NAVS privacy statement
Effective date: 21 May 2018.
The purpose of this statement is to inform users of the National Anti-Vivisection Society (NAVS) website about the types of information collected, how it is collected, how it is used, if it is disclosed and the ways in which we protect users’ privacy. This privacy statement covers the websites of the National Anti-Vivisection Society (http://www.navs.org.uk). It does not cover any other website, linked or otherwise.
How we collect personal information:
We only collect personal information that you have knowingly supplied to us, and this may include any of the following (Personal information means any information capable of identifying an individual. It does not include anonymised data):
- your name
- your address
- your phone number
- your email address
- Credit card details if you have donated this way
- Bank account details for Direct Debit or standing order
- How you would like to be contacted by the NAVS
- Any other information you may choose to provide
We may also collect other information that cannot identify you personally when you visit our web site. This information includes your IP address and your domain name. This is used for system administration and statistical purposes in order to improve your online experience. We do not collect any sensitive data about you (race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
Credit card information:
If you make an online donation you go through to a third-party secure site for payment processing (the NAVS currently uses PayPal and WorldPay) information such as your credit card number and contact details are used for transaction processing. ADI does not store your financial details on our database. We hold your billing details on our server in case there are any queries regarding to your payment.
We collect the information by one of the following ways:
- A donation you have made online, by post or telephone
- A sign-up form that you have completed at an event where the NAVS has a presence
- A request you have made for information
- A request you have made for our leaflets or fundraising materials
- A purchase from our online store or catalogue
We will also keep a record of any interactions you have had with the NAVS, a history of the donations you have made and any events or fundraising activities for the NAVS that you have been involved in, and your communication preferences.
How we use your personal information and our legal basis for doing this:
We use your information to process your donation and send any information you have requested. We will send you postal communications from time to time about our work that we believe will be of interest to you. This will include fundraising appeals and newsletters. In the UK and EU, we rely on the legal basis of legitimate interest to do this. We consider we have a legitimate interest to contact you by post if you have provided your details and there is no overriding prejudice to you by our use of your data in this way. You can opt-out of these mailings at any time by calling us on 020 7630 3340 or emailing firstname.lastname@example.org
Under the Privacy and Electronic Communications Regulations, we will only send you communications by email where you have given your clear consent for us to do so. You can unsubscribe from these emails at any time by clicking on the “unsubscribe” button on the bottom of every fundraising/information email we send.
We never sell, rent or otherwise share your personal information with other charities or organisations, except to process your donation or when required by law.
Where your personal information is held:
Your personal information is held on our secure server at the NAVS office at Millbank Tower, London, SW1P 4QP. A back-up of this data is stored at the Online Support data centre at 67a Boston Manor Road, Brentford, TW8 9JQ. Where paper records are kept, they are held in locked filing cabinets in our secure offices in Millbank Tower or at a secure archiving facility at Henfield Storage Chiswick, Unit 4, Shield Drive, Brentford TW8 9EX.
Our website server is located in a secure datacentre in 3 Centro, Boundary Way, Hemel Hempstead HP2 7SU. Backups are kept on-site for a period of 14 days normally but this can be up to 1 month at certain times.
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data for specified purposes on our instructions and they must keep it confidential.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
We may have to share your personal data with the parties set out below:
- Service providers who provide IT and system administration services.
- Professional advisers including lawyers, bankers, auditors and insurers
- Government bodies that require us to report processing activities.
- Our email provider (based in the US and Australia)
Our email service providers are based outside the European Economic Area (EEA) so their processing of your personal data (name and email address only) will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:
- We will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place.
Your right to request access to the information we hold on you:
Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.
Please email email@example.com or call 020 7630 3340 to request this.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights).
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
We may be required to retain some of your personal information if it is required for legal purposes such as a financial audit. This data will be held securely and will not be used for marketing purposes.
A cookie is a small file which is placed on your computer by a site when you visit it.
Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you.
The donation system we use sets a session cookie to validate your browser session and to remember data you enter into forms (so you don’t have to type it again if you make a mistake). These cookies are essential cookies and are named PHPSESSID and last as long as your browser session.
This site may also set some cookies if you choose to login or create an account. If you do the following essential cookies may be set. These have a duration of 1 year:
wordpress_test_cookie whether accepts WordPress cookies on the website
wordpress_[hash] to store your authentication details
wordpress_logged_in_[hash] indicates when you’re logged in, and who you are
If you wish to restrict or block the cookies which we set, you can do this through your browser settings. The Help function in your browser should tell you how.
You may also like to visit http://www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. Please be aware that restricting cookies may impact on the functionality of our website.