Privacy and Cookie Policy

This privacy notice is designed to tell you, as the user of our services – whether that’s because you receive our newsletters or mailings about our events, because we share information with you, or any other activities – about how we collect, use and disclose personal and other information about you, your enterprise or your organisation. You may provide this information to us via our website or through other means like an email or a phone call.

Our full privacy notice is detailed below, but the main points to note are:

  • We will only ever ask for what we really need to know.
  • We will collect and use the personal data that you share with us lawfully, transparently, honestly and fairly.
  • We will always respect your choices around the data that you share with us and the communication channels that you ask us to use.
  • We will put appropriate security measures in place to protect the personal data that you share.
  • We will never sell your data.
  • We will only keep it as long as necessary for the purposes we have told you about

A quick note on terminology: when we use the phrases “we” or “us” in this notice, they refer only to THE WHATEVER IT TAKES ORGANISATION a Company Limited By Guarantee in England and Wales, Company Number 11928188, at 71.75 Shelton Street, Covent Garden, London, England, WC2H 9JQ (“WIT”).

Your information: what we collect, use, keep and share

The way we manage the information we might collect about you depends on the capacity in which you contact us, whether you’re a stakeholder, partner or professional, a member of the public, someone who may benefit from our services or a donor. In the links below, we explain how this works for you:

 

The types of personal information we hold on you might include:

  • Your full name and salutation
  • Your job title
  • The name and address of the organisation you work for or are associated with
  • Your organisation email address
  • Financial information (billing details, card details), where necessary for invoicing purposes
  • Your organisation telephone number.
  • If you work for an organisation, sometimes we also store brief notes about where you may have worked before, any specific preferences you have told us about and your main areas of expertise (e.g. research, policy).
  • Other information that you may provide in surveys and interviews with individuals and organisations from the sector.
  • Website traffic and newsletter readings: we also store some information to enable us to see how popular pages on our website are and news items in our newsletters. This typically involves assessing aggregate level information, such as IP addresses. Analysing this information allows us to tailor our services to meet your needs.
  • Device information:we may collect information about the device you are using to access our services on, including what type of device it is, what operating system you are using, device settings, application IDs, unique device identifiers, and crash data. Whether we collect some or all of this information often depends on what type of device you are using and its settings. Collecting this information enables us to optimise our website for the device you are using.

We will use your information to:

  • ensure that the content of the website is presented in the most effective manner for you and for your device;
  • customise our services to your preferences;
  • provide information, products and services to you;
  • carry out and administer any obligations arising from any agreements entered into between you and us;
  • if you have signed up for an event with us we will contact you with information on that event;
  • manage your marketing preferences;
  • review your application to become a volunteer and to assist you with being a volunteer for us;
  • contact you and notify you about changes to our services or the services we offer;
  • manage your registration with us (if any) and provide you with customer support;
  • analyse how our services are used and to identify trends;
  • administer our services and for internal operations, including troubleshooting, information analysis, testing, research, statistical and survey purposes.

Our current information retention policy is to delete or destroy (to the extent we are able to) the personal information we hold about you in accordance with the following:

  • Records relevant for tax purposes e.g. billing information: Eight years from the end of the tax year to which the records relate.
  • Personal information processed in relation to a contract between you and us: Seven years from either the end of the contract or the date you last used our services, being the length of time following a breach of contract in which you are entitled to make a legal claim.
  • Personal information held on marketing or business development records: Three years from the last date on which you interacted with us.

For any category of personal information not specified above, and unless otherwise specified by applicable law, the required retention period for any personal information will be deemed to be seven years from the date of receipt by us of that information.

The retention periods stated in this Notice can be prolonged or shortened as may be required (for example, in the event that legal proceedings apply to the information or if there is an on-going investigation into the information).

We review the personal information (and the categories of personal information) we are holding on a regular basis to ensure the information we are holding is still relevant to our business and is accurate. If we discover that certain information we are holding is no longer necessary or accurate, we will take reasonable steps to correct or delete this information as may be required.

You always have the right to request that personal information we hold about you is amended or deleted, please refer to the Your Rights section.

We do not disclose any information you provide to any third parties, other than as follows:

  • where you have opted to share any of your information with any other user of our services or third party, you authorise us to deliver that content via email or other communication system. We also store some information on a secure database called “Salesforce”;
  • where we run a joint event with another organisation. We would only share personal information that is necessary in order to run the event.
  • Where we may engage third party companies or individuals, such as third party payment processors, mailing houses etc, to process information on our behalf.
  • where information such as email addresses is passed to MicroNet Infotech LTD who provide us with technical support;
  • where we carry out research to gain an insight into the use of our services, the results of this research (but not your personal information itself) may be transferred to interested third parties;
  • if we are under a duty to disclose or share your personal information in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
  • in order to enforce any terms and conditions or agreements for our services that may apply;
  • we may transfer your personal information to a third party if we merge or restructure but we will take steps to ensure that your privacy rights continue to be protected;
  • to protect our rights, property and safety, or the rights, property and safety of our users or any other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Where we do supply your personal information to a third party we will take steps to ensure that your privacy rights are protected and that third party complies with the terms of this notice.

 

The types of personal information we hold on you might include:

  • Your full name and salutation
  • Your job title (if relevant)
  • Your address
  • The name and address of the organisation you work for or are associated with (if relevant)
  • Your email address (this may be your personal or organisation email)
  • Your telephone number (again, this may be your personal or organisation telephone number).
  • Information about your family, health and other life circumstances (if you choose to provide it).
  • If you work for an organisation, sometimes we also store brief notes about where you may have worked before, any specific preferences you have told us about and your main areas of expertise (e.g. research, policy).
  • Other information that you may provide in surveys and interviews with individuals and organisations from the sector.
  • Website traffic and newsletter readings: we also store some information to enable us to see how popular pages on our website are and news items in our newsletters. This typically involves assessing aggregate level information, such as IP addresses. Analysing this information allows us to tailor our services to meet your needs.
  • Device information: we may collect information about the device you are using to access our services on, including what type of device it is, what operating system you are using, device settings, application IDs, unique device identifiers, and crash data. Whether we collect some or all of this information often depends on what type of device you are using and its settings. Collecting this information enables us to optimise our website for the device you are using.

We will use your information to:

  • ensure that the content of the website is presented in the most effective manner for you and for your device;
  • customise our services to your preferences;
  • provide information to you;
  • carry out and administer any obligations arising from any agreements entered into between you and us;
  • if you have signed up for an event with us we will contact you with information on that event;
  • manage your marketing preferences;
  • review your application to become a volunteer or for a job role;
  • to assist you with being a volunteer for us;
  • administer our services and for internal operations, including troubleshooting, information analysis, testing, research, statistical and survey purposes.

Our current information retention policy is to delete or destroy (to the extent we are able to) the personal information we hold about you in accordance with the following:

  • Personal information held on marketing or business development records: Three years from the last date on which you interacted with us.
  • Content of emails we receive when you contact us via www.whateverittakesuk.com/contact: Six months from the last date on which you interacted with us.

For any category of personal information not specified above, and unless otherwise specified by applicable law, the required retention period for any personal information will be deemed to be seven years from the date of receipt by us of that information.

The retention periods stated in this Notice can be prolonged or shortened as may be required (for example, in the event that legal proceedings apply to the information or if there is an on-going investigation into the information).

We review the personal information (and the categories of personal information) we are holding on a regular basis to ensure the information we are holding is still relevant to our business and is accurate. If we discover that certain information we are holding is no longer necessary or accurate, we will take reasonable steps to correct or delete this information as may be required.

You always have the right to request that personal information we hold about you is amended or deleted, please refer to the Your Rights section.

We do not disclose any information you provide to any third parties other than as follows:

  • where you have opted to share any of your information with any other user of our services or third party, you authorise us to deliver that content via email or other communication system. We also store some information on a secure database called “Salesforce”;
  • where we run a joint event with another organisation. We would only share personal information that is necessary in order to run the event.
  • Where we may engage third party companies or individuals, such as third party payment processors, mailing houses etc, to process information on our behalf.
  • where information such as email addresses is passed to MicroNet Infotech LTD who provide us with technical support;
  • if we are under a duty to disclose or share your personal information in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
  • we may transfer your personal information to a third party if we merge or restructure but we will take steps to ensure that your privacy rights continue to be protected, (this only applies to information that hasn’t already been deleted under the provision stated in the section above;
  • to protect our rights, property and safety, or the rights, property and safety of our users or any other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Where we do supply your personal information to a third party we will take steps to ensure that your privacy rights are protected and that third party complies with the terms of this notice.

 

The types of personal information we hold on you might include:

  • Your full name and salutation (if you choose to provide it)
  • Your address (if you choose to provide it)
  • Your email address and/or telephone number (depending on how you want us to contact you)
  • Information about your family, health and other life circumstances (if you choose to provide it)
  • Other information that you may provide in surveys and interviews with individuals and organisations from the sector.
  • Website traffic and newsletter readings: we also store some information to enable us to see how popular pages on our website are and news items in our newsletters. This typically involves assessing aggregate level information, such as IP addresses. Analysing this information allows us to tailor our services to meet your needs.
  • Device information: we may collect information about the device you are using to access our services on, including what type of device it is, what operating system you are using, device settings, application IDs, unique device identifiers, and crash data. Whether we collect some or all of this information often depends on what type of device you are using and its settings. Collecting this information enables us to optimise our website for the device you are using.

We will use your information to:

  • provide information/advice to you;
  • ensure that the content of the website is presented in the most effective manner for you and for your device;
  • customise our services to your preferences;
  • carry out and administer any obligations arising from any agreements entered into between you and us.

Our current information retention policy is to delete or destroy (to the extent we are able to) the personal information we hold about you in accordance with the following:

For any category of personal information not specified above, and unless otherwise specified by applicable law, the required retention period for any personal information will be deemed to be seven years from the date of receipt by us of that information.

The retention periods stated in this Notice can be prolonged or shortened as may be required (for example, in the event that legal proceedings apply to the information or if there is an on-going investigation into the information).

We review the personal information (and the categories of personal information) we are holding on a regular basis to ensure the information we are holding is still relevant to our business and is accurate. If we discover that certain information we are holding is no longer necessary or accurate, we will take reasonable steps to correct or delete this information as may be required.

You always have the right to request that personal information we hold about you is amended or deleted, please refer to the Your Rights section.

We do not disclose any information you provide to any third parties other than as follows:

  • where you have opted to share any of your information regarding a potential referral to a WIT Programme, you authorise us to deliver that information via email or other communication system to that WIT Programme. We also store some information on a secure database called “Salesforce”;
  • where information such as email addresses is passed to MicroNet Infotech LTD who provide us with technical support;
  • if we are under a duty to disclose or share your personal information in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
  • we may transfer your personal information to a third party if we merge or restructure but we will take steps to ensure that your privacy rights continue to be protected, (this only applies to information that hasn’t already been deleted under the provision stated in the section above;
  • to protect our rights, property and safety, or the rights, property and safety of our users or any other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Where we do supply your personal information to a third party we will take steps to ensure that your privacy rights are protected and that third party complies with the terms of this notice.

 

The types of personal information we hold on you might include:

  • Your full name and salutation
  • Your job title
  • Your address
  • The name and address of the organisation you work for or are associated with (if relevant)
  • Your email address (this may be your personal or organisation email)
  • Financial information (billing details, card details, donation information)
  • Your telephone number (again, this may be your personal or organisation telephone number).
  • If you work for an organisation, sometimes we also store brief notes about where you may have worked before, any specific preferences you have told us about and your main areas of expertise (e.g. research, policy).
  • Other information that you may provide in surveys and interviews with individuals and organisations from the sector.
  • Website traffic and newsletter readings: we also store some information to enable us to see how popular pages on our website are and news items in our newsletters. This typically involves assessing aggregate level information, such as IP addresses. Analysing this information allows us to tailor our services to meet your needs.
  • Device information:we may collect information about the device you are using to access our services on, including what type of device it is, what operating system you are using, device settings, application IDs, unique device identifiers, and crash data. Whether we collect some or all of this information often depends on what type of device you are using and its settings. Collecting this information enables us to optimise our website for the device you are using.

We will use your information to:

  • ensure that the content of the website is presented in the most effective manner for you and for your device;
  • customise our services to your preferences;
  • provide information and services to you;
  • assist in the administration of the services you use;
  • assist in making general improvements to our services;
  • carry out and administer any obligations arising from any agreements entered into between you and us;
  • if you have signed up for an event with us we will contact you with information on that event, fundraising tips and training hints;
  • administer your donations or support your fundraising efforts;
  • process Gift Aid on donations;
  • manage your marketing preferences;
  • review your application to become a volunteer and assist you with being a volunteer for us;
  • contact you and notify you about changes to our services or the services we offer;
  • manage your registration with us (if any) and provide you with customer support;
  • analyse how our services are used and to identify trends;
  • administer our services and for internal operations, including troubleshooting, information analysis, testing, research, statistical and survey purposes.

Our current information retention policy is to delete or destroy (to the extent we are able to) the personal information we hold about you in accordance with the following:

  • Records relevant for tax purposes e.g. billing or Gift Aid information: Eight years from the end of the tax year to which the records relate.
  • Personal information processed in relation to a contract between you and us: Seven years from either the end of the contract or the date you last used our services, being the length of time following a breach of contract in which you are entitled to make a legal claim.
  • Personal information held on marketing or business development records: Three years from the last date on which you interacted with us.
  • Content of emails we receive when you contact us via www.whateverittakesuk.com/contact: Three years from the last date on which you interacted with us.

For any category of personal information not specified above, and unless otherwise specified by applicable law, the required retention period for any personal information will be deemed to be seven years from the date of receipt by us of that information.

The retention periods stated in this Notice can be prolonged or shortened as may be required (for example, in the event that legal proceedings apply to the information or if there is an on-going investigation into the information).

We review the personal information (and the categories of personal information) we are holding on a regular basis to ensure the information we are holding is still relevant to our business and is accurate. If we discover that certain information we are holding is no longer necessary or accurate, we will take reasonable steps to correct or delete this information as may be required.

You always have the right to request that personal information we hold about you is amended or deleted, please refer to the Your Rights section.

We do not disclose any information you provide to any third parties other than as follows:

  • where you have opted to share any of your information with any other user of our services or third party, you authorise us to deliver that content via email, or other communication system. We also store some information on a secure database called “Salesforce”;
  • where we run a joint event with another organisation. We would only share personal information that is necessary in order to run the event.
  • where we may engage third party companies or individuals, such as third party payment processors, mailing houses etc, to process information on our behalf.
  • where information such as email addresses is passed to MicroNet Infotech LTD who provide us with technical support;
  • if we are under a duty to disclose or share your personal information in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
  • in order to enforce any agreements for our services that may apply;
  • we may transfer your personal information to a third party if we merge or restructure but we will take steps to ensure that your privacy rights continue to be protected, (this only applies to information that hasn’t already been deleted under the provision above;
  • to protect our rights, property and safety, or the rights, property and safety of our users or any other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Where we do supply your personal information to a third party we will take steps to ensure that your privacy rights are protected and that third party complies with the terms of this notice.

 

 

Legal basis on which we use personal information

Personal information we hold about you will be collected/used either because:

  • you have consented or explicitly consented to the use for the specific purposes described in this notice or via a separate document;
  • the use is necessary in order for us to perform our obligations under a contract between you and us;
  • we need to comply with a legal obligation;
  • it is in yours or another person’s vital interests (including where you or the other person may not be able to give consent);
  • it is necessary to perform a public interest task;
  • the use is necessary in pursuit of a “legitimate interest”, a legitimate interest in this context means a valid interest we have, or a third party has, in use of your personal information which is not overridden by your interests in privacy and security. For example, when contacting you because you work for an organisation and want to engage with us. We will use personal information to administer our relationship with you and deliver the services you have told us you wish to use or to send you information that you have requested. We may also offer you the opportunity to receive additional information about our activities or those of our members, supporters, service providers and partners.

 

Ways we may collect your personal information, including from third parties

 We may collect the following personal information (information that can be uniquely identified with you) about you in the following ways:

  • information provided to sign up to any of our services, such as receiving member briefings and updates, joining email lists and networks, or taking part in workshops, conferences and seminars;
  • information you may have created or provided through your use of our services, including by email;
  • payment information you may provide, or we may need to collect, when you make a donation to us;
  • a record of any correspondence between you and us;
  • replies to any surveys or questionnaires that we may use for research purposes;
  • details of your visits to the website, the resources and pages that you access and any searches you make;
  • any information we may require from you when you report a problem or complaint;
  • the number of communications you make with us;
  • taking photos or making audio or video recordings;
  • information you may have provided when requesting advice/guidance.

 

We may collect information when you choose to supply it to us but please note there may be instances where we process your personal information which has been provided to us by a third party.

Examples of such personal information and where we obtain such information are as follows<:/p>

  • When you donate to us e.g. via Just Giving;
  • When you sign up to an event e.g. Eventbrite;
  • When you subscribe to a newsletter e.g. MailChimp;
  • When you respond to a survey using e.g. Survey Monkey.

If we do obtain your personal information from a third party your privacy rights under this notice are not affected and you are still able to exercise the rights contained within this notice.

You do not have to supply any personal information to us but our services may not be operable without the provision of personal information. You may withdraw our authority to process your personal information (or request that we restrict our use) at any time (but our services may not be fully operable should you do so).

 

How do we protect the security

We will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard the information we collect from you and protect against unlawful access and accidental loss or damage.

We will ensure that our employees are aware of their privacy and information security obligations. We will take reasonable steps to ensure that the employees of third parties working on our behalf are aware of their privacy and information security obligations.

This notice and our procedures for handling personal information will be reviewed on a regular basis.

Although we will do our best to protect your personal information, because the transmission of information via the internet is not completely secure, we cannot guarantee the security of your information transmitted to the website or via email; any transmission is at your own risk. Once we have received your information, we will use our strict procedures and security features to try to prevent unauthorised access.

 

How we use cookies

Our website uses cookies to provide you with a good experience when you browse our website. Cookies also help us to improve our website.

A cookie is a small file of letters and numbers that is stored on your browser or device. Cookies contain information that is transferred to your computer’s hard drive. Cookies cannot be used by themselves to identify you.

We use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

 

How to control cookies

You can restrict or block cookies using your browser settings. For instructions on how to control or disable cookies, please visit https://www.aboutcookies.org.uk/

 

Your rights and contacting us

  • If you would like to update your personal information, or let us know the personal information we hold is incorrect, you can do so by contacting us on the details below.
  • You have a right to know how we protect your personal information (as set out in this policy).
  • You always have the right to unsubscribe from our newsletter or any other services where we rely on your consent for holding your personal information. We will ensure you are unsubscribed as soon as possible, but at least within one month.
  • You also have a right to restrict our use of your personal information and the right to object to your personal information being processed, please contact us on the details below if you wish to do so.
  • You have the right to ask us to stop using your personal information in certain ways (as set out in the notice).
  • You have the right to ask us to delete your personal information. Unless we have reasonable grounds to refuse to delete your personal information, we will securely delete the personal information in question within one month. The personal information may continue to exist in certain backup, but we will take steps to ensure that it will not be accessible.
  • You have the right to request access to the personal information that we hold about you.
  • We will endeavour to comply with such requests as soon as possible but in any event we will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).
  • If a breach is likely to result in a risk to your information rights and freedoms, we will notify you as soon as possible and we may also report it to the ICO.
  • If we are unable to resolve any issues you may have or you would like to make a further complaint, you can contact the ICO by visiting http://www.ico.org.uk/for further assistance.
  • Please also feel free to contact us if you have any questions about our Privacy Notice or working practices by email on info@whateverittakesuk.com

 

Transferring your information outside Europe

WIT’s operations are based in the UK and we store our data in the UK. However, as part of the services offered to you, we will sometimes use third-party platforms to collect and process information, whose servers may be located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Notice (e.g. that the servers adhere to the Privacy Shield Framework).

The third-party platforms we use include:

All of these platforms have the EU/US Privacy Shield Certification, which provides appropriate safeguards to individuals’ personal data.

 

Retention of Records and Data for WIT Employees

Type of employment record

Format and location

Retention period or recommendation

1.  Job applications and interview records of unsuccessful candidates

Paper or electronic

Six months after notifying unsuccessful candidates (unless candidate was asked if they wanted we to retain their information in the event of future vacancies). 

2.  Personnel and training records

Paper or electronic

While employment continues and up to six years after employment ends

3.  Written particulars of employment, contracts of employment, and changes to terms and conditions

Paper or electronic

While employment continues and up to six years after employment ends

4.  Working time opt-out forms

Paper or electronic, originals are not required by the WTR 1998

While employment continues and for six years after employment ceases

5.  Records to show compliance with the WTR 1998

Paper or electronic

While employment continues and for six years after employment ceases

6. ; Annual leave records

Paper or electronic

Six years or possibly longer if leave is carried over from year to year

7.        Payroll and wage records for unincorporated businesses

Paper or electronic

Five years after 31 January following the year of assessment

8.  Payroll and wage records for companies

Paper or electronic

Six years from the financial year-end in which payments were made

9.  PAYE records

Paper or electronic

Not less than three years after the end of the tax year to which they relate

10.  Collective workforce agreements and past agreements that could affect present employees

Paper or electronic

Permanently

11.  Works Council minutes

Paper or electronic

Permanently

12.  Maternity records

Paper or electronic

Three years after the end of the tax year in which the maternity pay period ends

13.  Sickness records required for the purposes of SSP

Paper or electronic

Three years after the end of the tax year in which payments are made

14.  Current bank details

Paper or electronic

As long as a staff member is on payroll.

15.  Record of advances for season tickets and loans to employees

Paper or electronic

While employment continues and up to six years after repayment

16.  Death Benefit Nomination and Revocation Forms

Paper or electronic

While employment continues or up to six years after payment of benefit

17.  Any reportable death, specified injury, disease or dangerous occurrence that requires reporting the H&S Executive under RIDDOR;

Paper or electronic

For six years after date of incident

18.  All occupational injuries where a worker is away from work or incapacitated for more than three consecutive days.

 

For six years after date of incident

19.  Any records made in the accident book that relate to students, whether reportable under RIDDOR or not.

Paper or electronic

While engagement continues and for six years after employment ceases

20.  Records in relation to hours worked and payments made to workers

Paper or electronic

For as long as the data is being processed and up to 6 years afterwards

21.  Consents for the processing of personal and sensitive data

Paper or electronic

Should be deleted following recruitment process unless assessed as relevant to on-going employment relationship. Once the conviction is spent, should be deleted unless it is an excluded profession

22.  Any Disclosure and Disbarring Service (DBS) checks and disclosures of criminal records forms

Paper

Two years after the termination of employment

 

Notification of changes to this notice

We will post details of any changes to our policy on the website to help ensure you are always aware of the information we collect, how we use it, and in what circumstances, if any, we share it with other parties.