We take your privacy very seriously and we ask that you read this privacy notice carefully. It contains important information about who we are, how and why we collect, store, use and share your information and your rights in relation to this.
Who we are and what we do
H.O.P.E is an independent organisation providing a range of services to help people take action to prevent loneliness and build communities. Everything we do is in support of our mission, members and Communities. H.O.P.E have no commercial or political aims.
How this policy applies
When and how we collect your data
We do not collect any personal information about you except when you specifically and knowingly provide such information. You may choose to share your data with us in various ways, including:
By signing up to join our movement
By booking to attend one of our events or courses
By supporting one of our online campaigns
By registering your interest to hear about opportunities to get involved with our work
By ordering our resources
By interacting with us in other ways where you choose to share your data
You may provide this information to us via various online platforms which we use to fulfil our charitable objectives, including our website and a small number of trusted and secure third-party services we use for managing event bookings and capturing data via online forms and surveys.
Your data will be held and processed in a limited number of carefully controlled systems, which we also use to fulfil our charitable objectives, including the trusted third-party platforms we use for email communications, relationships management and secure data storage and backup.
We only collect information for legitimate purposes in ways which are adequate, relevant and limited to what is necessary in support of our charitable aims. We endeavour to ensure that the information we hold is accurate and, where necessary, kept up to date. And we take steps to ensure that any personal data that is inaccurate is rectified or erased without delay.
If you wish to access, update or request deletion of your personal information we will ensure that such requests are always acted on in a timely and appropriate way (see details below).
What do we do with the data you provide
We use the information you share with us to provide you with useful and relevant information in support of our mission. This includes:
Sending you relevant information about the specific part of our work that you have engaged with (e.g. a course you are attending or the resources you have ordered)
Sending you occasional updates about our work which we feel are relevant and appropriate
Letting you know about upcoming events, courses or activities near you, where these are considered to be relevant and appropriate
Our processing of your data is based on one or both of the following two legal bases:
Legitimate Interest: in some cases, we may process your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our charity and that does not materially impact your rights, freedom or interests.
Data controller: H.O.P.E organisation
Data protection officer: John Hogan
This Policy may change from time to time and, when such a case arises, the up-to-date version will always be available on our website and becomes effective immediately.
The organisation collects and processes personal data relating to its contractors to manage the independent/self-employed contractor relationship with in country partners. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information we may collect about you?
We may collect and processes a range of information about you through various means. This includes:
In the course of carrying out services for you.
The personal data described above may relate to any of the following categories of person
our members and personnel
our prospective employees, work experience students or other volunteer applicants
those emergency contacts whose details have been provided to us by our people
third parties with whom we have contact with (e.g. third-party and counterparties on a member matters)
our contacts at our ‘Preferred Firms’ or referrers, professional advisors or others with whom we work in the context of our members and events.
our prospective target members
our current members.
those who submit enquiries through our website or whose details are otherwise entered into our members management system.
Data is stored in a range of different places, including in your personnel file, in the organisation’s)
Spreadsheets/ word including other IT systems (including the organisation’s email system).
Why does the organisation process personal data?
The organisation needs to process data to enter into an independent business agreement with you and to meet its obligations under your engagement. For example, it needs to process your data to provide you with agreement to pay you in accordance with your terms of service and to administer requirements.
In some cases, the organisation needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check on Membership in the UK or any other EEA jurisdiction, to complete necessary registration checks to ensure that individuals, are permitted to comply with our organisation requirements.
How we will use your information:
We may use your information for the following purposes:
to respond to any query that you may submit to us
to manage our relationship with you (and/or your business), including by maintaining our database of clients and other third parties for administration, and accounting and relationship management purposes
to complete our contractual obligations to you, or otherwise taking steps as described in our engagement terms and/or our Terms of Business (including any associated administration)
to send you any relevant information on our services and events that may be of interest to you using the email and/or postal address which you have provided, but only if you have given us your consent to do so or we are otherwise able to do so in accordance with applicable European Data Protection Legislation
to process any payment illustrations
to ensure that our website’s content is presented in the most effective manner for you and your device
to customise our website according to your interests
to administer our website and for internal operations, including troubleshooting, data analysis, testing, research
to comply with any other professional, legal and regulatory obligations which apply to us or policies that we have in place
as we feel is necessary to prevent illegal activity or to protect our interests.
Legal Grounds for Processing your information:
We will rely on the following legal bases under European Data Protection Legislation for processing your personal data:
Performance of, or entry into, a contract. The personal data that we are required to collect in order to comply with any other professional, legal and regulatory obligations which apply to us must be provided to us in order for us to perform this contract – we would not be able to act for you without this personal data.
Compliance with a legal obligation to which we are subject.
We have a legitimate interest in doing so as a payroll services provider (and where our legitimate interests are not overridden by your (or the relevant individual’s) own interests or fundamental rights or freedoms). These legitimate interests will include our interests in managing our relationship with our clients and ascertaining achievement of proper standards/ compliance with policies, practices or procedures.
Where processing of ‘special category data’ is necessary in the context of the establishment, exercise or defence of legal claims.
In certain circumstances, such as those described in “how we will use your data” above or where we need to process ‘special category data’ in the context of our payroll work but outside the scope of “Legal Grounds for processing your information” above, where we have obtained your express consent to do so. As we will explain at the time we collect your consent, you may withdraw it at any time in accordance with the information we provide to you at that time.
Who has access to data?
Your information will be shared internally, including Client Services team and Operations team.
The organisation shares your data with third parties in order to complete local country registrations and establish your self-employed structure and where required, to obtain necessary criminal records checks from the Disclosure and Barring Service.
The organisation also shares your data with third parties that process data on its behalf in relation to pension or insurance providers.
The third parties include:
our bank (including as permitted by The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 which, for the purposes of preventing money laundering or terrorist financing, may require us to disclose your personal data on request to our bank from time to time where we hold monies in our pooled Client Account on your behalf)
our auditors, including external accreditation bodies
other professional advisors or third parties (including counsel, overseas lawyers, accountants) with whom we engage as part of our work for our clients or who our clients separately engage in the same context
our data processors providing accountancy, email security, data governance, archiving and other IT and business support services
Your data may be transferred to countries outside the European Economic Area (EEA). Data is transferred outside the EEA on the basis of compliance and auditing.
How does the organisation protect data?
The organisation takes the security of your data seriously. The organisation has internal policies and controls in place with the aim to ensuring that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its contractors and employees in the performance of their duties.
Our Web site page is protected by Wordfence Security and has SSL Certificate installed to ensure that all content on our web site is secured.
Web usage information (e.g. IP address), your login information, browser type and version, time zone setting, operating system and platform.
Information about your visit, including the full Uniform Resource Locators (URLs) clickstream to, through and from our website (including date and time); time on page, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs).
We follow strict security procedures as to how your personal information is stored and used, and who sees it, to help stop any unauthorised person getting hold of it. All personal information you register on our website will be located behind a firewall. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Unfortunately, the transmission of information via the internet is not completely secure and although we do our best to protect your personal data, we cannot absolutely guarantee the security of your data.
We will keep your information stored on our systems for as long as it takes to provide the services to you and in accordance with our Terms of Business. We may keep your data for longer than our stated retention period if we cannot delete it for legal, regulatory or technical reasons.
The third parties we engage to provide services on our behalf will keep your data stored on their systems for as long as is necessary to provide the services to you.
Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does the organisation keep data?
The organisation will hold your personal data for the duration of your project. The periods for which your data is held after the end of your engagement are in line with legal requirements.
Your information rights
As a data subject, you have a number of rights. You can:
access and obtain a copy of your data on request;
require the organisation to change incorrect or incomplete data;
require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
object to the processing of your data where the organisation is relying on its legitimate interests as the legal grounds for processing; and
ask the organisation to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation’s legitimate grounds for processing data.
If you would like to exercise any of these rights, please contact John Hogan on email address email@example.com.
If you consent to us contacting you, we will always aim to be respectful, relevant and appropriate. If at any time you do not think that we have complied with this, please contact us straight away to let us know.
You also have the right to raise concerns with Information Commissioner's Office on 0303 123 1113 or at https://ico.org.uk/concerns
Questions, comments and requests regarding this Policy should be addressed to our Data Protection Officer:
Name: John Hogan
Email address: firstname.lastname@example.org
Alternatively, you can contact us through the Contact Us section of our website