Privacy Notice

As a charity, we use the “soft opt-in” for any emails/text marketing to members, supporters and donors where the legal conditions are met, always offering a clear opportunity to opt out in each message or e-newsletter (Mailchimp). We will continue to honour consent where required and maintain accurate suppression lists.

As an organisation we offer subscription to our e-newsletter and general communications, and, in addition, many of our services will communicate their own updates to their service users.We use a third party, MailChimp, to provide our e-newsletters service. The company provide a secure service compliant with relevant data protection legislation. In addition to sending the emails, they provide analysis for us on click rates, open rates, and information on the sharing and forwarding of emails. This helps make sure that we are providing information that is relevant to our subscribers and measures the effectiveness of our marketing and communications.

We ask for your name, email address and if you are a disabled person or carer and if you live in the London Borough of Richmond upon Thames for our e-newsletter. You can withdraw your consent and unsubscribe at any time using the link at the bottom of the emails you receive, or by contacting Office Manager at info@raid.charity.

On the basis of your Legitimate Interest, we may also use your personal information to contact you about our work and how you can support RAID.

You can ask us to stop sending you these communications at any time by return email or clicking the unsubscribe link at the bottom of the relevant communication.

Messages sent via social media may be recorded and managed as enquiries. We use analytics to understand how our website is used. This data does not identify individuals.
Cookies help our website function properly and provide anonymised usage information.

Our website, www.raid.charity , uses cookies to:

• Help us monitor and understand how people use the website
• Identify returning or repeat visitors
• Manage the security of the website
• Manage people logging in or out of the website.
• You can block these cookies using the appropriate desktop and mobile apps for your software and system.

How visitors use our website
We comply with the Privacy & Electronic Communications Regulations (“PECR”) for cookies and similar technologies. Where consent is required we will obtain it clearly and proactively; where new limited exceptions apply (e.g. certain low-risk analytics/functionality cookies), we will still provide transparency and easy opt-outs.

We use Google Analytics and page tagging techniques to understand how our website is used by visitors. Find out more about what information Google collects, and how it uses and protects this information here: https://support.google.com/analytics/answer/6004245?hl=en-GB .

The link also provides information on how you can opt-out of Google Analytics.

Google Analytics and this website can collect information such as:

• Visitor IP address, web browser, or device(s) used
• How people came to our website, and time spent on web pages
• Whether a visitor is logged into a restricted part of the website
• If a visitor has come to the website recently.

This information helps us:

• Make sure our website meets visitor and technological need
• Understand if we are providing information the visitor needs or finds useful
• Make best use of our charity resources to promote what we do and support people who need our services.

Contacting us via the website or social media
We can personally identify you if you leave a comment, submit a form or click an email link when you use the website. This includes information such as your name, IP address, email address, telephone number and any other information you provide to us. We do try to keep the information we collect to the minimum needed to allow us to respond to your feedback, messages, comments or queries.

Social media
When you interact with us on social media platforms such as instragram or facebook, we may obtain information about you (for example, when you publicly tag us in an event photo). The information we receive will depend on the privacy preferences you have set on those types of platforms. Please review the privacy notice of those platforms, in addition to this one.

Links to other websites
Our website may contain links to other websites of interest. Once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution and look at the privacy policy applicable to the website in question.

Much of the data that we collect from our service users falls under legitimate interest. This means that the reason that we are processing information is because there is a legitimate interest for RAID to process your information, to help us to achieve our vision of providing effective and person-centred support for Disabled people and carers.

At RAID we also collect Special Category Data which can include information about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs. Due to the nature of our services, we are likely to collect information on individual’s demographics as well as their health, to enable us to provide appropriate support. When we process Special Category Data and criminal records, the lawful basis is supported by additional conditions of UK GDPR and DPA 2018 laws.

We rely on the following lawful bases for processing your personal data:

• For the direct provision of support and services, we process your personal information on the basis of our legitimate interest.
• To make informed decisions regarding the most appropriate support, we rely on legitimate interest.
• To provide information that you have requested, we rely on our legitimate interest.
• To manage risks to your own and others’ wellbeing, we process your personal information for safeguarding purposes.
• To compile anonymous data for the purposes of reporting to funders and commissioners about our services, we rely on our legitimate interest.
• To invite you to participate in surveys or research to evaluate and monitor the quality of RAID services, we rely on legitimate interest.
• To process information payment information for goods and services and/or donations, we rely on the basis of contractual obligation.

Occasionally we like to share the stories of our service users and supporters, to demonstrate our impact. When doing this we will always seek your consent and work with you to form a case study, and you can of course decide if you want to remain anonymous.

Confidentiality, data sharing and safeguarding

The personal information we collect about you will mainly be used by our staff (and volunteers) at RAID so that they can support you. The information you provide to us will only be used for the above purposes and not sold or rented to any third party individuals, organisations or companies.

We will not pass on your details to anyone else without your express permission except in exceptional circumstances where we need to comply with our duty of care and safeguarding.

This will include when a member of staff has reason to believe that an individual is in danger of harming themselves or others, or if there are concerns of a criminal nature. In such a situation, efforts will be made to persuade the person to contact the appropriate statutory authorities or support (this may include their GP or a mental health professional). If they are unwilling to do this, staff will attempt to seek agreement from the individual to make this contact on their behalf.

If the individual cannot be contacted or refuses to give permission for RAID to contact the statutory authorities, staff may decide the concerns are sufficiently serious to contact the authorities themselves with their concerns.

 We may permit accredited quality mark auditors (such as Advice Quality Standard) to access relevant, pre-agreed case records solely for the purpose of assessing our compliance with applicable sector standards. This access is strictly limited to what is necessary for audit purposes.

The lawful basis for this processing is our legitimate interests in maintaining and demonstrating compliance with recognised quality standards. Where the information accessed includes special category data, processing is carried out in accordance with UK GDPR, under the condition of substantial public interest.

When you make a donation to RAID, we will collect your details so that we can process the payment, claim gift aid (if applicable) and thank you for your gift. The information gathered may be: name, email address, Gift Aid sign up, company name if donation made by an organisation, donation details, reasons to engage and postal address. This information may also be used to assist our compliance with the Charities (Protection and Social Investment) Act 2016 and follow the recommendations of the official regulator of charities, the Charity Commission, which require us to identify and verify the identity of supporters who make major gifts so we can assess any risks associated with accepting their donations.

This information allows us to process your donation, and deal with any potential enquiry. We rely on our legitimate interest to process this data. If you agree that we can claim Gift Aid on your donations, we are legally required to keep a record of the claim and your Gift Aid declaration. If we claim Gift Aid on donations, we are legally required to keep a record of the claim and use Legal Obligations as basis for processing information.

We will retain your details securely in order to meet our legal and financial obligations, and to provide you with further information about our work, based on your consent or our belief that you would like to receive updates about our work and further opportunities to support it. This information will not be made available to anyone outside of RAID.

When you sign up to our fundraising events you mainly provide information to us via our website forms, third party platforms (e.g. Eventbrite) or in person during the events by paper forms. The information gathered may be: name, email address, company name if applicable, donation/payment details, reasons to engage, postal address, email address and contact preferences.

This information allows us to administer your sign up, process payments, and deal with any potential enquiry. We rely on the legitimate interest lawful basis to process this data.

During these types of events, we may also take photographs and video recordings of people attending where you may be included. This information allows us to showcase our work and have effective external communications. We ask for your consent at the event or activity and you will always offer the option to opt out.

If you are signing up to an event using a third party, please also refer to the privacy notice published on their websites.

When you show interest in supporting us (e.g. through a gift in your will or a pledge) and you decide to contact us information is provided mainly by yourself, via online forms or phone/email conversation with us. The information gathered may be: occupation, title, details of any correspondence had with us, date of birth, fundraising appeals responses, event participations with us and details of your reasons to engage with us. This information allows us deal with your enquiry and show you how to get engaged. We rely on our legitimate interest to process this data.

The applies to contractors, freelancers, job applicants, current and former employees, trustees and volunteers.

How and when do we collect information about you?
You provide several pieces of data to us directly during the recruitment period and subsequently upon the start of your employment/engagement. In some cases, we will collect data about you from third parties, such as employment agencies or former employers when gathering references.

What types of information is collected about you and who provides it?
We keep several categories of personal data on our employees/freelancers/job applicants/trustees and volunteers in order to carry out effective and efficient processes. We keep this data in an electronic personnel file relating to each individual and we also hold the data within our computer systems, for example, our HR system.

Specifically, depending on your type of engagement with RAID, we may process the following types of data:

a) personal details such as name, address, phone numbers
b) name and contact details of your next of kin or emergency contact details
c) your photograph, your gender, marital status
d) photos or footage of the organisation events where you may appear
e) information of any disability or other medical information you have disclosed
f) right to work documentation
g) information gathered via the recruitment process such as that included in a CV, cover letter or application form, references from former employers, details on your education and employment history etc
h) National Insurance number, bank account details and tax codes
i) information relating to your employment with us (e.g. job title, job description, salary, terms and conditions of the contract, annual leave records, appraisal and performance indicators, formal and informal proceedings involving you such as letters of concern and disciplinary and grievance proceedings.)
j) internal and external training modules undertaken
k) information on time off from work including sickness absence, family related leave etc
l) IT equipment use including telephones and internet access
m) your biography and picture for the website (if applicable).

We may also process special category data which includes health information, sexual orientation, race, ethnic origin, political opinion, religion, trade union membership, genetic and biometric data. We may also process criminal records information if the role requires a DBS check.

Sharing your information
We only share personal information when necessary and proportionate.

This may include sharing with:

• Staff and volunteers at RAID
• Trusted third-party processors such as providers of payroll or IT systems
• Partner organisations, where you have given consent or where required by law
• Statutory bodies for safeguarding or legal reasons
• Relevant employee information with our payroll company, pension provider, accountants and Disclosure and Barring Services.

We have contracts in place to ensure third parties protect your information appropriately.

How is the information used?
We are required to use your personal data for various legal and practical purposes for the administration of your contract of employment or your involvement as a volunteer or trustee, without which we would be unable to employ you. Holding your personal data enables us to meet various administrative tasks, legal obligations and/or contractual agreement obligations. We process information in relation to the DBS for our safe recruitment practices.

Lawful basis for processing
We mainly use ‘contractual obligation’ as a lawful basis for processing personal data for employees, job applicants and freelancers. We mainly use ‘legitimate interest’ for trustees and volunteers. We may also have legal obligations to process and share your data, for example we need to share salary information with HMRC or use some of your data to enrol you on a pension scheme.

We rely on legitimate interest for processing activities such as keeping supervision and appraisal records; using your image, bio and videos/pictures of the organisations’ events where you may appear on our website, e-newsletter or marketing/fundraising materials to promote the charity.

Some special categories of personal data, such as information about health or medical conditions is processed in order to carry out employment law obligations (such as those in relation to disabilities and for health and safety purposes). We may also process other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief for the purposes of equal opportunities monitoring. When processing criminal records (for example, in order to perform DBS checks), the organisation relies on the lawful basis of legitimate interest. When processing special category data and criminal records, we rely on additional conditions of the UK GDPR and DPA 2018.

How long do we keep your data?
We only keep your data for as long as we need it for, which will be at least for the duration of your employment/engagement with us though in most cases we will keep your data for a period of 6 years after your employment/engagement has ended. If you’ve applied for a vacancy but your application hasn’t been successful, we will keep your data only for 6 months, unless we seek your consent to hold this for longer.

Some data retention periods are set by the law. Retention periods can vary depending on why we need your data. Please get in touch by contacting us using the details above if you want to know more about retention period. Data is destroyed or deleted in a secure manner as soon as the retention date has passed.

Confidentiality – who do we share your data with?
Data in relation to your salary is shared with HMRC as part of our legal obligation. Data may be shared with third parties for the following reasons: for the administration of payroll, pension, HR functions (for example the online holiday booking system), administering other employee benefits if we introduce them. When sharing information with third parties, we have data sharing, processor agreements or contracts in place to ensure data is not compromised. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.