Privacy policy

We are The National Deaf Children’s Society (“we”, “us”, “our”). 

We are registered with the Charity Commission under registration number Charity No. 1016532 and with the Office of the Scottish Charity Regulator under number SC040779. 

We are a company limited by guarantee (company number 02752456).

N.D.C.S. Limited is a company limited by shares and registered in England Reg. No. 00893232. N.D.C.S. Limited is a wholly owned subsidiary of the National Deaf Children’s Society and exists to support our fundraising and promotional activities. 

100% of the profits from N.D.C.S. Limited go to support our charitable work with deaf children.

Deaf Child Worldwide is our international development arm. They are the UK's leading international charity for deaf children in developing countries.

Reference to ‘The National Deaf Children’s Society’ or similar within the context of this Privacy Statement, refers to both the National Deaf Children's Society, N.D.C.S. Limited and to our overseas development arm, Deaf Child Worldwide.

For the purposes of data protection legislation, we are the data controller. 

We will process your personal information in accordance with the UK GDPR and national laws which relate to the processing of personal information, including the UK Data Protection Act 2018.

Personal information you give to us

When you engage with us, request service or receive service (either via the site or app, in person, by post or by telephone), create an account on our site or app, contact us or enquiry about our services (either via our site or app, in person, on social media, by post or by telephone), engage in volunteering efforts, apply for a role, make a donation, take part in a satisfaction survey, we may collect personal information about you, including:

• Contact information - your name, email address, phone number, postal address, marketing preferences, social media handles and other information that enables us to contact you.
• Employment information - your job title/role, company/employer’s name and other information relating to your employment.
• Demographic data - date of birth, gender and other relevant information.
• Donation and payment information - your credit or debit card details, bank account information, payment or other information required when you make a donation.
• Identity verification information - your government issued ID, date of birth, previous address history, signature and other information collected for identity verification.
• Enquiry information - information included within and relating to your contact/enquiry.
• Event participation - information related to events that you attend or participate in.
• Survey response information - your response(s) to our surveys.
• Customer information - your name, address, phone number, postal address, social media handles, other information relating to contact information, health information relating to deafness.

Personal information we collect about you

We may automatically collect information about your use of the site or app, such as the number and duration of visits to the site and details of which particular pages have been visited. 

We will anonymise this information so that it is not attributable to you (‘Anonymised Information’).

We also automatically collect technical information, including anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the Internet for fraud protection, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform as well as cookie, tracking pixel and beacon identification information (‘Technical Information’).

Please see our Cookies policy for further information.

We use any collected Technical Information and Anonymised Information to analyse how the site or app is functioning and how it is used by users, for insight purposes and to help us maintain and improve the site or app on an ongoing basis.

We may monitor and record communications with you (such as telephone calls and emails) for the purpose of service or support fulfilment, training and fraud prevention.

Information we may collect about you from other sources

We may obtain the following personal information about you from the following sources, which we use in the ways described in the section below:

• Research, profiling and Wealth Screening: name, postal address, contact information, information relating to personal profile, job role/industry.
• Publicly available information: name, postal address, contact information, information relating to personal profile, job role/industry.
• Review websites such as Facebook and Trustpilot: name and the review you leave on the third-party platform.

In more legal terms, we rely on certain lawful bases to process your personal information as a controller. The purposes for which we use your personal information and the lawful basis on which we rely to process it for each purpose is as follows:

To perform a contract to which you are a party or to take steps at your request prior to entering into a contract

• Name, postal address, contact information, information relating to personal profile, job role/industry.
• Processing of donations and maintaining records of your support.

To comply with our legal obligations

• To keep a record relating to the exercise of any of your rights relating to our processing of your personal information.
• To take any actions to comply with our legal obligations relating to consumer protection, accounting and tax liability.

For the purposes of our legitimate interests where such interests are not overriding your rights and interests

Processing necessary for us to promote our business and measure the reach and effectiveness of our campaigns:

• To improve our site and services.
• For marketing purposes (unless consent is required), including to inform you about our promotions and offers and to send you abandoned shopping cart reminders by email or text where you have previously purchased something from us or been in negotiations for a sale with us; our promotions and offers by post and telephone.
• To analyse certain customer behaviours, for example demographics and economic situation to inform our marketing activities, including to target you with offers that we think you may be interested in.

Processing necessary for us to respond to changing market conditions and the needs of our users:

• To personalise your experience and to develop the services we offer.
• To contact you to ask you to take part in customer satisfaction surveys, as part of which we may collect your feedback and contributions. We use this information to develop the services we offer.
• To ask you to review a service or campaign that you’ve engaged with or provide general feedback on our services.

Processing necessary for us to operate the administrative and technical aspects of our organisation efficiently and effectively:

• To ensure that content from our site and app is presented in the most effective manner for you and for your device.
• To allow you to participate in interactive features of our site and app, when you choose to do so.
• For ensuring network and information security.
• For maintaining records, publishing corporate information and public administration.
• For fraud prevention and detection purposes and risk reduction.
• To enforce or defend our legal rights or any claims.
• As is necessary in conducting a corporate acquisition or disposal, or other transaction.
• To share your information with third parties for the purposes set out in this policy (unless consent is required).

Consent

Where indicated on our site, app and website policies, we need your consent to:

• Conduct marketing activities where legitimate interests is not relied on
• Conduct marketing activities using cookies - when you first visit our website you will be asked if you would like to accept all cookies or customise your settings - if you select all cookies this will also enable us to perform marketing activity based on your interactions with the website, other marketing channels and other third parties such as social networks. Please read our Cookies policy.

Where we have your consent, we may post your feedback on our website and in other marketing materials.

We may disclose your information to the following third parties:

• Advertising, PR, digital and creative agencies: media (advertising and PR).
• Cloud software system providers, including database, email and document management providers: IT (cloud services).
• Facilities and technology service providers including scanning and data destruction providers: IT (data management).
• Third parties such as payment processors and in order to facilitate the provision of donations: finance (payment processing).
• Third parties such as warehouse management and delivery services in order to select and facilitate the provision of goods or services to you: logistics (warehouse management and deliveries).
• Professional advisers including consultants, legal advisors, bankers, auditors and insurers: professional services (legal and accounting).
• Third parties which provide us with analytical services or marketing services or our advertising partners (with your consent, where required): media (market research).
• Social media platforms: media (social media).
• Website and data analytics platform providers: IT (data analytics).
• Website and app developers: IT (software development).
• IT providers that host our site, provide us with support services and/or store data on our behalf: IT (hosting).

We may also disclose personal information to the police, regulatory bodies, legal advisors or similar third parties where we are under a legal duty to disclose or share personal information in order to comply with any legal obligation, or in order to enforce or apply our Terms and conditions policy and other agreements; or to protect our rights, property, or safety of our customers, or others.

This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We will not share your data with third parties for them to send you marketing material without your consent.

When sending your information to third parties, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and (where they are processing personal data as our ‘processor’) not to use it other than in accordance with our specific instructions.

When we share your personal information with any third parties that are controllers of that information, they may disclose or transfer it to other organisations in accordance with their data protection policies. This does not affect any of your data subject rights as detailed below.

In particular, where you ask us to rectify, erase or restrict the processing of your information, we take reasonable steps to pass this request on to any such third parties with whom we have shared your personal information.

We may disclose your personal information to other third parties as follows:

• Any third party who is restructuring, selling or acquiring some or all of our business or assets or otherwise in the event of a merger, re-organisation or similar event.
• If we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation or request, including by the police, tribunals, regulators, the government or related agencies.

Where permitted by applicable law, we may transfer your personal information to the United States and other jurisdictions outside the UK for the purposes set out in this Privacy policy and our Cookies policy.

We will implement appropriate safeguards to secure the transfer of your personal information to jurisdictions outside the UK. 

These safeguards include:

• Relying on declarations made by regulators or governments (e.g. adequacy decisions/regulations).
• Where the third country where data is being sent is not subject to such declaration, the standard contractual clauses approved by relevant regulators or governments, as applicable; ensuring that the recipients are subscribed to international frameworks; or such alternative measures as are valid and appropriate at the time.

If we collect your personal information, the length of time for which we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We do not retain personal information in an identifiable format for longer than is necessary.

We may need your personal information to establish, bring or defend legal claims. 

For this purpose, we will always retain your personal information for no longer that when it is needed by us for any of the purposes listed (How and why we use your personal information) above.

The only exceptions to this are where:

• The law requires us to hold your personal information for a longer period, or delete it sooner.
• You exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see (Your Rights) below).
• You exercise your right to require us to retain your personal information for a period longer than our stated retention period ('Your Rights', below).

We have implemented appropriate physical, technical and organisational measures designed to secure your information against accidental loss and unauthorised access, use, alteration or disclosure. 

In addition, we limit access to personal information to those employees, agents, contractors and other third parties that have a legitimate business need for such access.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do everything possible to protect your personal information, we cannot guarantee the security of any personal information during its transmission to us online. 

You accept the inherent security implications of using the internet and will not hold us responsible for any breach of security unless we are at fault.

For information on how we use cookies and how to switch them off on your device, please visit our Cookies policy.

We do not envisage that any decisions that have a legal or significant effect on you will be taken about you using purely automated means, however we will update this Privacy policy and inform you if this position changes.

We may undertake automated processing of personal information, including profiling to analyse certain customer behaviours, for example demographics and economic situation. 

This is used for internal analysis purposes and to inform our marketing activities, including to target you with offers that we think you may be interested in.

You have a number of rights in relation to your personal information under data protection law. 

In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information.

Except in certain circumstances allowed, permitted under applicable regulatory guidance, we will respond to you within one calendar month from either:

• The date that we have confirmed your identity.

  Or

• Where we do not need to do this because we already have this information, from the date we received your request.

You have the following rights, some of which may only apply in certain circumstances

To have your information corrected if it is inaccurate and to have incomplete personal information completed:

If you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us using the details described at the end of this Privacy policy.

To object to processing of your personal information:

Where we rely on our legitimate interests as the lawful basis for processing your personal information for particular purposes, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this Privacy policy.

Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter.

If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes.

Otherwise, we will provide you with our justification as to why we need to continue using your data.

To withdraw your consent to processing your personal information:

Where we rely on your consent as the lawful basis for processing your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this Privacy policy.

If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can also do so using our unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.

To restrict processing of your personal information:

You may ask us to restrict the processing of your personal information in the following situations: where you believe it is unlawful for us to do so; or you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.

In these situations, we may only process your personal information while its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.

To have your personal information erased:

In certain circumstances, you may ask for your personal information to be removed from our systems by emailing us at the address at the end of this Privacy policy.

Unless there is a reason that the law allows us to use your personal information for longer (for example, there is a legal requirement for us to retain your personal information, or we have an overriding legitimate reason to continue to retain your personal information), we will make reasonable efforts to comply with your request.

To request access to your personal information and how we process it:

You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this Privacy policy. 

We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

To electronically move, copy or destroy your personal information in a standard, machine-readable form:

Where we rely on your consent as the lawful basis for processing your personal information or need to process it in connection with a contract in place directly with you, you may ask us to provide you with a copy of that information in a structured data file.

We will provide this to you electronically in a structured, commonly used and machine-readable form, such as a CSV file.

You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible.

We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

Rights relating to automated decision making, including profiling:

You may also contest a decision made about you based purely on automated processing by contacting us using the information at the bottom of this Privacy Policy.

To complain to a data protection regulator:

You have the right to complain to a data protection regulation (which in the UK is the Information Commissioner’s Office (ICO) if you are concerned about the way we have processed your personal information. 

Please visit the ICO's website for further details.

To submit a request in relation to any of the personal data that we hold on your behalf, please contact us at dataprotection@ndcs.org.uk.