Data Privacy Notice and Policy

On 25 May 2018, the General Data Protection Regulation (GDPR) came into force. This policy statement sets out how Rufus’ Friends’ Fund (the “Charity”) manages personal data, within the guidance of the regulation.

In order to operate the Charity, fundraise and maintain contact with our supporters, we retain a data set, usually including:

1 your full name;

2 any events you have attended;

3 your address;

4 any support you have provided to the Charity; and

5 your email address(es) and phone number(s).

The trustees are the data controller for the Charity.

Our lawful bases for processing are:

1 consent;

2 contract; and

3 legitimate interest

Our legitimate interest is to benefit the public, specifically, the beneficiaries of the Charity, to provide them with grants in line with the objects of the Charity. Our processing of data is necessary for this legitimate interest since it allows us to keep in touch with supporters and potential supporters to grow the Charity and awareness of the cause. Our approach is non-intrusive since we contact supporters and potential supporters infrequently and only if the communication is relevant to them. Other methods of communication would be ineffective and costly. The trustees believe that the supporters and potential supporters would consider that our use of the data is non-intrusive, proportionate and expected. None of the data recorded is sensitive. Therefore the trustees believe that the impact on the individual of using their data is minor.

We undertake to meet our obligations by:

1 allowing you to opt-out of communications from the Charity;

2 keeping your data accurate and up to date;

3 storing your data safely and securely;

4 only collecting information we need to manage the Charity effectively; and

5 protecting your data from loss, misuse, unauthorised access or disclosure.

We will use your data:

1 to communicate the activities of the Charity to you; and

2 to keep you informed of news, events, activities and opportunities to support the Charity.

We will never share your data with anyone else without your consent unless this is required by law.

We will retain your data until you request that we delete it, or until our legitimate interest is no longer relevant. If you request we will delete the data we hold from our records within a reasonable time.

Under the GDPR you have the following rights:

1 to request a copy of the personal data we hold for you;

2 to request the correction of any inaccurate information;

3 to object to the processing of your data;

4 to request that your data is erased from our records; and

5 to lodge a complaint on how we have managed your data with the Information Commissioner.

The full list can be found here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

For further information, or to exercise your rights, contact the trustees: edwardbutton@gmail.com

Further information and guidance about the GDPR, its provisions and your rights can be found on the website of the Information Commissioner.

Updated: 3 Jan 2023