Redistribution Kitchen Market Events

Privacy Policy

Surplus to Supper Trust CIO ("we"/"us"/"our") takes privacy and the use of your personal data seriously. We acknowledge the importance of protecting Personal Data – that, is, information from which a person can be identified, such as names, contact details and ID information ("Personal Data") that we collect about you. This privacy policy sets out how we will use and protect any Personal Data collected by us when you visit our website, together with any Personal Data you may provide to us or which we acquire through our day-to-day business as a charity.

The "Data Controller" (as defined in the Data Protection Legislation) in respect of your Personal Data is Surplus to Supper Trust CIO, a company registered in England and Wales with company number 10068253.

What information do we collect?

Personal Data is any information that can be used to identify you or another person. For example, if you donate money, use our services or visit our offices, we will collect and process the Personal Data that you’ve provided. We may collect the following Personal Data:

  • Basic personal details (your name, email address, postal address, telephone or mobile number and date of birth)
  • Financial details (bank account number, credit or debit card, UK taxpayer information for gift aid)
  • IP address
  • Photos, videos or audio recordings
  • CCTV which might be in use at various Surplus To Supper sites

We also collect browsing data when you visit our website, which may identify your device or web browser. This could also be location data, how you found us and the pages you looked at on our website. We use this to provide you with information that is most relevant to you. This data is collected by cookies, which are files stored on your computers’ or mobile devices’ web browsers. These cookies are used to keep you logged in as you navigate our website, provide content, and check the website’s performance and helps us improve the website for you. To understand how we use your device information, such as IP address and cookies, please see our . This page also explains how you can block, manage, control or remove the cookies stored on your web browser.

How we use your Personal Data

There are many ways that we may use your Personal Data. Below is how we use your Personal Data for our main activities, such as:

  • To provide you with information and services you have requested, or which may interest you. When you open or click on a link in an email from Surplus To Supper we will receive information about that action. This helps our campaign performance and makes sure that we only contact you in the ways you have agreed. Third parties may send you information on our behalf, but only if you have agreed. For more information, please see “Sharing your information with third parties” below.
  • To enable us to support you in our work. Sometimes we use mobile phones, cameras or laptops for filming, voice recording or slideshows, mainly when carrying out Volunteer information gathering sessions. These are used to help you understand our work better and help our workers learn how to support you better.
  • To improve our fundraising activities and the services we provide. This could be looking at demographics to help our campaign and marketing plans. We do this to understand how useful our services are, and to ensure we spend our money in the optimal way. If you use Surplus To Supper services, we use your data as statistics for evaluation but this will not identify you as a person. To ensure we are delivering the best services, the information we have about you may be checked by other members of our organisation.
  • To check and improve the services offered on our websites. In order to give you the best user experience, we may share your information with third parties.
  • To allow you to take part in interactive features on our website, when you choose to do so. For example, we may help you auto-complete forms by inserting your contact details for you to edit.
  • To use your IP addresses to identify relevant information. This may include information such as your approximate location. It also helps us to understand information like the number of visits to our website from different geographical areas.
  • To make our marketing campaigns more relevant to potential donors and customers.
  • To record and respond to any compliments, comments or complaints from supporters or service users and to investigate, improve and make any necessary changes. All feedback helps us to learn and to improve what we do.
  • To promote our activities. Where you have agreed we may use photos of you, or testimonials, for marketing purposes.
  • To match information collected from you through different ways or at different times. That could include information collected online and offline, and from other sources. This includes third parties and publicly available sources. This makes sure that the information we hold about you is up-to-date and accurate.
  • To check your suitability for a role at Surplus To Supper as an employee or a volunteer. This may involve internal searches against our database as part of the application process.
  • To protect staff and visitors at Surplus To Supper sites. To protect staff and visitors and to protect the organisation against theft, some sites have CCTV installed.
  • Some of our sites have an electronic attendance application to record time entries for arrival and departure. This is primarily used to understand which staff, volunteers or visitors are in that particular information at a specific point in time. This information is used primarily in case of the need to evacuate the site in case of emergency.

If you wish to change or update your consent for direct marketing you can contact us on the link below:

Contact | Surplus to Supper

Our Lawful basis for using your Personal Data

Under Data Protection Legislation we must have a lawful reason or justification to use your Personal Data. We will rely on one of the following lawful bases when processing your Personal Data in accordance with this Policy:

Consent

This is relevant where we have asked for your permission to use your Personal Data in a specific way, and you've agreed. For example, to send you marketing via email or SMS.

Contract

This is relevant where we process your Personal Data as part of an agreement you have with us. For example, if you work for us.

Legal obligation

This is relevant where we collect or share your Personal Data when we are required to do so by applicable law or regulation. For example, to fulfil a regulatory rule or for fraud detection by carrying out checks on our donors, such as checking that a donation has come from a legal source.

Legitimate interests

We must balance our interests in collection of Personal Data to further our charitable aims by engaging with the public, our volunteers and donors and promoting our work and the goals of Surplus To Supper against your rights as a data subject. We will only rely on legitimate interests as a lawful basis of processing if we are sure that this will not override your basic rights.

Some examples of activities that we do and rely on ‘legitimate interests’ as a lawful basis to allow us to process your data include:

  • Sending you direct marketing in the post.
  • The use of CCTV in some of Surplus To Supper’s sites for monitoring and security reasons
  • Sharing Personal Data with staff and volunteers of Surplus to Supper so we can communicate with our supporters in the best way.

We will not rent or sell your Personal Data to other organisations for use by them in any way, including for their own marketing.

[If you decide to do any Surplus To Supper Virtual Training or Volunteer Introduction sessions, this may be through an online platform such as Microsoft Teams. In this case you will then be subject to Microsoft’s own Privacy Notice which you will find at https://privacy.microsoft.com/en-gb/privacystatement]

We may share your Personal Data with third parties:

  • If we are obliged to do so by law
  • To enforce or apply our terms of use for this website or other agreements
  • To protect the rights, property or safety of Surplus To Supper, our donors, volunteers or others

This may include sharing information with other organisations for fraud detection and protection. We may ask other organisations to look at how well our services work, which might mean sharing some of your information, such as dates of birth, ethnicity and religious beliefs. This is to make sure our services work for people from all different backgrounds. This information will be aggregated such that you cannot be identified.

We may ask external service providers to do tracking and analysis for us as described in the cookies policy. However, we will only conduct this analysis where you have consented to this by "opting-in" to the use of analysis cookies on your cookies banner. Where we use an external service provider to act on our behalf, we will share only the Personal Data necessary to deliver the services and will have a contract in place that requires them to meet Surplus To Supper data protection and information security requirements.

How long will we keep your Personal Data?

We always have your best interests at heart and your Personal Data will not be kept by Surplus To Supper for longer than needed. [Our standard data retention policy for our Volunteers is three years.]

We are legally required to keep some Personal Data to meet legal and regulatory obligations. For example, to claim Gift Aid or for certain financial transactions. We may be asked to keep records for longer periods or be told that legally we must not delete some records.

For more information, or to request a copy of our data retention policy, please contact us on the link below:

Contact | Surplus to Supper

Where you have opted to enable the use of advertising cookies whilst using our website, we may pass on your Personal Data to online advertising tools, including Google AdWords Match and Google Analytics for ‘remarketing activities’. This means if you’ve already visited our website we can show you ads on other websites across the internet, including Google and Facebook. These websites may use cookies to serve ads based on your past visits to our website. See information below on how you can control and manage cookies on your device or web browser.

Making our communications relevant to you

We want to give you relevant information. To do this, we may need to look at the information we hold about you. This analysis includes modelling and segmenting to see how likely you are to respond to an invitation and to review people who are similar to you.

This means we try to ensure our donations are spent in the best way, to make the biggest impact for our charity. As our data is taken from different sources, for data quality purposes we will analyse your data to avoid having different versions of information on the same person on our database.

Using third parties to update our records

We sometimes use publicly available information or information taken from specialist companies. These companies may have got this information directly from you and in circumstances where you expect that they will pass on your information to other organisations.

We also often receive data via our third party appointed volunteer management system.

We will only use data collected in this way for purposes that you have consented to and will always ensure that the privacy and security of your Personal Data is protected in accordance with Data Protection Legislation.

How do we handle your debit or credit card information?

Surplus To Supper will ensure that when collecting information such as debit cards, credit cards or Personal Data that this is done securely. We and our partners use TLS (Transport Level Security) to encrypt data sent between the customer and us or our partners.

We do not store PCI data (for example credit card numbers) on our own systems.

How to best protect yourself and your Personal

Data When sending us sensitive information, it is safest to use a device with a supported (current) operating system, with regular security updates and virus protection. Only connect your devices to networks that you trust.

Where we have given you (or you have chosen) a password to access certain parts of our website, you are responsible for keeping the password confidential. You agree not to share that password with anyone else.

Where do we store your information?

At Surplus To supper we have done everything we can to make sure that your data, whether in paper or electronic form, is treated securely and follows this privacy policy. The Personal Data collected from you may, in very rare circumstances, be transferred to, and stored at, a destination outside the United Kingdom or the European Economic Area ("EEA"). It may also be processed by people outside the UK or the EEA who work for us or work on our behalf. This might be, for example, staff processing payment details.

By submitting your Personal Data, you agree to this transfer, storing and processing at a location outside the European Economic Area. Where data is transferred outside the UK or the EEA, we will make sure the transfer of data outside the EEA is done in accordance with Data Protection Legislation.

Unfortunately, sending information via the Internet is never 100% secure and we cannot guarantee the security of your data sent to our website. This means any such transmission is at your own risk.

Keeping your information up-to-date

To make sure we always have up-to-date information about how to contact you, we may also update your records to make changes to your Personal Data. We may also link the information you provide us with information collected from trusted third parties and partners such as business partners, sub-contractors, advertising networks, analytics providers, search information providers, credit reference agencies as well as publicly available sources.

How do we use cookies?

Our website uses cookies to distinguish you from other visitors to our website. This helps us to give you a good user experience and improve our site. A cookie is a small digital file that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive or mobile device.

Your rights in relation to your Personal Data

You have certain rights in relation to your Personal Information, such as the right to request that we erase all (or part of) Personal Information we hold about you. You also have the right, subject to certain exemptions, to:

  • request a copy of the Personal Information we hold about you ask us to make changes to the Personal Information you hold about you to make sure that it is complete and accurate; and/or
  • ask us to transfer any information we hold about you to a specified third party. If you wish to exercise any of these rights, please contact us on the link below

Changes to our Privacy Policy

We may make changes to this policy at any time. Any changes to this Policy will be posted to our website.

 

Contact us and Complaints

Should you wish to exercise any of the rights set out above, or if you have any questions about the way in which we handle your Personal Information, please contact us on the link below

Contact | Surplus to Supper

Alternatively, you have the right to make a complaint to the Information Commissioner's Office, the supervisory body in the UK, or, if you are an EU data subject, one of the competent European supervisory authorities (https://edpb.europa.eu/about/edpb/board/members_en).

Definitions

For the purpose of this Policy, "Data Protection Legislation" shall mean (i) the General Data Protection Regulation (Regulation (EU)) 2016/679; and (ii) all applicable data protection and privacy legislation in force from time to time in the United Kingdom including the General Data Protection Regulation (Regulation (EU)) 2016/679 as incorporated into the law of the United Kingdom pursuant to the European Union (Withdrawal) Act 2018; the Data Protection Act 2018, the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended, and any UK national implementing laws, regulations and secondary legislation and any successor legislation.