Last revised on: 15 March 2019
KindLink Ltd (“we”, “our”, “us”) are committed to protecting and respecting your privacy. We are a company registered in England and Wales under company number 09867441 and have our registered office at 75 Christian Court Rotherhithe Street, London, United Kingdom, SE16 5UA. For the purpose of the General Data Protection Regulation (the “GDPR”) and the Data Protection Act 2018 (the “Act”), we are the data controller.
Please read the following carefully so that you understand your rights in relation to your personal data, and how we collect, use and process your data. If you do not agree with this Policy in general or any part of it, you should not access our Websites. By visiting www.kindlink.com and charity.kindlink.com you are accepting and consenting to the practices described in this policy.
What information do we collect from you? We collect information when you register with our websites such as your contact details, payment details and certain identification information about you. We also collect further information about you in a range of ways depending on whether you are a charity, donor or corporation. In addition, we collect device and technical information from you when you use our websites.
How will we use the information about you. We use your information to fulfil our contract with you, to facilitate fund-raising by charities and administer donations from donors via our payment partners based on your consent, and to provide a platform for all non-profit organisations to raise funds, engage their supports and be transparent about their impact. We also use your information to maintain our website, and to tailor our products and services to your preferences to provide the best service possible. In addition we use your information to market our products and services to you, our partners (with your consent) where required by applicable law.
Who do we share your information with? We share your data with our third party service providers to the extent necessary for them to provide their services such as payment processors. We use these third parties services solely to process or store your information for the purposes described in this policy. We also share your information with relevant organisations or authorities for the purposes of anti-money laundering, anti-bribery or know your customer checks or claiming gift aids on behalf of charities, or necessary to comply with applicable laws, rules and regulations.
Where do we store your information? Your information will be transferred to, stored at and processed in the EEA. Your information is also processed by staff operating outside the EEA who work for us or our partners.
How long do we store your information? We retain your information in accordance with our data retention policy.
How can I exercise my rights over my information? You may have various rights in relation to your personal data.
Complaints. If you have any concerns or complaints, please contact us in the first instance our DPO at email@example.com.
WHAT WE COLLECT
We obtain information about you through several ways. This information includes “personal data” about you, which for the purposes of this Policy shall have the meaning given to it in the GDPR and the Act.
Information You Give Us.
If you are a charity, we collect the following information from you:
If you are an individual donor, we collect the following information from you:
If you are a corporation making a donation, raising funds, participating in events or tradeshows which we are involved in or using our Websites for any other purposes, we collect the following information from you:
This above information includes information provided when you report a problem with our Site, information you provide when you register to use our Websites as well as other user generated content, such as information provided when you participate in discussion boards or other social media functions on our Websites and other information you directly give us on our Websites. For further details, please see our terms and conditions at https://www.kindlink.com/terms.html.
Information Automatically Collected. We automatically log information about you and your computer. This information includes:
Cookies allow us to recognize and count the number of users and to see how users move around our Websites when they are using it. Cookies help us to improve the services we provide to you and the way the Websites work so that we can provide you with a more personal and interactive experience on our Websites. This type of information is collected to make our Websites more useful to you and to tailor the experience with us to meet your special interests and needs.
Many browsers are set to accept cookies until you change your settings to disable or delete cookies. If you remove or reject our cookies, it could affect how our Websites work for you. For further details about how to change your cookie preferences of your browser, please see below:
We use Google Analytics, which is a web analytics tool that helps us understand how users engage with the Website. Like many services, Google Analytics use first-party cookies to track user interactions, as in our case, where they are used to collect information about how users use our Website. This information is used to compile reports and to help us improve our Website. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our Websites – for more information on opting out of being tracked by Google Analytics across all websites you can use, visit this Google page: https://tools.google.com/dlpage/gaopout.
HOW WE USE YOUR DATA
If you are a charity who wishes to raise funds through our Websites, in accordance with our contract with you, we use your personal data and other data related to donations for:
If you are an individual donor, in accordance with our contract with you, we use your personal data which we ask you to give us when making your donation in connection with the processing of your payment on our Websites via our payment partner, Stripe.
With your consent where required by applicable law, we use your personal data as follows:
You have the right to withdraw your consent at any time by contacting us at firstname.lastname@example.org. For more information, please see the section entitled “Your Rights”.
As it is in our legitimate interests to be responsive to you, to ensure the proper functioning of our platform and services for all non-profit organisations to raise funds, engage their support and be transparent about their impact, we use your personal information as follows:
If you are a corporation who chooses us as your payroll giving agency, we use personal data of your employees who agreed to participate in the KindLink Foundation Payroll Giving Scheme because it is our legitimate interests to maintain the KindLink Foundation Payroll Giving Scheme. You have the right to object to this processing. For more information, please see https://www.kindlink.com/business.html.
You have the right to object to this processing. For more information, please see the section entitled “Your Rights”.
Feedback. If you provide feedback to us, we will use and disclose such feedback, provided we do not associate such feedback with your personal data. We publish user feedback from time to time. If we choose to post your first and last name along with your feedback, we will obtain your consent prior to posting your name with your feedback. We will collect any information contained in such feedback and will treat the personal data in it in accordance with this Policy, provided that we will contact you in regards to such feedback.
We do not sell, rent, or lease your personal information to others except as described in this Policy. We share your personal information with selected recipients.
If you are a charity using our services, we share your personal information with the following categories of recipients:
If you are an individual donor or a corporation making a donation, we share your personal information with the following categories of recipients:
In addition, we share your personal data with the following parties:
We will also disclose your personal information to third parties in the event that:
WHERE DO WE STORE YOUR PERSONAL DATA
The information that we collect from you will be transferred to, stored at and processed in the EEA. Your personal data is also processed by staff operating outside EEA who work for us or for one of our partners, Stripe. Such staff are engaged in, among other things, the processing of your donations details. We will take all steps reasonably to ensure that your personal data is treated securely and in accordance with this policy.
HOW LONG DO WE STORE YOUR PERSONAL DATA
We will retain your information in accordance with our data retention policy. If you use our Websites without creating an account with us, we will retain your name and email address for a period of 36 months from the date of last contact or when you request to be removed from our system. During and after this period, we will restrict processing of your data.
If you are a registered user, we will retain your personal information as follows:
We review all data periodically, whether stored physically or electronically, to decide whether to destroy, delete or anonymise any data once the purpose for which such data was created is no longer relevant. If we emailed or contacted you, we will keep your details for a period of 36 months after the date of last contact we have had with you.
Please note that after you close your account with our Websites and we cease to provide services to you, we retain your personal data to the extent as it is necessary to comply with applicable laws and regulations and for the purposes of fraud monitoring, detection and prevention. We also retain your personal data as required to do so in accordance with relevant limitation periods and record retention requirements under applicable laws in order to fulfill our tax, accounting and financial reporting obligations under relevant contracts with our partners.
The Act gives you the right to access information held about you and be provided with certain information about how we use your personal data and who we share it with. You also have the right ask us to correct your personal data where it is inaccurate or incomplete and we will endeavour to do so without any undue delay. If you wish to exercise this right in accordance with the Act, please contact use at email@example.com, phone: +44 7746386459.
Where you have provided your personal data to us with your consent, you have the right to ask us for a copy of this data in a structured, machine readable format and to ask us to share (port) this data to another data controller.
In certain circumstances, you have the right to ask us to delete the personal data we hold about you:
In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal data:
In addition, you can object to our processing of your personal data based on our legitimate interests and we will no longer process your personal data unless we can demonstrate an overriding legitimate ground.
To exercise any of these rights above, please contact our Data Protection Officer (“DPO”) at firstname.lastname@example.org. In addition, you have the right to complain to the Information Commissioner’s Office or other applicable data protection supervisory authority. We will endeavor to respond to you and handle your request within one month of receipt.
Please note that these rights are limited, for example, where fulfilling your request would adversely affect other individuals our intellectual property, where there are overriding public interest reasons or where we are required by law to retain your personal data.
THE SECURITY OF YOUR PERSONAL DATA
We make reasonable efforts to protect your personal data as appropriate for the risks associated with processing. We maintain organizational, technical and administrative measures which are designed to protect your personal data within our organization against unauthorized access, destruction, loss, alteration or misuse. Your personal data is only accessible to a limited number of personnel who need to access to the information in order to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have a reason to believe that your interaction with us through our Websites is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately at email@example.com
LINKS TO OTHER SITES
We will, from time to time, host links to and from the websites of our partner networks, advertisers and affiliates. Please note that these websites operate independently from our Websites and have their own privacy policies, which we strongly suggest you check before you submit any personal data to these websites. We do not accept any responsibility or liability for these policies, the contents or use of the websites which are not owned and operated by us. We do not control the privacy policies of third parties, and you are subject to the privacy policies of those third parties where applicable.
WITHDRAWAL OF CONSENT
Where you have provided your consent for us to process your personal data, you can withdraw your consent at any time by taking steps regarding how to “opt-out” as specified in our marketing emails. Even if you opt out, we will still send you non-marketing emails. Non-marketing emails include servicing emails about your accounts with us, and our business dealings with you.
If you wish to withdraw your consent as part of a contract with one of our business users, please liaise with the relevant business user.
You can also let us know that you wish to withdraw your consent by emailing us at firstname.lastname@example.org.
OBJECTION TO MARKETING
With your consent, we will send you marketing emails and newsletters. At any time you have the right to object to our processing data about you in order to send you promotions and marketing information, including where we build profiles for such purposes, and we will stop processing the data for the purpose.
In the event that you wish to make a complaint about how we process your personal data, please contact in the first instance our Data Protection Officer (“DPO”) at email@example.com and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the Information Commissioner’s Office or the data protection supervisory authority in the EU in which you live or work where you think we have infringed data protection laws.
OUR POLICY ON CHILDREN
KindLink is not directed to children under 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at firstname.lastname@example.org, phone: +44 7746386459. We will delete such information from our files within a reasonable time.
We welcome your comments or questions about this Policy. You may also contact us at our email address: email@example.com, phone: +44 7746386459. You can also write to our DPO at firstname.lastname@example.org.
Copyright © 2019 KindLink Ltd.