This policy was last updated in January 2022.
This policy outlines how Friends of Lindi collects, processes, stores and uses data. It also describes your choices regarding use, access, and correction of your personal information.
Friends of Lindi (“we”, “us”. “our”) take your privacy seriously.
Friends of Lindi is the operating name for the UK charity Friends of Lindi (Tanzania), registered charity no.: 1176494.
We are committed to keeping your information secure and managing it in accordance with our legal responsibilities, under the General Data Protection Regulation (Regulation (EC) 2016/679 (“GDPR”) in the European Union (“EU”).
2. Who this policy applies to
This policy applies to anyone: using our websites; subscribing to our newsletters and updates; donating or funding; who is a member; taking part in campaign activity which requires the provision of data; enquiring about our services; who is a client; who is an associate.
3. Data gathering and usage
We collect data in the following ways:
3.1 Through our website
The primary purpose of our websites is to provide you with information regarding the services provided by Friends of Lindi and its activities.
We may process data about your use of our websites (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is Google Analytics.
More information about the ways in which Google collect and process your personal data can be found here.
Usage data may be processed for the purposes of analysing the use of the website and services.
We may make usage data available privately or publicly to help others to understand who is making use of our websites and how. Data will be aggregated and the personal data of individual users will not be identifiable.
Our websites and newsletters include hyperlinks to third party websites. We are not responsible for the practices and privacy policies and practices of third parties. Please inform us if links signpost to harmful content.
It may be possible to set up a user account. You will be asked to register a username, password and email address so you can gain secure access to your account. Other personal data can also be provided and in some circumstances may be essential for the provision of a service.
You may delete and block all cookies, or just certain types of cookies, via your browser settings. However, if you choose to block or delete cookies, this may affect the functionality of the website.
3.2 Through online forms or emails
We may process information submitted to us through forms on our websites or from emails sent to us (“submitted data”) such as: enquiries, contact forms, online pledges or newsletter subscriptions. Submitted data may be processed for the purposes of: providing updates and information about our programmes and services; promoting news and information from third parties which we believe might be of interest to you; and offering, marketing and selling relevant products and/or services to you.
3.3 Through purchases and donations
We may process information relating to transactions, including donations, purchases of goods and services directly and/or through our websites (“transaction data”). The transaction data may include your contact details, your card or bank details, and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.
3.4 Through service delivery
We may process personal data that is provided in the course of the use of our services (“service data”). The service data may include name, email address, postal address, service preferences, basic financial information and any correspondence. The source of the service data comes from clients/ potential clients during the negotiation and delivery of services.
We may also collate other forms of information which is in the public domain to assist with carrying out the services. Information may include published financial accounts, information on websites, information and reports on other websites and other forms of media and social media.
The service data may be processed for the purposes of providing our services, ensuring the security of our information and services, maintaining back-ups of our databases and files and for communicating with clients. We may generate information relating to clients whilst undertaking services, such as from conducting interviews with service users and staff, and undertaking impact assessment research.
4. Compliance and legal claims
In addition to the specific purposes for which we may collect and process personal data as set out in section 3 we may also process personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
We will only use personal information in accordance with this Policy, or where we are required or authorised by law to disclose your information to others or, have your permission to do so.
We may process any of personal data identified in the other provisions of this policy where necessary for the establishment, exercise, or defence, of legal claims, whether in court proceedings or in an administrative, or out-of-court, procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
5. Other People’s Personal Data
Please be aware that we are not responsible for the data processing activities of others, such as our clients or funders. We will take reasonable endeavour to ensure suppliers will manage data in accordance with the law.
6. Passing data to third parties
We may pass your data to other campaigns that are in the furtherment of Friends of Lindi’s charitable objectives, but we will not subscribe individuals to services, newsletters and updates other than those they have consented to.
It may be necessary to disclose personal data to Volunteers and Associates working on our behalf for the purposes of effectively carrying out services. Volunteers and Associates will be required to uphold this policy when working on our behalf.
Personal data will be passed to and from our payment and other service providers, see section 3.
We may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Users acknowledge that personal data submitted for publication through our websites or other services may be publicly available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others. Options to contribute personal data, and therefore engage with the activity, without being publicly identified will be made available where possible.
7. Sensitive data
From time to time, we may seek consent to process sensitive personal data in respect of certain specific and limited purposes. We will always do this before processing any sensitive personal data: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health or sex life and sexual orientation, genetic and/or biometric data. Do not provide us with sensitive personal data unless it is specifically requested, and we have your consent.
8. Retaining and deleting personal data
We keep your personal data for as long as required to provide our services, and in accordance with legal, tax and accounting requirements. Where personal data is no longer required, we will ensure it is disposed of in a secure manner. Where required by law, we will notify users when this has happened.
9. Security of personal data
We will take appropriate technical and organisational precautions to secure your personal data and to prevent the loss, misuse, or alteration of your personal data. We will store all your personal data on secure servers, personal computers, and mobile devices, and in secure manual record-keeping systems.
Any passwords you provide us will be stored by us in encrypted form.
Data relating to financial transactions that is sent from your web browser to our web server, or from our web server to your web browser, will be protected using encryption technology. Users acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of that data sent over the internet.
Users with accounts on our website should ensure their login password is not susceptible to being guessed, whether by a person or a computer program. Users are responsible for keeping their own password confidential. We will not ask users for their passwords.
Passwords may be provided to you, or changed, by our website administration and in which case should be changed by the user immediately.
We reserve the right to change a password or lock or delete a user’s account without notice if we believe that account has been compromised or is being misused by the user or another person or entity – that is promoting offensive content or operating significantly outside of the remit and purpose of the website they are subscribed to. Users will be informed of such action and provided with a reason for the action.
10. Rights under data protection law.
Users have the right to request copies of their personal data held by us. If they think any of that data is inaccurate, they may ask us to correct it. They may also have a right, in certain circumstances, to require us to stop processing personal data. Also, they have the right to ask us to transfer personal data to someone they nominate for their own purposes. They may exercise any of their rights in relation to personal data by contacting us using the email or postal address below.
Nobody is obliged to provide any personal data to us. However, please note that this may mean we will have difficulty in providing the full range of services to you.
Remember, consent previously given may be withdrawn at any time. Also, users have the right to ask us to stop processing any personal data and to have it erased.
Where personal data has been removed we reserve the right to maintain basic personal data such as your name, address and email address to ensure that personal data isn’t processed by us in the future.
Complaints about how we have handled personal data can be made to us using the details below, and we will investigate your complaint. Please use the same contact details to instruct us to cease processing your personal data.
12. Contacting us