The National Deaf Children's Society is the leading charity dedicated to creating a world without barriers for deaf children and young people.
Deaf Child Worldwide is our international development arm. They are the UK's leading international charity for deaf children in developing countries.
We are registered with the Charity Commission under registration number Charity No. 1016532 and with the Office of the Scottish Charity Regulator under number SC040779. We are a company limited by guarantee (Company number 2752456).
NDCS Ltd. is a Company limited by shares and registered in England Reg. No. 0893232. NDCS Ltd is a wholly owned subsidiary of the National Deaf Children’s Society and exists to support our fundraising and promotional activities. 100% of the profits from NDCS Ltd go to support our charitable work with deaf children.
‘The National Deaf Children’s Society’, within the context of this Privacy Statement, refers to both the National Deaf Children's Society and NDCS Ltd and to our overseas development arm, Deaf Child Worldwide.
We take your privacy very seriously and are committed to protecting your personal information.
Our Data Protection Officer is Colin Cherry.
The Data Protection Officer
National Deaf Children’s Society
37 - 45 Paul Street
If you wish to discuss your preferences for how we communicate and process your information please contact our Supporter Services team on 0800 138 6585 (v/t) or minicom: 020 7490 8656 between 9am and 5pm Monday to Friday or email firstname.lastname@example.org.
This policy includes:
- How we collect information
- Where we collect information from
- What categories of personal information we collect
- How we will use your personal information (including creating a profile about you) and Children’s data
- How we keep your data safe and who has access to it
- Who we share your personal data with
- How we keep your information up to date
- How long we keep your information for
- Our legal basis for processing your information
- Your rights
How we collect information
We may collect information about you whenever you interact with us, for example when you:
- Enquire about, sign-up for or access one of our activities or services, visit our website or support us financially
- Sign up to receive updates on a campaign or our activities
- Create or update a website registration
- Post content to our website/social media sites (including Facebook)
- Volunteer for us
- Attend a meeting with us and provide us with information about you
- Take part in one of our events
- Fundraise on our behalf
- Contact us through any channel, including online, email, phone, SMS, social media or post
- We may also receive information about you from third parties – but only if you have given consent to this type of sharing
- If you work for us
- Register on our recruitment portal
- Apply for a job vacancy
- Apply for a volunteer opportunity
Where we collect information from
We may collect information in the following ways:
- When you give us information directly, for example:
a. request specific information which requires us to obtain your details,
b. provide data on other family members (with permission to do so),
c. make a donation,
d. campaign for us or participate in one of our events.
- When your information is available from other public sources: We may collect personal details about you from the public domain, such as from social networks, company websites, political and property registers, and news archives. We may use data services agencies to collect this information. Please see the how we use your information below for more details.
If you apply for a National Deaf Children Society job vacancy online, the data captured is termed application information, this information is retained on our recruitment website for 8 months after your last application. For example if you applied for a role in January, then the data would be held till September that year. However if you additionally apply for a role in August then all the data, for both applications, would be retained until May the following year.
If you register directly with the recruitment agency (Webrecruit) who provide the National Deaf Children Society’s recruitment website, then your data will also be held by Webrecruit in line with their data retention and processing statements.
What categories of personal information we collect
The type and quantity of information we collect and how we use it depends on why you are providing it.
If you support us, for example by making a donation, volunteering, registering to fundraise, signing up for an event or campaigning for us, we may collect where relevant:
- Your name, date of birth, email address, postal address, telephone number and information necessary to process a donation or regular contribution like credit/debit card details or bank details.
- We may also collect other information, for example health or dietary information from people attending our events, information on next of kin so we know who to get in contact with if there is a problem at an event you attend.
- We also collect information on your experience of deafness or the experiences of a child or relative. We will not process sensitive personal information (special category data, in our case information about deafness and other health information) about you without your consent.
- We also gather general information about the use of our websites, such as which pages people visit most often and which services, events or facilities are of most interest. We may also track which pages people visit when they click on links in emails from us. We may use this information to personalise the way our websites are presented when people visit them, to make improvements to our websites and to ensure we provide you with the very best service we can. Wherever possible we use aggregated or anonymous information which does not identify individual visitors to our websites.
- If you contact us, for example by telephone, letter, fax, email or via social media (e.g. Facebook, Twitter, or via Skype) or respond to a contact we make to you, we may keep a record of that correspondence so that we are able to refer to it in future, and keep a record of the kind of issues people raise. We may also record calls made to us, or calls we make or that are made on our behalf, for quality and training purposes, you will be informed if this is the case.
- When we send communications to you, we will record details of these along with any actions you take as a result, such as support given (e.g. donations), other actions taken (e.g. helping with our campaigning), or requests you make to change the way that we communicate with you in the future.
- We will log information onto our database systems to retain a history of what you have requested and to ensure that we comply with any requests or complaints that you have made. This information will be held in line with our Data Retention Policy.
How we will use your personal information
We will use your personal information in a number of ways, including for the following purposes:
- Some of the communications you receive from us will be part of your engagement with the National Deaf Children’s Society: for example membership information and relevant electronic & mail communications.
Marketing and Fundraising
- For marketing purposes to further our charitable aims, for instance fundraising and campaigning activities.
- When we get in touch for marketing purposes, we will ask you whether you are happy for us to continue to contact you in this way.
- In all marketing communications, (e.g. fundraising or campaigning) we will give you an opportunity to opt out of that particular type of communication.
- We may contact you via post or phone on the basis of it being in our legitimate interests to do so, unless you have told us you do not want us to contact you in that way. If you have registered on the Telephone Preference Service, we won’t contact you by phone for marketing purposes unless you have given us explicit permission to do so.
- We may contact you via email or SMS where you have expressed a preference for a particular type of communication or where you have opted-in to these channels.
- Your privacy is important to us and so far as possible we will not send you any type or method of communications you tell us that you do not want to receive. When we first record your personal details, we will ask you how you want us to keep in touch or sign post to our Privacy Notice.
- You can opt-out of receiving marketing communications or contact us to change your preferences at any time, by contacting us on the details below.
- To provide you with the services, products or information you have requested.
- To update you about any changes to our services.
- To ensure we are providing the best possible service, e.g. monitoring phone calls we make or receive, or monitoring complaints.
- To give you information about other relevant services or products provided by partners we are working with.
- We may make use of the personal information we hold by creating a profile of your interests, preferences and likely giving behaviour so that we can contact you in the most appropriate way and with the most relevant information, including for fundraising and campaigning purposes. We might also use additional information to create this profile, for instance information about the financial and demographic characteristics of your postcode in order to assess your potential ability to give or assist us further. If you would prefer us not to create this kind of profile please let us know. We will record and act on this request. Where relevant, we may also assess your personal information for the purposes of fraud and credit risk reduction.
- If you enter your contact details in one of our online registration forms but fail to complete the action (for example, if you don’t "send" or "submit" the form), we may record this information and use it to contact you to see if we can help with any problems you might be experiencing with the form or with our websites.
- To analyse your website behaviour.
- To analyse and improve the operation of our website (see section on cookies below for further details).
- To create an account for you if you register with us online.
- We will never allow any other organisation access to the data we hold about you for their own marketing purposes. In order to manage our relationship with you effectively, we may need to share your information with our service providers, associated organisations and agents who support us in our work. Where we do so, we will take care to ensure that they keep your data secure (see Who we share your personal data with below).
- For administration purposes.
- To maintain our organisational records and ensure we have your most up-to-date marketing preferences.
- To help us improve our services, campaigns, fundraising or information-offering.
- We know not everyone has time to keep us informed of changes to their contact details. So in some circumstances we may look up updated contact details for you, for instance:
a. If you move house, we might be made aware of this or find a new address for you (for example by receiving returned mail or by using Royal Mail’s Change of Address service) in which case we will record updated details in our records
- To respond to any correspondence you have entered into with us including by letter, email, fax, social media or other means and contact you in relation to any interaction you have with us, including donations, your regular Direct Debit, activities in relation to your child, application forms or any online content you have signed up for.
- We might use a range of additional information sources to do this, including information from commercial suppliers. If you would prefer we didn’t do this, please let us know.
- To administer your payments and donations, including Gift Aid processing.
- To administer your applications.
- To communicate with you on job vacancies.
We collect and store information about deaf children and young people who we help directly or indirectly through our services or who contact us directly – whether it is provided by their parents or guardians or (in the case of young people 16-25) provided by themselves.
'Cookies' are small pieces of information sent by a web server to a web browser, which enable the server to collect information from the browser. Essentially, a cookie takes the form of a small text file deposited on your computer's hard drive. Please see our cookies policy for further information.
How we keep your data safe and who has access to it
We place great importance on the security of your personal information and will always take appropriate precautions to protect it.
We ensure that there are appropriate technical controls in place to protect your personal details. For example, we use encryption technology on our websites and carry out regular security reviews on our network.
We always ensure only authorised personnel (for example our staff, volunteers or contractors) have access to your information, and that they are appropriately trained to manage your data.
All of our online forms are protected by encryption. When you make a donation or payment via our websites we also use a secure server that meets the required Payment Card Industry (PCI) Security Standards. We take appropriate measures to ensure that the personal information disclosed to us is kept secure, accurate and up to date and kept only for the purposes for which it was collected.
Despite all of our precautions, no data transmission over the internet can be guaranteed to be 100% secure. While we strive to protect your personal information, we cannot guarantee the security of any information you disclose to us online, and you must understand that you do so at your own risk.
Who we share your personal data with
We use external organisations that collect and/or process personal data on our behalf, for example, payment agents, fundraising agencies and IT/database suppliers. Before working with these companies we perform checks on them and agree contracts which commit them to meeting all relevant regulations and legislation.
If you would like to receive further information about our safeguards, please contact our Data Protection Officer.
We may legally be required to disclose your details if required to by the police or for regulatory reasons. We will only ever share your data in other circumstances if we have your consent to do so.
We also use social media monitoring tools like Sprout Social. In practice, it’s the social channels (such as Facebook) sharing the data directly with Sprout Social and the data is not provided by us. This will be covered by the channels’ privacy policies.
We sometimes use online software such as SurveyMonkey to conduct surveys. If you click through to SurveyMonkey or similar websites, they may use both session cookies and persistent cookies. See SurveyMonkey's privacy statement for more information.
We also use an online form service provided by Engaging Networks, which uses ‘session cookies’. These retain information for the duration of your visit but are not stored once your web browser is closed. See Engaging Networks' policy for more information.
How we keep your information up to date
Where possible, we try to keep your records up to date; for example, using the Post Office’s National Change of Address database. However, we really appreciate it if you let us know if your contact details change.
How long we keep your information for
We will only keep your personal information for as long as is necessary for the purposes outlined in this statement, and in any case within limits set out by law. However, where it is possible we may anonymise information so that it cannot be linked back to an individual, in which case it may be kept for longer.
We have some common groups of data, information that relates to regulated or non-regulated positions or activities. For non-regulated this is usually 10 years after the event or person has left, for regulated this is usually up to 100 years depending upon any safeguarding related information. Where we are regulated by Ofsted then event information will be retained for 15 years for people working on Ofsted activities.
For children that we have supported this is retained for 10 years past their 25th birthday.
Income from gifts in wills is vital to the running of the charity. We may keep data you provide to us for a period sufficient to enable us to carry out administration of such gifts and communicate effectively with the families of people leaving us gifts in their will. This also enables us to identify and analyse the source of legacy will income we receive. In these cases we may retain the data for up to 75 years.
Our legal basis for processing your information
We ensure that we have a lawful basis to collect and use your personal data.
In many cases we will seek explicit consent to process your personal and special category data. We will also often process personal data for the performance of a contract. In some instances we may process your information where it is in our legitimate interests to do so and where we are confident that such processing is not likely to unduly prejudice your interests, rights and freedoms.
The law allows for six grounds for processing people’s personal data, of which four are relevant for our activities:
- we process your information on the basis of your consent
- we process your information on the basis of a contractual relationship
- we process your information on the basis of having legitimate interest to do so
- we process your information on the basis of having a legal requirement to do so e.g. employee data
We will process your data if you have provided consent: this will include contacting you for marketing and fundraising purposes by e-mail, phone and SMS.
The vast majority of our relationships with our supporters and members are voluntary as opposed to contractual, but there may be occasions where we have agreed to send you information in exchange for payment or a commitment to raise funds on our behalf – in which case we will do so unless you have told us you do not wish to receive it.
In some cases we will make a balanced judgement on whether we have a legitimate interest for storing and processing your data and using it to contact you without having gathered your explicit consent. The law allows for us to collect and use your data if it is necessary for a legitimate business interest, as long as we use it in a fair and balanced way that does not unduly prejudice your rights.
Our Legitimate Interests for processing personal data include:
- Delivery of our charitable purpose
- Statutory reporting
- Reporting criminal acts and compliance with law enforcement agencies
- Internal and external audit for financial or regulatory compliance purposes
- Employee and volunteer recording and monitoring for recruitment, safety, performance management or workforce planning purposes
- Provision and administration of staff benefits such as pensions
- Physical security, IT and network security
- Processing for historical or statistical purposes
Publicity and Income Generation
- Sending direct marketing by post
- Personalisation used to tailor and enhance customer and supporter experience in our offline and online communications
- Analysis, targeting, and segmentation to maximise the cost-effectiveness and reach of our communications
- Processing for research purposes (including marketing research)
Purely Administrative Purposes
- Responding to any solicited enquiry from any of our stakeholders
- Delivery of requested products or information packs
- Administration of Gift Aid
- Thank you communications and receipts
- Administration of existing financial transactions
- Maintaining ‘Do not contact lists’ (suppression lists)
Financial Management and Control
- Processing of financial transactions and maintaining financial controls
- Prevention of fraud, misuse of services, or money laundering
- Enforcement of legal claims including debt collection via out-of-court procedures
- Administration of supporters' estates and/or gifts in wills where we have been named as beneficiary or executor
In extreme situations, we may share your personal details if we believe that it is in your ‘vital interests’ to do so (e.g. if you are taken ill at one of our events we might share your details with emergency services), or if we are compelled by law to do so.
You retain control of how we use your data and you have the right to ask us to stop processing your personal information, which we will do. In some circumstances, we may legally be required to retain your personal information for audit or other legal purposes. However, this will be discussed with you depending on your requirements. Please contact email@example.com or call our Supporter Services team on 0800 138 6585 (v/t) or minicom: 020 7490 8656 between 9am and 5pm Monday to Friday or email firstname.lastname@example.org.
You also have the right to request a copy of the information we hold about you. If you want to access your information, please contact: The Data Protection Officer, National Deaf Children’s Society, Castle House, 37 - 45 Paul Street, London, EC2A 4LS or email: email@example.com. We will not charge a fee unless the request is deemed to be ‘manifestly unfounded or excessive’. If so, it may ask for a reasonable fee for administrative costs associated with the request.
Upon successful verification of your identity, you are entitled to obtain the following information about your own personal information:
- The purposes of the collection, processing, use and storage of your personal data.
- The source(s) of the personal information, if it was not obtained from you.
- The categories of personal data stored about you.
- The recipients or categories of recipients to whom your personal data has been or may be transmitted, along with the location of those recipients.
- The envisaged period of storage for your personal data or the rationale for determining the storage period.
- The use of any automated decision-making and/or profiling.
Under the General Data Protection Regulation you are also granted a number of additional rights.
If you wish to exercise any of your rights, as listed below please contact us at firstname.lastname@example.org for:
a. Access to your personal information
You have the right to find out what we hold about you and how we are using your personal data, this is called a right of access. You exercise this right by asking for a copy of the data, which is commonly known as making a ‘subject access request’.
b. Objection to processing of your personal information
You have the right to restrict the processing of your personal data until this has been rectified if wrong, the processing is unlawful but you do not wish the data to be deleted, or pending verification on whether legitimate grounds are being used.
c. Objection to automated decision-making and profiling
The right to request that we do not make any decisions that are based solely on automated processing.
d. Restriction of processing of your personal information
The right to request that we restrict the processing of your personal data, this can be because we are verifying the accuracy of the data we hold or our processing is unlawful but you wish us not to delete the personal data.
e. Your personal data portability
The right to receive the personal data concerning you in a structured commonly used format e.g. this could be an excel spreadsheet, so that this can be transmitted to another controller.
f. Rectification of your personal information and
The rectification of any inaccurate personal data that we hold about you e.g. incorrect address, phone or email details.
g. Erasure of your personal information.
The right to request the erasure of your personal data that we hold on you, this is also known as the ‘right to be forgotten’.
If you make a request relating to any of the rights listed above, we will consider each request in accordance with all applicable data protection laws and regulations. No administration fee will be charged for considering and/or complying with such a request unless the request is deemed to be excessive in nature.
For more information on these rights, please read the relevant guidance issued by the ICO.
If you would like to make a complaint about how we process your personal data, please contact our Data Protection Officer.
If you are not happy with how your complaint is dealt with, you should contact the Information Commissioner’s Office. Alternatively, you are entitled to make a complaint to the Information Commissioner’s Office without first referring your complaint to us.
For further information, please see the Information Commissioner’s guidance.
This policy may change from time to time. If we make any significant changes to this policy, we will publicise these changes clearly on our website or contact you directly with more information.
Please revisit this policy each time you consider giving your personal information to the National Deaf Children’s Society.
This privacy statement was last updated on 17 October 2018.