This document explains to you how The Gwiddle Foundation stores, uses, and shares the data you provide us. We have written this document in a way that makes sure that anybody can understand it. It is very important that you read and understand this document so you know what your rights are.
The Data Controller
Your data is held and processed as per this privacy notice by The Gwiddle Foundation. You can contact us by email at email@example.com if you have any questions or requests to make in regards to your personal information.
When you are using our secure online donation pages, your donation is processed by DonorBox, a service operated by Rebel Idealist LLC, who processes payments via PayPal, who specialise in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us.
Purpose of Processing
There are a number of purposes for the processing of your data, which include:
Providing you services - such as our hosting service, and online tutoring service.
Improving support to you - we may process your data so our staff can help you in a way that is suitable for your needs.
To send periodic emails - if you have opted in, we may send you emails occasionally to let you know about issues regarding the services you receive, and to keep you up to date with the latest news from our organisation.
To fulfil legal obligations - such as telling you when this policy changes.
We will only process your data to provide our services to you - it will not be sold or made available to other organisations.
Transfers to third countries
Your data is held solely within the United Kingdom or in a country within the European Union.
We will only store your data while you are an active user of the service.
Your data will be completely removed from our servers after two months of your eligibility expiring.
If you make a complaint, it will be stored for 12 months before being removed from our records. If your complaint concerns the safety of a child, it will be kept indefinitely.
You can request for all of your data to be deleted from our servers at any time* - please see Withdrawing Consent.
Under the Data Protection Act, you have certain rights in regards to how we process your data.
A right of access to a copy of the information we store about you (see Subject Access Requests);
A right to object to processing of your data that is likely to cause, or is causing damage or distress;
A right to prevent processing of your data used for marketing purposes
A right to object to decisions being taken by automated means;
A right in certain circumstances to have inaccurate personal data corrected, blocked, erased or destroyed; and
A right to claim compensation for damages caused by a breach of the Data Protection Act.
Subject Access Requests
You may make a Subject Access Request (SAR) to us. In this instance we will, within 40 days, provide you with the following:
Information on whether we are currently processing any of your personal data;
A description of the data we hold, why we’re processing it, and whether we are sharing it with any other organisations or people;
A copy of the data we hold about you, and give you information about the source of the data.
Please be aware that we reserve the right to ask for proof of identification before we can disclose this data to you.
You can make a SAR by contacting us by email at firstname.lastname@example.org.
If you would like to withdraw your consent of our processing or storage of your personal data, you can do this at any time by contacting us by email at email@example.com, requesting the deletion of all of your personal data.
* This does not apply to complaints, which we have a legal obligation to retain for a period of 12 months, or indefinitely in the case of complaints concerning the safety of a child.
Children aged under 13
We have a legal obligation to obtain consent from a parent or guardian before we can process data from a child aged under 13. At registration time, a declaration is made that the registrant is over the age of 13. If the registrant is later found to be under the age of 13, the data will be removed immediately.