We promise to respect any personal data you share with us and keep it safe. We aim to be clear when we collect your personal information and not do anything you wouldn’t reasonably expect. Here we tell you what we will and will not do with your personal data.
We promise to respect any personal data you share with us and keep it safe. We aim to be clear when we collect your personal information and not do anything you wouldn’t reasonably expect. In this policy, we will outline how we process your personal data.
This policy includes:
- Who we are
- Legal basis for processing
- Our duty
- How we collect information on you
- How we will use your personal information
- Research and profiling
- Who has access to your personal information
- How we keep your personal information secure
- How long will we hold your personal information for
- Your choices
- Right to data erasure
- Keeping your information up-to-date
- Your rights
- Children and privacy
- Vulnerable circumstances policy
- Grants applicants
- Complaints, compliments or comments
Tel: 020 3696 9760 (select option 4)
Maudsley Charity Registered Charity No: 1175877.
82-96 Grove Lane,
London SE5 8SN
Who we are
We are Maudsley Charity, working with the Fundraising and Supporter Development team (FSD) at King’s College London (KCL). The Maudsley Charity and KCL have worked together for many years and, since 2011, fundraising activities for Maudsley Charity have been carried out by KCL to maximise the funds available for the Charity. Both the Maudsley Charity and KCL are registered with the Fundraising Regulator.
KCL fundraise on behalf of Maudsley Charity to raise money for South London and Maudsley NHS Foundation Trust. Together we fundraise to support people with mental health difficulties to recover and stay well. In addition, we fundraise to develop pioneering research projects and provide innovative treatments.
As part of the relationship it is understood between KCL and the Maudsley Charity, that in regards to the handling of any Personal Data, KCL is a Processor (within the meaning of the Data Protection Legislation) acting on behalf of the Maudsley Charity, who are the Controller.
This means both organisations have access to, and control of how your personal and financial data is collected, used and stored.
Legal basis for processing
We process your data as described in this policy because we have a legitimate need to do so to deliver our fundraising ambitions. Some processing of data may be carried out to perform a contract with you, such as processing your donation, or as required by law, such as the completion of due diligence or fulfilment of Gift Aid requirements. We would only use your email or text information to contact you about fundraising and marketing if we have provided your consent to do so and you will always have the opportunity to opt out of communications from any channel at any time.
In carrying out our day-to-day activities we process and store personal information relating to our supporters and we are therefore required to adhere to the requirements of UK GDPR, the retained European Union law version of the General Data Protection Regulation (Regulation (EU) 2016/679)We take our responsibilities under this regulation very seriously and we ensure the personal information we obtain is held, used, transferred and otherwise processed in accordance with UK GDPR and all other applicable data protection laws and regulations including, but not limited to, the Privacy and Electronic Communication (EC Directive) Regulations 2003.
How we collect information on you
We collect personal information from you when you enquire about our activities, register for an event, make a donation, sign up to an event, volunteer, engage with our social media channels or otherwise provide us with your personal information.
The personal information that we may request might include your name, your age, gender, location and/or country information, and possibly other information, as well as credit card or other financial information needed to process donations or event fees. We may also ask you if you are a UK taxpayer so that we can claim Gift Aid (please rest assured that we do not collect information about your actual tax payments, just whether you are a taxpayer). We will never request personal information about your health or the health of your family members or friends unless we inform you how that information will be used and receive your express consent for such use i.e. for a case study story.
We use third parties to collect data on our behalf to support our activities. This might include running raffles, event registrations, setting up Direct Debits and processing your donations, and ensuring our records are as up to date as possible through running address and detail verification through sources that are deemed acceptable by the Information Commissioner’s Office. Specifically, for our fundraising, marketing and communication purposes we use MailChimp, MuchLoved, Artificial Art, Virgin Money, Amazon Smile, Darren Atkins Ltd, Ferns Livingston Ltd, Google Docs, Google Forms, Reason Digital, PayPal, The Big Give, Open Mobile Global, Stripe, Give Panel, Access UK Limited, Big Give, Hootsuite, Eventbrite and Gift in Celebration websites. In order to process some of our communication channels needs we may use some suppliers outside of the UK. Any personal data transfers outside of the UK will be covered by EU Standard Contractual Clauses to ensure complete protection of personal data. For more information of how they process data please view the privacy policies on the third party supplier websites.
We may also receive information about you from other sources, which include publicly available data. Please see the ‘How we will use your personal information’ section below for more details.
To increase our fundraising reach we research information in the public domain on local organisations, companies and schools to find contact details to get in touch about our latest activities and appeals. We will not call any company or organisation registered with the Corporate Telephone Preference Service.
If you have provided your consent, by responding to a mailing to allow South London and Maudsley NHS Foundation Trust to pass your details to the Charity we will contact you to keep you up-to-date about fundraising and what’s happening across South London and Maudsley. Please rest assured that we do not have access to confidential patient data.
Cookies are small text files stored on your device (desktop, tablet, mobile phone etc.) by your device’s web browser. They relate to a specific site and can be used to enhance that site’s functionality and your interaction with it; they may also be used for usage tracking, research, targeting etc. We collect cookies for different purposes on different third-party platforms. We use Facebook, Twitter, WordPress, GA, Hotjar, Vimeo, Google Ads, YouTube and DoubleClick to allow us to retarget advertisements, integrate, track performance on a website, track user interaction, bidding metrics and track user behaviour. This helps us to measure performance of a campaign and improve the user experience.
Cookies in themselves do not identify the individual user, just the computer used.
This website uses Google Analytics tracking codes to measure performance enabling us to enhance and improve services for our audiences. However, we do not collect personally identifiable information (PII) as all data collected is anonymous. For full details on how Google Analytics works, please visit Google Analytics Terms of Service. If you do not want Google Analytics to use your data, then please visit Google Analytics opt-out browser add-on.
How we will use your personal information
We may use your information for a number of purposes including the following:
- To provide you with information about our work or our activities that you have requested
- For administration purposes e.g. we may contact you about a donation you have made or event you have expressed an interest in or registered for
- To ask you to help us raise money or donate money to our Charity, but always in accordance with the Charity Governance Code
- To create an account for you if you register with us
- To process entries into a prize draw or raffle
- For internal record keeping, including the management of any feedback or complaints
- To use IP addresses to identify your approximate location, to block disruptive use, to record website traffic or to personalise the way our information is presented to you
- To analyse and improve the services offered on our sites to make it as user-friendly as possible
- To use anonymised personal data to benchmark our activity with other relevant organisations, including the Association of NHS Charities
- Transfer to HM Revenue and Customs in respect of any Gift Aid claim
- For statutory and regulatory compliance
- We may assess your personal information for the purposes of credit risk reduction or fraud prevention.
- To keep your records as up to date as possible. To help us do this we may use publicly available sources, for example, the Post Office’s National Change of Address database. Please see the ‘Keeping your information up-to-date’ section below for more details on how you can let us know if your contact details change.
Research and profiling
In addition to this, we may use your data for research and profiling. Philanthropy is vital to Maudsley Charity to ensure it can continue to support a step-change in research, service delivery and innovation in order to back better mental health. Research and profiling are activities which enable Maudsley Charity to achieve this as they allow us to gain a better understanding of who we should engage with, how we should engage with you, and tailor our communications more effectively and appropriately. This also helps us make informed decisions about our fundraising strategy and ensure our internal resources and investments are used as effectively as possible. Our objective is to ensure any approaches we make to you are respectful, professional and are based on evidence that you might be interested in our work, providing you with the best experience we can. Please read below for more information:
Research could include research on financial, business, philanthropic, biographical and demographic information sourced from publicly available data, such as Companies House, the Charity Commission and the media. We may also look at professional networks such as LinkedIn, and process special category data if it has been made manifestly public by you; for example, through an interview or a publicly directed social media post. In addition, we may combine the data you provide us with, such as data your address, the name of your bank, or where you previously went to school, with data we obtain from other sources. We use this data both to verify we have the correct information, but also to assess whether it would be appropriate to approach you directly about philanthropic opportunities at Maudsley Charity. Mostly this work is carried out manually in-house, but occasionally it is carried out by a trusted third-party supplier and entails using information such as your name, postcode and data on your existing relationship with us to identify whether it is appropriate to approach you about higher-level giving. This is known as wealth screening and is a tool which helps us to better understand who to approach about fundraising and volunteering opportunities in an appropriate way and therefore generate funds cost-effectively.
This could include analysis of financial, philanthropic and other personal data we hold on you to assess the likelihood that you might wish to engage with us, as well as broader data analysis. This analysis helps us to gain a better understanding of how to approach you, of your interests, and of broader demographic, geographic and engagement trends amongst our supporters. This process is not solely automated processing and always contains the manual assessment to ensure we are making correct assumptions from the analysis.
If you do not wish your data to be used in any of the ways listed above then you can choose to change your privacy options by notifying us using the contact details at the top of this page. If you are unsure and have further queries on how we might use your data, please get in touch and we’ll be happy to answer your questions.
In order to comply with our legal obligations and Charity regulations such as the Charity Commission’s CC20 and ‘Know Your Donor Policy and the Fundraising Regulator’s Code of Practice, we may also undertake due diligence research to assess the source of funds for donations and to ensure that we are robustly considering ethical and reputational risks to our organisation. As above, we consider this processing to be a legal obligation and thus are relying on this as a lawful basis for processing data under UK GDPR and the UK Data Protection Act 2018.
Who has access to your personal information?
Your personal information is stored on our database which is password protected and access is limited to staff working in Fundraising and Supporter Development, Maudsley Charity and some trusted subcontracted parties. Anyone who works outside of the Fundraising Team or the Charity will be required to sign a non-disclosure and/or confidentiality agreement before we share any personal information with them.
We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to process donations and send out mailings). When we use third-party service providers, we only disclose information necessary to deliver that service and there will always be a contract in place to ensure your information is kept secure. We will not share or sell your data to third parties to use for their own purposes unless we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
Although most of the information we store and process stays within the UK, some information may be transferred to countries outside the European Economic Area (EEA). This may occur if, for example, one of our trusted partner’s servers are located in a country outside the EEA. These countries may not have similar data protection laws to the UK; however, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law by using EU Standard Contractual Clauses plus the UK addendum or an International Data Transfer Agreement (IDTA) to protect your data. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.
How we keep your personal information secure
We ensure that there are appropriate technical controls in place to protect your personal details; for example, our online forms are always encrypted and our network is protected and routinely monitored.
We use a secure server when you enter into any money transaction from our website. We also take appropriate measures to ensure that the information disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. We do not store any credit card details.
Any payment details on paper donation forms are destroyed once the donation has been processed.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and contractors.
How long will we hold your personal information for?
We will keep your information active for as long as required to enable us to operate our services, but we will not keep your information active for any longer than is necessary. We will take into consideration our legal obligations and tax and accounting rules when determining how long we should keep your information active.
In most cases, this will mean your data remains active for two years after your last interaction with us. An interaction could be making a donation, attending an event, contacting our office, or opening an email from us – anything that implies that you are still interested in our fundraising. After this time, we will cease to use your data to contact you, but your data will continue to be held for analysis and administrative purposes
If you have pledged a legacy gift, it will be necessary to retain your data until your gift is received, so that we can identify the gift against the pledge.
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about the vital work we do to promote positive changes in the world of mental health and our events and activities then please let us know at any time by contacting us on 020 3696 9760 (select option 4) or firstname.lastname@example.org.
We will not contact you for marketing purposes by post, email, and phone or text message if you have told us you do not want to hear from us by any of those channels. If the telephone number we hold for you is registered with the Telephone Preference Service (TPS) then we will not contact you on that phone number except for administrative purposes unless consent given beforehand.
If you choose to send a donation or communication to us by text message we promise to make it clear to you before you text what you are consenting to and provide instructions on how you can opt out.
If you unsubscribe from communications from us from any or all of the communication channels mentioned above, then we will update our records to stop further communication as quickly as we can. Due to some communications already being in progress at the point you opt out please be aware that it can take up to 28 days for your preferences to be fully implemented.
We will only ever share your data in other circumstances if we have your explicit and informed consent.
Right to data erasure
If you choose to opt out of receiving our communications, your data will be retained and marked to prevent you from receiving any communications. If you want your data to be deleted from the database entirely then in most cases we will delete it. In some cases, we will be required to keep some or all of your data on record for legal or accounting reasons. For example, if you have made a donation, we will be required to keep the donation details for a minimum of seven years after the donation. If you have completed a Gift Aid declaration, we will be required to keep your details in order to claim the Gift Aid on your donation. In these cases, we will anonymise as much of your data as possible until it can be deleted.
Please note if you would like your data deleted and subsequently sign up to an event or make a donation then your data will once again be stored on the database and you will need to re-select your communication preferences as we will have no prior record of your relationship with us.
Keeping your information up-to-date
The accuracy of your information is important to us. You can update your information with us, including your address and contact details at any time. If you would like to change your preferences or update the details we hold about you, please contact us on 020 3696 9760 (select option 4) or email@example.com.
Data Subject rights
Under the UK GDPR you have a:
- Right to be informed: organisations must tell individuals what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.
- Right of access: individuals have the right to request a copy of the information that an organisation holds on them.
- Right of rectification: individuals can correct inaccurate or incomplete data.
- Right to be forgotten: in certain circumstances, individuals can ask organisations to erase any personal data stored on them.
- Right of portability: in some circumstances, individuals can request that an organisation transfer any data that it holds on them to another company.
- Right to restrict processing: in some circumstances, individuals can request that an organisation limits its use of personal data.
- Right to object: individuals have the right to challenge certain types of processing, such as direct marketing.
- Rights related to automated decision making, including profiling: under most circumstances, individuals have the right to object to having decisions made about them by automated processes or profiling
If you wish to talk through anything in our privacy statement, find out more about your rights, or obtain a copy of the information we hold about you, please contact us using the details below:
82-96 Grove Lane,
London SE5 8SN Email: firstname.lastname@example.org
Tel: 020 3696 9760 (select option 4)
Children and privacy
We take the protection of children very seriously. To that end, we require that children under 16 do not submit any information to our website without a parent’s or guardian’s consent. We will not knowingly request or collect from a child any information online that can be traced to the child, such as an email address, name, or information about the child’s family. Unless a parent or guardian consents to such use in advance, we will not knowingly use information that a child provides to us for any fundraising or promotional purpose.
Related specifically to those applying for grants. We use a third-party product for our grants application and management process. The data is hosted on Amazon Web Services (AWS) Europe, certified as GDPR compliant.
The information we hold is:
- Job title
- Work address and/or home address
- Telephone number
- Bank account details (only for successful applicants)
Source: All information is supplied by the applicant on the application form. Bank account details are obtained directly from the applicant if an award is made.
We do not share any personal information with anyone else for any purposes.
We use this personal information solely for the purposes of administration of grants and our own internal analysis and reporting.
We keep personal information for the duration of the funded project and up to a year beyond its conclusion to ensure that any other follow-up (e.g. evaluation) can be completed effectively.
Successful or unsuccessful applicants that subscribe to general messages on news and fundraising about Maudsley Charity should refer to this whole policy document with regards to how we use their data.
Enquirers may opt into a time-bound mailing list for people who want to be informed about future funding calls, workshops/events and announcements of priorities. Personal information will be retained for this purpose for 12 months after which time the data will be deleted.
Complaints, compliments or comments
If you are unhappy with our work or something that we have done or failed to do, we want to know about it. We also welcome your views on what we do well. Your comments enable us as an organisation to learn and continuously improve our services. If you would like to make a complaint, compliment or comment then please get in touch with us on:
82-96 Grove Lane,
London SE5 8SN
Tel: 020 3696 9760 (select option 4)
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Privacy statement reviewed August 2023