Privacy Policy

Introduction

We promise to respect any personal data you share with us and keep it safe. We aim to be clear when we collect your personal information and not do anything you wouldn’t reasonably expect. In this policy, we will outline how we process your personal data.

If you have any questions about our privacy policy then please do contact a member of the team who will be happy to talk you through it. Our contact details are:

Registered address: Maudsley Charity, ORTUS, 82-96 Grove  Lane, London SE5 8SN

Emailinfo@maudsleycharity.org

Tel: 020 3696 9760 (select option 4)

Maudsley Charity Registered Charity No: 1175877.

Who we are

We are Maudsley Charity, working with the Fundraising and Supporter Development team (FSD) at King’s College London (KCL).  The Maudsley Charity and KCL have worked together for many years and, since 2011, fundraising activities for Maudsley Charity have been carried out by KCL to maximise the funds available for the Charity.  Both the Maudsley Charity and KCL are registered with the Fundraising Regulator.

KCL fundraise on behalf of Maudsley Charity to raise money for South London and Maudsley NHS Foundation Trust. Together we fundraise to support people with mental health difficulties to recover and stay well. In addition, we fundraise to develop pioneering research projects and provide innovative treatments.

As part of the relationship it is understood between KCL and the Maudsley Charity, that in regards to the handling of any Personal Data, KCL is a Processor (within the meaning of the Data Protection Legislation) acting on behalf of the Maudsley Charity, who are the Controller. (ICO Registration reference: ZA327354).

Legal basis for processing

We process your data as described in this policy because we have a legitimate need to do so to deliver our fundraising ambitions. Some processing of data may be carried out to perform a contract with you, such as processing your donation, or as required by law, such as the completion of due diligence or fulfilment of Gift Aid requirements. We would only use your email or text information to contact you about fundraising and marketing if we have provided your consent to do so and you will always have the opportunity to opt out of communications from any channel at any time.

Our duty

In carrying out our day-to-day activities we process and store personal information relating to our supporters, and we are therefore required to adhere to the requirements of the UK General Data Protection Regulations (UK GDPR). We take our responsibilities under this regulation very seriously and we ensure the personal information we obtain is held, used, transferred and otherwise processed in accordance with the UK GDPR and all other applicable data protection laws and regulations including, but not limited to, the Privacy and Electronic Communication Regulations 2003 (PECR).

How we collect information on you

We collect personal information from you when you enquire about our activities, register for an event, make a donation, sign up to an event, volunteer, engage with our social media channels or otherwise provide us with your personal information.

The personal information that we may request might include your name, your age, gender, location and/or country information, and possibly other information, as well as credit card or other financial information needed to process donations or event fees. We may also ask you if you are a UK taxpayer so that we can claim Gift Aid (please rest assured that we do not collect information about your actual tax payments, just whether you are a taxpayer). We will never request personal information about your health or the health of your family members or friends unless we inform you how that information will be used and receive your express consent for such use i.e. for a case study story.

Your information may be shared with us by independent event organisers, for example ‘London Marathon Events Ltd’ or fundraising sites like ‘Just Giving’. These independent third parties will only do so when you have indicated that you wish to support Maudsley Charity and with your consent. You should check their Privacy Policy when you provide your information to understand fully how they will process your data.

We use third parties to collect data on our behalf to support our activities. This might include running raffles, event registrations, setting up Direct Debits and processing your donations, and ensuring our records are as up to date as possible through running address and detail verification through sources that are deemed acceptable by the Information Commissioner’s Office. Specifically, for our fundraising, marketing and communication purposes we use MailChimp, MuchLoved, Artificial Art, Virgin Money, Amazon Smile, Darren Atkins Ltd, Ferns Livingston Ltd, Google Docs, Google Forms, Reason Digital, PayPal, The Big Give, Open Mobile Global, Stripe, Give Panel, Access UK Limited, Big Give, Hootsuite, Eventbrite and Gift in Celebration websites. In order to process some of our communication channels needs we may use some suppliers outside of the UK. Any personal data transfers outside of the UK will be covered by an appropriate agreement (e.g. IDTA, EU Standard Contractual Clauses and EU SCC plus addendum) to ensure complete protection of personal data. For more information of how they process data please view the privacy policies on the third-party supplier websites.

To increase our fundraising reach we research information in the public domain on local organisations, companies and schools to find contact details to get in touch about our latest activities and appeals. We will not call any company or organisation registered with the Corporate Telephone Preference Service.

If you have provided your consent, by responding to a mailing to allow South London and Maudsley NHS Foundation Trust to pass your details to the Charity, we will contact you to keep you up-to-date about fundraising and what’s happening across South London and Maudsley. Please rest assured that we do not have access to confidential patient data. You can withdraw your consent at any time should you wish, please unsubscribe via the email or contact us using details at the top of this page.

How we will use your personal information

We may use your information for a number of purposes including the following:

  • To provide you with information about our work or our activities that you have requested
  • For administration purposes e.g. we may contact you about a donation you have made or event you have expressed an interest in or registered for
  • To ask you to help us raise money or donate money to our Charity, but always in accordance with the Charity Governance Code
  • To create an account for you if you register with us
  • To process entries into a prize draw or raffle
  • For internal record keeping, including the management of any feedback or complaints
  • To use IP addresses to identify your approximate location, to block disruptive use, to record website traffic or to personalise the way our information is presented to you
  • To analyse and improve the services offered on our sites to make it as user-friendly as possible
  • To use anonymised personal data to benchmark our activity with other relevant organisations, including the Association of NHS Charities
  • Transfer to HM Revenue and Customs in respect of any Gift Aid claim
  • For statutory and regulatory compliance
  • We may assess your personal information for the purposes of credit risk reduction or fraud prevention.
  • To keep your records as up to date as possible. To help us do this we may use publicly available sources, for example, the Post Office’s National Change of Address database. Please see the ‘Keeping your information up-to-date’ section below for more details on how you can let us know if your contact details change.

Research and profiling

In addition to this, we may use your data for research and profiling. Philanthropy is vital to Maudsley Charity to ensure it can continue to support a step-change in research, service delivery and innovation in order to back better mental health. Research and profiling are activities which enable Maudsley Charity to achieve this as they allow us to gain a better understanding of who we should engage with, how we should engage with you, and tailor our communications more effectively and appropriately. This also helps us make informed decisions about our fundraising strategy and ensure our internal resources and investments are used as effectively as possible. Our objective is to ensure any approaches we make to you are respectful, professional and are based on evidence that you might be interested in our work, providing you with the best experience we can. Please read below for more information:

Research

Research could include research on financial, business, philanthropic, biographical and demographic information sourced from publicly available data, such as Companies House, the Charity Commission and the media. We may also look at professional networks such as LinkedIn, and process special category data if it has been made manifestly public by you; for example, through an interview or a publicly directed social media post. In addition, we may combine the data you provide us with, such as your address, the name of your bank, or where you previously went to school, with data we obtain from other sources. We use this data both to verify we have the correct information, but also to assess whether it would be appropriate to approach you directly about philanthropic opportunities at Maudsley Charity. Mostly this work is carried out manually in-house, but occasionally it is carried out by a trusted third-party supplier and entails using information such as your name, postcode and data on your existing relationship with us to identify whether it is appropriate to approach you about higher-level giving. This is known as wealth screening and is a tool which helps us to better understand who to approach about fundraising and volunteering opportunities in an appropriate way and therefore generate funds cost-effectively.

Profiling

This could include analysis of financial, philanthropic and other personal data we hold on you to assess the likelihood that you might wish to engage with us, as well as broader data analysis. This analysis helps us to gain a better understanding of how to approach you, of your interests, and of broader demographic, geographic and engagement trends amongst our supporters. This process is not solely automated processing and always contains the manual assessment to ensure we are making correct assumptions from the analysis.

If you do not wish your data to be used in any of the ways listed above, then you can choose to change your privacy options by notifying us using the contact details at the top of this page. If you are unsure and have further queries on how we might use your data, please get in touch and we’ll be happy to answer your questions.

In order to comply with our legal obligations and Charity regulations such as the Charity Commission’s CC20 and ‘Know Your Donor’ Policy and the Fundraising Regulator’s Code of Practice, we may also undertake due diligence research to assess the source of funds for donations and to ensure that we are robustly considering ethical and reputational risks to our organisation. As above, we consider this processing to be a legal obligation (Article 6 (1)(c)) and thus are relying on this as a lawful basis for processing data under UK GDPR and the UK Data Protection Act 2018.

Who has access to your personal information?

Your personal information is stored in our database with the industry standard security measures and other organisational measures to protect your data, it is encrypted, password protected, and access is strictly controlled on a need to know basis (Role Based Access Control).

We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to process donations and send out mailings). When we use third-party service providers, we only disclose information necessary to deliver that service and there will always be a contract in place to ensure your information is kept secure. We will not share or sell your data to third parties to use for their own purposes unless we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.

Although most of the information we store and process stays within the UK, some information may be transferred to countries outside the European Economic Area (EEA). This may occur if, for example, one of our trusted partner’s servers are located in a country outside the EEA. These countries may not have similar data protection laws to the UK; however, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law by using EU Standard Contractual Clauses plus the UK addendum or an International Data Transfer Agreement (IDTA) to protect your data. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.

How we keep your personal information secure

We ensure that there are appropriate technical controls in place to protect your personal details; for example, our online forms are always encrypted, and our network is protected and routinely monitored.

We use a secure server when you enter into any money transaction from our website. We also take appropriate measures to ensure that the information disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. We do not store any credit card details.

Any payment details on paper donation forms are destroyed once the donation has been processed.

We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and contractors.

How long will we hold your personal information for?

We will keep your information active for as long as required to enable us to operate our services, but we will not keep your information active for any longer than is necessary. We will take into consideration our legal obligations and tax and accounting rules when determining how long we should keep your information active.

In most cases, this will mean your data remains active for two years after your last interaction with us. An interaction could be making a donation, attending an event, contacting our office, or opening an email from us – anything that implies that you are still interested in our fundraising. After this time, we will cease to use your data to contact you, but your data will continue to be held for analysis and administrative purposes

If you have pledged a legacy gift, it will be necessary to retain your data until your gift is received, so that we can identify the gift against the pledge.

Data will be retained in line with our organisational Data Retention Policy and Schedule.

Keeping your information up-to-date

The accuracy of your information is important to us. You can update your information with us, including your address and contact details at any time. If you would like to change your preferences or update the details we hold about you, please contact us on 020 3696 9760 (select option 4) or info@maudsleycharity.org.

Data Subject rights

Under the UK GDPR you have a:

  • Right to be informed: organisations must tell individuals what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.
  • Right of access: individuals have the right to request a copy of the information that an organisation holds on them.
  • Right of rectification: individuals can correct inaccurate or incomplete data.
  • Right to be forgotten: in certain circumstances, individuals can ask organisations to erase any personal data stored on them.
  • Right of portability: in some circumstances, individuals can request that an organisation transfer any data that it holds on them to another company.
  • Right to restrict processing: in some circumstances, individuals can request that an organisation limits its use of personal data.
  • Right to object: individuals have the right to challenge certain types of processing, such as direct marketing.
  • Rights related to automated decision making, including profiling: under most circumstances, individuals have the right to object to having decisions made about them by automated processes or profiling

If you wish to talk through anything within our privacy policy or exercise any of the rights mentioned above, please contact us using the contact details at the top of this page.

Children and privacy

We take the protection of children very seriously. To that end, we require that children under 16 do not submit any information to our website without a parent’s or guardian’s consent. We will not knowingly request or collect from a child any information online that can be traced to the child, such as an email address, name, or information about the child’s family. Unless a parent or guardian consents to such use in advance, we will not knowingly use information that a child provides to us for any fundraising or promotional purpose.

Grants applicants

Related specifically to those applying for grants. We use a third-party product for our grants application and management process. The data is hosted on Amazon Web Services (AWS) Europe, certified as GDPR compliant.

The information we hold is:

  • Name
  • Organisation
  • Job title
  • Work address and/or home address
  • Telephone number
  • Email
  • Bank account details (only for successful applicants)

Source: All information is supplied by the applicant on the application form. Bank account details are obtained directly from the applicant if an award is made.

We do not share any personal information with anyone else for any purposes.

We use this personal information solely for the purposes of administration of grants and our own internal analysis and reporting.

We keep personal information for the duration of the funded project and up to a year beyond its conclusion to ensure that any other follow-up (e.g. evaluation) can be completed effectively.

Successful or unsuccessful applicants that subscribe to general messages on news and fundraising about Maudsley Charity should refer to this whole policy document with regards to how we use their data.

Enquirers may opt into a time-bound mailing list for people who want to be informed about future funding calls, workshops/events and announcements of priorities. Personal information will be retained for this purpose for 12 months after which time the data will be deleted.

Complaints, compliments or comments

If you are unhappy with our work or something that we have done or failed to do, we want to know about it. We also welcome your views on what we do well. Your comments enable us as an organisation to learn and continuously improve our services.  If you would like to make a complaint, compliment or comment then please get in touch with us on:

Maudsley Charity,
ORTUS,
82-96 Grove Lane,
London SE5 8SN

Email: info@maudsleycharity.org

Tel: 020 3696 9760 (select option 4)

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Changes to our Privacy Policy

We may change this Privacy Policy from time to time. If we make any significant changes in the way we process your personal information we will make this clear on the Maudsley Charity website or by contacting you directly.

Privacy statement reviewed March 2024.