This policy tells you how Fairshare Educational Foundation trading as ShareAction (registered charity number 1117244) processes and protects your personal data. We aim to be clear when we collect your data, let you know what we will use it for and keep it secure.
What personal data is collected?
We may collect personal information about you when:
- You sign up to our mailing list(s),
- You make a one-off donation or sign up to donate regularly,
- You sign up to attend one of our events,
- You become involved in one of our campaigns,
- You fill out a survey or quiz we send you,
- You apply for a paid or volunteering role with us.
The information we collect may include, among other details, your name, address, email address, telephone number, pension provider, Responsible Investment issues of particular interest to you, your involvement in ShareAction campaigns or activities, information as to whether you are a taxpayer, your employer or organisations in our network that you are affiliated to.
We may also collect information about you from publicly available sources from places like Companies House or information published in newspapers.
If you make a donation, we will collect the details necessary to process this payment e.g. bank account details to set up a Direct Debit and ask for consent to use your contact details to send you updates on our campaigns and occasional appeals. We do not store credit or debit card details and when making an online donation your payment details are processed by a third-party secure server payment gateway provided by PayPal.
We will not collect sensitive personal information or information classed as special category unless there is a clear reason as to why we need it. We will only collect this with your consent, and we will give clear notices so that you know why we need this data and how long we will keep it for.
We might use profiling or screening methods to ensure that communications are relevant to you and we do this by using data that you provide us with, data from publicly available sources, and data that is processed automatically through the systems we use (for example, whether you have previously opened emails from us). Profiling also allows us to understand more about people that support us which helps us to make appropriate requests for involvement in our campaigns and fundraising appeals. We may use geographic and demographic information to build a profile. Under the General Data Protection Regulation you have the right to obtain an explanation of any profiling decisions we have made and challenge these decisions.
Why is this data collected?
How we use your personal data will depend on the reason you are providing it and we will aim to make the reason clear when we collect the data. We will mainly use your data to:
- Provide you with services or information that you have asked for, such as sending you a newsletter, inviting you to training, or sending you more information about our campaigns.
- Keep you informed about our campaigns and movement and respond to questions you may have.
- Process your donation, including processing any Gift Aid declaration.
- Invite you to events we think might be of interest to you.
- Invite you to participate in our campaigns.
- Keep a record of how you prefer to be contacted.
- Keep a record of your relationship with us.
- Understand how we can improve our services, products and the information we provide.
- Develop a better understanding of our supporters to help us make better decisions in order to deliver our mission.
- Aggregate information for confidential reporting to project partners (see the Third Parties section below for more information on how your data is shared with project partners).
Our legal basis for processing personal data
The legal basis for processing your data depends on the reasons and circumstances we are collecting it.
Our legal basis for processing most personal data is because you have given us your consent to do so. You have the right to withdraw your consent for holding and processing your data and can do so by emailing us at email@example.com or calling us on 020 7403 7800.
In some circumstances, the processing is necessary for the performance of a contract with you or necessary for us to comply with a legal obligation.
Sometimes the legal basis for processing your data may be because it is in our legitimate interests to perform our operations. Before doing this, we will always carefully consider and balance any potential impact on you and your rights and we will not process any data if there is any risk of harm or potential conflict with your interests. Some examples of where we have legitimate interest to process data are:
- Managing our ongoing relationships with our professional contacts.
- Researching new professional contacts at companies, investors and other NGOs that may be interested in our campaigns.
- Using networking sites like LinkedIn to reach out to professional contacts who we think may be interested in our work.
- Managing our financial transactions and preventing fraud.
How is my data protected?
We take good care to ensure that the information we store on our database is kept secure in order to prevent unauthorised access and comply with the General Data Protection Regulation. Our devices are encrypted and staff that work with data have received appropriate training.
We will not sell, rent or swap your information with other organisations for them to use in their own marketing activities.
Like most organisations, we use trusted service providers to help our operations to be more efficient. These include systems and software providers like EventBrite, Microsoft programmes and Salesforce. We may use third party providers that are located outside of Europe. For example, the database we use to store your data and some email platforms we use have servers located in the USA. We have taken steps to ensure that the services we use that are located outside of the EU have appropriate security measures in order to protect your information. All providers we use are well renowned for their data security and have the appropriate technical controls and policies in place to protect your personal details.
We may disclose your personal information when required to do so by law.
We work with other charities and NGOs on some of our campaigns to share knowledge and resources. We will never share personal information with them without your explicit and informed permission but we may aggregate information in order to share statistical information needed for analysis. We will not include any details that could identify a specific individual.
How can I access, update or ask ShareAction to stop using my personal information?
If your details change, please let us know and we will update them on our system.
You can also change your mind at any time about the ways in which we contact you or withdraw your consent for us to process your data. You can do this by emailing firstname.lastname@example.org or calling us on 0207 4037 800. Most emails we send you will include a link you can click on to unsubscribe from that particular type of communication.
If you tell us that you no longer would like us to contact you, we will keep limited amounts of information (usually just your name and email address) and add this to our suppression lists to ensure you do not receive communications from us in the future – we will not use it for any other purpose. In certain circumstances you also have the right to have your personal data erased from our databases completely and you can ask us to do this at any time.
We regularly monitor your engagement with our communications and will periodically send emails to ask if you still wish to receive updates about ShareActions work. We will continue to hold your personal data while you are actively engaged with us until you ask us not to. If you have not engaged (either opened, replied, taken the requested action, or clicked through) with any of our emails then we will remove your personal details from our database after three years.
Legally, we are required to hold some types of information to fulfil our statutory obligations. Details needed to claim Gift Aid is one example of this.
Subject access reports
To request a subject access report which details all of the information we hold about you, please make this request in writing to ShareAction, 16 Crucifix Lane, London, SE1 3JW. We will not charge you for this request and will provide this information within one month of receipt, if the request is reasonable.
Making a complaint
You can also complain to the Information Commissioner’s Office via their website.
We regularly review this policy and it was last updated in May 2018.
You are welcome to use any text written by ShareAction, especially to join us in the campaign for Responsible Investment. However we do require that you fully source any material you use, crediting ShareAction. For further details please contact us.
The contents of this website do not constitute financial or legal advice. ShareAction does not promote or endorse any third party investment, financial service, company or any other third party product or service. Any mention of such products or service is by way of example only. ShareAction accepts no responsibility for any loss or adverse consequences arising from pursuing any activity mentioned in this website.