Privacy Policy
HERSANA is committed to protecting any personal information you provide to us. Any personal information you provide to us will be processed in the ways described in this privacy policy. This policy explains how we collect information, what we do with it and what rights you have over it.
Our supporters and contacts are extremely important to us. Without your support HERSANA will find it much harder to continue to provide life-changing and life-saving services. It is important that we can communicate with you. We would like to keep you up to date about our work, show the amazing difference your support is making, demonstrate how you are helping us to reach more Black femmes experiencing gendered abuse and violence and on occasion, approach supporters for further help.
We would also like to assure anyone who accesses our websites and any of our support services that HERSANA is committed to the privacy and security of their personal information.
- Who we are
In this privacy policy, HERSANA means: HERSANA CIC: registered community interest company in England and Wales (12576638). HERSANA is a ‘controller’ for the purposes of the EU General Data Protection Regulations 2016/679. As a controller we are responsible for, and control the processing of your personal information. If you require further information about our privacy practices, please contact our Data Protection Officer by:
Writing to: HERSANA CIC, Suite 23, 63-66 Hatton Garden, London, EC1N 8LE Email: data@hersana.org
Call us on: 0333 016 9610
- How we collect information about you
When you interact with us directly: This could be if you ask us about our activities, register with us for an event, make a donation to us, ask a question about gender-based violence, access our support services, purchase something, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This includes when you phone us, visit our website, get in touch through the post, or in person.
When you interact with us through third parties: This could be if you provide a donation through a third party such as PayPal or one of the other third parties that we work with and provide your consent for your personal information to be shared with us. When you visit our website: We gather general information which might include which pages you visit most often and which services, events or information is of most interest to you. We may also track which pages you visit when you click on links in emails from us.
We also use “cookies” to help our site run effectively. We use this information to personalise the way our website is presented when you visit to make improvements and to ensure we provide the best service and experience for you. Wherever possible we use anonymous information which does not identify individual visitors to our website.
When you interact with us through partners or suppliers working on our behalf: This could be if you access a service delivered through a trusted organisation working on our behalf and always under our instruction. From other information that is available to the public: In order to tailor our communications with you to your background and interests we may collect information about you from publicly available sources or through third party subscription services or service providers.
- Information we collect about you
In connection with the purposes set out in paragraph 4 below we collect some or all of the following information, as applicable to the relevant purpose:
- your name;
- your contact details (including postal address, telephone number, e-mail address and/or social media identity);
- your date of birth;
- your gender;
- your bank or credit card details where you provide these to make a payment;
- if you volunteer for us or apply for a job with us, information necessary for us to process these applications and assess your suitability (which may include things like employment status, previous experience depending on the context, as well as any unspent criminal convictions or pending court cases you may have);
- information about your activities on our website(s) and about the device you use to access these, for instance your IP address and geographical location;
- information about events, activities and products which we consider to be of interest to you;
- information relating to your health (for example if you are taking part in or attending an event for health and safety purposes);
- where you have left us a legacy, any information regarding next of kin with which you may have provided us to administer this;
- information as to whether you are a taxpayer to enable us to claim Gift Aid;
- age, nationality and ethnicity information for monitoring purposes; and
- any other personal information you provide to us.
In connection with certain services offered through this site we may ask you to submit information such as your name, e-mail address, postal address, telephone number and credit/debit card details. You are under no obligation to provide such information. However, if you should choose to withhold requested information, we may not be able to offer you certain services.
Certain types of personal information are in a special category under data protection laws, as they are considered to be more sensitive. Examples of this type of sensitive data would be information about health, race, religious beliefs, political views, trade union membership, sex life or sexuality or genetic/biometric information. We only collect this type of information about our supporters to the extent that there is a clear reason for us to do so.
Wherever it is practical for us to do so, we will make it clear why we are collecting this type of information and what it will be used for.
- How your information is used
HERSANA uses the information you provide to us for one or more of the following purposes:
- to provide you with the services, products or information you asked for;
- to administer your donation or support your fundraising, including processing Gift Aid;
- to keep a record of your relationship with us;
- to respond to or fulfil any requests, complaints or queries you make to us;
- to understand how we can improve our services, products or information by conducting analysis and market research;
- to manage our events;
- to check for updated contact details against third party sources so that we can stay in touch if you move (see “Keeping your information up to date” below);
- to further our charitable objectives;
- to register, administer and personalise online accounts when you sign up to products we have developed;
- to send you correspondence and communicate with you;
- to process applications for funding and for administration of our role in the projects we fund;
- to administer our websites and to troubleshoot, perform data analysis, research, generate statistics and surveys related to our technical systems;
for testing our technical systems to make sure they are working as expected; - to display content to you in a way appropriate to the device you are using (for example if you are viewing content on a mobile device or a computer);
- to generate reports on our work, services and events;
- to safeguard our staff and volunteers;
- to conduct due diligence and ethical screening;
- to monitor website use to identify visitor location, guard against disruptive use, monitor website traffic and/or personalise information which is presented to you;
- to process your application for a job or volunteering position;
- to conduct training and quality control;
- to audit and administer our accounts;
- to meet our legal obligations, for instance to perform contracts between you and us, or our obligations to regulators, government and/or law enforcement bodies;
- to carry out fraud prevention and money laundering checks;
- to undertake credit risk reduction activities; and/or
- to establish, defend or enforce legal claims.
4.1 Keeping your information up to date
We may use information from external sources such as the post office national change of address database and/or the public electoral roll to identify when we think you have changed address so that we can update our records and stay in touch. We only use sources where we are confident that you’ve been informed of how your information may be shared and used.
We do this so we can continue to contact you when you have not opted out of receiving postal marketing messages from us and contact you if we need to make you aware of changes to our terms or assist you with problems with donations.
This activity also prevents us from having duplicate records and out of date preferences, so that we don’t contact you when you’ve asked us not to.
We’re committed to putting you in control of your data and you’re free at any time to opt out from this activity. To find out more, please contact 0333 016 9610 or supportercare@hersana.org.
We really appreciate it if you let us know if your contact details change.
4.2 Building profiles of our supporters and targeting communications
We may analyse the details you have provided to us along with further information about you that we have obtained from public and/or private sources. If we do this we will make sure it is compliant with GDPR. In some instances, we may make use of additional factors such as demographic information and measures of wealth.
We do this to help us understand why people are motivated to support HERSANA and to help us create a fuller and better picture of our supporters. This enables us to communicate with our supporters more effectively and to reach out to individuals who may wish to give additional support with a further monetary gift. We may on occasion use third party suppliers to undertake these activities on our behalf and provide them with your information to the extent required, but this will only be done with your consent and with GDPR compliant suppliers.
4.2.1 Personal information about you from service providers, the press, search engines, social media (e.g. LinkedIn) and reputable public data sources (e.g. Companies House, BoardEx, the Charity Commission, Land Registry)
Personal information we may collect via these channels may include your job title, directorships, contact information, demographic data (including estimated income and property value), date and size of previous donations to other charities, details of philanthropic activities you engage in, etc. We may use this information to build a profile of you (i.e. your interests, preferences, demographics and level of potential donations) to enable us to tailor fundraising efforts and communications based on your circumstances and interests, and how likely you are to support our work. This enables us to understand our supporters better and helps us make appropriate requests to those who might be able and willing to give more than they already do and so ensure that we are making the best use of our resources. We may combine information we have obtained about you from these third party sources with other information that we hold about you for this purpose.
4.3 Advertising Online
In order to ensure our online advertising is effective and cost efficient, we sometimes share data with Google and social media sites such as Facebook and Twitter. This enables us to keep our costs down and reach the people who are more likely to support our work. We use ‘custom audiences’ and ‘lookalike’ tools to manage this.
Custom audiences allow us to exclude our existing supporters from our advertising. This reduces costs by not advertising to people who have already signed up. This involves sharing some supporter data, such as email addresses or telephone numbers. This data is always securely encrypted and is used to match supporters to their social media and Google accounts.
We use lookalike audiences to create audiences of people with similar characteristics to HERSANA supporters. These people may then be shown HERSANA advertising. This is a very effective way for us to find new people likely to support human rights work.
Data shared with Facebook, Twitter and Google platforms is used for no other purposes than described above and is not shared with any third parties. If you do not want your information to be used in this way, please contact us.
- Who your information is shared with
5.1 Donation processing
When making an online donation you will be directed through to the site of our donation platform hosted by our website. If you are making a credit or debit card donation this will be processed by Stripe or PayPal which processes card transactions on our behalf. The site utilises a number of security features, including Secure Socket Layer (SSL) encryption, for all transactions. Information provided to Stripe and PayPal will be processed only for the purposes of enabling the donation transaction to take place. Stripe and PayPal also have their own privacy policies.
Read Stripe’s privacy policy and read PayPal’s privacy policy.
If you set up a direct debit, your data will be shared PayPal who act as a direct debit bureau on behalf of HERSANA. Information provided to PayPal will be processed only for the purposes of claiming the direct debit donations and sending out an advance notification letter.
5.2 Sending out communications
If we ever need to send data to a third party (for example to an agency carrying out telemarketing or a mailing house distributing mailings on our behalf) we will make sure the company we use has signed a data processing agreement with us.
5.3 Administering Gift Aid
If you have made a Gift Aid declaration, we will disclose the information you have provided as part of the declaration to HMRC for the purpose of reclaiming gift aid on your donation(s).
5.4 Petitions
By signing a HERSANA petition you agree to HERSANA including your name in the presentation of a petition to the Government. Once the petition has been passed to the Government, HERSANA will have no control over the purposes for, or manner in which the information contained in it is used by the Government. Your email address will not be shared and will only be used by HERSANA for the purposes of keeping you updated with news if you have opted in to receive this information.
5.5 Other
HERSANA may analyse and disclose aggregate statistics about our site visitors, and donations in order to describe our services to prospective partners, other reputable third parties and for other lawful purposes, but these statistics will include no personally identifying information.
HERSANA may disclose personal information if required to do so by law or if it believes in good faith that such action is required by law.
This site contains links to other sites. HERSANA is not responsible for the privacy policies or the content of such sites.
- How long we keep your information for
We will only keep your information for a long as is reasonable and necessary for the relevant activity, which may be to fulfil our statutory obligations (for example the collection of Gift Aid).
- How we keep your information safe
HERSANA places a great importance on the security of your information. We have physical, technical and organisational security measures in place to attempt to protect against the improper access, loss, misuse and alteration of personal data under our control (for example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal information). Information you submit via this website is sent to a computer located in the United Kingdom.
If you have given us the relevant permission to do so, we may send communications to you via email. Email is not a fully secure means of communications and whilst we do our utmost to keep our systems and communications protected we cannot guarantee this. If you prefer not to receive emails from us you are under no obligation to do so.
Our websites may contain links to other sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites. Please be aware that advertisers or Web sites that have links on our site may collect personally identifiable information about you. This privacy statement does not cover the information practices of those websites or advertisers.
Any debit or credit card details which we receive on our website are passed securely to Stripe our payment processing partner, according to the Payment Card Industry Security Standards. Information submitted by you to our donation transaction agent Stripe will be transferred to servers which may be situated outside the European Economic Area.
- Legal basis for using your information
According to data protection laws each use we make of personal information must have a “legal basis”. The relevant legal bases are set out in the General Data Protection Regulation (EU Regulation 2016/679) and in current UK data protection legislation. For the data processing activities described in this policy we rely on the following bases:
Consent
Consent is given where we ask you for permission to use your information in a specific way, and you agree to this (for example when we send you marketing material via text or e-mail). Where we use your information for a purpose based on consent, you have the right to withdraw consent for this purpose at any time.
Legal obligation
We have a basis to use your personal information where we need to do so to comply with one of our legal or regulatory obligations. For example, in some cases we may need to share your information with our various regulators such as Company House, Fundraising Regulator or Information Commissioner, or to use information we collect about you for due diligence or ethical screening purposes.
Performance of a contract / take steps at your request to prepare for entry into a contract
We have a basis to use your personal information where we are entering into a contract with you or performing our obligations under that contract. Examples of this would be if you are buying something from us, or applying to work/volunteer with us, or providing a service to us. We also rely on a contract basis when you sign up for fundraising events.
Vital interests
We have a basis to use your personal information where it is necessary for us to protect life or health. For instance if there were to be an emergency impacting individuals at one of our events, or a safeguarding issue which required us to contact people unexpectedly or share their information with emergency services.
Legitimate interests
We have a basis to use your personal information if it is reasonably necessary for us (or others) to do so and in our/their “legitimate interests” (provided that what the information is used for is fair and does not unduly impact your rights).
HERSANA considers our legitimate interests to include all of the day-to-day activities carried out with personal information for the purposes of the running of a non-profit.
We only rely on legitimate interests where we consider that any potential impact on you (positive and negative), how intrusive it is from a privacy perspective and your rights under data protection laws do not override our (or others’) interests in us using your information in this way. This assessment is carried out through a ‘balancing exercise’.
When we use sensitive personal information (please see the “What personal information we collect” section above), we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route available to us at law for using this type of information (for example if you have made the information manifestly public, we need to process it for employment, social security or social protection law purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).
- Your Rights
You have various rights in respect of the personal information we hold about you – these are set out in more detail below. If you wish to exercise any of these rights or make a complaint, you can do so by contacting our Supporter Care team at HERSANA CIC, Suite 23, 63-66 Hatton Garden, London, EC1N 8LE , by email at supportercare@hersana.org and by phone on 0333 016 9610. You can also make a complaint to the data protection supervisory authority, the Information Commissioner’s Office, by visiting https://ico.org.uk/.
Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge. Please make all requests for access in writing, and provide us with evidence of your identity.
Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You can object to us processing your data in certain circumstances (for example, profiling). You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection. We aim to process your objection within 30 days.
Consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
No automated-decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making.
Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request.
Let’s stay in touch. Sign up for our newsletter…
Send us your email address to receive all of our latest news & updates.