Sign up for our email newsletter to get our latest news in your inbox
This policy will explain:
SSAFA, the Armed Forces charity is the data controller. This means the organisation decides how your personal data is processed and for what purposes. Our contact details can be found here.
Personal data relates to information about a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession, or likely to come into such possession. From 25 May 2018, the processing of personal data is governed by the General Data Protection Regulation (GDPR).
SSAFA complies with its obligations under relevant legislation. This means we keep personal data up to date; by storing and destroying it securely. We don’t collect or retain excessive amounts of data; we protect personal data from loss, misuse, unauthorised access and disclosure, whilst ensuring that appropriate technical measures are in place to protect personal data. However, you should know that when using our services we are subject to other areas of legislation, particularly in the areas of Adoption, Health and Social Care.
- To enable us to provide a voluntary service for the benefit of the public in a particular geographical area, as specified in our constitution
- To administer our supporters’ records
- To fundraise and promote the interests of the charity
- To manage our employees and volunteers
- To maintain our own accounts and records (including the processing of Gift Aid applications)
- To inform you of news, events, activities and services provided by SSAFA
- Health and Social care
- Adoption services.
- For employees we use the basis of ‘Contract’ and for volunteers, we use legitimate interest and this includes the application process.
- For the provision of services to an individual or group, SSAFA uses legitimate Interest. This includes all application processes.
- For the process of fundraising where interest has already been expressed in SSAFA, Legitimate Interest is utilised for non-electronic communication, otherwise Explicit consent of the data subject is required, with the exception of corporate partnership contacts.
- Where a service is provided by SSAFA and sensitive data is required, this is done under Article 9 of the General Data Protection regulations and there is no disclosure to a third party without prior consent.
Your personal data will be treated as strictly confidential and will only be shared with other teams in SSAFA in order to carry out a service or for purposes connected with the charity. We will only share your data with third parties outside of the charity with your prior consent.
We keep data in accordance with the guidance set out in the appendix to this notice.
Unless subject to an exemption under legislation, you have the following rights with respect to your personal data: -
- The right to request a copy of your personal data which SSAFA holds about you
- The right to request that SSAFA corrects any personal data if it is found to be inaccurate or out of date
- The right to request your personal data is erased where it is no longer necessary for SSAFA to retain such data
- The right to withdraw your consent to SSAFA processing your data at at any time
- The right to request that SSAFA provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [This only applies where the processing is based on consent or is necessary for the performance of a contract and in either case the data controller processes the data by automated means]
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
- The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
- The right to lodge a complaint with the Information Commissioners Office.
If you wish to exercise any of these rights please contact the SSAFA Data Protection Officer in writing at SSAFA, the Armed Forces charity, Queen Elizabeth House, 4, St Dunstan’s Hill, London, EC3R 8AD or by emailing firstname.lastname@example.org.
We will use the information you provide to:
- Fulfil your requests – such as applications for employment, donations, competition entries, participation in campaigns and provision of information
- Process your sales transactions, donations, or other payments and verify financial transactions that you complete
- Handle orders, deliver products and communicate with you about orders
- Provide a personalised service to you when you visit our websites – this could include customising the content and/or layout of our pages for individual users, for both visitors and contributors
- Record any contact we have with you
- Prevent or detect fraud or abuses of our websites and services, as well as enable third parties to carry out technical, logistical or other functions on our behalf
- To carry out research on the demographics, interests and behaviour of our beneficiaries, donors and supporters. This will help us gain a better understanding of different audiences and enable us to improve our service. This research may be carried out internally by our employees or we may ask another company to do this work for us. Data will be anonymised to protect your data rights for research purposes
- Communicate with you, as our supporters, donors or beneficiaries, including providing you with information that may be of interest to you.
Information on specific areas where personal data processes differ from the norm can be found on the links below:
- Adoption Service
- Forces Additional Needs and Disability Forum (FANDF)
- Glasgow’s Helping Heroes
- Health and Social Care
- Human Resources
We will only share your information if:
- We are legally required to do so, e.g. by a law enforcement agency legitimately exercising a power or if compelled by an order of the Court.
- We believe it is necessary to protect or defend our rights, property or the personal safety of our people or visitors to our premises or websites
- We are working with a carefully-selected partner that is carrying out work on our behalf. These partners may include mailing houses, marketing agencies, IT specialists and research firms. The kind of work we may ask them to do includes processing, packaging, mailing and delivering purchases, answering questions about products or services, sending postal mail, emails and text messages, carrying out research or analysis and processing card payments. We only work with partners we can trust
We will only pass personal data to them if they have signed a contract that requires them to:
- Abide by the requirements of all relevant data protection and privacy legislation
- Treat your information as carefully as we would;
- Only use the information for the purposes it was supplied (and not for their own purposes or the purposes of any other organisation); and
- Allow us to carry out checks to ensure they are doing all these things.
Information is stored by us on computers located in the UK. We may transfer the information to other offices and to other reputable third-party organisations as explained above –your information will not be passed outside of the European Economic Area. We may also store information in paper files, that are held in secured locations.
We place a great importance on the security of all personally identifiable information associated with our supporters, partners and beneficiaries, which is only accessed by authorised personnel. We have security measures in place to protect against the loss, misuse and alteration of personal data under our control. We use secure server software (SSL) to encrypt financial and personal information you have shared, before it is sent to us. While we cannot ensure or guarantee that loss, misuse or alteration of data will not occur while the data is under our control, we use our best efforts to try to prevent this.
Where you or we have provided a password enabling you to access parts of our websites or use our services, it is your responsibility to keep this password confidential. Please don't share your password with anyone.
We will keep your information only for as long as we need it to provide you with the goods, services or information you have required. We’ll use this data to manage your relationship with SSAFA, to inform our research or your marketing preferences, to comply with the law, or to ensure we do not communicate with people that have asked us not to. When we no longer need this information, we will always dispose of it securely, using specialist companies if necessary to do this work for us.
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with an update explaining this new use prior to starting any data processing, including setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new data processing.
To exercise all relevant rights, queries or complaints please in the first instance contact:
SSAFA’s Data Protection Officer or write to DPO at Queen Elizabeth House 4 St Dunstan’s Hill, London, EC3R 8AD.
If your complaint has not been resolved, you can also contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.