About this Policy
We know privacy is important to you and we are committed to safeguarding your data. This privacy notice outlines what data we collect, how we may use it, how we protect your data, your rights, and how you can exercise those rights. It applies to information we collect about:
- Visitors to our website
- Individuals we work with
- Supporters and donors
- Individuals who make enquiries or raise complaints
- Individuals who sign on to join our events and/or fundraise for Glass Door
References to ‘we’ or ‘us’ are to Under One Sky – Helping the Homeless
If you have any questions about this policy, please contact us.
1 – Why we collect data ▼
We collect personal data for many reasons, including the proper provision of services, to better communicate with individuals engaged with our work, and to administer events and donations. Depending on how you interact with us, we may process data for the following reasons:
- to provide advice, support, advocacy and other services that a homeless person has requested or has been referred to
- to record personal details shared during conversations with volunteers
- to record and contact you regarding donations you make to Under One Sky
- to communicate with you regarding Under One Sky work when you have opted-in to this
- to process donations and administer Gift Aid information for any donation you make to Under One Sky
- to provide you with information about and to administer events, including mass participation events, concerts, and supporter nights
- for our own internal administrative purposes, and to keep a record of your relationship with us
- to manage your communication preferences
- to process volunteer placements
- to conduct surveys, research and gather feedback
- to obtain information to improve Under One Sky’s services and user experiences
- to carry out research to find out more information about our supporters’ and prospective supporters’ backgrounds and interests
- to provide third parties (namely partner venues, volunteers and grant providers) anonymised aggregated information of our yearly outcomes
- to deal with enquiries and complaints
- to comply with applicable laws and regulations, and to comply with requests from statutory agencies
- to verify compliance with the terms and conditions governing the use of our website
If you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the license you grant to us. Your privacy settings can be used to limit the publication of your information on our website, and can be adjusted using privacy controls on the website.
Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy.
We have never supplied nor will ever supply your personal information to any third party for the purpose of their or any other third party’s direct marketing.
2 – What information we collect ▼
We may ask you for the following personal information:
- your full name
- contact details – including your postal address, telephone number(s), and email address
- date of birth
- details of your case when providing you with housing advice or services
- your bank details when administering a donation or regular gift
- records of your correspondence and engagement with us, i.e. volunteer and event participation history
- donation history and Gift Aid details
- your communication preferences
- information you may enter on the Under One Sky website
- photographs, video or audio recordings
- biographical information
- other personal information you share with us
If you visit our website or social media pages we may automatically collect the following information:
- which pages you visit
- your IP address
- the amount of time you spend on our website
- whether you are a new visitor
- how you came to our website
- geographical location
- the type of device and browser you use
Blocking or deleting cookies will have a negative impact on the usability of our website.
Sensitive Personal Data
We sometimes collect sensitive, personal data about individuals we encounter. This may include information about an individual’s health, religion, sexuality, ethnicity, political and philosophical beliefs and criminal record. We will only record this data if we either have the individual’s explicit consent, or if we can document an alternative legal basis for processing data in the interest of the proper and safe administration of our services (see section on the legal basis for processing information).
For example, where a user of our services poses a particular risk, especially if the person’s record suggests he or she may pose a risk to a certain group (e.g.: women), we would record that information irrespective of consent to ensure the safety of staff, users and volunteers. We should still seek consent and explain that this data is being recorded and the reasons for it, where it is safe to do so. Similarly, we may also record sensitive data without consent if we assess someone as not having the mental capacity to consent and it is necessary for the provision of our support.
In all cases, the collection of sensitive personal data should be an explicit decision, which is recorded with its reasoning in the case notes of our database, and no more data than is necessary for the specific purpose (safety, support etc.) should be recorded and remains subject to our procedures on data retention etc.
We would only collect sensitive, personal information on other individuals when we have a legitimate interest for the efficient fundraising of our services. For example, we may record the religion of a donor or potential donor to better understand how that individual might want to engage with our partners.
3 – How we collect information ▼
Data on individuals may be collected via:
- any paper forms you complete
- telephone conversations
- email communications
- face-to-face interactions
- digital forms completed via our website (including CV’s and applications), or online surveys
- third-party companies and websites such as Gofundme, MailChimp and Crowdfunder
- publicly available sources
- digital communication (eg: social media and email)
Please let us know if the personal information that we hold about you needs to be corrected or updated. Please find information on how to contact us in the last section of this notice.
4 – What we do with your personal information▼
Because of the different uses we have for different types of data, we handle data on our users differently than data on our volunteers or supporters. Also please find information below on how we handle information about staff and job applicants.
We would love to keep you up to date with our fundraising, marketing and campaign activity. We use a range of marketing activities and channels to contact our supporters – including our website, face-to-face fundraising, direct mail and email. We will obtain your consent to contact you by email for marketing purposes.
Under One Sky does not engage in telephone campaigning with its supporters. We will only call you if we encounter any issues with your donation or sign-up.
We send digital marketing materials on the following activities:
- updates about Under One Sky’s work and future plans (via e-newsletters or reports) to inform you of how your involvement is making a difference in the lives of the people who turn to us for support
- appeals and fundraising activities – including requests for donations; information about how you can raise money on our behalf, attend or take part in a fundraising event; and updates on the impact that your fundraising activities have had on our work
- events in aid of Under One Sky. Please note that if you sign up to an Under One Sky event, we will also send you administrative communications about how you can take part. On occasion we will also send you a reminder about the same event in future years, in case you want to participate in it again.
- volunteering – information about how you can help support Under One Sky by giving up your time or using your influence to progress our aims, along with updates on the impact of your involvement and invitations to volunteer-specific training and networking opportunities.
We will never share or sell your personal data to a third-party organisation for its marketing, fundraising or campaigning purposes.
Administrative communications to supporters
In addition to the fundraising and marketing communications that you receive from Under One Sky, we will also communicate with you by telephone or email in relation to administrative or transactional matters. There may also be occasions where we need to contact you about your donation – for example, if there is a problem with a payment.
On occasion, we will also contact you about an event that you have signed up to participate in, i.e. to provide any other necessary information such as dates, things to bring and be aware of etc.
Volunteers at Under One Sky will only be contacted for administrative reasons in extenuating circumstances.
As mentioned above, we may still need to communicate with you for administrative purposes even where you have opted out of marketing communications from us.
Supporter research and analysis
We may use profiling and database segmentation techniques to analyse your personal information, and create a profile of your interests, preferences and ability to donate. This allows us to ensure communications are relevant and timely, to provide an improved experience for our supporters. It also helps us understand the background of our supporters so that we can make appropriate requests to those who may be willing and able to donate more than they already do, or leave a gift in their will. This enables us to raise funds quicker and in the most cost-effective way.
Our Fundraising team uses information that is already in the public domain (information that has been published in print or online) to identify high-net-worth individuals who may be interested in supporting our work with a major gift. These publicly available sources of information include Companies House, the electoral register, the phone book, the Charity Commission’s Register of Charities, Who’s Who, LinkedIn, company annual reports, and articles in newspapers and magazines. We do not use publicly available sources that we consider would be intrusive for this purpose, such as Facebook, Twitter, JustGiving, the Land Registry, online planning applications, or websites that are like these. We also carry out research to identify existing supporters who may be able to join our major donor programme. This is based both on publicly available information and information our supporters have given us voluntarily (e.g. where a person lives, who they bank with, what their occupation is and their age).
Under data protection legislation, you have the right to object to your data being processed in this way. If you have any concerns, please contact us.
We are also legally required to carry out checks on individuals who give us large donations, to comply with our duties in respect of anti-money laundering legislation and the prevention of fraud.
If a child (<16) signs up and participates in an Under One Sky event their details will be added to our system. This is done so we can account for any individual raising money on our behalf as required by law and to track people taking part in our events. Any emergency contact details will be held for the duration of the event; this is so we can ensure the safety of each participant and have access to any emergency contacts if necessary. Once the event is complete we will then remove all emergency contact details from our system. Any children signing up for an event will not be contacted for direct marketing even if they have opted-in to receive these types of communications.
5 – Withdrawing consent ▼
You can withdraw your consent, unsubscribe or update your marketing preferences at any point using the details in the ‘Contact us’ subsection of this page.
Electronic marketing communications, such as e-newsletters, will have a link to unsubscribe, so you can manage your own communication preferences.
If you make any changes to your consent, we will update your record as soon as we possibly can. It may take up to 60 days for our systems to update and stop any postal communications from being sent to you. Email communications will, however, be stopped immediately. If you tell us you do not wish to receive marketing, fundraising or campaign communications, you may still receive transactional and service-based communications confirming and servicing other relationships you have with us (as described below). You can also opt out of receiving marketing communications from us by signing up to the Fundraising Preference Service.
6 – The legal basis for processing personal data
We need a lawful basis to collect and use your personal data under data protection law. The law allows for six ways to process personal data (and additional ways for sensitive personal data). Four of these are relevant to the types of processing that we carry out. This includes information that is processed on the basis of:
- a person’s consent (for example, to send you direct marketing by email or to allow us to advocate on your behalf to external services)
- processing that is necessary for compliance with a legal obligation (for example for Health & Safety of volunteers and carrying out due diligence on large donations)
- Under One Sky’s legitimate interests (please see below for more information)
Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, if its use is fair and does not adversely impact the rights of the individual concerned.
When we use your personal information, we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair. Our legitimate interests include:
- Charity Governance: including delivery of our charitable purposes, statutory and financial reporting and other regulatory compliance purposes.
- Administration and operational management: including responding to enquires, providing information and Glass Door services, research, events management, the administration of volunteers, and recruitment requirements
- Fundraising and Campaigning: including administering campaigns and donations, and sending direct marketing by post, sending thank you letters, analysis, targeting and segmentation to develop communication strategies, and maintaining communication suppressions
If you would like more information on our uses of legitimate interests, or to change our use of your personal data in this manner, please get in touch with us using the details in the ‘Contact us’ section below.
7 – Who has access to your data
We do not sell or share personal data to third parties for the purposes of marketing.
For instance, when you give consent to receive our e-communications, we use MailChimp to send email newsletters. We occasionally use other service providers to send surveys (eg: SurveyMonkey) or invitations (eg: EventBrite). These agents store your data to the extent that it is necessary to perform these functions, in using their service you agree to their T&Cs.
Our website host RaisingIT will have access to your data only for the reasons of administering our website and support. They do not use this information in any other way.
As per Data Protection law, Glass Door is required to ensure that all information held on you is accurate. Therefore, we undertake a yearly data cleanse/check of our donations database using the third party provider BRG Direct Ltd (www.brgdirect.co.uk). They are instructed to handle any data in accordance to Glass Door’s Data Protection policy and remove all supporter data from their systems once the cleanse is complete.
If you would like to see a full list of Glass Door subcontractors please contact our Data Manager, Abbas Bandali (see ‘contact’ section). We have ensured that all our partner organisations who store data on our behalf agree to a Data Processing Addendum, and we have verified their own data security complies with our own. Therefore, they cannot give, sell or rent your information to others for any marketing purposes and they are required to protect your information to the same degree that we do.
We may disclose some information to our partners (drop-in centres or volunteer coordinators at our partner churches) insofar as it is reasonably necessary for the running of our services and for the purposes set out in this policy.
We may share anonymised data on volunteers and guests of our services with organisations who are supportive of our aims, for example funders, partners, volunteers and supporters. No individual is able to be identified from this data.
We may disclose data where it is necessary to protect the vital interests of an individual.
Police or Social Services: there are exemptions within data protection regulations that mean we are under legal obligations to share limited data. This includes the prevention and detection of crime or to prevent benefit fraud.
8 – Security
The main bulk of our data is held in our offices on a firewall and password protected server. We (and our service providers) use appropriate technical, organisational measures and precautions to protect your personal data and to prevent the loss, misuse or alteration of your personal data. Only employees that need access to a portion of data will be granted it, i.e. only caseworkers will have access to guest data and only fundraisers/administrators will have access to donor data. Back-ups of our server’s data is held by our outsourced IT company (Totality Services – www.totalityservices.co.uk), who securely holds a copy in the case of a malfunction to our server.
The hosting facilities for our website are situated in Ireland and Amsterdam. Transfers to each of these countries will be protected by appropriate safeguards, namely adherence to the GDPR. All electronic financial transactions entered through our website will be protected by encryption technology.
You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. However, once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You are responsible for keeping the password you use for accessing our website confidential; we will not ask you for your password (except when you log in to our website).
9 – International data transfers outside of the European Economic Area
We use Microsoft Office 365 and In-Form (Salesforce), which are multi-tenant cloud services, to manage our night shelter lists and record our guest personal data respectively. This means that internal documents and information generated by us are stored in cloud services hosted within the European Economic Area (EEA).
However, in some limited cases, we may use data processors that process and/or store data outside of the EEA – for example, payment processors such as Stripe or e-mailing companies like MailChimp.
In these cases, we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your information, for example, by entering into a contract that includes prescribed clauses about the use of data and (if the company is based in the United States, checking that it is accredited under the EU-US Privacy Shield).
In regards to personal data that you submit for publication through our website, you acknowledge that it will be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
10 – How long does Under One Sky hold information
We will retain your personal information for the period necessary to fulfil the purposes in this Notice unless a longer retention period is permitted by law. Different types of information are held for different periods of time in accordance with our internal Data Retention & Deletion Procedure.
The length of time that data will be kept may depend on the reasons for which we are processing the data and on the law or regulations that the information falls under, such as financial regulations, Limitations Act, Health and Safety regulation etc., or any contractual obligation we might have – such as with employment contracts.
Subject to the above, we will typically store data relating to donors and people who have taken campaign actions for seven years after their last donation or interaction, and guests to whom we provide services to for six years after the final communication. Personal data about unsuccessful applicants are held for 12 months after the recruitment exercise is complete for that vacancy.
We will not store your credit card details once we have processed a one-off donation.
Once the retention period has expired, the information will be confidentially disposed or permanently deleted. For guest case data, we will anonymise the data under ICO guidance so that no individual is identifiable.
You can request deletion of your personal information at any time, by contacting our Data Manager by emailing firstname.lastname@example.org or via the details at the bottom of this page.
If you request to receive no further contact from us, we will keep some basic information about you on our suppression list to avoid sending you unwanted materials in the future.
Notwithstanding the other provisions of this section, we will retain documents (including electronic documents) containing personal data:
- to the extent that we are required to do so by law;
- if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
11 – Your rights
You have many rights under data protection (GDPR) legislation. These include:
- Right of Access
You have the right know what information we hold about you and to ask, in writing, to see your records.
We will supply any information you ask for that we hold about you as soon as possible, but this may take up to 30 days. We will not charge you for this other than in exceptional circumstances. You will be asked for proof of identity as the person dealing with your request may not be the staff member you have met before. We need to be sure we are only releasing your personal data to you.
This is called a Subject Access Request (SAR), and can be done by:
Emailing our Data Manager: Abbas@glassdoor.org.uk
Writing to our Data Manager, c/o Glass Door, 155a King’s Road, Chelsea, London, SW3 5TX
- Right to be informed
You have the right to be informed how your personal data will be used. This policy, as well as any additional information or notice that is provided to you either at the time you provided your details, or otherwise, is intended to provide you with this information.
- Right to withdraw consent
Where we process your data based on your consent (for example, to send you marketing texts or emails), you can withdraw that consent at any time. To do this, or to discuss this right further with us, please contact us using the details in the ‘Contact us’ section below.
- Right to object
You also have a right to object to us processing data where we are relying on it being within our legitimate interests to do so (for example, to send you direct marketing by post). To do this, or to discuss this right further with us, please contact us using the details in the ‘Contact us’ section below.
- Right to restrict processing
In certain situations, you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.
- Right of erasure
In some cases, you have the right to be forgotten (i.e. to have your personal data deleted from our database). Where you have requested that we do not send you marketing materials, we will need to keep some limited information to ensure that you are not contacted in the future.
- Right of rectification
If you believe our records are inaccurate, you have the right to ask for those records concerning you to be updated. To update your records please get in touch with us using the details in the ‘Contact us’ section below.
- Right to data portability
Where we are processing your personal data because you have given us your consent to do so, you have the right to request that the data is transferred from one service provider to another.
12 – Amendments and links
Please let us know if the personal information that we hold about you needs to be corrected or updated.
Updates to this policy
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
We may notify you of changes to this policy by email or through the private messaging system on our website.
Links to other websites
How to contact us and where to raise concerns or complaints
We are registered as a data controller with the UK Information Commissioner’s Office (ICO). Please know you have the right to complain directly to the ICO, which is an independent body responsible for making sure that organisations comply with the General Data Protection Regulation. The ICO also deals with concerns raised by members of the public about the way in which organisations look after personal information and deal with subject access requests.
The ICO will always expect you to have raised your concerns with the organisation before submitting a complaint.
Our data protection registration number is Z7870443.
This website is owned and operated by Glass Door Homeless Charity.
We are registered in England and Wales under registration number 1083203, and our office and principal place of business is at 155a Kings Road, London SW3 5TX.