Updated May 2021
At London Vision we take your privacy seriously and promise to keep your details secure.
This policy explains how we use your personal information and the reasons for keeping it, as well as your rights under the General Data Protection Regulation 2018.
How do we collect information from you?
We obtain information about you, for instance when you use our website, when you contact us about services, if you make a donation, or if you register to receive one of our newsletters.
What type of information is collected from you?
The personal information we collect might include your name, address, email address, IP address, and information regarding what website pages are accessed and when.
Certain types of personal information are in a special category under data protection laws, as they are more sensitive. Examples of this type of sensitive data would be information about health, ethnicity, religious beliefs, political views, trade union membership, sex life or sexuality or genetic/biometric information. We may hold special category data about you – this is likely to be about your eye condition and ethnicity. We only collect this type of information when there is a clear reason for us to do so. For example, information about your health is collected to ensure that the service you are provided with meets your specific needs. Wherever it is practical for us to do so, we will make clear why we are collecting this type of information and what it will be used for. Special category data can only be collected and used with your consent.
How is your information used?
We may use your information, with your explicit consent, to:
- process and administer your request for attendance at events or to receive newsletters;
- send you communications which you have requested and that may be of interest to you. These may include information about events, campaigns or appeals concerning visual impairment, sector news or research findings;
- seek your views or comments on the services we provide;
- notify you of changes to our services;
- manage our services efficiently;
- measure our impact and performance.
Where it is necessary for the performance of a contract, we will use your information to:
- process a job/volunteer application;
- if you are an employee/volunteer, to administer payroll, expenses and pension payments
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example, employee or volunteer personal details).
Our retention criteria where there is no statutory specification include the following:
- Application forms and interview notes for unsuccessful candidates – six months
- Pensioners’ records – twelve years after benefit ceases
- Personnel files and training records – six years after employment ceases
We will hold your personal information on our systems for as long as you continue to use our services, or as long as our business relationship continues. Once you have indicated that you no longer wish to receive our services, your information will be held on a suppression file to ensure that you don’t receive further communications from us.
Who has access to your information?
We will not sell or rent your information to third parties. We may share your information with third parties such as MailChimp or SurveyMonkey in order to send you marketing communications or to canvass your opinion.
We may pass your information to our third party service providers and other associated organisations for the purposes of completing tasks and providing services to you on our behalf, for example:
- Our IT providers, Scoria
- Our payroll administration service, Trace Payroll Services
- Our pension administration service, The Pensions Trust
- Our website infrastructure providers, Namesco and Webbasics
- Our website analytics service, Google Analytics
- However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have agreements in place that require them to keep your information secure and not to use it for their own direct marketing purposes.
- Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply:
- Your data will be made available to our website provider
- The data that may be available to them include any of the data we collect as described in this policy.
- Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
- They will store your data for a maximum of 7 years.
You have a choice about whether or not you wish to receive information from us. If you wish to receive newsletters and other communications from us by email about our exciting services and events, we will be relying on you giving us consent about how and why we contact you. You can withdraw this consent at any time either by choosing ‘unsubscribe’ on the communications sent to you, or by emailing firstname.lastname@example.org
Data Protection Lead
Tavistock House South
London WC1H 9LG
Tel: 020 8995 0880
- The accuracy of your information is important to us. You can update or correct your personal data by contacting us.
- You have the right to access the information we hold about you by making a ‘Subject Access Request’.
- In certain circumstances, you have the right to ask us for the data we hold about you to be erased.
- In certain circumstances, you have the right to ask us to restrict the processing of your personal data.
- You have the right to object to the processing of your data i it is being processed based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- The communication is direct marketing (including profiling)
- It is being processed for purposes of scientific/historical research and statistics.
- You have the right to data portability, which allows you to obtain and reuse your personal data for your own purposes across different services.
If you want to know more about your rights under the General Data Protection Regulation, or if you are unhappy with the way we have handled your information, you can visit the Information Commissioners Office website at www.ico.org.uk or contact their helpline on 0303 123 1113.
Our security precautions
When you give us personal information, we take steps to ensure that it’s treated securely. All information you give to us is stored on secure servers and encrypted laptops are used when processing data.
Non-sensitive details (your email address etc.) are transmitted normally over the internet, and unfortunately this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee its security during transmission. Once we receive your information, we make every effort to ensure its security on our systems.
Use of ‘cookies’
Links to other websites
We are concerned to protect the privacy of children. If you are a child and wish to access our services, then we will seek your consent to process your personal data. Your rights under the General Data Protection Regulation as a child are the same as those for an adult and are set out earlier in this document.
Transferring your information outside the European Economic Area (EEA)
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the EEA. By way of example, this may happen if any of our servers are e located in a country outside of the EEA.
If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate safeguards are in place and security measures are taken, e.g. any contracts we enter into contain ‘sufficient guarantees’ that the requirements of the GDPR will be met and your privacy rights continue to be protected as outlined in this Policy.
Review of this Policy
We keep this policy under regular review. This Policy was last updated in August 2020.
If you have any questions regarding this policy or how we use your personal information, please email email@example.com or contact:
Data Protection Lead
Tavistock House South
London WC1H 9LG
Tel: 020 8995 0880