About our charity:
We, at Luna’s Fund, are a data controller for the purposes of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018).
This means that we are responsible for deciding how we hold and use personal information about you.
We are required, under data protection legislation, to tell you what information we hold about you, why we hold it, how we use it and to tell you about your rights.
This notice applies to current and former donors.
This notice does not form part of any contract.
We publish this notice on our website and may update it at any time.
It is important that you read this notice and any updates, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
Data protection principles:
We will comply with data protection law.
This says that the personal information we hold about you must be:
used lawfully, fairly and in a transparent way;
collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
relevant to the purposes we have told you about and limited only to those purposes;
accurate and kept up to date;
kept only as long as necessary for the purposes we have told you about;
The categories of donor information that we collect, hold and share include:
personal identifiers and contacts (such as, but not limited to, name, address, contact details, photographic and video images);
characteristics (such as, but not limited to, nationality)
financial (such as, but not limited to, UK tax payer status, value of donation).
Why we collect and use this information
We use our donor data to:
comply with the law regarding charitable donations;
claim Gift Aid;
prevent and detect money laundering and fraud;
meet the statutory duties placed upon us by the Charity Commission;
monitor and report on how we deploy our charity’s resources;
assess the quality of our support and services.
The lawful bases on which we use this information:
Luna’s Fund receives monetary and voluntary donations from those that support our charity’s work. As a charitable incorporated company based in England, we are registered with the Charity Commission and therefore have to comply with charity law in accepting donations, generating income, managing the charity and providing the services and support to our beneficiaries.
To achieve our charitable objects, we collect and process information on some of our donors to fulfil our legitimate interests and meet our legal obligations.
We use information to perform the contract we have entered into with our donors.
We also use donor information where it is necessary in the legitimate interests of a selected third party to help us manage our charity, where the donor’s interests and their fundamental rights do not override those interests.
We may need to use donor information, including special category data, in the establishment, exercise or defence of any legal or insurance claims.
We may use donor images beyond that of donor identification under our legitimate interests, but we will do so only with explicit consent.
Collecting donor information
The donor information you provide to us is on a voluntary basis to help us raise funds, including through Gift Aid claimed via HMRC, and to provide our services.
We will inform you whether you are required to provide certain donor information to us and will make it clear if you have a choice in this, so that you can decide whether to consent. If you do consent, your consent can be withdrawn at any time by contacting us, although our use of the information before you withdraw your consent remains valid and the absence of key information may prevent us from accepting certain donations from you, including Gift Aid.
Retaining donor data
We will only retain donor data for as long as is necessary for the purpose for which we collected the data.
Generally speaking, the majority of donor information will be retained for the period in which the donor contributes to the charity, plus a further 6 years for audit purposes.
Certain information may be retained for Luna’s Fund historical records, to celebrate the journey of the charity.
More detailed information on this is contained in our retention schedule.
Who we share donor information with
We routinely share donor information with the third party organisations that we select to help us manage our charity; this will be limited to the specific information to deliver that service to us.
We share specific, relevant elements of donor information with:
our legal advisors;
In addition, we also use third party software systems or service providers to host, but not process or access, our beneficiary data:
information management systems;
online donations providers.
Why we share donor information
We may share donor personal information with third parties (other organisations) where required by law, where it is necessary for the management of our charity, where it is in the data subject’s interests for us to do so or where we have another legitimate interest in doing so.
Requesting access to your personal data
Under data protection laws, beneficiaries have the right to request access to information about them that we hold.
To make a request for your personal information please contact us at the address below.
Donors also have the right to:
object to processing of personal data that is likely to cause, or is causing, damage or distress;
prevent processing for the purpose of direct marketing;
object to decisions being taken by automated means;
in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
claim compensation for damages caused by a breach of the Data Protection regulations.
If you have a concern about the way we are collecting or using your personal data, we ask that you raise your concern with us in the first instance.
Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
We have put in place physical and electronic measures to protect the security of your information.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal information to those employees, volunteers, trustees, agents, contractors and other third parties who have a genuine need to know.
They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
Third parties (other organisations) will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee compliance with this privacy notice.
If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.
If you would like to discuss anything in this privacy notice, please email: firstname.lastname@example.org