retailTRUST is committed to protecting your data and your privacy. We aim to ensure that any information you give us is held securely and safely. Please read this policy carefully (along with our terms and conditions) to understand how we collect, use and store your personal information.
retailTRUST (Registered Charity 1090136/SC039684) operates three wholly owned trading subsidiaries:
- Retail Trust Events Limited (Registered Company Number 03253828)
- RT Wellbeing Services Limited (Registered Company Number 09958483)
- Cottage Homes Contracts Limited (Registered Company Number 09127894)
These subsidiaries support the efficient fundraising, income-generation and operational activities of the charity, and their activities are also covered by this policy.
retailTRUST holds and processes personal details in accordance with Data Protection Legislation, which is the Data Protection Act 2018 and the General Data Protection Regulation (EU) 2016/679. retailTRUST is registered with the Information Commissioner (Registration Number Z8109661).
If you have any questions about this policy or how your data is handled, please write to:
Email: [email protected]
Telephone: 01332 554200 (during office hours, Monday to Friday, voicemail available for messages outside these hours)
retailTRUST takes data protection very seriously. As you use our website, get in touch with us, or take part in our activities and events, we collect information. This deepens our understanding of what you are interested in, helps us understand how well we are providing our services, and helps us to improve the quality and relevance of all of our interactions with helpline callers, residents, beneficiaries, donors, partners and other visitors.
retailTRUST and its subsidiaries will never share your information with another organisation for their own marketing purposes and we will never sell your information for any reason whatsoever. We know that this is important and want to reassure you that you are always in control of how we use the personal information you give us.
We do however need to collect and use your personal information for carefully considered and legitimate business purposes, which will help to ensure that we can run retailTRUST and its subsidiaries efficiently, raise funds effectively and deliver our charitable activities.
This policy will set out what data we collect, how we will use it, what the legal basis for this is, and outline what your rights are in respect of your personal data.
What we collect
retailTRUST will be a “controller” of the personal information that you provide to us either electronically, on paper or by telephone (unless at the time of collection we tell you otherwise).
We offer a wide range of charitable services to our helpline callers, residents, beneficiaries, donors, partners and other visitors. When you interact with us we may ask you for some or all of the following personal information:
- Basic contact details – name, address, email address, date of birth, etc.;
- Employment – name of your employer, job title and how long you’ve been employed, etc.;
- If you apply for a grant we will need payment details – bank account number, sort code, card details, etc.;
- If you telephone our helpline personal data given during your call may also be recorded;
- Equality information – for example, disability, etc.;
- You may be photographed or included in a video recording if you attend our events.
The chatbot offered on this site uses artificial intelligence to provide the most appropriate answer to your query. We do not store records of the chats you have with the chatbot. We do record the types of requests and recommendations given by the chatbot as part of your user profile, but not the reasons why they were made. Types of requests and recommendations made to you are confidential and we will not share them with any third party including employers in any form that could identify you as an individual. During the conversation the chatbot may pass your enquiry to a human operator to respond. These live chats are also not recorded.
The chatbot is not designed to process personal data and you should not give the chatbot any information which could be used to identify you as an individual, such as your name, address, telephone number, specific details of your employment and so on.
Chatbot data is processed on the basis of our legitimate interest in:
* Responding to enquiries from visitors to the site
* Collating anonymous statistical information about our users which may be shared with third parties
* Analysis, targeting, and segmentation of data to help develop organisational strategy, and improve marketing and fundraising communications as well as improving operational efficiency.
The chatbot uses artificial intelligence to help you find the most appropriate information. The options offered by the chatbot are only recommendations and do not exclude you from accessing any of our services. All services provided by retailTRUST to which you are entitled can be accessed whether or not you use the chatbot.
The chatbot does not make automatic decisions which produce legal effects or have similarly significant effects. Types of requests and recommendations made are stored by us, but only for statistical and analytical purposes.
We employ third-party suppliers to provide chatbot services. These suppliers process personal information on our behalf as our “processors” and are subject to written contractual conditions to only process that personal information in accordance with data protection legislation.
Special categories of personal data
We also, where necessary ask some of our helpline callers or other visitors for sensitive personal information known in the data protection legislation as special categories of personal data – for instance, information about your health, racial or ethnic origin, or faith. This will only be asked for where there is a clear reason for doing so and both a lawful basis and special condition for processing apply under the data protection legislation, such as where we need this information to ensure that we provide appropriate facilities or support, or we are obligated to collect it to protect you or other people. For instance, callers to our helpline will sometimes need to disclose some sensitive personal information so they can access our counselling support, and it may also be collected when you apply for a grant. We will only use sensitive personal information for the purpose it is has been given and will dispose of it securely as soon as it is no longer required.
There are also some limited situations where we may need to ask if you have a criminal record and record details of any offences. This will only be asked for where there is a clear reason for doing so and it is lawful to do so under the data protection legislation, such as where we are obligated to collect it to protect you or other people. We will only use such information for the purpose it is provided and will dispose of it securely as soon as it is no longer required.
Why we need your personal information – consent
We will always ask for your consent to send you marketing communications by email, SMS or other electronic means. We will also ask you for your consent before contacting you by telephone for the purpose of marketing. In most cases, except where we are obligated to collect it, if you provide any sensitive personal data about yourself (called special categories of personal data in the data protection legislation), we will always seek your explicit consent to process this data.
We will also ask for your consent if your personal data is included in any video content that we create. We use such video content to develop material for helping other people and promoting our services and share this through YouTube, our website and other online and offline platforms. The request for consent will include clear details of how we will use your personal data in our video content including any security settings we use on YouTube and other sites to ensure your personal data remains safe.
Where you give us consent to process your data we will always keep a clear record of how and when this consent was obtained, and you can withdraw this consent for all channels and activities at any time by contacting us .
Why we need your personal information – contractual purposes
In some cases we may need to collect your personal information so that we can carry out our obligations under a contract with you. In each instance we will only use your personal information to fulfil our obligations under the contract. If you do not provide us with all of the personal information that we need to collect then this may affect our ability to provide training or other services.
Why we need your personal information – legal obligations
We are under a legal obligation to process certain personal information relating to our trustees and volunteers for the purposes of complying with our obligations under:
- the Companies Act 2006, Charities Act 2011 and Charities and Trustee Investment (Scotland) Act 2005 to maintain a register of our board members and members, which includes our board members’ and members’ name, address, the date they were admitted to membership and the date on which they ceased to be our board member and/or member, and hold general meetings, including issuing notices and voting arrangements; and
- the Protection of Vulnerable Groups (Scotland) Act 2007 to check that our volunteers are able to undertake regulated work with children and vulnerable adults; and
- any other legislation that places an obligation upon us to process personal data.
Why we need your personal information – equality monitoring requirements
In some cases our commitment to giving everybody fair and equal treatment requires us to use your personal information relating to your racial or ethnic origin, etc. for equality monitoring purposes.
We will process such personal information to identify and keep under review the existence or absence of equality of opportunity or treatment between groups of people within the same categories to promote or maintain equality across our services.
Why we need your personal information – legitimate purposes
The data protection legislation allows personal data to be legally collected and used by an organisation if it is necessary for a legitimate interest of the organisation - as long as its use is fair and balanced and does not unduly impact the rights of the individual concerned.
Where we process your personal information in pursuit of our legitimate interests, you have the right to object to us using your personal information for the above purposes. If you wish to object to any of the above processing, please contact us . If we agree and comply with your objection, this may affect our ability to undertake the tasks below for the benefit of our beneficiaries and the funders who financially support the services we provide.
We process your personal information in pursuit of our legitimate interests to:
- The delivery of our charitable mission as set out in our charitable priorities
- Internal and external audit for financial or for regulatory compliance purposes
- Statutory reporting
Marketing and income generation
- Conventional marketing, publicity, advertising and fundraising
- Analysis, targeting, and segmentation of data to help develop organisational strategy, and improve marketing and fundraising communications as well as improving operational efficiency
- Processing for research purposes, such as marketing or fundraising research
- Using publically available information to profile potentially important supporters
- Physical security, IT and network security
- Anonymising data so it can be shared with third parties without compromising confidentiality
- Processing data for historical, scientific or statistical purposes
- Responding to any solicited enquiry from any of our visitors
- Providing products, information and/or fundraising packs requested by visitors
- Communications designed to administer existing services that an individual has asked or registered for
- Collating anonymous statistical information about our users which may be shared with third parties
- Administrating Gift Aid
- Ensuring we respond properly to complaints
- Thank you communications and receipts
- Maintenance of “Do not contact lists”
Why we need your personal information – public interest
We may also process your personal data when it is required to perform a task in the public interest that is set out in law. We consider our financial management and control to be tasks we carry out in the public interest, this includes:
- Processing of financial transactions and the maintenance of financial controls
- Preventing fraud, the misuse of our services, or money laundering
- Enforcing legal claims, including debt collection via out-of-court procedures.
Other uses of your personal information
We may ask you if we can process your personal information for additional purposes. For example, where a new technology could allow us to offer improved services to our visitors. Where we do so, we will provide you with an additional privacy notice that explains how we will use your information for these additional purposes.
Who we share your personal information with
We may share your personal information with our wholly owned trading subsidiaries to assist us with the efficient fundraising, income-generation and operational activities of the charity, and their activities are also covered by this policy.
We may be required to share personal information with statutory or regulatory authorities and organisations to comply with statutory obligations. Such organisations include the Health & Safety Executive, HMRC, etc. for the purposes of safeguarding children and vulnerable adults.
We may also share personal information with our professional and legal advisors for the purposes of taking advice.
retailTRUST employs third party suppliers to provide services, including out of hours telephone support, counselling services etc. These suppliers may process personal information on our behalf as “processors” or “joint controllers” and are subject to written contractual conditions to only process that personal information in accordance with data protection legislation.
In the event that we do share personal information with external third parties, we will only share such personal information strictly required for specific purposes we have identified in advance, and will take reasonable steps to ensure that recipients shall only process the disclosed personal information in accordance with those purposes.
How we protect your personal information
Your personal information is stored in our secure electronic filing system and our servers based in the UK, and is only accessed by trained and authorised staff and volunteers for the purposes set out above. We keep your personal information secure by using a range of technical and organisational security measures, including tools, systems and processes to:
- encrypt, anonymise and pseudonymise personal information
- ensure the ongoing confidentiality, integrity, availability and resilience of our data processing systems
- restore the availability and access to personal information in a timely manner in the event of a physical or technical incident.
We also store some personal information in paper files. Where we do this, those files are kept in secure locations in locked cabinets that only authorised staff have access to.
In addition we regularly test, assess and evaluate the effectiveness of all our technical and organisational measures for ensuring the security of the personal information we process.
How long we keep your personal information
We only keep your personal information as long as is reasonable and necessary for the relevant activity. We may extend this period after the relevant activity has completed to comply with statutory restrictions or industry best practice, for example, the collection of Gift Aid on donations or best practice on retaining records of helpline calls.
We have a data retention policy that sets out the periods for retaining and reviewing all information that we hold. This sets out different retention periods for different forms of data and you can request a copy by contacting us at [email protected]
Your communications with us (including by telephone or email) may be monitored and/or recorded for training, quality control and compliance purposes to ensure that we continuously improve our customer service standards.
Your rights in relation to your personal information are:
- you have a right to request access to the personal information that we hold about you by making a “subject access request”;
- if you believe that any of the personal information that we hold about you is inaccurate or incomplete, you have a right to request that we correct or complete it;
- you have a right to object to and/or request that we restrict the processing of your personal information for specific purposes;
- if you wish us to delete the personal information that we hold about you, you may request that we do so;
- if you would like to obtain the personal information that we hold about you to reuse it for your own purposes, you may request that we do so; and
- if we undertake any automated decision-making and profiling, you have a right to object to your personal information being used in this manner.
- You can exercise any of the following rights by completing this form .
Any requests received by retailTRUST will be considered under applicable data protection legislation. If you remain dissatisfied, you have a right to raise a complaint with the Information Commissioner’s Office at ico.org.uk.