This policy applies to anyone that WECIL has a relationship with by using any of our services, visiting our website, communicating with us by email, phone, and writing or in person.
In certain circumstances we may also provide an extra privacy notice, which will always refer to this document.
We will never sell your personal data and will only share it with organisations we work with when it is necessary and the privacy and security of your data is assured.
In this policy, whenever you see the words ‘we’, ‘us’, ‘our’, or ‘WECIL’, it refers to ‘The West Of England Centre for Inclusive Living’ (WECIL Ltd) and its wholly owned subsidiary ‘WECIL Social Enterprise Ltd.’ (Our ICO registration number is Z8245051).
WECIL Ltd. (Reg. Charity number 1053515) is a charitable organisation with the aim to provide information, advice and support services to the disabled community in Bristol and the surrounding region.
WECIL Ltd. And WECIL Social Enterprise Ltd. (Reg. Company numbers 3030167 and 05452347) undertake a range of commercial activities to generate income, including income from grants and Local Authority contracts, as well as providing paid subscription services; all of which support WECIL to offer many free-to-access services, projects, and memberships.
In this policy, whenever you see the words ‘you’, it refers to anyone external to WECIL, whom WECIL has a relationship with, including but not limited to:
This policy does not cover WECIL’s internal relationships, which include: volunteers, placements, interns, paid workers or employees, or applicants to any such position; which are covered separately under WECIL’s HR Privacy statement.
Your personal data will be collected and used by us and includes information that identifies you, or which can be identified as relating to you personally.
We will only collect the personal data that we need in connection with specific activities; such as subscribing to any of our chargeable and free-to-access services or projects, governance membership, funding, donations and investments, volunteering, training, and employment.
You can give us your personal data by filling in forms on our website, or by filling in digital and paper forms, participating or subscribing in chargeable and free-to-access services or projects, participating with our social media accounts (including Facebook, Twitter, and LinkedIn); by entering a competition, promotion or survey; by donating or investing in WECIL, or by corresponding with us (by phone, email or by joining as a member/supporter/customer).
We will also collect personal data (as above) for children aged under 25 who subscribe or access a WECIL service either directly or through their parent or guardian.
If you subscribe to or purchase any of our services as a parent or guardian on behalf of a young person (under the age of 25) including volunteers, your details and your association with that relationship will be recorded. We will also record personal data about the young person, where reasonable and necessary to our relationship with them.
The EU General Data Protection Regulation (from 25 May 2018) defines ‘sensitive personal data’ as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.
At times we will collect sensitive personal data for Equal Opportunities monitoring, but this is only ever analysed at an aggregate level.
We may automatically collect the following information:
Please note that certain services on our website may not be available to you until you have registered to use our website or subscribed to a particular service.
Your activities and involvement with us will result in personal data being created. This could include details necessary to the delivery of a particular service that you have requested from us, how you have supported us by volunteering or being involved with our campaigns and activities, or your involvement with our business operations. If you decide to donate to us then we will keep records of when and how much you gave.
We conduct research and analysis on the information we hold, which can in turn generate personal data. By analysing your subscriptions, memberships, interests and involvement with us, for example, we may be able to build a profile that helps us decide what communications are likely to interest you. The sections in this document titled Feedback and Profiling give more detail about how we use your information for profiling and targeted advertising.
We may receive personal data about you from third-parties (including Local Authorities, Government agencies, and our service delivery partners) depending on what services you have requested from us/them or your relationship with us. The data we receive from third-parties is combined with your personal record held on our system(s) in order to fulfill our relationship with you.
We will only use and store your information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.
Information system and data security is imperative to us to ensure that we are keeping your information safely.
We operate a robust and thorough process for assessing, managing and protecting new and existing systems which ensures that they are up to date and secure against the ever changing threat landscape.
Our workers undertake mandatory information security and data protection training on employment and annually thereafter, to reinforce responsibilities and requirements set out in our information security policies.
When you trust us with your data we will always keep your information secure to maintain your confidentiality. By using strong encryption when your information is stored or in transit we minimise the risk of unauthorised access or disclosure.
WECIL operations are based in the UK and we store all of our data within the European Union (EU). Some organisations that provide services to us may transfer data outside the European Economic Area but we will only allow this if your data is adequately protected. Some of our systems are provided by US companies and whilst it is our policy that we prefer data hosting and processing to remain on EU-based solutions, it may be that using their products results in data transfer to the USA. We only allow this when we are certain it will be adequately protected. (e.g. US Privacy Shield and Standard EU contractual clauses)
WECIL has active PCI-DSS compliance programme in place via WorldPay Ltd and/or GoCardless Ltd. This is the international standard for safe card payment processes. As part of our compliance to this very stringent standard, we ensure that our IT systems do not directly collect or store payment card information; for example the full 16 digit number on the front of the card or the security code on the back.
Our online payment solutions are carried out using a ‘payment gateway’ (e.g. WorldPay Ltd and/or GoCardless Ltd.) which is a direct connection to a payment service provided by a bank. This means that when you input card data into the payment page, you are communicating directly with the bank and the bank passes your payment to us, this means that your payment card information is handled by the bank and not processed or held by us.
When we allow third-parties acting on behalf of WECIL to access your information, we will always have complete control of what they see, how long they see it for and what they are allowed to do with it. We do not sell or share your personal information for other organisations who are not partner to WECIL to use.
Personal data collected and processed by us may be shared with the following groups where necessary:
Also, under strictly controlled conditions:
We will only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation (GDPR) and Privacy of Electronic Communication Regulation (PECR).
Personal data provided to us will be used for the purpose or purposes outlined in this policy, by a contract of services, or by a fair processing notice; in a transparent manner at the time of collection or registration and in accordance with any preferences you express.
We may contact you about specific services that you have subscribed, are a member of, or have accessed. Depending on your relationship with us, our marketing and communications to you may include:
We would also like to use your details to keep you informed about things that may matter to you. Our general newsletters may sometimes include:
If you choose to hear from us in this way, we may send you information based on what is most relevant to you or things you have told us you like. We may also show you relevant content online.
We will only send general communications to you if you agree to receive them, and you can change your general marketing and communication preferences at any time. If you tell us that you do not want to receive general marketing communications, then you may not hear about events or other work we do that may be of interest to you, but you may still receive communications that are essential to the delivery of a service to which you have subscribed to, access, or are a member of.
We will not send general marketing and communication emails, letters or make calls to people under the age of 18. We may contact young people with regards to specific services that they have subscribed to or accessed, and we believe they are still interested in. This may include communications promoting trips and events offered by our youth services.
We will not send any marketing communications requesting donations to young people, but these may be included in general communications that parents or guardians have opted to receive.
We may profile people under the age of 18, and report aggregate data to our funders or partners. We do not ask children for consent to general marketing and communications, so they do not receive them unless they have asked for them.
We will never share your information with companies outside WECIL (that we are not partner to) for inclusion in their marketing or communications.
We may sometimes use third-parties to capture and/or store some of your data on our behalf, but only where we are confident that the third-party will treat your data securely, in accordance with our terms and in line with GDPR requirements.
Your data is may be used to verify your identify when you contact us or sign up for any online service(s) we provide.
We process customer data in order to fulfil chargeable services. Your data will be used to communicate with you throughout the process, including confirming we have received your order and payment, service provision, to clarify where we might need more detail to undertake a service, or to resolve issues that might arise with your service. Services may also hold access, dietary and medical requirements for training courses and other trips or events.
If you are a governance member or trustee, we use the personal data you provide to service your membership. This includes sending renewal information by mail and email, sending general marketing and communications for you to be kept aware, as well as updates and information about our Annual General Meeting.
We need to use your personal data to manage your volunteering, from the moment you enquire to the time you decide to stop volunteering, and sometime after for lawful compliance. This could include: contacting you about a role you have applied for or we think you might be interested in, expense claims you have made, shifts you have booked and to recognise your contribution.
It could also include information from our service or project teams about things happening, other volunteering or employment opportunities at WECIL, and about your volunteering including one-to-ones and asking for your opinions on your volunteering experience.
We may also anonymously share this with funders and partners to help them monitor and value how their funding is making a difference.
We regularly survey our supporters, customers, staff and volunteers, as well as industry professionals and business partners to collect feedback on their experience with us. We use this feedback to improve our service experience, develop our service offering, and ensure we know what is relevant and interesting to you.
Our surveys are optional and you can choose not to take part. Some of our surveys may ask you to provide sensitive personal data (e.g. ethnicity). You do not have to provide this data and we also provide a ‘prefer not to say’ option. We only use such data at an aggregate level for reporting (e.g. equal opportunities monitoring).
We use specific tools to profile how you interact with us online, including: Google Analytics, Facebook, Twitter and LinkedIn. Much of the information we collect is aggregated, however we may also collect some personal data for the use optimising our general marketing campaigns, and to ensure the site is functioning as intended.
The personal information that we collect includes transactional information (i.e. order number) for services, donations, and membership renewals. We also collect data on individual user activity when they create or log into WECIL’s online services. This information takes the form of an encrypted string.
We may also host encrypted personal data on third-party websites (e.g. social media platforms) to ensure that you only see relevant, personalised and interesting content from those organisations.
Personal data provided to us may also be profiled to help us with advertising targeting. Your membership data may be used to find people with a similar profile to yourself who may be interested in our products, services or opportunities.
We use geo-location on our website. You can change your location settings at any time in your device or computer settings.
In order to comply with our contractual, statutory, and management obligations and responsibilities, we process personal data, including ‘sensitive’ personal data, from applicants for volunteers, trustees, paid workers and paid employees.
Such data can include, but is not limited to, information relating to health, racial or ethnic origin, criminal convictions, and access requirements. In certain circumstances, we may process personal data or sensitive personal data, without explicit consent. Further information on what data is collected and why it is processed is given below.
Contractual responsibilities: Our contractual responsibilities include those arising from the contract of employment (for workers and employees). The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts.
Statutory responsibilities: Our statutory responsibilities are those imposed through law on the organisation as an employer. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, equal opportunities monitoring.
Management responsibilities: Our management responsibilities are those necessary for the organisational functioning of WECIL. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters, address, e-mail address and telephone number.
Where we have your permission, we may invite you to support our charitable aims by making a donation, buying a raffle ticket, getting involved in fundraising activities, investing in WECIL, or leaving a gift in your will.
Occasionally, we may invite some supporters to attend special events to find out more about the ways in which donations, investments, and gifts in wills can make a difference to specific projects and to our cause. We will also send you updates on the impact that you make by supporting us in this way, unless you tell us not to.
If you make a donation or investment, we will use any personal information you give us to record the nature and amount of your gift, claim gift aid where applicable and you have told us you are eligible, and thank you for your gift.
If you tell us you want to fundraise to support our cause, we will use the personal information you give us to record your plans and contact you to support your fundraising efforts. If you have told us that you are planning to, or thinking about, leaving us a gift in your will, we will use the information you give us to keep a record of this – including the purpose of your gift, if you let us know this.
If we have a conversation or interaction with you (or with someone who contacts us in relation to your will, for example your solicitor), we will note these interactions throughout your relationship with us, as this helps to ensure your gift is directed as you wanted.
Charity Commission rules require us to be assured of the provenance of funds and any conditions attached to them. We follow a due diligence process which involves researching the financial soundness, credibility, reputation and ethical principles of donors who have made, or are likely to make, a significant donation to WECIL.
As part of this process we will carry out research using publicly available information and professional resources. If this applies to you, we will remind you about the process when you make your donation or investment.
We want you to remain in control of your personal data. If, at any time, you want to update or amend your personal data please contact us.
Where possible, we will always act upon your choice of how you want to receive communications; whether by email, post, phone, text message, or minicom.
We may need to send some communications, however, in a particular format or method in order to fulfil our legal or contractual obligations.
Where WECIL has explicitly sought your consent to use your data for specific purposes, you have the right to withdraw that consent at any time.
You also have the right to ask WECIL to stop using your personal data for general marketing purposes. We will continue, however, to use your personal data for specific marketing purposes essential to any subscriptions or memberships that you have with us. You can stop receiving subscription or membership specific content by ceasing your subscription or membership with us.
If you would like further information on your rights or wish to exercise them, please write to our Data Protection Officer, at our registered office or email firstname.lastname@example.org. You will be asked to provide the following details:
We will also need you to provide information that will help us confirm your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it.
Once we have all the information necessary to respond to your request we will provide your information to you within one month. This timeframe may be extended by up to two months if your request is particularly complex.
You can contact WECIL about data protection in a number of ways. In order to identify you and act on your contact with us, please provide your full name, full address, WECIL ID (if you have one), as well as your data protection query or request.
In all instances verification, updating or amendment of personal data will take place within 30 days of receipt of your request.
In the first instance, please talk to us directly so we can resolve any problem or query. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their help line 0303 123 113 or at www.ico.org.uk.
Looking for accessible activities this summer holiday? Check out @GympanzeesUK , they have some great accessible activities on!— WECIL Bristol (@WECILBristol) June 21, 2018