2. Who are we?
GroceryAid is the leading charity helping people in the grocery industry through a range of services such as Grants and our Helpline. We actively fundraise to support our work.
We are Registered Charity No.1095897 (England & Wales) and SC039255 (Scotland). We are a company limited by guarantee, registered in England & Wales Company No.04620683 incorporated under the laws of England and Wales.
For the purpose of the General Data Protection Regulation (GDPR) (2018) we are a data controller and a data processor. We also work with trusted service partners who are also data processors.
- Visiting and using our website
- Making any enquiry with us (including when enquiring on behalf of someone else e.g. a friend or family member)
- Using our services
- Attending our events, e.g. registering or booking tickets
- Partners of the D&I in Grocery Programme and their employees
4. What type of information we collect and how we use it
We want to use your information to ensure that we communicate with you in the way you choose, provide you with relevant information about accessing our services, making a donation or attending any of our events.
Personal information we collect includes details such as your name, date of birth, email address, postal address, National Insurance number, gender, telephone number, bank details and credit/debit card details (if you are making a purchase or donation), as well as information you provide in any communication with us. You will have given us this information when accessing our services, using our website, making a donation, registering for an event or in other ways that you may engage with us. We will use this information primarily:
- To process your donations or other payments
- To claim Gift Aid on your donations and verify any financial transactions
- To provide the services or grants that you have requested
- To update you with relevant messages about your donation, an event or services or goods you have requested
- To keep a record of your relationship with us
- Where you volunteer with us, to administer the volunteering arrangement
If you do not provide the relevant information, we will not be able to process these actions. We may also use your personal information to:
- Contact you about our work and how you can support us (see section 7 on ‘Marketing’ below for further information)
- To invite you to participate in surveys or research
Sensitive Personal Information
If you give us your specific consent, we may use your story as a case study to highlight the work we do in order to raise awareness within the industry.
If you contact us through our services you may choose to provide details of a sensitive nature. We will only use this information for the purposes of dealing with your enquiry, training, quality monitoring or evaluating the services we provide. We will not pass on your details to anyone else without your express permission except in exceptional circumstances. Examples of this might include anyone reporting serious self-harm or posing a threat to others or children contacting us and sharing serious issues such as physical abuse or exploitation.
5. How we collect your personal information
Data you provide
Your personal data will include data you provide (or later amend), whether: from correspondence with you; verbally to us over the phone or in person; by filling in any field or form on a website; by filling in any printed form we provide you with; by e-mail; from documents you provide use with; and from updates to any information you provide from time to time.
This includes when you: register or subscribe for any services, make a donation, register for an event, or make an enquiry for other services whether in person, by phone, through our website or otherwise; send us your comments or suggestions; subscribe to any newsletter or other publication; and request information, including brochures.
Data submitted as part of the D&I in Grocery Programmer diversity surveys is collected anonymously on an annual basis. The data is reviewed on a group level. Once reviewed, the anonymous individual records of data are destroyed.
How we collect your corporate information for the D&I in Grocery Programme
Your corporate data will include data you provide (or later amend), whether: from the onboarding process and/or Maturity Model completion process; verbally to us over the phone or in-person; by filling in any field or form on the website; by filling in any printed form we provide you with; by e-mail; from documents you provide us with; and from updates to any information you provide from time to time.
Data obtained from third parties
We may obtain personal data concerning you from third parties, including other charities and their intermediaries; credit, fraud, identity and other searches we may undertake, including searches with public records and regulatory and private organisations; from any business or organisation you are associated with; from telephone numbers identified by the telephone system when you telephone us.
Data generated by us
We and any trusted service partners working for us may generate personal data relating to you, including in connection with responding to and dealing with any enquiry, donation, application for services, information request, suggestion or complaint; or in performing any services, donation, event or other contract with you; or through the analysis of your personal data or data gained from your use of our website. Our trusted third party Helpline partners may record telephone calls with you.
By visiting and using our website you or your computer may provide personal data. This includes:
- Information which is automatically provided by your browser to our servers
- Information recorded on our web servers about your interaction with our website and pages viewed
- Information we capture or place on your computer or generate using cookies or other technologies on our website
- Information you input into forms and fields on our website
We use ‘cookies’ to help our website run efficiently, please see the ‘Cookies’ section 13 below.
6. The legal basis for using your information
In most cases, we will only use your personal information where we have your consent or because we need to use it in order to fulfil a transaction with you, for example because you have purchased an item in our Online Auction on our website. There are also other lawful reasons that allow us to process your personal information and one of those is called ‘legitimate interests’. This means that the reason that we are processing information is because there is a legitimate interest for GroceryAid to process your information to help us to achieve our vision of helping as many people as possible who are in need in the grocery industry.
If we process your Personal Information under the ‘legitimate interest’ lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that these are adversely affected. Some examples of where we have a legitimate interest to process your Personal Information are if we contact you about our work, use your personal information for carrying out research to better understand who our supporters are, for our legal purposes (for example, dealing with complaints), or for complying with guidance from the Charity Commission.
For the D&I in Grocery Programme, data processing is necessary for the purposes of ensuring the Programme provides equality of opportunity for underrepresented groups. An example of this would be the mentoring cohort, this should be made up of mentees from underrepresented groups. This information is reviewed annually.
Marketing is vital to ensure GroceryAid raises money to help those in need and to raise our profile in the grocery industry.
We want to improve how we talk to you and the information we provide through our website, services, products and information. To do this we sometimes use profiling and screening methods so that we can better understand our supporters, your preferences and needs, to provide a better experience for you.
We may carry out targeted fundraising activities using profiling techniques based on the information that we hold about you. We may also work with third party organisations that provide additional insight; this may include general information about you that is publicly available.
This information can be appended to the information that you have provided which allows us to use our resources more effectively by better understanding the background of our supporters and making appropriate requests based on what may interest them and their capacity to give.
8. Safety of your information
We are committed to doing what we reasonably can to keep your personal data secure, and have put in place appropriate technical and organisational measures against unauthorised or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data. We have accordingly implemented security policies, rules and technical measures with a view to achieving this.
Unfortunately the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site. We recommend that you encrypt any sensitive personal information sent to us.
For your own privacy protection, we encourage you to maintain anti-virus and other malware protection software on your computers and other devices, and to maintain your own measures to protect your personal data. Please do not include sensitive personal data in any e-mails you may send to us, including payment card information. We recommend that you encrypt any sensitive personal information sent to us. We also encourage you to be careful about whom you give personal data to. Please let us know if someone purports to contact you in our name and you have reason to be suspicious.
Any debit or credit card details which we receive on our website are passed securely to PayPal our payment processing partner, according to the Payment Card Industry Data Security Standard. You can find out more information about PCI DSS here: https://www.pcisecuritystandards.org/pci_security
9. Sharing your information
The personal information we collect about you will mainly be used by our staff and volunteers at GroceryAid, as well as our trusted service partners, so that they can support you.
We do not sell or share your personal information, or web browsing activity, with other organisations. We may share your information with our trusted Helpline partners who work with us or on our behalf to deliver our services, but processing of this information is always carried out under our instruction. We make sure that they store the data securely, delete it when they no longer need it and never use it for any other purposes.
For those who book to attend our events, we may use your personal data in the following ways:
1. To process your booking, including to take payment of any booking fee due
2. GroceryAid and third party companies associated with the event you have registered for may contact delegates for the organisation and administration of the event. Data will not be shared with any other third party
3. The name and company of attendees may be placed on an attendee list for each event. This list may be provided to all delegates for them to see who is at the event for the purpose of networking and meetings
4. To gather feedback from delegates and to undertake post-event evaluation
If GroceryAid arranges your travel and/or accommodation for an event, we may need to ask you for additional personal information such as a copy of your passport and we may share this information with third parties such as hotels, travel companies or airlines. We will only collect and use your personal information in this way if we are satisfied that we (or a relevant third party) have a legitimate interest to do so in order to make travel and accommodation arrangements for you. On some occasions, your personal data may be transferred outside of the European Economic Area (EEA) for these purposes. GroceryAid will continue to be responsible for ensuring that your privacy rights are protected and we will ensure that appropriate safeguards are in place whenever personal data is transferred outside the EEA.
Within the D&I in Grocery Programme, your diversity data is collected anonymously and shared on a group level within GroceryAid and our Steering Groups to review representation and ensure equality of opportunity across the Programme.
Within the D&I in Grocery Maturity Model, the only score to be shared in the public domain is the industry score. Your individual score/s can only be viewed by you.
10. How long we hold your information for
We only keep your personal information for as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations (for example, the collection of Gift Aid).
For the D&I in Grocery Programme, we only keep your corporate information for as long as it is reasonable and necessary for the relevant activity. For example, the industry score for the Maturity Model.
11. Your individual rights
You have various rights in respect of the personal information we hold about you, which are detailed below. If you wish to make use of any of these rights or make a complaint, you can do so by contacting us at GroceryAid, 2 Lakeside Business Park, Swan Lane, Sandhurst GU47 9DN, by telephone on 01252875925 or by email to [email protected]
- Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision-making. You can make a request for access free of charge. Please make all requests for access in writing, and provide us with evidence of your identity
- Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on these grounds. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection
- Consent: If you have given us your consent to use personal information (for example, for marketing or receiving grants), you can withdraw your consent at any time
- Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you
- Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it
- Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred
- Restriction: You can ask us to restrict the personal information we use about you, where you have asked for it to be erased or where you have objected to our use of it
- Automated-decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making
Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request.
12. What laws we comply with
We process your personal data in accordance with the following data protection law(s): The EU General Data Protection Regulation 2018 (which covers protection of personal data generally) and
The Privacy and Electronic Communications (EC Directive) Regulations (PECR) 2003 of England and Wales (which covers, among other things, the use of telephone numbers and email addresses for unsolicited direct marketing).
Our regulator is the UK Information Commissioner: https://ico.org.uk/ We also comply generally with the laws of England and Wales in relation to the processing of your personal data, and not any other laws.
We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority); or, in order to enforce our Terms and Conditions.
A cookie is a small amount of data sent to your computer or mobile phone from a website. This means the website can recognise your device (your computer or mobile phone) if you return to the same site.
A cookie often includes a unique identifier, which is a randomly generated number. This is stored on your device’s hard drive. Many cookies are automatically deleted after you finish using a website.
Cookies are not programs and do not collect information from your device.
Cookies make your experience of using websites faster and easier. They allow websites to create a customised view of pages to which you navigate. For example, they are commonly used to authenticate or identify registered users of a website without requiring them to sign in each time they access it. Other uses include maintaining a ‘shopping basket’ of goods a user has chosen to purchase, site personalisation (presenting different pages to different users) and tracking the pages a user has visited on a site for analysis purposes.
Cookies may come with or without an expiry date. Cookies without an expiry date exist until the browser is closed, while cookies with an expiry date may be stored by the device until the expiry date passes.
You can restrict or block cookies set by GroceryAid but this may limit your use of some functionality, core pieces of content will still be possible even with cookies disabled.
How to manage your cookies
Cookies are sent to your browser (whether you use Internet Explorer, Google Chrome, Safari or any other browser) by a website and then stored in the cookies directory of your device.
To check and update your cookies settings, you will need to know what browser you are using and what version of it you have. You can usually find this out by opening the browser (just as if you were going to use the internet) and then clicking on ‘Help’ and then ‘About’. This will give you information about the browser version you are using.
To find out how to allow, block, delete and manage the cookies on all standard web browsers, go to http://www.aboutcookies.org.uk/ and select the browser and version you are using. You’ll also find information about how to delete cookies from your computer.