This policy tells you how Fairshare Educational Foundation trading as ShareAction (registered charity number 1117244) processes and protects your personal data. We aim to be clear when we collect your data, let you know what we will use it for and keep it secure.
What personal data is collected?
We may collect personal information about you when:
- You sign up to our mailing list(s),
- You make a one-off donation or sign up to donate regularly,
- You sign up to attend one of our events,
- You become involved in one of our campaigns,
- You fill out a survey or quiz we send you,
- You apply for a paid or volunteering role with us.
The information we collect may include, among other details, your name, address, email address, telephone number, pension provider, responsible investment issues of particular interest to you, your involvement in ShareAction campaigns or activities, information as to whether you are a taxpayer, your employer or organisations in our network that you are affiliated to.
We may also collect information about you from publicly available sources from places like Companies House or information published in newspapers.
If you make a donation, we will collect the details necessary to process this payment e.g. bank account details to set up a Direct Debit and ask for consent to use your contact details to send you updates on our campaigns and occasional appeals. We do not store credit or debit card details and when making an online donation your payment details are processed by secure verified third-party payment providers.
We will not collect sensitive personal information or information classed as special category unless there is a clear reason as to why we need it. We will only collect this with your consent, and we will give clear notices so that you know why we need this data and how long we will keep it for.
We might use profiling or screening methods to ensure that communications are relevant to you and we do this by using data that you provide us with, data from publicly available sources, and data that is processed automatically through the systems we use (for example, whether you have previously opened emails from us). Profiling also allows us to understand more about people that support us which helps us to make appropriate requests for involvement in our campaigns and fundraising appeals. We may use geographic and demographic information to build a profile. Under the Data Protection Act 2018 you have the right to obtain an explanation of any profiling decisions we have made and challenge these decisions.
Our website may include links to third-party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements or the content contained on them.
Why is this data collected?
How we use your personal data will depend on the reason you are providing it and we will make the reason clear when we collect the data. We will mainly use your data to:
- Provide you with services or information that you have asked for, such as sending you a newsletter, inviting you to training, or sending you more information about our campaigns.
- Keep you informed about our campaigns and movement and respond to questions you may have.
- Process your donation, including processing any Gift Aid declaration.
- Invite you to events we think might be of interest to you.
- Invite you to participate in our campaigns.
- Keep a record of how you prefer to be contacted.
- Keep a record of your relationship with us.
- Understand how we can improve our services, products and the information we provide.
- Develop a better understanding of our supporters to help us make better decisions in order to deliver our mission.
- Aggregate information for confidential reporting to project partners (see the Third Parties section below for more information on how your data is shared with project partners).
Our legal basis for processing personal data
The legal basis for processing your data depends on the reasons and circumstances we are collecting it.
Our legal basis for processing most personal data is because you have given us your consent to do so. You have the right to withdraw your consent for holding and processing your data and can do so by emailing us at firstname.lastname@example.org or calling us on 020 7403 7800.
In some circumstances, the processing is necessary for the performance of a contract with you or necessary for us to comply with a legal obligation.
Sometimes the legal basis for processing your data may be because it is in our legitimate interests to perform our operations. Before doing this, we will complete a legitimate interest assessment (see Annex 1) to carefully consider and balance any potential impact on you and your rights. We will not process any data if there is any risk of harm or potential conflict with your interests. Some examples of where we have a legitimate interest to process data are:
- Managing our ongoing relationships with our professional contacts.
- Researching new professional contacts at companies, investors and other NGOs that may be interested in our campaigns.
- Using networking sites like LinkedIn to reach out to professional contacts who we think may be interested in our work.
- Managing our financial transactions and preventing fraud.
How is my data protected?
We take good care to ensure that the information we store on our database is kept secure in order to prevent unauthorised access and comply with the Data Protection Act 2018. Our devices are encrypted and staff that work with data have received appropriate training.
We will not sell, distribute or lease your personal information to third parties unless we have your explicit permission or are required by law to do so.
Like most organisations, we use trusted service providers to help our operations to be more efficient. Where these providers are located outside of the EEA, we have taken steps to ensure that these services have appropriate security measures in order to protect your information and remain compliant with the GDPR. All providers we use are well renowned for their data security and have the appropriate technical controls and policies in place to protect your personal details.
All the personal data mentioned is stored in and processed through our Salesforce database. The purpose of this processing is to deliver our services and charitable objectives. The data is processed in the USA. Salesforce has received approval from European data protection authorities for its Binding Corporate Rules ("Salesforce Processor BCR"). For more details and to view the BCR, click here.
2. Engaging Networks
Personal information is stored within the Engaging Networks platform for the purpose of communications and newsletters to supporters, stakeholders and other interested parties. The data is processed in Canada. Engaging Networks’ service is subject to legal requirements outlined in the GDPR, their full data protection policy can be accessed here.
3. Microsoft and Office 365 Suite
Office 365 with OneDrive and SharePoint allows people to store, share and work together on content. It is a cloud-based “Software as a Service” platform that includes the transmission of customer data across the Internet to and from Microsoft’s cloud infrastructure and the storage and processing of customer data on Microsoft’s cloud infrastructure. Full details on privacy, compliance and a GDPR overview can be read here.
We work with other charities and NGOs on some of our campaigns to share knowledge and resources. We will never share personal information with them without your explicit and informed permission but we may aggregate information in order to share statistical information needed for analysis. We will not include any details that could identify a specific individual.
How can I access, update or ask ShareAction to stop using my personal information?
If your details change, please let us know and we will update them on our system.
You can also change your mind at any time about the ways in which we contact you or withdraw your consent for us to process your data. You can do this by emailing email@example.com or calling us on 0207 4037 800. Most emails we send you will include a link you can click on to unsubscribe from that particular type of communication.
If you tell us that you no longer would like us to contact you, we will keep limited amounts of information (usually just your name and email address) and add this to our suppression lists to ensure you do not receive communications from us in the future – we will not use it for any other purpose. In certain circumstances you also have the right to have your personal data erased from our databases completely and you can ask us to do this at any time.
We regularly monitor your engagement with our communications and will periodically send emails to ask if you still wish to receive updates about ShareAction’s work. We will continue to hold your personal data while you are actively engaged with us until you ask us not to. If you have not engaged (either opened, replied, taken the requested action, or clicked through) with any of our emails then we will remove your personal details from our database after two years.
Legally, we are required to hold some types of information to fulfil our statutory obligations. Details needed to claim Gift Aid is one example of this.
Subject access reports
To request a subject access report which details all the information we hold about you, please make this request via email at firstname.lastname@example.org. We will not charge you for this request and will provide this information within one month of receipt if the request is reasonable.
Making a complaint
If you have any concerns about our use of your personal information, you can make a complaint to us by emailing email@example.com.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House, Water Lane
Cheshire, SK9 5AF
Helpline number: 0303 123 1113
We regularly review this policy and it was last updated in June 2021. The next review of our policy will take place in August 2022.
You are welcome to use any text written by ShareAction, especially to join us in the campaign for Responsible Investment. However we do require that you fully source any material you use, crediting ShareAction. For further details please contact us.
ShareAction does not provide investment advice. The information herein is not intended to provide and does not constitute financial or investment advice. ShareAction makes no representation regarding the advisability or suitability of investing or not in any particular financial product, shares, securities, company, investment fund, pension or other vehicle or of using the services of any particular organisation, consultant, asset manager, broker or other service provider for the provision of investment services. A decision to invest or not or to use the services of any such provider should not be made in reliance on any of the statements made here. You should seek independent and regulated advice on whether the decision to do so is appropriate for you and the potential consequences thereof. Whilst every effort has been made to ensure the information is correct, ShareAction, its employees and agents cannot guarantee its accuracy and shall not be liable for any claims or losses of any nature in connection with information contained in this document, including (but not limited to) lost profits or punitive or consequential damages or claims in negligence.