Privacy Statement

Introduction

Your privacy is of the highest importance to us. The Sussex Beacon is committed to keeping your personal data safe and being transparent about what personal data we hold and how we use it.

We ensure that your information is processed in accordance with all applicable laws concerning the protection of personal data. This policy explains:

    • Who we are;
    • What personal data we collect about you;
    • How we use and store your personal data; and
    • Your rights.

If you have any questions about this privacy policy please get in touch with us at data@sussexbeacon.org.uk, 01273 694222 or The Sussex Beacon, 10 Bevendean Road, Brighton, BN2 4DE.

Who we are

We are The Sussex Beacon, a charity supporting people living with HIV, whose registered charity number is 298388. We are a company registered in England and Wales with the company number 2205876 at the address, The Sussex Beacon, 10 Bevendean Road, Brighton, East Sussex, BN2 4DE.

This privacy policy applies to both our websites, www.sussexbeacon.org.uk and www.brightonhalfmarathon.com.

Collecting personal data

This privacy notice sets out how we process personal data that we collect from you, or that you provide to us, in line with current data protection legislation and other applicable laws. We will treat all your personal data as confidential, however we reserve the right to disclose this data in ways set out in this privacy notice.

Personal Information (or “data”) is any information that can be used to identify you. It can for example, include your name; date of birth; email address; postal address; phone number; payment card details and medical information.

Data Protection law recognises that certain categories of personal information are more sensitive. This is known as sensitive personal data and covers health information, racial or ethnic origin, religious beliefs and political opinions. We do not usually collect such sensitive personal data about our supporters unless there is clear reason for doing so, such as participation in a half marathon, marathon or similar fundraising event to ensure we provide appropriate facilities and support. We may also collect sensitive personal data about you if you self-refer, are referred, or use any of our services for people living with HIV. We will however always make it clear to you that we are collecting this sensitive personal data and the reasons for it.

Personal data we may collect and process:

    • Your full name and your title;
    • Date of birth;
    • Postal address;
    • Telephone numbers;
    • Email address;
    • Bank or payment card details;
    • Dietary requirements;
    • Medical information;
    • Photographs of individuals;
    • CCTV footage of those entering our premises;
    • Records of correspondence with us;
    • Donation and gift aid details; and
    • Information you enter onto our websites.

We collect data in the following ways:

    • Information you give to us: We collect information from you when, for example, you email us, contact us about our activities, engage with us on social media, phone us, registering to take part in a challenge event including our Brighton Half Marathon, make a donation to us, purchase or donate items in our shops or use our services. Sometimes when you support us your information is collected or processed by a third party for us, for example electronic communication facilitators, database providers and event registration software. Where they are doing so purely for The Sussex Beacon, we will remain responsible for your information at all times and they will not be permitted to use your personal information for their own marketing. We collect only the personal data necessary for the purpose it is being collected, stored and processed.
    • Information you allow third parties to share with us: Your information may be shared with us by third parties who, for example, independently organise events such as the London Marathon, or facilitate fundraising such as Just Giving or Virgin Money Giving. These third parties will only share your personal information with us if you have indicated that you wish to support The Sussex Beacon with your consent. You should read their privacy policies to fully understand how they will process your information.
    • Information we collect from your use of our websites: We collect information about how you use our websites, such as your IP address, when you visit our site, watch videos and interact with our ads and content. More information on the data we collect from our websites can be found in our Cookie Policy.

How we use your personal data

The ways in which we use your data depend on why you have provided it. We may use your data in the ways set out below:

    • to provide you with the information, support, services or products you have requested from us, including such things as registration into a specific event or merchandise from the Brighton Half Marathon;
    • To respond to your enquiries;
    • To provide you with information which may interest you, such as newsletters, fundraising activities and resources, voluntary surveys, details of volunteering opportunities and updates on our work;
    • To maintain a record of your relationship with us and for internal administrative purposes (including accounting);
    • to administer and process payments, including to claim Gift Aid on your donations, and to fulfil the related legal requirements;
    • to comply with applicable laws and regulations;
    • to improve how we communicate with you, how we fundraise and how we generally operate;
    • to keep in contact with you in ways you have requested or agreed to, such as providing fundraising support and resources when you sign up to a challenge event to fundraise for us;
    • Notify you about changes to our services or policies;
    • for Direct Marketing by email, post or telephone. We may occasionally include information from other organisations who we partner with on various campaigns or projects. More information on how we use your personal data for marketing purposes can be found under the “Marketing” section in this policy;

If you register or have registered to take part in the Brighton Half Marathon we will also use your data to:

    • Administer your online account;
    • Send you important information about the event including health and safety information;
    • Provide our sponsors and event partners with your data if you have consented to us doing so and to receive marketing communications from them;
    • To monitor, develop and improve the services we provide to you and your experience of the Brighton Half Marathon website.

Fundraising

We want to ensure we are contacting you with tailored and appropriate communications, ensuring we direct our resources and fundraising activities as effectively as we can and provide the level of support you would expect from us. We also want to communicate with you from time to time to thank you for your support and tell you what we have achieved with the help of your donations or time.

Marketing

At The Sussex Beacon we want to ensure that you receive the level of marketing communications from us that are right for you, and contain the information you want to receive. The ways in which we market through various channels are set out as follows:

    • Email and Text Marketing: If you actively and explicitly consent to us contacting you by email and by text for marketing purposes, and provided us with an email address and/or phone number, we may contact you by these methods about our work, upcoming fundraising events and activities, volunteering opportunities, how you can get involved or make a donation to us.

If you sign up to the Brighton Half Marathon and associated events, we have a legitimate interest to contact you about similar commercial products and services which we think you may be interested in.

You can update your preferences to tailor the information you want to receive, by clicking the ‘update my preferences’ link at the end of our marketing emails or by getting in touch at data@sussexbeacon.org.uk. You can opt out of these communications at any time by getting in touch at data@sussexbeacon.org.uk, or by clicking the unsubscribe button at the bottom of our marketing emails.

    • Post and Telephone Marketing: If you have provided us with your address and phone number we may send you mail or phone you about our work unless you have told us you would prefer not to receive such information. We do actively check phone numbers against the Telephone Preference Service. If your number is on this list, we will not contact you by phone unless you have expressed specifically to us that you consent to receive such calls from us.

Retaining your personal data

We retain your personal data only for as long as is required to operate our services in accordance with legal and tax requirements. Once we no long require your data to fulfil a service you have asked for, to provide you with the customer service and communication that you would expect, or to satisfy legal requirements we will delete it in a secure manner. If we are relying on consent for a particular method of data processing, we will contact you to renew consent at reasonable intervals.

Sharing personal data

The Sussex Beacon may disclose your personal data to third parties in the following circumstances:

    • To provide you with products or services that you have requested, for which we use a separate company to fulfil those services or supply the products.
    • To third parties who process data on our behalf and provide a service to us, such as companies we use to store data, conduct marketing and communicate with you. For example, we often use Mailchimp to manage our mailing lists and for staying in touch with you. You can read their privacy policy here.
    • If you signed up to the Brighton Half Marathon or associated events, with your consent we may share your personal data with specific third parties for the purposes of marketing to you directly.
    • If you signed up to the Brighton Half Marathon by purchasing a charity place belonging to another charity, we shall share your details with them so they can provide you with key information relating to your place and the event. They will not be permitted to contact you for the purposes of marketing without your permission.

We will only share your personal data with third parties who comply with relevant data protection legislation, and we will ensure appropriate controls are in place. We regularly monitor their activities to ensure they continue to comply with law and with our policies.

We will never share, sell or swap your personal data with any third parties for the purposes of their own marketing unless you have explicitly consented to us sharing your data with specifically named third parties.

We will ensure your personal data is only accessible by appropriately trained staff or contractors.

International transfers of personal data

For financial and technical reasons, we may use the services of a supplier or products or services outside of the European Economic Area (EEA), meaning that your personal data is therefore transferred, processed and stored outside of the EEA. Although this includes countries that the European Union authorities do not consider as providing adequate levels of protection of personal data, we will take reasonable steps to ensure that your personal data is kept safe and in accordance with this privacy notice. In such cases, the transfer will be carried out subject to a Data Transfer Agreement in compliance with Data Protection law. For further information, please contact data@sussexbeacon.org.uk.

Legal basis & legitimate interest

When we process your personal data, we will ensure this is done in accordance with at least one of the legal grounds stated within Data Protection Law. These consist of the following:

    • We have obtained your affirmative and specific consent to use your personal data for a previously notified purpose, which may include sending you electronic direct marketing by email or text, or to provide you with a product, a service or information that you have requested;
    • In some circumstances we may collect and use personal data where it is necessary to fulfil our legitimate interest as a charity. We shall however, always balance our legitimate interests against your rights as an individual and data subject to ensure we use your data in a way you would reasonably expect in accordance with this policy and which does not intrude on your privacy or preferences. Examples of how we may use our legitimate interests include:
      • To send you marketing material to you by post or telephone;
      • To send marketing communications by email & post to customers who have purchased a place in the Brighton Half Marathon and associated events, about our similar products and services;
      • To provide fundraisers with the support and resources they would expect;
      • To maintain a record of our relationship with you;
      • For administrative purposes;
      • To protect our business against fraud and other risks;
      • Maintain our customer database and systems.
    • Processing your personal data is necessary for the performance of a contract, such as to provide you with products or services you have purchased or requested (For example, if you register into the Brighton Half Marathon);
    • We have a legal obligation to use or disclose information relating to you, for example, if we were ordered to do so by a court or regulatory authority;
    • Processing is necessary to protect your vital interests; or
    • Processing is necessary for the performance of a task which is carried out in the public’s interest, or in exercising official authority.

Your debit and credit card details

If you use your credit or debit card to make a donation to us, buy something or pay for registration in an event either online or in person, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard (PCI DSS). https://www.pcisecuritystandards.org/pci_security/.

We do not store your credit or debit card details at all after the transaction is complete. Only staff authorised and trained to take payments will do so.

Cookies

Cookies are small text files which are stored on your computer by websites that you visit, to help websites work more efficiently and provide us with information. You can find out about the cookies we use on our website in our Cookie Policy which can be found here.

Inappropriate content

If you send any inappropriate, offensive or defamatory content on our website or social media platforms, we may use your personal data to inform relevant third parties including your internet provider or law enforcement.

Your rights

Under the EU regulation 2016/679 General Data Protection Regulation (“GDPR”), you have rights as individuals in relation to the information we hold about you. These are as follows:

The right to be informed:

You have the right to be informed about the collection and use of your personal data. This information must be concise, transparent, intelligible, easily accessible, clear and in plain language.

Where such data is collected from you directly, you will be informed of its purpose at the time of collection.

Where such data is collected from a third party, you shall be informed of its purpose either when the first communication is made, before a transfer of that data is made or as soon as reasonably possible no longer than one month after we obtain the data.

The information provided shall include details about us, the purpose for which the data is collected, the legal basis for collecting the data, the legitimate interests used to justify collection when applicable, the categories of data collected, the data to be transferred to third parties and details of those third parties, details of a transfer outside of the EEA if applicable, details of retention of the data, details of your rights, details of your right to complain to the Information Commissioners Office, details of any legal or contractual requirement necessitating the collection or processing of personal data and details of failure to oblige, and details of any automated decision-making or profiling that will take place using the personal data if applicable.

The right to erasure:

You have the right to request that we delete your personal data and stop processing it, if this processing is no longer necessary for the purpose it was collected, if you withdraw your consent, if you object to us storing or processing your personal data (where there is no overriding legitimate interest which will allow us to do so), if the processing is unlawful or if the personal data must be deleted to comply with a legal obligation.

We must comply with all required to erase personal data unless we have reasonable grounds to refuse.You will be informed of the erasure within one month of us receiving the request from you. If further time is required, you shall be informed.

In the event that the personal data to be deleted, as per a request from you, has been shared with third parties, those third parties shall be informed (unless it is impossible or unreasonably difficult to do so).

The right of access:

You have the right to ask for a copy of the information we are processing about you by making a ‘subject access request’. We do not charge a fee for this service, however we reserve the right to charge reasonable fees for additional copies of information that has already been supplied to you, and for requests that are manifestly unfounded, excessive or repetitive. You can make a subject access request by emailing us data@sussexbeacon.org.uk or posting to The Sussex Beacon, 10 Bevendean Road, Brighton, BN2 4DE. If we hold personal data about you, we will:

    • Provide a description of the personal data held;
    • Explain why we are holding the personal data;
    • Inform you who this personal data has been shared with; and
    • Give you a copy of the data.

The right to data portability:

You have the right to obtain and reuse your personal data for your own purposes across different services.

You only have this right when the lawful basis for us processing this data is consent or for the performance of a contract, and if the data is processed by electronic means.

If these requirements are fulfilled, you may receive a copy of your personal data and/or have it transmitted to another company.

We may object to a request if it can be demonstrated that there is a legitimate reason that the transmission cannot take place, which adversely affects the rights or freedoms of others.

The personal data shall be provided in a format which is structured, commonly used and machine-readable.

The right to rectification:

If we hold inaccurate or out dated personal information relating to you, you have the right to ask us to rectify that information.

We shall rectify the information and inform you within one month of receiving the request or new information. If further time is required, you shall be informed.

In the event that the personal data to be rectified, as per a request from you, has been shared with third parties, those third parties shall be informed.

The right to object:

You have the right to request that we do not, or refuse us permission to, process your personal data for the purposes of marketing based on legitimate interests, direct marketing, profiling and for processing for scientific and/or historical research purposes.

Where you object to us processing their personal data based on legitimate interests, we shall stop processing your personal data immediately, unless we can prove legitimate grounds for such processing which override your interests and rights, or that is necessary for legal claims.

Where you object to us processing your personal data for marketing purposes, we shall stop processing immediately.

Where you object to us processing your personal data for scientific or historical research, you have an obligation under GDPR to demonstrate grounds relating to their particular situation. We might reject the request if the research is deemed necessary for the performance of a task carried out in the public’s interest.

We will inform you before collecting your data if it is to be used for marketing purposes or to be shared with third parties.

The right to restrict processing:

You have the right to ask us to cease processing the personal data we hold about you.

If such a request is made, we shall only retain the personal data that is necessary to ensure the personal data concerned is not processed further.

In the event that the personal data concerned is shared with a third party, those third parties shall be informed of the relevant restrictions to processing (unless such notification is impossible or unreasonably difficult to fulfil).

You can restrict processing of your personal data for marketing purposes by contacting us at data@sussexbeacon.org.uk, 01273 694222 or The Sussex Beacon, 10 Bevendean Road, Brighton, BN2 4DE. Where you have opted in to receive marketing correspondence, you have the right to withdraw your consent at any time, or update your preferences of the types of marketing you receive. This can be done via the instructions contained in the marketing correspondence, or by contacting us directly.

Rights related to automated decision making including profiling:

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning or significantly affecting you.

If such processing is carried out, we shall provide you with specific information about the processing, take steps to prevent errors, bias and discrimination, and give you rights to challenge and request a review of the decision made by solely automated means.

You have a right to object to profiling. Such a request can be made by contacting us at data@sussexbeacon.org.uk, 01273 694222 or The Sussex Beacon, 10 Bevendean Road, Brighton, BN2 4DE.

To speak to us about any of the above rights please get in touch at the above details.

For further information on your rights, you can also view the Information Commissioner’s guidance here.

Links to other websites

This privacy notice is not applicable to links within our websites which link to other websites not owned by The Sussex Beacon. Please read the privacy statements on other websites which you visit.

Complaints 

If you would like to make a complaint about the way we have processed your data, or the information provided in this notice, please contact us at data@sussexbeacon.org.uk or 01273 694222. Alternatively, you can contact the Information Commissioner’s Officer via their website.

Changes to this policy

We regularly review this privacy notice and will make any changes available on this page. If we make any significant changes, we will notify you by email. By continuing to use this website you will be deemed to have accepted such changes. This privacy notice was last updated November 2018.

We recommend that you check this page regularly to keep up-to-date.

Contact

If you would like to request further information about our privacy policy you can contact us at:

data@sussexbeacon.org.uk

01273 694222

or via post at:

The Sussex Beacon, 10 Bevendean Road, Brighton BN2 4DE.