Our general data policy is to hold at any time only the absolute minimum we require to effectively perform our charitable aims. We keep as few copies as possible in as few places as possible whilst striving to ensure that no data record is stored only in one location for the purposes of business continuity.
Data is shared internally only to those who have an explicit need for it to perform their specific role and we NEVER share data with ANY outside or third party organisation (subject to those areas where we may have a statutory duty of disclosure).
We hold data for three groups of people and we process and store this information differently. These groups and the specific policies are set out below:
For each volunteer we hold the following data:
- Telephone Number
- Email Address
We use this data only for contacting volunteers in regard to their work for us. This data is shared with all volunteers to facilitate contact between volunteers where required. We hold and process this data under GDPR Article 6(1)(f) [Legitimate Interest] on the basis that we need to know who is volunteering with us.
Each volunteer provides explicit written consent for their data to be held and distributed as above.
Listeners (by post)
For listeners we hold and process two distinct types of data: mandatory information and voluntary information, the two types are defined below:
- Telephone Number (where provided)
- Statement of the extent of visual disability
We hold and process this information under GDPR Article 6(1)(f) [Legitimate Interest] on the basis that we cannot provide the service without this information.
We require these pieces of information to deliver the service requested and as we cannot deliver the service without them consent to store and process these data would be meaningless. We require the name and address in order to address the package each week, we require the statement of the extent of visual disability in order to demonstrate that the listener is eligible for mail to be sent through the “Royal Mail Articles For The Blind” service as we use this service for delivery. We require the telephone number in order to fulfil our promise to telephone any listener who places a piece of paper in their return package.
- Birthday (day/month)
We announce listeners’ birthdays on the edition closest to their birthday each year. This is optional and so we hold and process this data under GDPR Article 6(1)(a) [Consent].
For each person that subscribes to receive our editions by email we store that person’s email address so that we can send the email. We must store these email addresses in order to that our automated system knows where to send the emails. We hold and process this data under GDPR Article 6(1)(f) [Legitimate Interest]. We do not request consent as it is an absolute pre-requisite for the service the user has requested and the service cannot be delivered without the data concerned.
Subscribers may remove their email from the list at any time.
We have secured the list in such a way as to prevent subscribers’ data being visible to other subscribers and also so that only our system and our Admin Secretary have the ability to send email to the list.
As many organisations do we collect anonymous visitor information in order to measure how people make use of our website and listen to our service online. We do this via three third parties:
Kualo host our website and retain visitor logs to which we have access. None of these logs contain sufficient information for us to identify an individual person.
We use Google Analytics to track how people use our website. Google make these statistics available to us only in ways by which it is impossible to identify any individual person.
PayPal & Donr
For donations made through our website relevant data is passed to either PayPal or Donr for the purpose of processing the payment. That data is processed and stored on their servers in line with their policies. See the FAQ on the Donations page for more details.