Last updated: August 2024

Introduction

Across Aid Limited (“we”,“us” or “our”) operates the website (www.acrossaid.org.uk) (the “Website”). We are committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, and safeguard your personal data, in compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Data Controller

For the purposes of data protection law, the data controller is Across Aid Limited, a company limited by guarantee registered in England and Wales with the company number. 15299472, and having its registered office at 128 City Road, London, EC1V 2NX.

Information We Collect

We may collect and process the following data about you:

  • Personal Identification Information: Name, email address, and donation amounts when you make a donation or contact us via our Website.
  • Technical Data: Information about your device, IP address, browser type, and version, time zone setting, browser plug-in types and versions, operating system, and platform.
  • Usage Data: Information about how you use our Website, such as the pages you view, how long you spend on the Website, and how you interact with our content.
  •  Communication Data: Any communication you send to us via email, through the contact forms on our Website, or through social media channels.

How We Collect Your Data

We use different methods to collect data from and about you, including:

  • Direct Interactions: You provide us with your identity and contact details by filling in forms or by corresponding with us by post, phone, email, or otherwise.
  • Automated Technologies: As you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this data by using cookies, server logs, and other similar technologies.
  • Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties and public sources, including analytics providers, advertising networks, search information providers, and providers of technical, payment, and delivery services.

How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your data in the following circumstances:

  • To Process Donations: We use your data to process and manage your donations, including sending you receipts and other related correspondence.
  • To Communicate with You: We use your contact details to communicate with you about our activities, campaigns, and updates, provided you have given your consent to receive such communications.
  • To Improve Our Services: We may use data collected via cookies and similar technologies to improve our Website and ensure that content is presented in the most effective manner for you and your device.
  • Legal Compliance: We may process your data to comply with a legal obligation or protect the vital interests of you or another natural person.

Legal Basis for Processing Your Data

We rely on the following legal bases to process your personal data:

  • Consent: Where you have provided your explicit consent for us to process your data for specific purposes, such as subscribing to our newsletter.
  • Contractual Necessity: Where processing is necessary for the performance of a contract with you, such as processing donations.
  • Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
  • Legitimate Interests: Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Our legitimate interests include improving our services, administering our Website, and communicating with you.

Sharing Your Data

We will not share your personal data with any third party, except in the following situations:

  • Service Providers: We may share your data with service providers who perform functions on our behalf, such as payment processing (GoCardless Ltd.). These service providers are bound by contract to safeguard your data and only use it to provide the services we have contracted them to provide.
  • Legal Requirements: We may disclose your data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred to the acquiring entity.

International Transfers

We do not typically transfer your personal data outside the European Economic Area (EEA). If we do, we ensure that an equivalent level of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:

  • Adequacy Decisions: We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Standard Contractual Clauses: Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed.

We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. When determining the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data, and whether we can achieve those purposes through other means.

Your Legal Rights

Under data protection law, you have rights in relation to your personal data, including the following:

  • Right to Access: You have the right to request access to your personal data and to check that we are lawfully processing it.
  • Right to Rectification: You have the right to request that any incomplete or inaccurate data we hold about you be corrected.
  • Right to Erasure: You have the right to request the deletion or removal of your personal data where there is no good reason for us continuing to process it.
  • Right to Restriction of Processing: You have the right to request that we suspend the processing of your personal data.
  • Right to Object to Processing: You have the right to object to our processing of your personal data where we are relying on a legitimate interest and you feel it impacts your fundamental rights and freedoms.
  • Right to Data Portability: You have the right to request the transfer of your personal data to you or to a third party.

If you wish to exercise any of these rights, please contact us at [email protected]

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date at the top of this page.

Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at:

Email: [email protected]

Postal Address: 128 City Road, London, EC1V 2NX