This policy describes how and why the Royal Association for Deaf people (RAD) uses your personal information, how we protect your privacy when we use your personal information, and your rights and choices regarding this information.
We promise to respect any personal data you share with us, or that we get from other organisations and keep it safe. We aim to be clear when we collect your data and not do anything you wouldn’t reasonably expect.
Developing a better understanding of our service users, supporters and volunteers through their personal data allows us make better decisions, fundraise more efficiently and, help us to achieve our vision: ‘Together with Deaf people; creating a better, more accessible future.’
Who we are
Royal Association for Deaf people (Registered Charity No. 1081949 and Company registered in England No. 3973353).
References to the RAD website can include accessing any of the following websites:
Royal Association for Deaf people
Royal Deaf Tax
or any other websites that may be developed from time to time with the RAD brand.
RAD Privacy Statement
The General Data Protection Regulation (GDPR) [Regulation (EU) 2016/679], provides the legal framework that defines how personal information can be used. The Royal Association for Deaf people is fully committed to complying with current data protection legislation and has a legal duty to protect any information we collect from you.
• Your personal information is only used for the purpose for which we collect it
• Only information that we actually need is collected
• Your personal information is only seen by those who need it to do their jobs
• We will not pass your personal information on to any other organisation without your consent unless we are required to do so by law
• Personal information is retained only for as long as it is required for the purpose collected
• We will, where necessary, keep your information up to date
• Your information will be protected from unauthorised or accidental disclosure
• We will provide you with a copy of your personal information on request (please see below for information on access rights and requests)
• Inaccurate or misleading data will be corrected as soon as possible
• These principles apply whether we hold your information on paper or in electronic form.
How we collect information about you
We may collect information in the following ways:
• When you provide information to us directly
You may give us your information in order to make use of our services, sign up for one of our events, tell us your story, make a donation or communicate with us. Sometimes when you support us, your information is collected by an organisation working for us but we are responsible for your data at all times.
• When you provide information to us indirectly
• When you give permission to other organisations to share or it is available publicly
The Royal Association for Deaf people may combine information you provide to us with information available from external sources in order to gain a better understanding of our supporters to improve our fundraising methods and services.
The information we get from other organisations may depend on your privacy settings or the responses you give, so you should regularly check them. This information may come from the following sources:
Third party organisations
You may have provided permission for an organisation to share your data with third parties, including charities. This could be when you buy a product or service, register for an online competition or sign up with a comparison site.
Depending on your setting or the privacy policies for social media and messaging services like Twitter, Facebook or WhatsApp, you might give us permission to access information from those accounts or services.
Information available publicly
This may include information found in places such as Companies House and information that has been published in articles / newspapers
When we collect information as you use our websites
Also, the type of device you are using to access our website and the setting on that device may provide us with information about your device. This may include what type of device it is, what specific device you have, what operating system the device is using. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
What personal data we collect
We may collect, store and use the following kinds of personal information:
• Your name
• Your contact details (including postal address, email address, telephone number, social media identity)
• Nature of your enquiry
• Your bank or credit card details where you provide these to make a donation/payment
• You IP address
We may also collect sensitive personal information such as date of birth, ethnicity and other information required to allow us to review how we deliver our services (which may be due to a contractual obligation under any funding we receive for providing a service), and information about Service Users needs which may include details of a personal nature if this is required for the purpose you have contacted RAD.
How we use your information
We may use your personal information to:
• Deal with your enquiries and requests
• Provide you with the services, products or information you asked for
• Administer your donation or support your fundraising, this may include processing gift aid
• Keep a record of your relationship with us
• Respond or fulfil any requests, complaints or queries you make to us
• Understand how we can improve our services, products or information by conducting analysis and market research
• Obtain your permission to publicise details of your feedback
• Manage our events
• Check for updated contact details against third party sources so that we can stay in touch if you move (see “Keeping your information up to date” below)
• Further our charitable objectives
• Communicate with you
• Administer our websites and to troubleshoot, perform data analysis, research, generate statistics and surveys related to our technical systems
• Testing our technical systems to make sure they are working as expected
• Contact you if enter your details onto one of our online forms, and you don’t ‘send’ or ‘submit’ the form, to see if we can help with any problems you may be experiencing with the form or our websites
• Display content to you in a way appropriate to the device you are using (for example if you are viewing content on a mobile device or a computer)
• Generate reports on our work, services and events
• Safeguard our staff and volunteers
• Process your application for a job or volunteering position
• Conduct training and quality control
• Audit and administer our accounts
• Meet our legal obligations, for instance to perform contracts between you and us, or our obligations to regulators, government and/or law enforcement bodies
• Carry out fraud prevention and money laundering checks
• Undertake credit risk reduction activities; and/or
• Establish, defend or enforce legal claims
For RAD Service users, we will only use the information provided to facilitate our work with you and to record information required by the organisation that funds us for the work, as well as for internal administrative purposes such as monitoring the quality of our service.
How we use your information to tell you about our work
Sending marketing communications
We operate an ‘opt-in only’ communication policy. This means that, except as set out below, we will only send marketing communications to those that have explicitly stated that they are happy for us to do so.
We may use information you have given us directly, for example the record of your previous donations to and/or relationship with us, your location and demographics, as well as the type of activity you have been involved with, to tailor our communications with you about future activities.
Events and fundraising
When you have asked for details of a RAD event, we will send you information including reminders on key information about the event (.e.g. timings, meeting points) and where relevant ideas for fundraising.
If you have signed up for a fundraising event with a third party e.g. Royal Parks Half Marathon and told the third party that you wish to fundraise for us, we may contact you with further information.
Managing your contact preferences
All our forms have clear marketing and/or publicity preference questions and we include information on how to opt out when we send you marketing communications.
You can change your preferences at any time by emailing email@example.com.
Please be aware that if you have decided that you do not want to be contacted for marketing purposes, we may still need to contact you for administrative purposes. This may include where we are processing a donation and any related Gift-Aid, thanking you for a donation or keeping in touch with you about volunteering activities you are doing.
Building profiles of supporters
Profiling our supporters enables us to raise more funds, sooner, and more cost-effectively than we otherwise would.
Firstly, we take the supporter’s communications preferences into account, then we use the information we hold on them to research their potential to be a significant donor to RAD.
We may collect additional information available in the public domain such as Companies House, social media accounts and websites in order to create a fuller understanding of someone’s interests.
We only use reputable sources, where someone would expect their information may be read by the public. We do not use information sources which have not been broadcast or made public.
You can opt-out from this activity at any time.
To find out more, please email firstname.lastname@example.org.
Legal basis for processing
Data protection laws mean that each use we make of personal information must have a “legal basis”. The relevant legal bases are set out in the General Data Protection Regulation (EU Regulation 2016/679) and in current UK data protection legislation.
Consent is where we ask you if we can use your information in a certain way, and you agree to this (for example when we send you marketing material via post, phone, text or e-mail). Where we use your information for a purpose based on consent, you have the right to withdraw consent for any future use of your information for this purpose at any time.
We have a basis to use your personal information where we need to do so to comply with one of our legal or regulatory obligations. For example, in some cases we may need to share your information with our various regulators such as the Charity Commission, Fundraising Regulator, Information Commissioner, or to use information we collect about you for due diligence or ethical screening purposes.
Performance of a contract
We may process your personal information in order to perform our obligations under a service contract.
We have a basis to use your personal information where it is necessary for us to protect life or health. For instance if there were a safeguarding issue which required us to contact people unexpectedly or share their information with emergency services, or an emergency impacting individuals at one of our events.
We have a basis to use your personal information if it is reasonably necessary for us (or others) to do so and in our/their “legitimate interests” (provided that what the information is used for is fair and does not unduly impact your rights).
We consider our legitimate interests to include all of the day-to-day activities RAD carries out with personal information. Some additional examples where we are relying on legitimate interests are:
• Updating your address using third party sources if you have moved house (please see the “Keeping your information up to date” section for more on this)
• Use of personal information when we are monitoring use of our websites for technical purposes
• Use of personal information to administer, review and keep an internal record of the people we work with, including supporters and volunteers
• Sharing of personal information between relevant teams and committees within RAD
• Where you have signed up with us on a charity place for a third party event (for example a sponsored run not organised by RAD), sharing personal information with the third party event organiser so they can administer the event
We only rely on legitimate interests where we consider that any potential impact on you (positive and negative), how intrusive it is from a privacy perspective and your rights under data protection laws do not override our (or others’) interests in us using your information in this way.
When we use sensitive personal information (please see the “What personal information we collect” section), we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route available to us at law for using this type of information (for example if you have made the information manifestly public, we need to process it for employment, social security or social protection law purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).
How we protect your information
We ensure that there are appropriate technical and organisational controls in place to protect your personal details.
Our Data Protection Policy is reviewed annually in the summer.
How long we keep your information for
Your information is kept only for as long as is necessary for the purposes for which it was collected and is securely destroyed.
Our Data Protection Policy is reviewed annually in the summer.
Sharing your information with third parties
We may disclose your information to third parties in connection with the other purposes set out in this policy. These third parties may include:
• Business partners, suppliers and sub-contractors who may process information on our behalf
• Analytics and search engine providers
• IT service providers
• Organisations that fund our work
Where we are under a legal or regulatory duty to do so, we may disclose your personal information to the police, regulatory bodies or legal advisors, or where we consider it necessary to protect the rights, property and safety of RAD, its staff, volunteers, visitors or service users or others.
Keeping your information up to date
We really appreciate it when you let us know if your contact details change.
However, from time to time, we may use information from external sources (e.g. the post office national change of address database) to identify when we think you have changed address. This enables us to update our records and stay in touch.
This activity also ensures that we do not have duplicate records or out of date preferences, so that we do not contact you when you have asked us not to.
Remember, you can change your preferences at any time by emailing email@example.com.
Under UK data protection law, you have rights over personal information that we hold about you. This is summarised below:
Right to access your personal information
You have a right to request access to the personal data that we hold about you. You also have the right to request a copy of the information we hold about you, and we will provide you with this unless legal exceptions apply.
If you want to access your information, send a description of the information you want to see by emailing firstname.lastname@example.org.
Right to have your inaccurate personal information corrected
You have the right to have inaccurate or incomplete information we hold about you corrected. If you believe the information we hold about you is inaccurate or incomplete, please provide us with details and we will investigate and, where applicable, correct any inaccuracies.
Right to restrict use of your personal information
You have a right to ask us to restrict the processing of some or all of your personal information in the following situations: if some information we hold on you isn’t right; we’re not lawfully allowed to use it; you need us to retain your information in order for you to establish, exercise or defend a legal claim; or you believe your privacy rights outweigh our legitimate interests to use your information for a particular purpose and you have objected to us doing so.
Right to delete your personal information
You may ask us to delete some or all of your personal information and in certain cases, and subject to certain exceptions, you have the right for this to be done.
Right for your personal information to be portable
If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.
Right to object to the use of your personal information
If we are processing your personal information based on our legitimate interests or for historical research or statistics, you have a right to object to our use of your information.
If we are processing your personal information for direct marketing purposes, and you wish to object, we will stop processing your information for these purposes as soon as reasonably possible.
If you want to exercise any of the above rights, please contact us by emailing email@example.com. We may be required to ask for further information and/or evidence of identity. We will endeavour to respond fully to all requests within one month of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay.
Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the Information Commissioner’s Office.
If you are unhappy with any aspect of how we are using your personal information, please contact us.
Our Complaints Policy is available online in English and BSL.
You have the right to lodge a complaint about how we use your information with the Information Commissioner’s Office.
Changes to this Policy
Any significant changes will be made clear on the RAD website.
Contacting us about this Policy
If you have any questions or comments, please let us know by emailing firstname.lastname@example.org.
The Royal Association for Deaf people has a Data Protection Lead who can be contacted at:
The Data Protection Lead
Royal Association for Deaf people
Century House South
North Station Road