jump to particular data process:

Students for Kids International Projects (SKIP) is a UK student-led registered charity running projects that act to improve the health, welfare and education of children overseas within their communities, in conjunction with local organisations. You can find out more information about us from our website: www.skipkids.org.uk

We take your privacy extremely seriously. We will only use your personal information in accordance with data protection law applicable to the United Kingdom.

This document (our “privacy notice”) sets out information regarding how we use personal information relating to individuals we have dealings with, including those looking to be members, our alumni, donors and organisations we work with. This includes:

why we are able to process the information;
what purpose we are processing it for;
whether individuals have to provide it to us;
how long we store it for;
whether there are other recipients of personal information;
whether we intend to transfer it to another country; and
whether we do automated decision-making or profiling.

This privacy notice also sets out information about the rights of these individuals regarding their personal information under data protection law. It provides information to individuals about how they can object to our use of their personal information, how they can withdraw any permissions they have given to us to enable us to process their personal information and how they can make a complaint.

Controller’s contact details

Students for Kids International Projects is the controller for the personal information we process, unless otherwise stated.

There are many ways you can contact us, which can be found here: https://www.skipkids.org.uk/contact

Whilst as an organisation we are not required to have a Data Protection Officer, we have a Trustee Lead for Data Protection:

Name: Sarah Hopkins-Weaver

E-mail: sarah.hopkinsweaver@skipkids.org.uk

How we get the information and why do we have it?

Most of the personal information we process is provided to us directly by you for one of the following reasons:

You have signed up to be a SKIP member
You have signed up to be a SKIP project volunteer
You have applied for or held a voluntary role within SKIP
You have completed our online training modules
You wish to attend, or have attended, an event or e-event
You are representing your organisation that we partner with
You are a beneficiary of our charity
You are a Next of Kin or Guarantor for a volunteer
You have made an information request to us
You have responded to our surveys
You have subscribed to our mailing list
You have made or received a donation or payment directly to us
You have engaged with or used our website or social media pages
You are a nominator or nominee for a Blue Boy Award

We also receive personal information indirectly, in the following scenarios:

If you are completing a check through the Disclosure And Barring Service, or Access NI, or Disclosure Scotland.
If someone makes a complaint that involves information about you
Next of Kin or Guarantor for the Contingency Fund details

As part of our work with our volunteers, we process special category data and criminal conviction data.

When referring to different types of individuals, we use the terms “you” or “your”. One or more of the above categories may apply to you.

Your data protection rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

Your right of access - You have the right to ask us for copies of your personal information. This right always applies. You can find out more about this right here.

Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can find out more about this right here.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. You can find out more about this right here.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here.

Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances. You can read more about this here.

Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances. You can read more about this right here.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at sarah.hopkinsweaver@skipkids.org.uk if you wish to make a request.

Sharing your information

We will not share your information with any third parties for the purposes of direct marketing.

We use data processes who are third parties who we work alongside to provide our services, for example our Collaborating Organisations in project countries. In all incidences of using third party data processors, both within the European Economic Area (EEA) and outside the EEA, we have contracts in place meaning they cannot do anything with your personal information unless we have instructed to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

In some circumstances, we use external platforms to store your data, provided by other data processors.

In the event that we have a legal obligation to share information, we will always ensure that we have a lawful basis on which to share the information and document our decision making.

Links to other websites

Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.

Your right to complain

If you have any queries or concerns regarding how we process your personal information, please contact sarah.hopkinsweaver@skipkids.org.uk

If after this, you remain dissatisfied, you can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: www.ico.org.uk

Privacy Policy Changes

We keep our privacy notice under regular review to make sure it is up to date and accurate.

August 2020

First version of the privacy notice.

Information about how and when we use automated decision making

Automated decision making takes place when an electronic system uses personal information to make a decision without human intervention.

We do not make decisions about you using automated means.

How will we use your personal information?

How we will use your personal information, the legal bases we will rely upon, how long we will keep your personal information and other details will depend upon who you are and why we need your personal information in the first place.

In this section, we provide specific privacy information relating to the different categories of individuals that this privacy notice applies to.

Becoming a SKIP Member

Purpose and lawful basis for processing

When you sign up for membership with SKIP as a charitable organisation, we collect information, including your personal data, so that we can contact you regarding our work as an organisation. You will also be given the option to sign up for our mailing list (see section Signing up for our mailing list)

The lawful basis we rely on to process your personal data regarding your membership is article 6(1)(f) of the GDPR as the processing is a legitimate interest in order to have a database of our membership.

What we need and why we need it

We will collect personal information including your name, email address and branch/role position in order to ensure our membership database is up to date and that we have a contact point for our members.

We will also require you to agree to the SKIP Code of Conduct.

We collect a fee SKIP membership, which we collect using the third-party payment processor, PayPal, who are data controllers of this information. To see PayPal’s privacy notice, click here.

What we do with it

We will store this information within our membership database for the duration of the annual membership. If you have not signed up to our mailing list, we will only contact you if absolutely necessary in regard to your membership.

We may use your personal information to verify your identity.

How long we keep it

This information will be retained for a maximum of one year after your membership has expired, unless there is follow up support or an investigation regarding your membership. In this instance the information will be retained for a maximum of one year after the case of support or investigation is closed and the only information retained will be anonymised for internal records of the investigation. If we deem it necessary to keep personal information for longer than this period, for example if a case were to reopen, we will look to use pseudonyms where possible and would inform all individuals involved.

Do we use any data processors?

Yes - we use MemberPlanet to operate our online membership database. Here is a link to MemberPlanet’s privacy notice.

Applying to be a Project Volunteer

Purpose and lawful basis for processing

Our purpose for processing this information is to assess your suitability for the voluntary position, and to comply with our health and safety processes for our projects overseas.

The lawful basis we rely on for processing your personal data when you initially apply as a volunteer in the first stage of volunteer recruitment, completed at a branch level, is your consent under article 6(1)(a) of the GDPR.

The lawful basis we rely on to process any information you provide as part of the second stage of volunteer recruitment, completed at a national level, is article 6(1)(f) of the GDPR as the processing is necessary for our legitimate interests in considering the health and safety of our projects. This includes any information you provide which is special category data, which rely on the following lawful bases:

If you choose to disclose health information, we rely on article 9(2)(g) of the GDPR as a reason of substantial public interest, specifically Schedule 1(16) providing support for individuals with a particular disability or medical condition.
If you choose to disclose having any particular protected characteristics according to the Equality Act 2018, including any religious or cultural beliefs that should be considered if you require medical attention, we rely on article 9(2)(g) of the GDPR as a reason of substantial public interest, specifically Schedule 1(8) providing equality of opportunity or treatment.
If you provide us with any information about reasonable adjustments you require under the Equality Act 2010 the lawful basis we rely on for processing this information is article 6(1)(c) to comply with our legal obligations under the Act.

This lawful basis we rely on to share any of the above information regarding special category data either to third-party collaborating organisations or wider within our own organisation is your consent under article 6(1)(a) of the GDPR.

We process information about applicant criminal convictions and offences. The lawful basis we rely to process this data are Article 6(1)(f) of the GDPR as the processing is necessary for our legitimate interests. In addition we rely on the processing condition at Schedule 1(18) regarding the safeguarding of children and of individuals at risk.

What will we do with the information you give us?

We will use all the information you provide during the recruitment process to progress your application with a view to allowing you to volunteer with our organisation, or to fulfil legal or regulatory requirements if necessary. We will also use the information to shape our risk assessments and health and safety processes ready for the project that you attend. We will also use your information for logistical planning in the lead up to, and during the project that you attend. We may use your personal information to verify your identity. We may also use your contact details to contact you in the lead up to, on, or soon after your project.

We will not share any of the information you provide with any third-parties for marketing purposes. However, we may share personal information such as your name with our third-party collaborating organisations or other organisations that we partner with during your project. Special category data will always remain confidential and we will ask for explicit consent to share this information either within the organisation or to our third-party collaborating organisations.

We will use the contact details you give us to contact you to progress your application and to maintain contact regarding project you are attending once you are fully recruited as a project volunteer. We will also use the information you provide to assess your suitability for the role. We will use contact details you give us for your next of kin to contact them in emergency situations based on your own wellbeing. We will use contact details you give us of your guarantor for the contingency fund agreement only in the event of terms laid out in the Contingency Fund Agreement.

What information do we ask for, and why?

We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary.

The information we ask for is used to assess your suitability for the voluntary role. You don’t have to provide what we ask for, but it may affect your application if you don’t.

Application Stage

Applications are submitted via a GoogleForm and are stored on GDrive. You can access a copy of your completed application form by emailing the branch that you have applied to go on project with (see www.skipkids.org.uk/contact for these details).

We ask you for your personal details including name and contact details. We will also ask you about previous experience, university course and for answers to questions relevant to the role. The branch and national teams will have access to this information.

Shortlisting

The branch recruitment team will shortlist applications for interview using the information provided in your application form.

Interview

The branch recruitment team will ask you to attend an interview. Information will be generated by you and by us, for example we might take interview notes. This information is held by us.

If you are unsuccessful after interview, we may ask if you would like your details retained for future opportunities. If you say yes, we would proactively contact you should any further suitable opportunities arise.

Conditional Offer and Second Stage of Recruitment

If we make a conditional offer for the voluntary role, the national recruitment team will ask you for information so that we can carry out our “Steps to Summer” process in preparation for your summer project. You must successfully complete this process to attend your project as a SKIP project volunteer.

We must ensure you are a suitable individual for the role according to our Bylaws and Policies and that we can ensure the appropriate health and safety considerations are in place for our projects. You must therefore provide:

Your personal details including name, date of birth, contact details and SKIP Branch – to update our data on a national level and to use if ever we need to confirm your identity
Any information about your physical or mental health that you choose to disclose to us – to ensure we can provide support or adaptations for your own wellbeing whilst on project
Any information about protected characteristics under the Equality Act 2008 that you choose to disclose to us – to ensure we can provide support or adaptations for your own wellbeing whilst on project
A criminal records declaration to declare any unspent convictions
Your email address, which we’ll pass to the Disclosure And Barring Service, or Access NI, or will contact you to complete an application for an Enhanced Criminal Record check via the Disclosure and Barring Service, or Access NI, or Disclosure Scotland which will verify your declaration of unspent convictions.
Details of your flights to and from project – to support in our health and safety processes
The name, relationship to you and contact details of a Next of Kin – to be used in case of emergency
The name and email address of a Guarantor in the event you cannot repay the Contingency Fund – to support in our health and safety processes. We will contact these individuals separately (see section Guarantor for Contingency Fund)
Confirmed agreement to the SKIP Volunteer Agreement and Contingency Fund Agreement

We will also collect information regarding your preparation for project through national and branch training. We will also ensure you are aware of your own health risks attending project through the completion of a Volunteer Health Risk Assessment.

We collect a volunteer fee for project volunteers, which pays for SKIP membership (see section SKIP Membership) SKIP’s public liability and organisational insurance, and for the volunteer’s criminal record check. We collect this fee using the third-party payment processor, PayPal, who are data controllers of this information. To see PayPal’s privacy notice, click here.

How long is the information kept for?

This information will be retained for a maximum of one year following project, unless there is follow up support or an investigation that is specific to the project you attended. In this instance the information will be retained for a maximum of one year after the case of support or investigation is closed and the only information retained will be anonymised for internal records of the investigation. If we deem it necessary to keep personal information for longer than this period, for example if a case were to reopen, we will look to use pseudonyms where possible and would inform all individuals involved.

Do we use any data processors?

Yes – we use several processors to provide elements of our recruitment service for us.

We use GDrive, part of the Google Cloud, to collect and store your application form for the first stage of recruitment and to store some personal data for the purpose of planning and logistics in the lead up to and during your project. Here is a link to Google Cloud’s webpage about GDPR compliance.

We use MemberPlanet to operate our online membership database to process the second stage of volunteer recruitment and store the personal information. Here is a link to MemberPlanet’s privacy notice.

We have an agreement with Bumble Bz Day Care Nursery to process Disclosure Applications to AccessNI. Consent is collected to share the applicant’s personal information to Bumble Bz Day Care Nursery. Bumble Bz Day Care Nursery and SKIP have a service level agreement to ensure data is only used in the way that is intended for its purpose. Disclose Applications to the Disclosure and Barring Service and Disclosure Scotland are all processed internally within SKIP.

Guarantors of the Contingency Fund Agreement

Purpose and lawful basis for processing

We obtain your name and email address from the conditional SKIP project volunteer who has nominated you to be their guarantor for the Contingency Fund Agreement. We then proactively contact you to complete the Contingency Fund Agreement Guarantor form, during which we will collect your address and phone number, as well as your agreement to be a guarantor. We require this information to ensure our contingency fund can continue to be available, as a key part of our health and safety processes for our projects.

The lawful basis we rely on to process your personal data is article 6(1)(f) of the GDPR as the processing is necessary for our legitimate interests in order to ensure our health and safety processes are in place.

What we need and why we need it

We need this personal information in order to contact you if you are required to support in paying back any money borrowed form the SKIP Contingency Fund.

You do not have to provide any information to us, however it means that the SKIP volunteer who provided your details will have to find someone else to be their guarantor.

What we do with it

We will keep your details within the administration section of our membership platform until we are confident we will no longer need your contact details.

If you are required to repay any loaned money from the contingency fund, our national treasury team will contact you in order to claim this repayment. See the section treasury for more information about how this personal data is handled.

How long we keep it

We will keep your personal information for a maximum of one year after the volunteer you were a guarantor for returns from project if they did not use the contingency fund.

If the volunteer did use the contingency fund, we will keep your contact details for a maximum of one year after the loan has been repaid.

To see how long we store personal information if you pay back part or all of the loan yourself as a guarantor, see the section Treasury.

Do we use any data processors?

We use MemberPlanet to operate our online membership database to process the form and store the information. Here is a link to MemberPlanet’s privacy notice.

Applying for a branch, national committee or mentor role

Purpose and lawful basis for processing

Our purpose for processing this information is to assess your suitability for the voluntary branch or national role, and to comply with our Bylaws in using a formal group decision-making process for deciding who is elected into the role.

The lawful basis we rely on for processing your personal data when you apply is your consent under article 6(1)(a) of the GDPR.

The lawful basis we rely on to process any information once you are recruited into the role is article 6(1)(f) of the GDPR as the processing is necessary for our legitimate interests in processes involved in volunteering in the role. This includes any information you provide which is special category data, which rely on the following lawful bases:

If you choose to disclose health information, we rely on article 9(2)(g) of the GDPR as a reason of substantial public interest, specifically Schedule 1(16) providing support for individuals with a particular disability or medical condition.
If you choose to disclose having any particular protected characteristics according to the Equality Act 2018, we rely on article 9(2)(g) of the GDPR as a reason of substantial public interest, specifically Schedule 1(8) providing equality of opportunity or treatment.
If you provide us with any information about reasonable adjustments you require under the Equality Act 2010 the lawful basis we rely on for processing this information is article 6(1)(c) to comply with our legal obligations under the Act.

The lawful basis we rely on to share any of the above information regarding special category data either to third-party organisations or wider within our own organisation is your consent under article 6(1)(a) of the GDPR.

In some cases, we process information about applicant criminal convictions and offences. The lawful basis we rely to process this data are Article 6(1)(f) of the GDPR as the processing is necessary for our legitimate interests. In addition we rely on the processing condition at Schedule 1(18) regarding the safeguarding of children and of individuals at risk.

What we need and why we need it

We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary.

You don’t have to provide what we ask for, but it may affect your application if you don’t.

Application Stage

Applications are submitted via a GoogleForm and are stored on GDrive. You can access a copy of your completed application form by emailing the branch that you have applied to if applying to a branch committee, or emailing trustees@skipkids.org.uk if you applied to the national committee or mentor positions.

We ask you for your personal details including name and contact details. We will also ask you about previous experience and for answers to questions relevant to the role. You may also be given the option to deliver a speech, in which you can choose what personal information you wish to include.

After your start date

Depending on your role, we may use your email address, which we’ll pass to the Disclosure And Barring Service, or Access NI, or will contact you to complete an application for a Basic Criminal Record check via the Disclosure and Barring Service, or Access NI, or Disclosure Scotland which will verify your declaration of unspent convictions.

We may share your contact information internally within SKIP, including any provided @skipkids.org.uk email address to enable communication as part of your role.

You will be required to purchase SKIP membership – see this section

You will be required to complete online training – see this section.

Treasurers

I you are in a role related to treasury, we will use your contact details to sign you up as a signatory to our banking provider, Unity. You can see Unity’s privacy notice here for any information that is shared with Unity. For more information regarding treasury, see this section.

What we do with it

During your application, your contact details are only used by the recruitment team. The personal information you have given regarding your suitability for the role, including any speech delivered, will be shared among the SKIP members eligible to vote in the election of the position you have applied for.

If successful in the role, we will store your contact details and any further information you have disclosed for the duration of your time in role. Contact details may be shared among SKIP members and some third parties such as collaborating organisations for the purpose of the functions of your role.

We will never share you personal information to third-party organisations for marketing purposes.

We may use your personal information to verify your identity.

How long we keep it

This information will be retained for a maximum of one year following the end of your time in role, unless there is follow up support or an investigation. In this instance the information will be retained for a maximum of one year after the case of support or investigation is closed and the only information retained will be anonymised for internal records of the investigation. If we deem it necessary to keep personal information for longer than this period, for example if a case were to reopen, we will look to use pseudonyms where possible and would inform all individuals involved.

Do we use any data processors?

We use GDrive, part of the Google Cloud, to collect and store your application form for the and to store some personal data for the purpose of your role. Here is a link to Google Cloud’s webpage about GDPR compliance.

Applying for a trustee or supporting alumni role

Purpose and lawful basis for processing

Our purpose for processing this information is to assess your suitability for the voluntary supporting alumni or trustee role, and to comply with our Bylaws.

The lawful basis we rely on for processing your personal data when you apply is your consent under article 6(1)(a) of the GDPR.

If you choose to disclose health information, we rely on article 9(2)(g) of the GDPR as a reason of substantial public interest, specifically Schedule 1(16) providing support for individuals with a particular disability or medical condition.
If you choose to disclose having any particular protected characteristics according to the Equality Act 2018, we rely on article 9(2)(g) of the GDPR as a reason of substantial public interest, specifically Schedule 1(8) providing equality of opportunity or treatment.
If you provide us with any information about reasonable adjustments you require under the Equality Act 2010 the lawful basis we rely on for processing this information is article 6(1)(c) to comply with our legal obligations under the Act.

What we need and why we need it

We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary.

You don’t have to provide what we ask for, but it may affect your application if you don’t.

Application Stage

Applications are submitted via a GoogleForm and are stored on GDrive. You can access a copy of your completed application form by emailing trustees@skipkids.org.uk.

We ask you for your personal details including name and contact details. We will also ask you about previous experience and for answers to questions relevant to the role.

Interview

The national recruitment team may ask you to attend an interview. Information will be generated by you and by us, for example we might take interview notes. This information is held by us.

After your start date

We may share your contact information internally within SKIP, including any provided @skipkids.org.uk email address to enable communication as part of your role.

If in the role of trustee, we will share your contact information with organisations we are registered with due to our charitable status, such as the Charity Commission, which are public databases.

You will be required to purchase SKIP membership – see this section

You will be required to complete online training – see this section.

Treasurers

What we do with it

During your application, your personal information are only used by the recruitment team.

We will never share your personal information to third-party organisations for marketing purposes.

We may use your personal information to verify your identity.

How long we keep it

This information will be retained for a maximum of five years following the end of your time in role, unless there is follow up support or an investigation. In this instance the information will be retained for a maximum of one year after the case of support or investigation is closed and the only information retained will be anonymised for internal records of the investigation, or the end of the five year period, whichever is longer. If we deem it necessary to keep personal information for longer than this period, for example if a case were to reopen, we will look to use pseudonyms where possible and would inform all individuals involved.

Do we use any data processors?

Completing online training

Purpose and lawful basis for processing

According to the SKIP bylaws, SKIP members must complete mandatory online training modules depending on their role. We use the third-party organisation OpenLearn Create to run our online training modules, and so use the contact information you have provided us through your role to invite you to complete the necessary modules through OpenLearn Create.

The lawful basis we rely on to process your personal data regarding your completion of online training modules is article 6(1)(f) of the GDPR as the processing is a legitimate interest as part of your role.

What we need, why we need it and what we do with it

The national training team will use your name, email address and branch/role position in order to invite you to OpenLearn Create training modules. The national training team will track your progress of the training modules. The national training team will also keep a log of what training you have completed for administration purposes in order to assess when you must complete the training again in accordance with our Bylaws and Policies.

How long we keep it

This information will be retained for a maximum of three years after you have completed your role, unless there is follow up support or an investigation related to the training. In this instance the information will be retained for a maximum of one year after the case of support or investigation is closed and the only information retained will be anonymised for internal records of the investigation. If we deem it necessary to keep personal information for longer than this period, for example if a case were to reopen, we will look to use pseudonyms where possible and would inform all individuals involved.

Do we use any data processors?

Yes - we use OpenLearn Create to operate our online training modules. Here is a link to OpenLearn Create’s privacy notice.

Attending an event or e-event

Purpose and lawful basis for processing

Our purpose for collecting this information is so we can facilitate the event and provide you with an acceptable service.

The lawful basis we rely on for processing your personal data is article 6(1)(f) of the GDPR, as a legitimate interest to facilitate the event. When we collect any information about dietary or access requirements, we also rely on article 6(1)(f) of the GDPR, as well as Article 9(2)(d) as part of our work as a not-for-profit body in order to facilitate the event.

If you are hosting SKIP members as a part of our events, we rely on your explicit consent using article 6(1)(a) of the GDPR to share your address with those that you are hosting.

What we need

If you wish to attend one of our events, either as an attendee or as a external guest speaker, you will be asked to provide your contact information, and potentially information about dietary requirements, access provisions or the parts of the event that you wish to attend.

If you are hosting SKIP members overnight, you will be asked for your address and contact details in order to share these with the members you are hosting.

We may need to take a payment for the event, which we collect using the third-party payment processor, PayPal, who are data controllers of this information. To see PayPal’s privacy notice, click here.

We record some e-events and all presenters will have their image and audio captured in the recording. If you are an attendee you may have the option of sharing your image and audio during the session. If you choose to do so, this will also be captured in the recording. Some e-events will feature Q&A or other interactive elements. If you choose to interact your comments may be published to others at the event and will also form part of the recording.

Why we need it

We use this information to facilitate the event and provide you with an acceptable service. We also need this information so we can respond to you.

What we do with it

We will use your contact information to send you information about the event.

We don’t publish a list of attendees at events.

We may use your information to send you a certificate of attendance.

We may use your information to facilitate the hosting of individuals overnight.

We will use any dietary requests or accessibility information to ensure we can provide for your requirements. This information will not be shared apart from with individuals involved with the organisation of the event.

For some e-events we may publish the recording on our website or social media channels so this is accessible to a wider audience. If an event recording will be published we will always notify you before the event. We don’t publish attendance lists for e-events but your name and email address may be visible to others in attendance during the event.

How long we keep it

This information will be retained for a maximum of one year after the event, unless there is follow up support or an investigation related to the event. In this instance the information will be retained for a maximum of one year after the case of support or investigation is closed and the only information retained will be anonymised for internal records of the investigation. If we deem it necessary to keep personal information for longer than this period, for example if a case were to reopen, we will look to use pseudonyms where possible and would inform all individuals involved.

Recordings of e-events will remain indefinitely.

Do we use any data processors?

We may use GDrive, part of the Google Cloud, to collect and store your application form to an event and to store some personal data for the purpose of planning and logistics in the lead up to and during the event. Here is a link to Google Cloud’s webpage about GDPR compliance.

We may use MemberPlanet to collect and store your application form to an event and to store some personal data for the purpose of planning and logistics in the lead up to and during the event. Here is a link to MemberPlanet’s privacy notice.

We may use Zoom to host our e-events. Here is a link to Zoom’s privacy notice.

Responding to our surveys

Purpose and lawful basis for processing

We will process any personal data provided in the responses for the purpose of informing the development of our work, and to show our impact as an organisation. We may publish a summary of the responses and, in some cases, the responses themselves but these will not contain any personal data. The lawful basis we are relying on to process your personal data is article 6(1)(f), as our legitimate interests as our work as an organisation.

What we do with it

We process the information internally. We will often conduct surveys anonymously. We do not share any personal data with any third-parties.

We may offer a chance for us to send you a certificate, at which point we will use your name and email address to send this to you.

How long we keep it

We will retain survey response information until our work on the subject matter of consultation is complete.

Do we use any data processors?

We sometimes use SurveyMonkey to gather information. You can read SurveyMonkey’s privacy policy here.

We sometimes use GDrive, part of the Google Cloud, to gather information. Here is a link to Google Cloud’s webpage about GDPR compliance.

We sometime use Memberplanet to gather information. Here is a link to MemberPlanet’s privacy notice.

Signing up for our mailing list

Purpose and lawful basis for processing

Our purpose for collecting the information is so we can provide you with a service by letting your know more about our latest work and our events.

The lawful basis we rely on for processing your personal data is your consent under article 6(1)(a) of the GDPR.

What we need

Your name and email address.

Why we need it

We use your email address to send you our E-Newsletters

What we do with it

We only use your details to provide the service.

We gather statistics around email opening and clicks using industry standard technologies to help monitor and improve our e-newsletter.

You will receive a confirmation email once you have submitted your details and then the newsletters.

How long we keep it

We will keep it unless you unsubscribe from our mailing list. We may delete your details if there is reason to believe the email address provided is no longer valid.

What are your rights?

We rely on your consent to process the personal data you provide to us for marketing purposes. This means you have the right to withdraw your consent, or to object to the processing of your personal data for this purpose at any time. You can do this by unsubscribing through the link in the footer of the email, or by contacting us by email.

Do we use any data processors?

Yes – we use MemberPlanet to deliver the newsletter and to manage our mailing list. Here is a link to MemberPlanet’s privacy notice.

Information about organisations that we work with

Purpose and lawful basis for processing

We have to collect information about the organisations we work with in order to ensure their values align with those of SKIP, to aid in project logistics and to ensure adequate health and safety processes for project are in place.

The lawful basis we rely on for processing your personal data is article 6(1)(f) of the GDPR, as part of legitimate interests in our project work with partner organisations.

What we need and why we need it

When we research into new organisations to potentially collaborate with, we will collect publicly available information about the organisation from sources such as the organisation’s websites, including the organisation’s aims and contact details. We will contact these organisations requesting further information, such as policies and processes. We may collect information through interviews and meetings in person and over email and phone calls.

Once a project partnership is in place as a Collaborating Organisation, we will require information to maintain the partnership, including a up to date signed memorandum of understanding.

What we do with it

We will store this information securely on our GDrive, and either use it to decide organisations to partner with, or to facilitate our partnership.

How long we keep it

Information used in initial research that isn’t publicly available will be deleted 1 year after the branch has entered full project stage and has therefore completed its initial research.

Information about Collaborating Organisations will be deleted 6 years after the partnership has ended.

For both of these cases, if there is follow up support or an investigation that is specific to the organisation, the information will be retained for a maximum of one year after the case of support or investigation is closed and the only information retained will be anonymised for internal records of the investigation, or the end of the six year period, whichever is longer. If we deem it necessary to keep personal information for longer than this period, for example if a case were to reopen, we will look to use pseudonyms where possible and would inform all individuals involved.

Do we use any data processors?

We sometimes use Kobo Toolbox to collect our data whilst on project. Here is a link to Kobo Toolbox’s privacy notice.

Beneficiaries and Data Related to Project Interventions

Purpose and lawful basis for processing

We conduct research into the countries we work in, NGOs we partner with and with the local community and beneficiaries in our project countries, to design and improve our interventions and show our impact.

The legal basis we rely upon for all anonymous data collection or publicly available data is article 6(1)(f) of the GDPR, as a legitimate interest of our charity’s work.

The legal basis we rely upon for any data that has any identifiable personal information, such as interviews with individuals in our partner organisations, or in a focus group setting is their consent under article 6(1)(a) of the GDPR.

We work in line with our Research Ethics Policy.

What we need and why we need it

We use a range of research methods, such as secondary data collection, interviews, focus groups, observation and questionnaires with our beneficiaries, local community and partner organisations. Where possible, we try to ensure this data is anonymous.

We require this data in order to improve our projects and show our impact, whilst also ensuring we work within our aims, mission and values as a charity.

What we do with it

We use the data to strategically develop our interventions and projects and to demonstrate our impact.

All electronic and hard copy data collected during research is stored securely and is accessible only by the branch who collected the research, and the national team.

We may use the results of our research in publicity – see the section Personal Data used in Publicity.

How long we keep it

We will keep the data until up to two years after an intervention or project is withdrawn. Once data is no longer needed, it is destroyed. After withdrawal, we will use accumulated, anonymous data to show the impact of that intervention or project.

Do we use any data processors?

We sometimes use Kobo Toolbox to collect our data whilst on project. Here is a link to Kobo Toolbox’s privacy notice.

Individuals who contact us with enquiries

Purpose and lawful basis for processing

When you contact us to make an enquiry, we collect information, including your personal data, so that we can respond to it and fulfil our regulatory responsibilities.

The lawful basis we rely on to process your personal data is article 6(1)(f) of the GDPR, as a legitimate interest to support your enquiry.

If the information you provide us in relation to your enquiry contains special category data, such as health, religious or ethnic information the lawful basis we rely on to process it is article 9(2)(d) of the GDPR, through our work as a not-for-profit body.

What we need and why we need it

We need enough information from you to answer your enquiry. In certain circumstances we may make notes to provide you with a further service as required. We will need contact information in order to reply to your enquiry.

What we do with it

We’ll manage your enquiry and keep a record of our response. We use the information supplied to us to deal with the enquiry and any subsequent issues that may arise. We will only share any personal information provided with third-parties if they need to be involved in dealing with the enquiry and this information sharing will be kept to an absolute minimum.

How long we keep it

This information will be retained for a maximum of one year after the enquiry is closed, unless there is follow up support or an investigation related to the enquiry. In this instance the information will be retained for a maximum of one year after the case of support or investigation is closed and the only information retained will be anonymised for internal records of the investigation. If we deem it necessary to keep personal information for longer than this period, for example if a case were to reopen, we will look to use pseudonyms where possible and would inform all individuals involved.

Do we use any data processors?

We use Gmail and GDrive, part of the Google Cloud, as part of our email systems and operations. Here is a link to Google Cloud’s webpage about GDPR compliance.

Donors

Purpose and lawful basis for processing

When you either organise a fundraising event, or donate to SKIP, we require certain personal information to process this administration.

The lawful basis we rely on to process your personal data is article 6(1)(f) of the GDPR, as a legitimate interest to support your donation or fundraising.

What we need and why we need it

If you are donating to SKIP, we could require your name, email address, postal address, telephone or mobile number, bank details, taxpayer status (to understand if we can claim Gift Aid), date of birth and history of previous donations. See section Treasury for more information.

If you are fundraising for us, you will be required to provide information about the fundraising planned, in line with our ethical fundraising policy, which may include personal information of your choice.

What we do with it

We use your data to administer your donation or support your fundraising, including processing Gift Aid.

We will process donations in line with our treasury requirements – see the section on Treasury.

We may occasionally analyse our donor information to determine geographical or demographic trends.

We may also aggregate and anonymise personal data that we collect, for research purposes. This anonymous data can no longer be linked to any particular person and may be used for a variety of purposes, such as identifying trends and patterns within our existing supporter base.

How long we keep it

We will keep this information for between 6 and 7 years, in line with our governance requirements as a charity.

Do we use any data processors?

We use the platform Virgin Money Giving to administer online fundraising and donations. To see Virgin Money Giving’s privacy policy, click here.

You may choose to use Paypal to pay for your donation on Virgin Money Giving. To see PayPal’s privacy notice, click here.

Treasury

Purpose and lawful basis for processing

We require data in order to process our financial activity and to comply with UK charitable law.

The lawful basis we rely on to process your personal data is article 6(1)(f) of the GDPR, as a legitimate interest for processing payments and maintaining our accounts.

What we need and why we need it

We will use your name, banking information (account number and sort-code) reason for payment and amount paid to process payments from us or to us.

We will use your name, address and identification to sign you up as a signatory on our Unity bank accounts if you hold a treasury responsibility within SKIP.

We will use your name and address if we need to send you treasury resources such as paying-in books or Caxton cards via post.

We may use information collected through membership data collection to verify your identity to refund money.

We will store invoices and receipts for payments made.

We will use your name, contact details, postal address, date of donation, signature confirmation and taxpayer status if you have declared yourself eligible for the gift aid scheme when donating to SKIP before July 2020. After this date, all donations are processed through Virgin Money Giving (see section on Donors).

We may store your name, contact details and amount owed, if you owe money to SKIP.

What we do with it

We will use this information to process payments to other individuals and organisations and record payments to maintain our accounts as required by UK law. We use data about our members in a treasury role in order to facilitate the responsibilities they have in this role.

We collect any data related to banking, payments and processing via googleforms that are stored on GDrive. Banking information is also stored on our Unity banking accounts. Invoices and receipts may be collected via email, and any paper copies converted into electronic copies and stored on GDrive.

We may take a payments using the third-party payment processor, PayPal, who are data controllers of this information. To see PayPal’s privacy notice, click here.

We use Unity Bank to provide us with banking services. You can see Unity Bank’s Privacy Policy here.

We use AMEX to provide us with banking services for international transfers. You can see AMEX’s Privacy Statement here.

We use Caxton to provide us with travel banking card services. You can see Caxton’s Privacy Policy here.

How long we keep it

Any personal banking details are deleted once a payment has been processed and that we have received confirmation of its receipt.

Any personal data related to SKIP members who are signatories for SKIP bank accounts will be deleted 18 months after the end of their role, unless there is follow up investigation related to their role. In this instance the information will be retained for a maximum of one year after the case of support or investigation is closed and the only information retained will be anonymised for internal records of the investigation. If we deem it necessary to keep personal information for longer than this period, for example if a case were to reopen, we will look to use pseudonyms where possible and would inform all individuals involved. Identification documents will be deleted once signatories have access to the account.

Any data required for posting

Any data required for our legally required accounts, such as invoices, receipts and the name, amount paid and reason for payment, will be stored for 7 years after the financial year in which the payments are made. Any paper copies of invoices and receipts are converted into e-copies within six months of receipt and the paper copies shredded.

Data relating to gift aid processed before July 2020 will be deleted after 6 years, unless a payment is outstanding at which point it can be stored for up to 12 years.

If any individual or organisation owes money to SKIP, their contact details and details regarding the money owed will be deleted within one year of the payment being made.

Do we use any data processors?

We use external auditors, as required by law. You can access Friends Partnership Limited privacy policy here.

We use Gmail and GDrive, part of the Google Cloud, as part of our email systems and operations. Here is a link to Google Cloud’s webpage about GDPR compliance.

We use the platform Virgin Money Giving to administer online fundraising and donations. To see Virgin Money Giving’s privacy policy, click here.

Patrons and Advisors

Purpose and lawful basis for processing

If you are an advisor or have the role of patron for SKIP, we will require your contact details.

The lawful basis we rely on to process your personal data is your consent under article 6(1)(a) of the GDPR.

What we need and why we need it

We need your name and your contact details in order to contact you within your role.

What we do with it

We will use your personal information to contact you from time to time. We may use any advice you provide to shape the workings of the charity.

The contact details will only be used by those directly working with you, for example only the chair of trustees will contact patrons.

How long we keep it

If you do not wish for us to keep your details on file, we will delete your data within one year of your role.

If there is follow up support or an investigation regarding your role, the information will be retained for a maximum of one year after the case of support or investigation is closed and the only information retained will be anonymised for internal records of the investigation. If we deem it necessary to keep personal information for longer than this period, for example if a case were to reopen, we will look to use pseudonyms where possible and would inform all individuals involved.

Do we use any data processors?

No.

Personal Data used in Publicity

Purpose and lawful basis for processing

We may use photographs or people’s stories within our publicity, such as recruitment, fundraising, or in documents such as our annual or impact reports.

If you are in a national or branch role, or are a project volunteer, the legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, as a legitimate interest of the charity under your work in your role.

If you are a beneficiary, non-SKIP member, or event attendee, the legal basis we rely on to process your personal data is your consent under article 6(1)(a) of the GDPR, or the consent of their parent, guardian or related organisation if they are under 18.

What we need and why we need it

We may use photographs and personal stories and experiences as part of our publicity.

What we do with it

We may use this information within emails, printed off materials, publicity, social media or on our website.

How long we keep it

We will keep this material unless you withdraw your consent, or object to the processing of the data. From time to time we may delete old publicity materials.

Do we use any data processors?

We may post publicity on our social media (see section Individuals who engage with us on social media) or on our website (see section on Visitors to our Website) or on our branch university or student union websites.

Blue Boy Awards

Purpose and lawful basis for processing

We collect contact details of the nominator and contact details and information about why they are nominated for the nominee.

The legal basis we rely on to process this personal data is article 6(1)(f) of the GDPR, as a legitimate interest of the charity.

What we need and why we need it

We need the nominators name and email address, and the nominees name, email address and any supporting information for their nomination, in order to allow voting over who should receive the award.

What we do with it

We process this information by sending it out to members in order to vote as to who wins the award. The information will also be included in publicity and during the awards ceremony.

How long we keep it

We will delete email contact details within one year of the awards.

We will keep the name and supporting information for the award for archive purposes of the charity.

Do we use any data processors?

We may post publicity on our social media (see section Individuals who engage with us on social media) or on our website (see section on Visitors to our Website).

Individuals who engage with us on social media

Any social media posts or comments you send to us (on our Facebook page, for instance) will be shared under the terms of the relevant social media platform (e.g. Facebook or Twitter) on which they’re written and could be made public. Other people, not us, control these platforms. We are not responsible for this kind of sharing. So, before you make any remarks or observations about anything, you should review the terms and conditions and privacy policies of the social media platforms you use. That way, you’ll understand how they will use your information, what information relating to you they will place in the public domain, and how you can stop them from doing so if you’re unhappy about it.

We sometimes use a third-party provider, Hootsuite, to manage our social-media interactions. If you send us a private or direct message via social media, it will be stored by Hootsuite for three months. It will not be shared with any other organisations.

Visitors to our website

Analytics

When you visit www.skipkids.org.uk, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not directly identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

If we do collect personal data through our website, we will be upfront about this. We will make it clear when we collect personal information and we will explain what we intend to do with it.

Cookies

We use the third-party platform, Squarespace, to host our website. Squarespace use cookies to help our site run effectively and provide the best experience for our visitors. Squarespace also use Analytics and Performance cookies to collect information on our behalf about how visitors interact with our site.

We use a cookies tool on our website to gain consent for the optional cookies we use. Cookies that are necessary for functionality are always used, which you can find out more about here. Analytics and performance cookies are only used when the cookie tool is acknowledged, which you can find out more about here.

Purpose and lawful basis for processing

The purpose for implementing the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The lawful basis we rely on to process your personal data is either Article 6(1)(a) of the GDPR, for example when we require your consent for the optional cookies we use, or Article 6(1)(f) which allows us to process personal data when it’s necessary for our legitimate interests.