Surplus to Supper Trust CIO ("we"/"us"/"our") takes privacy and the use of your personal data seriously. We acknowledge the importance of protecting Personal Data – that, is, information from which a person can be identified, such as names, contact details and ID information ("Personal Data") that we collect about you. This privacy policy sets out how we will use and protect any Personal Data collected by us when you visit our website, together with any Personal Data you may provide to us or which we acquire through our day-to-day business as a charity.
The "Data Controller" (as defined in the Data Protection Legislation) in respect of your Personal Data is Surplus to Supper Trust CIO, a company registered in England and Wales with company number 10068253.
Personal Data is any information that can be used to identify you or another person. For example, if you donate money, use our services or visit our offices, we will collect and process the Personal Data that you’ve provided. We may collect the following Personal Data:
We also collect browsing data when you visit our website, which may identify your device or web browser. This could also be location data, how you found us and the pages you looked at on our website. We use this to provide you with information that is most relevant to you. This data is collected by cookies, which are files stored on your computers’ or mobile devices’ web browsers. These cookies are used to keep you logged in as you navigate our website, provide content, and check the website’s performance and helps us improve the website for you. To understand how we use your device information, such as IP address and cookies, please see our . This page also explains how you can block, manage, control or remove the cookies stored on your web browser.
There are many ways that we may use your Personal Data. Below is how we use your Personal Data for our main activities, such as:
If you wish to change or update your consent for direct marketing you can contact us on the link below:
Under Data Protection Legislation we must have a lawful reason or justification to use your Personal Data. We will rely on one of the following lawful bases when processing your Personal Data in accordance with this Policy:
This is relevant where we have asked for your permission to use your Personal Data in a specific way, and you've agreed. For example, to send you marketing via email or SMS.
This is relevant where we process your Personal Data as part of an agreement you have with us. For example, if you work for us.
This is relevant where we collect or share your Personal Data when we are required to do so by applicable law or regulation. For example, to fulfil a regulatory rule or for fraud detection by carrying out checks on our donors, such as checking that a donation has come from a legal source.
We must balance our interests in collection of Personal Data to further our charitable aims by engaging with the public, our volunteers and donors and promoting our work and the goals of Surplus To Supper against your rights as a data subject. We will only rely on legitimate interests as a lawful basis of processing if we are sure that this will not override your basic rights.
Some examples of activities that we do and rely on ‘legitimate interests’ as a lawful basis to allow us to process your data include:
We will not rent or sell your Personal Data to other organisations for use by them in any way, including for their own marketing.
[If you decide to do any Surplus To Supper Virtual Training or Volunteer Introduction sessions, this may be through an online platform such as Microsoft Teams. In this case you will then be subject to Microsoft’s own Privacy Notice which you will find at https://privacy.microsoft.com/en-gb/privacystatement]
We may share your Personal Data with third parties:
This may include sharing information with other organisations for fraud detection and protection. We may ask other organisations to look at how well our services work, which might mean sharing some of your information, such as dates of birth, ethnicity and religious beliefs. This is to make sure our services work for people from all different backgrounds. This information will be aggregated such that you cannot be identified.
We may ask external service providers to do tracking and analysis for us as described in the cookies policy. However, we will only conduct this analysis where you have consented to this by "opting-in" to the use of analysis cookies on your cookies banner. Where we use an external service provider to act on our behalf, we will share only the Personal Data necessary to deliver the services and will have a contract in place that requires them to meet Surplus To Supper data protection and information security requirements.
We always have your best interests at heart and your Personal Data will not be kept by Surplus To Supper for longer than needed. [Our standard data retention policy for our Volunteers is three years.]
We are legally required to keep some Personal Data to meet legal and regulatory obligations. For example, to claim Gift Aid or for certain financial transactions. We may be asked to keep records for longer periods or be told that legally we must not delete some records.
For more information, or to request a copy of our data retention policy, please contact us on the link below:
Where you have opted to enable the use of advertising cookies whilst using our website, we may pass on your Personal Data to online advertising tools, including Google AdWords Match and Google Analytics for ‘remarketing activities’. This means if you’ve already visited our website we can show you ads on other websites across the internet, including Google and Facebook. These websites may use cookies to serve ads based on your past visits to our website. See information below on how you can control and manage cookies on your device or web browser.
We want to give you relevant information. To do this, we may need to look at the information we hold about you. This analysis includes modelling and segmenting to see how likely you are to respond to an invitation and to review people who are similar to you.
This means we try to ensure our donations are spent in the best way, to make the biggest impact for our charity. As our data is taken from different sources, for data quality purposes we will analyse your data to avoid having different versions of information on the same person on our database.
We sometimes use publicly available information or information taken from specialist companies. These companies may have got this information directly from you and in circumstances where you expect that they will pass on your information to other organisations.
We also often receive data via our third party appointed volunteer management system.
We will only use data collected in this way for purposes that you have consented to and will always ensure that the privacy and security of your Personal Data is protected in accordance with Data Protection Legislation.
Surplus To Supper will ensure that when collecting information such as debit cards, credit cards or Personal Data that this is done securely. We and our partners use TLS (Transport Level Security) to encrypt data sent between the customer and us or our partners.
We do not store PCI data (for example credit card numbers) on our own systems.
Data When sending us sensitive information, it is safest to use a device with a supported (current) operating system, with regular security updates and virus protection. Only connect your devices to networks that you trust.
Where we have given you (or you have chosen) a password to access certain parts of our website, you are responsible for keeping the password confidential. You agree not to share that password with anyone else.
At Surplus To supper we have done everything we can to make sure that your data, whether in paper or electronic form, is treated securely and follows this privacy policy. The Personal Data collected from you may, in very rare circumstances, be transferred to, and stored at, a destination outside the United Kingdom or the European Economic Area ("EEA"). It may also be processed by people outside the UK or the EEA who work for us or work on our behalf. This might be, for example, staff processing payment details.
By submitting your Personal Data, you agree to this transfer, storing and processing at a location outside the European Economic Area. Where data is transferred outside the UK or the EEA, we will make sure the transfer of data outside the EEA is done in accordance with Data Protection Legislation.
Unfortunately, sending information via the Internet is never 100% secure and we cannot guarantee the security of your data sent to our website. This means any such transmission is at your own risk.
To make sure we always have up-to-date information about how to contact you, we may also update your records to make changes to your Personal Data. We may also link the information you provide us with information collected from trusted third parties and partners such as business partners, sub-contractors, advertising networks, analytics providers, search information providers, credit reference agencies as well as publicly available sources.
Our website uses cookies to distinguish you from other visitors to our website. This helps us to give you a good user experience and improve our site. A cookie is a small digital file that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive or mobile device.
You have certain rights in relation to your Personal Information, such as the right to request that we erase all (or part of) Personal Information we hold about you. You also have the right, subject to certain exemptions, to:
We may make changes to this policy at any time. Any changes to this Policy will be posted to our website.
Should you wish to exercise any of the rights set out above, or if you have any questions about the way in which we handle your Personal Information, please contact us on the link below
Alternatively, you have the right to make a complaint to the Information Commissioner's Office, the supervisory body in the UK, or, if you are an EU data subject, one of the competent European supervisory authorities (https://edpb.europa.eu/about/edpb/board/members_en).
For the purpose of this Policy, "Data Protection Legislation" shall mean (i) the General Data Protection Regulation (Regulation (EU)) 2016/679; and (ii) all applicable data protection and privacy legislation in force from time to time in the United Kingdom including the General Data Protection Regulation (Regulation (EU)) 2016/679 as incorporated into the law of the United Kingdom pursuant to the European Union (Withdrawal) Act 2018; the Data Protection Act 2018, the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended, and any UK national implementing laws, regulations and secondary legislation and any successor legislation.