Oasis Charities Privacy Policy (Fundraising and Marketing)

This document is the privacy notice for Oasis International Association, Oasis Charitable Trust, Oasis International Foundation, Oasis Community Partnerships and Oasis Community Hubs (referred to in the rest of the document collectively as ‘Oasis Charities’).

This policy sets out how the Oasis charities deal with personal data with specific regard to fundraising and marketing.

How we collect your personal data
Most of the personal information we process is provided to us directly by you for one of the following reasons:

  1. You have kindly made a donation to an Oasis charity and filled in a Gift Aid form
  2. You subscribe to our e-newsletter
  3. You have made an information request to us
  4. You wish to attend, or have attended, an event
  5. You have bought a product online

How we use your data
Like all major charities, we have a range of fundraising and marketing activities that help us raise income or promote the aims and objectives of Oasis charities.  We will use your personal data (name, address, email and in some cases telephone) to contact you by mail based on the principle of ‘legitimate interest’ in our work. For example if you make a donation, we assume you will want to receive news and updates from us about the work your donation is helping us achieve.  Contact by post may include:

  • Writing to thank you for a donation or to ask about Gift Aid forms
  • Updating you about specific appeals or ongoing campaigns in which you can play an active role, such as volunteering opportunities
  • Informing you of events and items for sale
  • General administration, for example the venue details for an event or the delivery status for a purchase

We value your support and your privacy and will only contact you with updates and appeals about five times a year.

 Contacting you by post
We will use your data to contact you by mail with updates, newsletters, appeals and information on campaigns around relevant topics.  You can opt out at any time by emailing us at fundraising@oasisuk.org

Contacting you by email
If you sign up to one of our mailing lists online, we will ask you to give your consent by ticking a box. We will assume that you are happy for us to contact you with updates, newsletters, appeals and information on campaigns around your chosen topic of interest.

Unsubscribe options are included in all our email communications or you can contact us at fundraising@oasisuk.org

How long do we keep your information?
If you have made a donation, we need to keep your details on file for six years in order to comply with financial legislation. However, we will not contact you if you so wish.  After six years, we will delete your details unless we have your consent to continue holding them.

If we do not hear from you at all for five years, we will remove your details from all mailing lists.

Your personal information and third parties
We never swap, sell or buy personal data from fundraising agencies. However, we are obliged by law to share personal data with certain statutory agencies, for example:

  • HMRC – if you have made a donation to us which is eligible for gift aid, we are obliged to share that information with Her Majesty’s Revenue and Customs (HMRC).
  • Criminal enquiries – we would need to share data in the case of a police enquiry, for example

We may pass your personal data to certain third party providers in order to communicate and engage with you. We deal only with GDPR compliant suppliers and have robust data protection agreements in place with these third parties to ensure your data is fully protected. Types of third party suppliers include:

  • Payment providers – for example Pay PayPal who provide us with secure systems for receiving donation and purchases. We do not hold your personal financial details such as bank account numbers, sort codes or security codes in our own systems.
  • Mailing and fulfilment providers – we pass your name and address details to our mailing house in order to send you our magazine, for example.

Electronic marketing providers – we may hold your data with third party suppliers such as the marketing platform Mailchimp (see their privacy policy here: https://mailchimp.com/legal/privacy/), and our website providers.

Electronic communications

IP addresses and internet cookies
Our website providers track and store IP addresses on our websites for security reasons. We ensure our web hosting provider regularly deletes this data.

Cookies
Our websites use cookies in order to optimise your browsing experience on our websites.

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. See our cookies Policy for more information.

 

Transferring data to other countries
Oasis in the UK is a family of charities working across 11 countries of the world and all are committed to protecting the privacy of the individuals whose data we process and to processing all data in a lawful, open and transparent way.

We do not share donor information across the charities in our group. If you have given your data to an Oasis charity in a country outside the UK, it cannot be accessed in the UK. To erase or amend your personal data, please contact each country organisation individually.

Each Oasis charity has its own separate privacy policy. Please click on the hyperlinks below to see this:

Data profiling
We do not use data profiling techniques to identify target donors.

We may occasionally combine personal information we hold about you with information that is already available in the public domain. This is to help us improve the way we communicate and engage with you, for example, to inform you of an event in your area or about a topic in which you have shown an interest.   If you are not happy about this, please do get in touch with us at fundraising@oasisuk.org.

Data storage
We hold your data securely in line with the requirements of the Data Protection Act 1998,  the General Data Protection Regulation and the European Privacy and Electronic Communications Regulation and as outlined in our organisational policies – Oasis Information Security Policy, Oasis Data Protection Policy and Oasis Data Retention Policy.

Subject Data Access Requests
Under data protection legislation, you have the right to request access to the data we hold about you. To make a request for access to your personal information, contact:

Kat Simmonds
National Data Protection Lead
Oasis Community Partnerships
1 Kennington Road
London, SE1 7QP
Tel. 020 7921 4200
info@oasisuk.org

Alternatively, you can email fundraising@oasisuk.org

The lawful basis for processing data
We collect and use personal data in accordance with the General Data Protection Regulation (GDPR). The regulation permits organisations to process personal data on six types of legal basis, four of them are particularly relevant to our organisation:

  • Consent– Article 6-1 (a): the data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contractual relationship– Article 6-1 (b): processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • Legal obligation– Article 6-1 (c): processing is necessary for compliance with a legal obligation to which the controller is subject
  • Legitimate interest– Article 6-1 (f): processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

 Updates to this policy
From time to time, we will make changes and updates to this policy to reflect changes in legislation and best practice. Please make sure you check regularly for changes. If you are signed up to one of our mailing lists, we will update you proactively about any significant changes.

Your rights
Under data protection law, you have the following rights regarding your personal data.

  • Your right of access
    You have the right to ask us for copies of your personal information.
  • Your right to rectification
    You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure
    You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing
    You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing
    You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.
  • Your right to data portability
    This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent.
  • You are not required to pay any charge for exercising your rights. We have one month to respond to you.

More information about your rights:
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/