Who we are
For details about who Brent Lodge Bird & Wildlife Trust are, please see our about us page.
Our website address is: https://www.brentlodge.org.
Brent Lodge Bird & Wildlife Trust is the “Data Controller” of personal information submitted to this website. This means that Brent Lodge Bird & Wildlife Trust is responsible for deciding how and why your submitted data is processed.
The individual who is currently performing the role of “Data Protection Officer” is Rob Knight (General Manager), who may be contacted about data protection matters at email@example.com
Our Supporter Promise
We promise to be honest and transparent about where the generous donations we receive are used.
Your personal data is safe with us
- We take our obligations very seriously and we will never sell your data to third party organisations.
- We will only contact you via methods that you have consented for us to use.
- You can contact us at any time if you wish to change the way we communicate you or if you want to opt out entirely from future communications.
- We sometimes collect data to build a donor profile and keep a record of donations, which helps to build an analysis of your support.
- There may be times where we use your information to contact you for research purposes, or to invite you to be involved in a project, so that we can improve and better meet the needs of our beneficiaries.
- From to time to time we may contact you to prompt you to update your contact details.
- Giving a donation is always your choice. We will never put any pressure on you to make a gift and we will respect your choice if you do not wish to donate.
- Where you have given your consent for us to contact you, we will use your details to provide you, via our newsletter, with our fundraising communications in connection with projects and appeals.
- We do all we can to ensure fundraisers, volunteers and third party agencies working with us comply with our fundraising regulations and our Supporter promise.
- Wherever we work with any third party agencies or volunteers, we will ensure training is provided and will monitor their work closely. We will act quickly if they do not meet the high standards we set.
How to contact us
It is always important that we keep our records up to date, so please inform us of any changes to your contact details (name, address, email address or phone number). We are more than happy to help answer any queries you may have.
If you are unhappy with anything we’ve done, please rest assured that you can contact us online or by giving us a call. We will do our very best to resolve your complaint or query as quick a possible.
- Brent Lodge Data Protection Policy
- Brent Lodge Data Destruction Policy
- Brent Lodge Data Archiving Policy
What follows in the text below is intended to provide further clarity and additions to the documents linked above. In the event that the following text on this page and/or the Terms & Conditions page conflicts with information contained within the above linked documents, the information in the above linked documents should take precedence.
What personal data we collect and why we collect it
Online store customer information
We retain transaction records both online and offline, for the purpose of servicing orders and to pursue the legitimate interests of our organisation. These records are retained for the time and in the manner described in the sections below. You may request details of the information we hold about you at any time. You may also request that it is amended if inaccurate. And, you can ask that we permanently delete your information. To make such requests, please email firstname.lastname@example.org.
Brent Lodge registered supporters
If you have opted in to our email list to receive newsletters, we will use your personal details for that purpose. You are free to opt-out at any time, by clicking the ‘unsubscribe’ link on the newsletter emails you receive, or contacting us to request that we remove you.
We retain records of registered supporters offline, for the purpose of providing supporter benefits, sending newsletters and promotional material, and to pursue the legitimate interests of our organisation, such as fundraising activities. You may request details of the information we hold about you at any time. You may also request that it is amended if inaccurate. And, you can ask that we permanently delete your information. To make such requests, please email email@example.com.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
Website contact forms
When you use our contact forms to contact us, the information you provide will only be used for the purpose for which it was submitted (for example, to respond to an enquiry or to store your CV in our “talent bank”). Your data will be stored so long as is necessary for the purpose for which it was submitted.
The data submitted through the contact form may be stored privately on our website for a period of time deemed necessary to respond to your enquiry. You have the right to request details of this type of data that we hold about you, and to request it’s amendment and/or deletion. To make such a request, please email firstname.lastname@example.org.
Data submitted through contact forms may also be stored in daily backup images of our web servers, which typically lasts for 6 months. Please see below for details of our website data backup policy.
If you leave a comment on our site, you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
For details about other types of cookies that may be set by this website, please see the website terms & conditions.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We do not currently collect personal information for statistical analytics purposes.
When you use this website, the IP address of your internet connection (usually provided by your ISP) will be logged. This is deemed necessary in order to maintain the security of the website and services we offer. IP addresses may be retained in backup images of the server for a period of 6 months subsequent to the time they were recorded.
Who has access to your data
Which third parties we share your data with & where we send it
Your data may be shared with third parties when necessary to perform a service that you have requested from us. For example, when you purchase an item from our online shop and choose to pay online, your payment data is shared with the payment gateway companies we use.
Your data may be sometimes be viewed by trusted contractors, consultants or IT service providers, who are providing service or working on our website or IT systems. In these cases, your personal data would only be processed by the third parties for purposes directly related to providing service to us that is in the legitimate interests of our organisation (such as website maintenance, for example). Where necessary and appropriate, we will have a General Data Protection Regulation (GDPR) compliant “Data Processing Agreement” (DPA) in place with these third parties.
If your personal data is sent outside the UK for storage or processing, we will ensure that this occurs in a manner that complies with the requirements of the GDPR. For further information on the GDPR requirements for International Data Transfer, see here.
Currently, external companies and organisations we share your data with, or who may have access to your personal data as contractors, consultants or service providers, include:
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
We retain transaction and donation history for as long as is required for accounting and auditing purposes (typically 7 years), and for as long as considered to be in the legitimate interests of the organisation. We retain such data on this live website for a more limited time – typically no longer than 1 month from the date of completion of a transaction. Website backup data is stored as per our data backup retention policy (please see below).
How we store your data
- Online (live, public facing website): Data stored on secure UK based servers, on infrastructure of PCI compliant standard.
- Online (non-live, non-public-facing backup): Data stored on secure servers at a standards compliant UK based datacenter.
- Offline (locally at Brent Lodge): Data stored digitally on a password protected system with limited, controlled access. Paper records stored in a locked room with limited, controlled access.
Data backup retention policy
Personal data stored on this website is also stored in our daily backup images of our web servers, which typically last for 6 months.
This data is kept in a “non-live” state and stored securely. If we need to restore our backups, we will undertake to ensure that any restored personal information is treated in accordance with the storage and retention policies as laid out in this document. Essentially, this means that if your data has been amended or erased from the ‘live’ website, then we would seek to ensure that data is also deleted from a backup in the unlikely event in which that backup had to be restored to a ‘live’ state.
What rights you have over your data
You can request to receive an exported file of the personal data we hold about you on this website, including any data you have provided to us. You may also request a copy of any personal data we hold about you offline. You can also request that we erase any personal data we hold about you, both on this website and offline. This does not include any data we are obliged or entitled to keep for administrative, legal, financial, or security purposes, or for other legitimate interests of Brent Lodge Bird & Wildlife Trust.
After you have given your consent for us to use your personal information in a particular way, or to set non-necessary cookies on your device, you have the right to withdraw that consent at any time. To withdraw your consent to use non-necessary cookies, simply remove all cookies set by brentlodge.org from your devices. To withdraw your consent to use personal information, please contact email@example.com.
Your contact information
We may store your contact information on this website for the purpose for which it was provided.
For example, we store the names, email addresses and postal addresses (if required) of subscribers or registered supporters in order to send our newsletters.
You have the right to request amendment or deletion of your contact information at any time. To do so, please email firstname.lastname@example.org
How we protect your data
Our secure UK based web servers are kept patched and up-to-date and the infrastructure is rated as PCI compliant standard.
Website backups are stored securely, in a UK based datacenter.
What data breach procedures we have in place
In the event of becoming aware of a data breach, we would seek to establish what data has been exfiltrated and to inform the subjects of that data as soon as reasonably possible. We would also try to inform the Data Commissioner’s Office with 72 hours of becoming aware of a data breach. We would then take measures as are deemed appropriate to determine what happened and to make the required technical, process and policy changes as are considered necessary to minimise the likelihood of the same thing happening again.
Anyone with any information about a possible data breach, or a security vulnerability in our systems, should contact email@example.com.
What third parties we receive data from
We do not currently receive any data about our supporters or customers from third-party sources.
What automated decision making and/or profiling we do with user data
We do not currently use any automated decision making.
Supporter & Donor Profiles
We sometimes collect data from our supporters to build a donor profile and keep a record of donations, which helps us analyse where our support is coming from. This is useful to us in a number of ways – for example, if we know that a supporter is interested in certain types of projects that we may undertake, or enjoys being involved in certain types of fundraising activities, then we would be able to invite participation in those events.
You have the right to view your donor profile, to request corrections to it, and to request it’s permanent deletion. Please email such requests to firstname.lastname@example.org or write us by post.
There may be times where we use your information to contact you for research purposes, or to invite you to be involved in a project, so that we can improve and better meet the needs of our beneficiaries.
Industry regulatory disclosure requirements
We may disclose any and all personal information that we store if required to do so under UK law.
- GDPR – General Data Protection Regulation. For further information and access to the full text, see here.
- Data controller – A controller determines the purposes and means of processing personal data.
- Data processor – A processor is responsible for processing personal data on behalf of a controller.
- Data subject – Natural person
- Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
- Special categories personal data – The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
- Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Making a Complaint
To make a complaint, in the first instance please contact Rob Knight, at email@example.com or by writing to: Brent Lodge Bird & Wildlife Trust, Cow Lane, Sidlesham, PO20 7LN.
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office (ICO). The telephone number for the ICO is 03031231113. The ICO may be emailed here: https://ico.org.uk/global/contact-us/email/ . The postal address of the ICO is: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.