Switch180 rely on the generosity and support of individuals like you to carry out our vital work with young people. That is why we want to be transparent about why we need the personal details we request when you engage with us and how we will use them. We take your privacy seriously and your information will be used in accordance with the General Data Protection Policy (GDPR).
GDPR serves one purpose: To protect individuals’ rights regarding personal data balanced against the rights of the organisation holding their personal data. Switch180 is committed to protecting the personal data that we collect and process about you. We aim to be clear and transparent and not do anything you wouldn’t reasonably expect. We collect and use personal data to ensure that we can manage our relationships with our stakeholders. This allows us to fundraise more efficiently and effectively to ultimately help us reach our goal of providing more opportunities to turn young people’s lives around.
Please read this policy carefully to understand how we collect, use and store your personal information.
– Who we are
– Where Switch180 collects its information from
– What information Switch180 could collect about you
– How Switch180 will use the information we collect
– Where Switch180 will disclose your details
– How to access, correct or delete your information
– How we keep your data safe
– How long we store your data for
– Links to other websites
– Further information
Switch180 is a national youth charity providing life changing services to young people. Our mission is to turn young lives around through delivering innovative services focusing on physical and mental health support.
To achieve this, we run two services called Snow Camp and Stop.Breathe.Think, which support young people in the UK’s most disadvantaged areas.
Switch180 is registered as a charity in England and Wales (registered number 1101030) and Scotland (registered OSCR SC043344).
The Head Office address is 306a Portland Road, Hove, BN3 5LP.
Switch180 obtain personal information from you when you complete an online form, register for a newsletter, take part in an event or make a donation.
We may collect information about the digital channels you use and how you use them, for example, like when you watch a video about the charity on social media, visit our websites or view and interact with our ads and content digitally. This is so that we can create relevant, interesting content for you and those who are interested in the charity.
We obtain some information from publicly available sources such as Companies House, newspaper articles or open postings on social media such as Facebook and LinkedIn.
Users will have to actively opt in to receive communications from Switch180 and our programmes Snow Camp and Stop.Breathe.Think, boxes are not pre-ticked.
Users can opt-in through newsletter sign-ups and online forms. Users can unsubscribe at any time, by clicking unsubscribe or by contacting Switch180 via email.
The types of personal information that Switch180 collects may include:
– Your title, name, gender and date of birth
– Your contact details (address, email, phone number)
– Family and spouse/partner details, relationships to other supporters;
– Your professional activities and employment details;
– Current interests and activities
– Gift aid status and records of donations;
– Contact preferences;
– Your IP address, location, browser type and information on how you interact on our website
– In some limited circumstances, the personal information that Switch180 collects may include information that is considered “sensitive data”. This may include personal information regarding racial or ethnic origins, religious beliefs, health and also information concerning criminal offences.
If you make a donation online your card information is not held by us, it is collected by our third-party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions.
Where appropriate we may also ask your interests and motivation for supporting Switch80 we will never make this question mandatory, and only want to know the answer if you are comfortable providing us with that information.
We are concerned to protect the privacy of children aged 17 or under. If you are aged 17 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information or sending sensitive information to anyone online.
If you are accessing one of our programmes, Switch180 will use your information to run, fund, develop and evaluate them. If you support us, for example by making a donation, volunteer, register to fundraise or sign up for an event we will mainly use your data to:
– Send you communications through our newsletter
– Provide you with the services, or information that you asked for; as well as information about other services, or information we think might interest you where you have consented to being contacted
– Administer your donation or support your fundraising, including processing Gift Aid
– Send you surveys, and for market research
– Invite you to events
– Keep a record of your relationship with us and record the contact we have with you
– Ensure we know how you prefer to be contacted
Tools may be used to improve the effectiveness of Switch180 communications with you, including tracking whether you open the emails we send you and which links you click within a message. We may also use personal information to carry out due diligence so that we are fundraising in accordance within the law, and our internal policies and procedures.
We are legally required to hold some types of information to fulfil our statutory obligations (for example the collection of Gift Aid). We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
We will not share your information with third parties for marketing purposes. We are committed to protecting your data and therefore it will never be disclosed or sold to external organisations other than those acting as agents and data processors carrying out work on our behalf. Where we enter a relationship with an external party, any such arrangements will be subject to a formal agreement between Switch180 and that organisation to protect the security of your data. They only act under our instructions and we maintain full responsibility for your data.
Third Parties Switch180 work with:
– Data processors which are compliant with GDPR: Stripe, Microsoft 365, Donorfy, Iaptus, Just Giving, Wufoo, Upshot and Mailchimp.
– When you are using our secure online donation pages, your donation is processed by a third-party payment processor called Stripe, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us.
– Suppliers, outside caterers (for dietary requirements) venues etc for Switch180 events.
– Our delivery partners within the UK or abroad to enable is to deliver our programmes effectively.
We continuously review records of supporters to ensure your data is as accurate as possible and always appreciate it if you let us know if your contact details change. If you change email address, or any of the other information we hold is inaccurate or out of date, please email us at email@example.com
You have the right to ask for a copy of the information we hold about you.
Prior to the deadline of the GDPR policy on 25th May 2018 a data review has been carried out. During the audit all existing data was reviewed and updated or deleted as appropriate. Existing users were contacted and given the option to opt in to future communications.
Switch180 store personal details on Donorfy, Upshot and Iaptus database systems which can only be accessed by Switch180 staff. Iaptus is also accessed by our Stop.Breathe.Think service provider JHD Counselling Services Limited. Many systems have two-step authentication and Iaptus has a token access security system.
The information provided will be securely stored within our database and our third party email communication tools. Your data will only be accessed by authorised personnel and authorised parties who are responsible for the maintenance and security of our digital systems. Within our offices all of our staff receive training on handling data securely. In the event of staff leaving the company user accounts will be removed and passwords changed. An up to date anti-virus software is installed on all devices with access to personal information. Passwords are changed every 6 months.
Switch180 sometimes store personal details in password protected Excel files on Microsoft 365, accessible by relevant staff only. Password protected Excel files are only saved on the desktop of a password protected device with up to data anti–virus protection for the duration that they are needed. Data is only printed if absolutely necessary and shredded immediately after use.
Anonymised data will be used to create statistics.
In case of breach Switch180 will notify both users and the ICO within 72 hours. Despite all of our precautions no data transmission over the internet can be guaranteed to be 100% secure. So, whilst we will always strive to protect your personal information, we cannot guarantee the security of any information which you disclose to us and so wish to draw your attention that you do so at your own risk.
You have a choice about whether or not you wish to receive information from us. We will hold your personal information on our systems for 15 years. If you do not want to receive direct marketing communications from us about the vital work we do and our exciting services, then you can opt out by emailing us firstname.lastname@example.org or by ticking the relevant boxes to opt out box situated on the form on which we collect your information.
If a user requests to opt out of communications their account will be made ‘dormant’ and they data will still be visible for reference but they will no longer be contacted. If a user requests for their data to be deleted the implications will be explained (if they have bought a ticket for an event that has not yet taken place) and their data will be deleted from all systems.
If you request that we stop sending you marketing materials we will keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us, we won’t keep any information that we don’t need.
In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
The laws governing how your personal data can be used are:
– The General Data Protection Law (GDPR) 25th May 2018
– The Privacy and Electronic Communications Regulations 2003
– We also follow the best practice code set out by the Fundraising Regulator: Code of Fundraising Practice.