PRIVACY POLICY
Office 4
The Workshop
Belle Vue Lane
Bude
EX23 8BR
Email: info@2minute.org
Statement
At The 2 Minute Foundation we’re committed to protecting your privacy and personal information. We want to be completely transparent about why we need the personal information we request and how we will use it. This policy helps you understand how we collect, store and use your information.
Developing a better understanding of our supporters through personal information helps us to make better decisions, communicate more effectively and ultimately help us to reach our vision – a world without plastic and litter pollution.
This policy applies to all of the pages hosted on this website, our app and when you have contacted us. It does not apply to other organisations to which we collaborate with whose privacy policies may differ.
When we refer to “we” or “us” in this policy we are referring to The 2 Minute Foundation.
Purpose
The purpose of this policy is to help you understand what personal information The 2 Minute Foundation collects, how we use it and what your rights are. We take care to ensure that we use your information in accordance with all of the applicable laws concerning the protection of personal information. We are committed to protecting and respecting your privacy in accordance with the UK GDPR and Data Protection Act 2018.
Contents
1. Who we are.
2. How we collect information from you.
3. Why we use your information.
4. About Legitimate Interest.
5. How we use your information.
6. What we do to keep your data safe.
7. How long do we keep your information.
8. What are your choices.
9. How to contact us.
1. Who we are
The processing of your information is carried out by or on behalf of The 2 Minute Foundation. We are an environmental and wellbeing charity that inspire, educate and enable people to clean up the planet.
The 2 Minute Foundation is a Charitable Incorporated Organisation, CIO 1185610, Company number: CE019062, Address: 2 St Helen’s Close, Croyde, EX33 1PW.
The 2 Minute Foundation is registered as a data controller with the ICO - Information Commissioner’s Office for the United Kingdom, registration number ZB092664.
2. How we collect information from you
In this policy we use the term personal information to mean any information you give us from which you can be identified. Personal information does not include information where your identity has been removed (ie. anonymous data).
We collect personal information about you in a number of ways:
Directly – when you provide the information to us. You may give us your information to make a donation, apply for a job or volunteer, sign up to an event, purchase from our shop, or communicate with us.
Indirectly – when you give permission to other organisations to share it with us. Your information may be shared with us by independent third parties like Just Giving or GiveTap. These independent third parties will only do so when you have indicated that you wish to support The 2 Minute Foundation with your consent. You should check their Privacy Policy to understand fully how they will process your information. We may also obtain information about you from a family member or a friend who contacts us on your behalf or if a fundraiser passes on your details to us.
Available Publicly– When your information is available in the public domain. We may combine information that we already have about you with information available publicly or information available from external sources in order to gain a better understanding of you and to improve our fundraising methods, products and services. We may also use publicly available information to identify individuals who may be interested in giving major gifts to charities or organisations like The 2 Minute Foundation.
Commonly collected information includes: your full name, phone number(s), social media accounts, address, email, donation amounts, IP address and information regarding what pages are accessed and when. We will ensure that we only collect relevant data, and only collect sensitive personal data where absolutely necessary and with your explicit consent.
If you make a donation and/or buy our products or services online your card information is not held by us; it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions.
Aged 18 or Under - The safety of children is very important to us. We do not knowingly target or collect information from children under the age of 13. Anyone under the age of 16 is recommended to get their parent/guardian’s permission beforehand whenever you provide us with personal information. We will not share data collected from children with any third parties at any time under any circumstances.
Where we need to collect sensitive information about individuals under 18, for example to be aware of any health issues when attending 2 Minute Beach School, we will only share this information with relevant staff and ensure that we have measures in place to ensure the confidentiality of this sensitive data.
People in vulnerable circumstances
The 2 Minute Foundation recognises the importance of protecting people in vulnerable circumstances and follows the guidance issued by the Institute of Fundraising on Treating Donors Fairly. This guidance supports our staff and volunteers to safeguard the privacy of people in vulnerable circumstances.
If you volunteer with us - For some volunteering opportunities, it might be necessary for us to collect sensitive personal data. For example, if you volunteer with us at one of our events we might ask you about your accessibility needs, health or dietary requirements in order to make any reasonable adjustments you might need. When collecting sensitive data we will always ask for your explicit consent. Sensitive data is only shared with staff who need it to carry out their duties; for example, a member of staff responsible for health and safety at an event might need to know if you have any medical conditions. We have measures in place to ensure the confidentiality of your sensitive data.
3. Why we use your information
The 2 Minute Foundation are committed to complying with UK data protection and privacy rules. We will only use your information when we have a legal basis to do so and we will always respect your rights.
Where we use your information, it may be because you have consented to us doing so or because we consider we have a legitimate interest (see a further explanation below) to do so. Where we do rely on a legitimate interest to use your information, we will always ensure that this is done in a fair way that respects your rights. Other reasons may include using information because we have a legal obligation to do so or because we have to fulfil contractual obligations.
We only use your information:
• If you have given us your consent to use the information for a specified purpose, such as sending marketing communications to you by email
• Where it is necessary for us to comply with a legal obligation, for example to claim Gift Aid on a donation, or to detect or prevent fraud.
• Where it is necessary to enter into, or perform, a contract with you, such as when you apply for a job with us
• For our own (or a third party’s) legitimate interests (see below), provided your rights don’t override these interests, for example fundraising, internal record keeping, research and reporting.
If we rely on your consent to process personal information, you can withdraw your consent at any time, and where we rely on legitimate interests, you may have the right to object to our processing.
4. About Legitimate Interest
Under data protection laws, The 2 Minute Foundation has a number of lawful reasons that we can use (or 'process') your personal information. One of the lawful reasons is called 'legitimate interests'.
Broadly speaking legitimate interests means that we can process your personal information if The 2 Minute Foundation has a genuine and legitimate reason, and we are not harming any of your rights and interests.
When you provide your personal details to us we use your information for our legitimate business interests to support our charitable aims. Before doing this, we will also carefully consider and balance any potential impact on you and your rights.
Some typical examples of when we might use the approach are for preventing fraud, maintaining security, direct marketing, data analytics, identifying usage trends and determining the effectiveness of our campaigns and fundraising.
For further information on how we use legitimate interest please contact us on info@2minute.org
5. How we use your information
To respond to or fulfil any requests, complaints or queries you make to us:
If you contact us directly, we will use the information you give to us to handle your enquiry or request. This may include sharing your details with other 2 Minute Foundation personnel in order to process your enquiry, responding to your query or feedback, or sending you relevant information such as fundraising materials or information on environmental topics. We may also keep a record of conversations we have with you, feedback you provide and any marketing materials we send out to you. We use this information to compile internal reports to help us improve our services and to handle queries more efficiently.
To process any donations you make, claim any relevant Gift Aid and maintain a record of your past or potential future financial contributions:
We will send information and support to you by post, phone, mobile messaging, email, social media, or any other channels for which you have provided your details. When you have asked for details of an event, we will send you information including, where relevant, ideas for fundraising and reminders on key information about the activity.
Where appropriate, we will use the information you provide to identify any help we can offer, specific to the activity you have signed up for and to provide necessary information to event organisers. Where this includes information about your health or other sensitive information, we will only use this information if you have consented to us doing so.
We may also receive information through event organisers or through third party websites such as JustGiving or GiveTap so we know you are fundraising for us.
To check or supplement your data:
We may also use your name and contact details to check against sources, such as Royal Mail’s National Change of Address and the BT Operator Services Information System (OSIS) file, to ensure we have the most up to date contact details for you.
In addition, we may occasionally supplement your data with other publicly and commercially available information where it meets GDPR standards. This may include information such as your parliamentary constituency or the characteristics of your local area to inform campaigning and requests for support, or on rare occasions, information such as company directorships, estimations of your wealth or potential interest in legacy giving, to ensure our communications are relevant. We may store relevant information about you that you voluntarily share with us.
To better understand how to tell you more about our important work
The 2 Minute Foundation uses Google Analytics to compile statistics on how our website is being used, which can help us to improve our website and online services. Our website also uses Google Analytics advertising features to enable us to better understand the interests of our audience and to tailor our communications to be more relevant to you.
If you do not wish to see these adverts, you can:
• opt out of Google’s use of cookies through Google’s Ads Settings
• refuse the use of cookies by downloading and installing Google Analytics Opt-out Browser Add-on
• Controlling your cookie preferences
All Internet browsers allow you to control which cookies you accept and which you delete. For more information about cookies, please see www.allaboutcookies.org.
You may also see our advertising online and on some social media sites if you have supported us before, or if your use of these channels suggests that you would find our campaigns relevant.
We use cookies to ensure that any investments we make in online advertising are as cost-effective as possible, by tracking how well individual adverts perform. These cookies are issued by third party service providers that we have assessed as secure. If you do not wish to see these adverts, you can do so by managing the privacy settings on your social media accounts including Facebook, Instagram and Twitter.
Depending on your settings or the privacy policies for social media and messaging services, you may have given these services permission to share your details with us. For example, if choosing to register for an activity using a ‘Sign up with Facebook’ link, Facebook may share information such as your name and email address with us.
Our Social Media Pages such as Facebook, Instagram and Twitter may also use ‘live chat’ services to allow The 2 Minute Foundation’s social media Gatekeepers to offer you assistance or the opportunity to engage with The 2 Minute Foundation in a manner relevant to you.
These services may involve the use of cookies and the transfer of information about your site navigation, such as your IP address, to secure networks for the purposes of storage and analysis. This information will only be used for the purposes of administering these live chats.
We may use social media platform advertising tools to build audiences matching particular characteristics to serve our advertising campaigns. For example, we might target people who have shown an interest in activism, or environmentalism. This targeting is based on pages and/or posts people have previously engaged with on the platform. These tools allow us to inspire new people to engage with our work, and help us spread awareness about the issues facing our planet.
Turning cookies off may result in a loss of functionality when using our website and the LITTERLOG app.
To personalise communication and build up a profile
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively.
This profiling may include details of your past engagement with The 2 Minute Foundation together with information gathered from sources detailed elsewhere in this Privacy Policy. For example, in deciding who to email about a coastal oil spill, we might look at which supporters have supported similar campaigns in the past and which supporters live in coastal constituencies. This enables The 2 Minute Foundation to most effectively target relevant information and appropriate requests for support. This does not affect any of your rights or limit you in how you can get involved with us and our campaigns. You may opt out of profiling at any time by contacting us using the details at the bottom of this policy.
We may also use your personal information to detect and reduce fraud and credit risk.
To manage our recruitment
When applying for a role with The 2 Minute Foundation the personal data you provide as part of the recruitment process will only be held and processed for the purpose of the selection processes and in connection with any subsequent employment unless otherwise indicated. You will be asked to provide certain information including your name, contact details, employment history and qualifications and entitlement to work in the UK. This information is mandatory in order to consider your application, communicate with you about your application and where successful, follow up with references or meet our statutory and internal monitoring and reporting responsibilities. We may also view social media profiles of applicants, such as LinkedIn, to the extent that it is relevant to your application.
We may also ask more sensitive information, such as whether you have a disability, in order for us to make reasonable adjustments at interview. Equal opportunities monitoring information may be collected, including information about your ethnicity, sexual orientation, health, and religion or belief. We will only collect this sensitive information with your explicit consent, which can be withdrawn at any time. We keep this information separate from your application.
Personal information about unsuccessful candidates will be held for one year after the recruitment exercise has been completed and will then be destroyed.
To prevent fraud and/or work with authorities in cases of fraud or criminal investigations
We may use your data to help prevent fraud or when requested, by law, to comply with fraud and/or criminal investigations.
6. What we do to keep your data safe
When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with 128 Bit (or higher) encryption on SSL. When you are on a secure page, a lock icon will appear in the URL bar on browsers such as Safari and Google Chrome. Non-sensitive details (your e-mail address etc.) may be transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information and attempt to force SSL on all of our pages, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our system.The 2 Minute Foundation uses industry-standard tools to safeguard the confidentiality of your personally identifiable information. We make every effort to protect against the loss, misuse and alteration of the information under our control.
We always use a secure connection when collecting personal financial information from you and conform to PCI standards (the credit card industry set of standards that businesses accepting, transmitting, and storing cardholder data must follow). All forms that request credit card or bank details use Secure Sockets Layers (a security protocol that provides communications privacy over the Internet in a way that is designed to prevent eavesdropping, tampering, or message forgery) for encryption. Most web browsers support Secure Socket Layers.
The link between your web browser and the server is secure if your web browser displays a small padlock or key symbol somewhere in the frame, or the address bar shows a web address beginning https:// (rather than http://). The ‘s’ stands for secure.
We endeavour to keep all supporter data inside the European Economic Area (EEA – of which the UK is still part of under a separate agreement following Brexit), and ensure that any time data is transferred outside the EEA appropriate safeguards on data security and processing are applied.
All of our staff are trained to understand data protection and what they need to do to keep your data secure. We review our data awareness training regularly to ensure it is up to date. We ensure volunteers are given appropriate data awareness and protection training where they are responsible for handling data, for example, if they are collecting petition signatures at an event.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, The 2 Minute Foundation shall promptly assess the risk to your rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).
7. How long do we keep your information?
We review our retention periods for personal information on a regular basis and will only hold your information for as long as it is necessary in accordance with our data retention policy. We are legally required to hold some types of information to fulfil our statutory obligations (for example the collection of Gift Aid). We will hold your personal information on our systems for as long as is necessary for the relevant activity. We will contact you every three years to obtain continued consent to receive communications from us.
In the case of volunteer and job applications, we will hold your information for one year after your application, or for the duration of your involvement with or employment by The 2 Minute Foundation and for two years afterwards, or longer if we are required to do so to fulfil statutory duties and comply with legislation regarding employment or regulated activities, as defined in the relevant legislation.
8. Who has access to your information?
We use Microsoft 365 to manage our e-mail lists and communications and Beacon CRM is our Customer Relationship Management tool. Microsoft 365 are an industry leader in e-mail communications, and Beacon deliver world class software. These partners may have, on occasion, access to your data, for example to fix account issues. For further information on how they store, protect and use your data please see their privacy policies, available on their individual websites.
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Please be reassured that we will not release your information to third parties beyond The 2 Minute Foundation’s network unless we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
We only may transfer your personal information to a third party as part of any business restructuring or reorganisation, or if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our supporters and customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
When you are using our secure online donation pages, your donation is processed by a third party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us at info@2minute.org.
9. What are your choices
We will not contact you for marketing purposes by e-mail, phone or text message unless you have given your prior consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted.
The 2 Minute Foundation shall ensure that personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed and when personal data is deleted, this should be done safely such that the data is irrecoverable.
You can change your marketing preferences at any time by clicking on the link at the bottom of newsletter e-mails, write to us at: 2 St Helen’s Close, Croyde, EX33 1PW or email info@2minute.org.
You have the right under the UK GDPR to request free of charge:
• a copy of the information The 2 Minute Foundation holds about you
• correction or deletion of your personal information
• restriction of our processing of your personal information, or to object to our processing; and
• portability of your personal information
•
We’re working on ways to make it easier for you to review and correct the information that we hold about you. Should you wish to see a copy of the information The 2 Minute Foundation hold about you, we will supply this within one month of your request. If you wish to exercise any of these choices, please contact us.
Contact Details:
By e-mail: info@2minute.org
By post: The 2 Minute Foundation, 2 St Helen’s Close, Croyde, EX33 1PW.
Review and update of this Policy notification:
We keep this Policy under regular review and update inline with changes to our practices, UK GDPR, Data Protection Act 2018 and any other applicable UK law.
If you would like to find out more about the UK data protection laws and how you could be affected beyond what is mentioned in this privacy policy, please visit the Information Commissioner’s Office.
The CEO shall take responsibility for the Charity’s ongoing compliance with this policy.
May 2022.