Northern Lights Privacy Statement
Who we are
Our website address is: https://www.northernlightscharity.org.uk.
we use your data
What personal data we collect and why we collect it
When visitors leave comments on our site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Your personal information is only used for the purpose for which we collect it.
Only information that we need is collected. Fundraising communication will be limited to a maximum of 72 months if we do not hear from you during this time.
- Your personal information is only seen by those who need it to do their jobs.
- We will only disclose data when we have your consent, or where we are obliged to disclose personal data by law, or as expressly permitted under the GDPR (through contract; legal obligation, vital interests; public task; or legitimate interests).
- We will keep your information up to date. Inaccurate or misleading data will be corrected as soon as possible.
- Personal information is retained only for as long as it is required for the purpose collected.
- Your information will be protected from unauthorised or accidental disclosure and processed in an appropriate manner to maintain its integrity and confidentiality.
- We will provide you with a copy of your personal information on request (please see below for information on access rights and requests).
These principles apply whether we hold your information on paper or in electronic form.
How do we collect information?
If you provide services to Northern Lights we will collect information in line with your contract for services.
We may also collect technical information relating to your use of our website, including your browser type or the Internet Protocol (IP) address used to connect your computer to the internet.
We also gather general information about the use of our website, such as which pages users visit most often and which services, events or facilities are of most interest. We may also track which pages users visit when they click on links in emails.
We obtain personal information from you when you enquire about our activities – including fundraising – register with us, send or receive an email, make a donation to us, ask a question or otherwise provide us with personal information. We may also receive information about you from third parties, for example from mailing list
We will only ever collect the information that we need, including data that will be useful to help improve our services. The information is either needed to fulfil your request or to enable us to provide you with a more personalised service. You don’t have to disclose any of this information to browse our sites.
What information do we collect?
The personal information we collect might include name, date of birth, email address, postal address, telephone number and credit/debit card details.
We also gather general non-personal information about the use of our website, such as which pages users visit most often, and which are of most interest. We may also track which pages users visit when they click on links in Northern Lights emails. Wherever possible we use aggregated or anonymous information which does not
identify individual visitors to our website. Please see the section below on Cookies.
Why do we collect this information?
We collect this information for the purpose of promoting the aims of the Charity and communicating effectively and appropriately with our supporters and, in particular, providing support to our beneficiaries. The lawful basis for which we process your information is:
- your consent;
- processing is necessary to protect your interests or that of another person; processing is necessary for the performance of a task carried out in the public interest;
- processing is necessary for the purpose of the legitimate interest pursued by us or a third party, except where your rights as a data subject override our legitimate interest. The legitimate interest we rely upon is subject to a assessment based on the specific context and circumstances.
How do we use this information?
We will use the information you provide in the ways set out below:
- promote the aims of Northern Lights;
- to communicate with our supporters, dealing with your enquiries and requests, recording any contact with you;
- to provide you with information that you have indicated an interest in, for example information about our campaigns, volunteering, fundraising and how you can donate to us;
- we may use this information to personalise the way our website is presented when users visit it, to make improvements to our website and to ensure we provide the best service for users;
- to claim Gift Aid on your donations;
- to conduct market research;
- segmentation, so that we can offer supporters information relevant to them; for administrative purposes.
If you enter your contact details in one of our online event registration forms or enquiry forms, we may use this information to contact you even if you don’t “send” or “submit” the form. We will only do this to see if we can help with any problems you might be experiencing with the form or with our websites.
Do we share your information with anybody else?
The personal information we collect about you will mainly be used by our staff (and volunteers) at Northern Lights so that they can support you.
We will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.
Visitor comments may be checked through an automated spam detection service.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority); or, in order to enforce our conditions of sale and other agreements.
Storing and protecting your information
We only keep it as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations (for example, the collection of Gift Aid).
Payment Card Information
Northern Lights does not store any sensitive payment card data in our systems.
Transfer of Information Outside of the EU
Given that the Internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data on an international basis. This means for instance that data you pass to us may be processed outside the European Economic Area, although the data will always be held securely and we will
take steps to ensure that any third-party organisation we engage to process data on our behalf provides an adequate level of protection in accordance with GDPR. By submitting your personal information, you agree to this transfer, storing or processing at a location outside the EEA.
You have various rights in respect of the personal information we hold about you – these are set out in more detail below. If you wish to exercise any of these rights or make a complaint, you can do so by contacting our:
The Data Protection Officer
PO Box 33
Tel: 0151 336 2515
Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You
can make a request for access free of charge. Please make all requests for access in writing, and provide us with evidence of your identity.
Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection.
Consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
No automated-decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have
given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making.
Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request.
Cookie is a name for a small file, usually of letters and numbers, which is downloaded onto your device, like your computer, mobile phone or tablet when you visit a website. They let websites recognise your device, so that the sites can work more effectively, and also gather information about how you use the site. A cookie, by itself, can be used to identify you.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
The cookies we use
We use the categorisation set out by the International Chamber of Commerce in their UK Cookie Guide.
We use all four categories of cookies:
- Strictly necessary cookies are essential for you to move around our website and to use its features, like our shopping basket and your account.
- Performance cookies collect anonymous information about how you use our site, like which pages are visited most.
- Functionality cookies collect anonymous information that remember choices you make to improve your experience, like your text size or location. They may also be used to provide services you have asked for such as watching a video or commenting on a blog.
To find out more about this policy and how we look after your personal information, contact our Data Protection Officer at email@example.com or on 0151 336 2515.
Embedded content from other websites
Articles on our site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.