At the Harington Scheme we are committed to protecting and respecting your privacy.
This Policy explains when and why we collect personal information about people who are customers and suppliers of the Harington Scheme, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time so please check occasionally to ensure that you’re happy with any changes.
Any questions regarding this Policy and our privacy practices should be sent by email to firstname.lastname@example.org or by writing to The Harington Scheme, 55a Cholmeley Park, Highgate, London N6 5EH. Alternatively, you can telephone 020 3457 7997.
Who are we?
We are the Harington Scheme, a local charity which provides training and education for young adults with learning disabilities and/or difficulties, helping them to prepare for future employment, further education and community life. The Harington is a registered charity (no. 279376) and company limited by guarantee (no. 1467946). The registered address is 55a Cholmeley Park, Highgate, London N6 5EH.
The organisation includes The Harington Gardeners, our own garden maintenance company, and the Harington Charity Shop.
Statutory funds do not cover the full cost of our services; we rely on the generosity of individuals, companies and trusts who donate funds, and on our volunteers who give their time to support the charity.
For more information about us and the work we do please visit our website: www.harington.org.uk
How do we collect information from you?
We collect information about you through your contact with Harington as customer or supplier of the charity. This information is usually collected when you make a purchase from, supply goods/services to or enter into a contract with Harington.
This information will be collected by us in person or through correspondence. We have a legimate interest in processing your data as we have engaged in a financial transaction with you. Please note that we will never add you to a mailing list before seeking your consent to do so.
What type of information is collected from you?
The personal information we collect includes your title, name, address, email address and phone number and any additional details required to administer your transaction/contract with us. We use three merchant services providers to process credit and debit card transactions: Payment Sense, PayPal and World Pay top process credit and debit card transactions. In line with PCI compliance we do not store credit card details; details are entered directly into the payment interface and are not stored by us.
We may use your information in the following ways:
· to correspond with you about your involvement with Harington;
· to keep a record of your relationship with us;
· to create internal reports (and accounting records where appropriate);
· for publicity (with your consent), for example if you are sponsoring/supporting an event or fundraising on behalf of Harington;
· and to send you communcations which you have requested and that may be of interest to you. These may include information about our events, our work, products and services we offer and fundraising appeals.
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example accounting records). We will hold your personal information on our systems for as long as is necessary for the relevant activity.
Who has access to your information?
Your information will only be accessed by authorised Harington Scheme personnel for legimate purposes. We will not sell your information to third parties or share it for marketing purposes.
We may store and process your information to our third party service providers (for example our email provider and database software) for the purposes of completing administrative tasks, for example to process donations and send you mailings. When we use third party service providers, we disclose only the personal information that is necessary to process the task and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be assured that we will not release your information to third parties beyond the Harington Scheme for them to use for their own purposes unless we are required to do so by law (for example, by a court order or for the purposes of prevention of fraud or other crime).
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about the work we do, you can select your choices by ticking the relevant boxes on the form on which we collect your information.
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted. You can change your marketing preferences at any time by emailing: email@example.com by calling 020 3457 7997.
How you can access and update your information
The accuracy of your information is important to us. If your contact details change, or if any of the other information we hold is inaccurate or out of date, please email us at: firstname.lastname@example.org, call us on 020 3457 7997 or write to us at: The Harington Scheme, 55a Cholmeley Park, Highgate, London N6 5EH.
You have the right to ask for a copy of the information The Harington Scheme holds about you.
Security precautions in place to protect the loss, misuse or alteration of your information
Paper records that include your personal data are kept in a locked cabinet that is only accessible by authorised personnel.
Harington’s internal server/computer system is protected by a firewall and encryption. Harington uses a variety of IT system, electronic storage systems, cloud services to manage and run its operations, for example the onsite server backup, Microsoft Office 365, Xero accounting and an online database/CRM system. Only services that meet GDPR requirements are used. All IT systems are password protected and only accessible by authorised personnel.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
Transferring your information outside of Europe
Whilst it is avoided wherever possible, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if we use a mailing list service whose servers are located in a country outside of the EU. In these cases Harington will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in May 2018.