1.1 Online Giving Ltd. (“Enthuse” or “We“) are committed to protecting and respecting your privacy.
1.2 This privacy statement explains how we will use the personal information we collect or that is provided to us.
1.3 We are the controller for the purposes of the General Data Protection Regulation 2016/679 (“GDPR”). Unless otherwise stated in this privacy statement or as part of the donation process, we will determine why and how the personal information collected via this website.
2. Personal information we may collect on this site and how we use it
2.1 Clients (including Charities) who register to use the Enthuse platform to support their fundraising strategy
a) When an organisation (including a charity) registers with us as a client to licence our fundraising platform from us, it may provide or we may request personal information about its employees, directors or trustees of the charity.
b) We will use this personal information to manage our relationship with the relevant organisation and perform our contractual obligations, including to notify the charity or any changes to the services and as part of our procedures to keep the Site safe and secure.
c) As an FCA regulated entity, we are also under a legal and regulatory obligation to carry out anti money laundering, Know Your Customer and service background checks on the charity, its directors and potentially board members, this will involve using the personal information provided to carry out these checks. In some circumstances we may use a third party supplier, to carry out these checks for us. Our appointed suppliers will only use the personal information for the purpose of carrying out the background checks and searches that we request.
2.2 Individuals who open an account on the Site for the purpose of making a donation or fundraising
a) In order to use our Site to make a donation or fundraise, an individual will need to register. As part of the registration process he or she will be asked to provide information. When we request information as part of the registration process, we make it clear where the provision of information is required by law and where it is voluntary.
b) An individual may choose to register on our Site using valid social media login details, such as Facebook or Google.
c) We may also collect personal information when an individual corresponds with us by phone, e-mail or otherwise.
d) The personal information we collect may include first name, last name, address, e-mail address, phone number and card payment details. If you are eligible for UK Gift Aid, you may also provide your UK domicile address as this may be different from your billing address.
e) We use this information to manage your account with us, make the payments to your chosen charity or to respond to your queries or comments.
f) In addition, if you have given us telephone instructions or e-mail instructions we will write to you to confirm your donation. We are required to do this by the Charities Commission for England and Wales.
g) We will retain account information to make it easier for you to donate to charities in the future. We do not use an account holder personal information for any other purpose and will not sell an account holder’s personal information under any circumstance.
h) Individuals signing up for an event using the Virtual Journey feature will have no personal data shared with the map provider, but agree to their location being marked on the event map at intervals during the event.
4. Disclosure of personal information
4.1 We may share personal information with selected third parties including:
a) Our suppliers. Our suppliers will only use individual account holder personal information in accordance with our instructions and to provide services on our behalf.
c) Third parties that may be interested in purchasing our business or assets. If we or substantially all of our assets are acquired by a third party, in which case personal information held by us about our customers will be one of the transferred assets.
d) Analytics and search engine providers. We use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone.
e) Payment gateways and merchant providers. When an account holder makes a donation, we are required to disclose certain information to payment providers to process the transaction. The information shared with the payment providers will only be used for the payment and will not be stored or used for any other purpose.
5. Where we store personal information
5.1 The personal information that we collect from you will not be transferred to, or stored at, a destination outside the European Economic Area (“EEA”).
6.1 We use appropriate technologies and procedures to protect personal information and all personal information we store is held on our secure servers and is encrypted.
6.2 When we receive confirmation of your online donation we do not have access to your full card details. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. Your responsibilities
7.1 Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone and to notify us in the event you become aware that someone has had access to your password.
8.1 We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information.
a) Access to personal information: If you request access to your personal information, we will gladly comply, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data.
b) Correction and deletion: You have the right to correct or amend your personal information if it is inaccurate or requires updating. You may also have the right to request deletion of your personal information; however, this is not always possible due to legal requirements and other obligations and factors.
c) Filing a complaint: If you are not satisfied with how we manage your personal information, you have the right to make a complaint to the UK Information Commissioner at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or online at: https://ico.org.uk/concerns/.
8.2 Our site may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility for the security, collection or use of your personal information on other websites. Please check these policies before you submit any personal information to these websites.
9.1 This privacy statement was last updated on 27th May 2020.
9.2 Any changes we may make to our privacy statement in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy statement.
10.2 You can also contact our Data Protection Officer, by sending an email to firstname.lastname@example.org or by writing to us at the address above marked for the attention of the DPO.