Changing Faces is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website or communicating with us by phone, email or in person, then you can be assured that it will only be used in accordance with this Privacy Statement.
We collect information about:
We collect information that we need to, or that we believe would be useful to provide our services, products and information. These purposes comprise:
Where we ask you to provide us with any information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement, and in line with data protection legislation, including the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) 2018.
We seek your consent if consent is necessary. To assess whether consent is necessary we carry out a balancing exercise between your rights and expectations, and our legitimate interests to carry out the data processing activity, consistent with the law.
We will never sell your data to any individual or organisation.
We will only pass on your information:
We keep the information we hold about you accurate and up-to-date so far as we are able.
We follow the Code of Fundraising Practice for the UK, issued by the Fundraising Regulator, to ensure that we treat all donors, including vulnerable donors, fairly.
If you ask us to remove your personal information from our records, we will make efforts to ensure we have identified the correct record on our system, and we will review the data to ensure that we are not required to hold it for legal reasons. If, once these actions have been taken, we determine that we have no legal obligation to keep your data, we will retain your key details – i.e. your name, home address and email address – on a suppression list to make sure that we do not contact you again, and we will destroy all other information we hold about you (if we were to remove your details completely we would have no record of your wishes, and therefore someone from Changing Faces might inadvertently contact you again.) The only exception to this will be if we are required to keep a record of your gifts for Gift Aid and financial audit purposes, in which case we will anonymise your record and retain the relevant data in a locked note which can only be accessed by a relevant employee.
We use a secure server to host all areas of our website which collect personal information.
1. Who we are and what we do
Changing Faces is the UK’s leading charity for everyone who has a medical condition, mark or scar that makes them look different.
We provide advice and support through our expert psycho-social and skin camouflage services in local communities across the UK. We help build people’s confidence to live their life on their terms. And we challenge prejudice, respect differences and speak to a world that needs to change.
Changing Faces is registered as a charity in England and Wales (registered charity number 1011222), and in Scotland (registered charity number SCO39725) and is the data controller for data protection purposes.
2. Data protection regulations
In carrying out our day-to-day activities we process and store personal information relating to our supporters and we adhere to the requirements of the Data Protection Act 2-2018 (DPA) and the General Data Protection Regulation (GDPR).
We take our responsibilities under data protection legislation seriously and we ensure the personal information we obtain is held, used, transferred and otherwise processed in accordance with those regulations and all other applicable data protection laws and regulations including, but not limited to, the Privacy and Electronic Communication Regulations.
3. What personal information do we collect?
Personal information is information that can be used to identify you. It may include your:
It may also include:
These lists are not comprehensive, but they are intended to give an indication of the sort of information we collect.
We collect this personal information about you when you ask about our activities, register with us (for example, signing up to receive information), make a donation to us, register for an event, engage with our social media or message boards, order products and services (such as publications and email newsletters), otherwise give us personal information, or become known to us as someone who might consider connecting with Changing Faces in some way.
4. Sensitive/special category data
If you contact us in order to seek support from our services, we may collect the following additional information, defined in law as sensitive data or special category data. Sensitive or special category data is a type of personal data, but potentially, if made available, could leave the individual it relates to vulnerable to discrimination or harassment. GDPR protects personal information as a whole but adds extra focus to sensitive information because of possible impact to a person’s livelihood, quality of life, and ability to participate in daily activities.
Special category data, as defined by the GDPR, comprises:
5. Non personal data
If you do nothing other than read pages or download information from our website, we may gather information about this use, such as which pages are most visited and which events or activities are of most interest. This information can be used to help us improve our website and services and ensure we provide you with the best service. The information we use for this purpose is aggregated or anonymised, i.e. it will not identify you as an individual visitor to our website.
In recording this information, we apply all the usual data protection principles outlined in this policy, so people sharing this information can feel confident that this information will not be used or stored inappropriately, and they retain the right to access this information or to request its removal at any time.
If you use your credit or debit card to donate to us, buy something or pay online or over the phone, we will ensure that we manage this securely and in accordance with the Payment Card Industry Data Security Standard (PCI DSS). Click on PCI DSS to find out more about card payment security.
We do not store your financial information for longer than we need to.
6. How do we use the information we process?
These are examples of how we may collect and use your personal information:
To provide services, products or information you have requested. For example:
For administration purposes. For example:
For legal purposes. For example:
For fundraising purposes. For example, if you are a fundraiser:
For marketing purposes. For example:
For some data processing activities, including marketing and fundraising, we require your consent to contact you. We may also contact you if we believe there is a legitimate interest in doing so. A legitimate interest is when we believe it is to your benefit to receive a piece of information, it has minimal privacy impact and does not compromise your rights or freedoms. However, if you have specifically told us you do not wish to receive any communications from us we will not process your data on a legitimate interest basis.
There are some occasions when we do not require your consent to process your data, such as for legal purposes or for many administrative purposes, but in some cases we do need your consent to use your data for data processing, including direct-marketing purposes.
If you have asked us not to use your information for marketing purposes we will retain your name, home address and email address on a suppression list to ensure we do not continue to contact you.
The use of your information for the purposes set out above is lawful because one or more of the following applies:
8. Your marketing preferences
We will use the following statement to invite you to express your preference for how you would like us to retain contact with you:
Are you happy for Changing Faces to contact you with regards to news and information about the charity?
Are you happy for Changing Faces to contact you about fundraising?
In this way we give you the opportunity to opt in to further communications with us, and to express your preferred method of communication. If you have opted in to further communications we will automatically invite you to update this option every two years; or at any appropriate earlier time that is required.
9. The accuracy of your information
Our aim is for all information that we hold about you to be accurate and, where necessary, kept up-to-date. If any of the information we hold about you is inaccurate and either you advise us of this or we become aware in another way of its inaccuracy, we will ensure it is updated as soon as possible.
10. Information-sharing and disclosure
We will not sell your information to any third party.
We may share your information with our data processors. Our data processors are organisations carrying out services for Changing Faces such as sending out mass emails or materials, subject to your communication preferences and our internal policies and procedures. We have contracts in place with all third parties to ensure they are obligated to treat our customers’ personal data in compliance with the General Data Protection Regulation 2018.
We may also disclose your personal information to third parties if we are required to do so by a legal obligation (for example to the Police or a Government body); or to enable us to enforce or apply our terms and conditions or rights under an agreement; or to protect us, for example, in the case of suspected fraud or defamation.
We may share data relating to specific health conditions or lifestyle issues, but we will only ever do this in an anonymised, aggregated manner.
Other than this, we will not share your information with other organisations without your consent.
Many of our supporters who participate in events to raise funds for Changing Faces set up a personal page on a specialist fundraising platforms (JustGiving or Virgin Money Giving) designed to help individuals and charities raise money and maximise the use of Gift Aid. Personal data provided by Changing Faces supporters for this purpose to JustGiving and Virgin Money Giving is passed to us. We store this information in our database and use it to communicate with our supporters about their fundraising activities.
We ensure that when processing children’s data we comply fully with the existing protection and safeguarding legislation. Children are able to exercise their own data rights as soon as they have capacity and understanding, which is ordinarily assumed around the age of 12. Any younger person aged under 16 who would like to engage with us, and whose personal data we need for that purpose, must also have a parent / guardian’s permission to do so before giving us those details.
12. Vulnerable people
We recognise the importance of protecting our vulnerable supporters and we follow the Code of Fundraising Practice in the UK issued by the Fundraising Regulator. We believe this helps to support our staff who come into contact with supporters to provide high quality supporter care, ensuring anyone donating to the Charity is in a position to make a free and informed decision. If an individual appears vulnerable we will offer them a cooling-off period, or more time before taking a donation. If we believe the individual lacks the mental capacity to make a decision we do not take a donation.
13. Storing your information
For financial and technical reasons we may, on occasion, need to use the services of a supplier outside the European Economic Area (EEA). Data may need to be transferred and stored outside the EEA, including in the USA where it will be held in full compliance with General Data Protection Regulation (GDPR) 2018, ensuring security of information equal to that required by the UK and throughout the EEA. We do this by ensuring that any third parties processing your data outside the EEA either benefits from an adequacy determination for GDPR purposes and/or, where appropriate, we have entered into a Data Processing Agreement which contains model EU clauses.
Your record will be deleted if we have had no contact or interaction with you over a period of seven years, and you have opted out of communications. This retention period has been determined with consideration for our legal obligations and tax and accounting rules, and we reserve the right to change it to reflect subsequent changes in those rules and obligations.
14. Our website and social media
By using our website, social media pages, entering a competition or providing your information you consent to our collection and use of the information you provide in the ways set out in this policy.
For all areas of our website which collect personal and financial information, we use a secure server. We take great care to ensure that our websites operate at the highest security levels and that our suppliers are committed to best practice in digital security. All personal information and financial data is encrypted in transmission.
However, the security of data transmission via the internet can never be 100% guaranteed, and data transmission is at your own risk.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
Third party cookies
Some of the services on our websites, such as videos from Youtube and sharing functions from Facebook, Twitter or LinkedIn, may also place cookies on your computer. We do not take responsibility for third party cookies.
Yes, you can use your browser settings to disable cookies. Different browsers offer different levels of control – for example you may be able to accept certain cookies and reject others, such as third party cookies.
You can delete the cookies stored on your computer at any time.
For a full list of the cookies we use and what they do, please email firstname.lastname@example.org.
16. Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
17. Updating our policy
This policy was last updated 10th September 2018. Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes.
Self-employed contractors and volunteers are notified of their responsibilities when they begin delivering services to or volunteering with Changing Faces.
19. Your rights
You have the right to request:
If you would like a copy of some or all of your personal information, please make a request to our Data Protection Lead using the details provided below. We will provide this information to you without charge, unless requests are manifestly unfounded, repetitive or excessive, in which case we are entitled to charge a reasonable administration fee.
If you believe we are not respecting your rights, you are entitled to make a complaint to the Information Commissioner’s Office. Further details about how to complain can be found here.
If you have any questions or queries about this Privacy and Data Protection Statement, or if you would like to request a copy of the information we hold about you, please contact the Data Protection Lead at the address and contact details below:
Data Protection Lead
The Squire Centre
33-37 University Street
London WC1E 6JN
0345 450 0275