Background:The Social Bite Fund understands that your privacy is important to you and that you care about how your information is used and shared online. We respect and value the privacy of everyone who visits Our Sites:
The Social Bite Fund wholly owns two companies which operate the Social Business model, namely Social Bite Limited (SC424001) and Social Bite Restaurants (SC534592) a chain of retail stores and catering concessions which employs a quarter of its workforce from a homeless background. The Social Bite Fund (SC045232) is a registered charity in Scotland which seeks to alleviate homelessness through innovative solutions from employment and support programmes, to temporary housing.
We are the data controller for the Personal Data you share with Us and We operate in accordance with Applicable Data Protection Laws.
Contact details for The Social Bite Fund:
1 St Colme Street
You can contact us by telephone +44 (0)131 220 8206 or by email [email protected]
If you would like to speak to someone about your Personal Data and its use, please contact our data protection lead at [email protected]
1. Definitions and Interpretation
an account required to access and/or use certain areas and features of Our Site;
”Applicable Data Protections Laws"
the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and all other applicable regulations, directions, orders and guidance of the European Union, the European Economic Area and their member states and the United Kingdom relating to the processing of Personal Data in connection with this Agreement;
the following websites: www.social-bite.co.uk; www.sleepinthepark.co.uk; and
“Personal Data”, “processing” (and related terms such as “process”), “data controller”, “data subject”, “profiling" and “automated decision-making” shall all have the same meanings given to those terms under the GDPR;
the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended in 2004, 2011 and 2015;
“Privacy Shield” the EU–US Privacy Shield, a framework designed by the U.S. Department of Commerce and the European Commission for transatlantic exchanges of personal data for commercial purposes between the European Union and the United States;
“Sleep in The Park” the Sleep in the Park fundraising events occurring on Saturday 8 December 2018 taking place across Scotland in four cities: Glasgow, Edinburgh, Dundee and Aberdeen; and
the Social Bite Fund, a registered Scottish Charity SC045232 and its subsidiaries Social Bite Limited (SC424001) and Social Bite Restaurants (SC534592), all having their registered address at 1 St. Colme Street, Edinburgh, EH3 6AA.
1. Information About Us
Our Sites are owned and operated by Social Bite Fund, and its subsidiaries Social Bite Limited and Social Bite Restaurants.
We have used, and will continue to use, third party organisations to conduct business on our behalf. Third party organisations We have used or will continue to use and receive Personal Data relating to you, include but is not limited to:
CAF (Charities Aid Foundation);
Virgin Money Giving;
Just Giving; and
Please refer to section 6 for more information about any third parties with whom We may share your Personal Data.
3. What Personal Data do We collect and how do We collect it?
We collect Personal Data relating to you:
• when you make a donation;
• when you contact Us by phone, in person, online or by post to make an enquiry or to access information;
• when you use Our Sites, such as filling in one of Our online forms;
• when you agree to receive communications from Social Bite;
• when you sign up to Our newsletter through Our website, which is distributed through Get Response; and
• when you access Our social media channels, including Twitter, Instagram, YouTube, Facebook and Snapchat.We only receive Personal Data that you share with Us voluntarily and that is compatible with your privacy settings. To find out more about how these social media companies process your Personal Data, We recommend that you read their privacy policies.
We also collect your Personal Data from third parties (see section 2 above). This can include when you set up your own fundraising page through a third-party platform and you give consent to receive communications from Us in addition.
Depending upon your use of Our Sites, We may collect some or all of the following Personal Data:
• date of birth;
• business/company name;
• delivery address;
• invoicing address;
• contact information such as email addresses and telephone numbers;
• Social Bite transaction history, including but not limited to, payment method and payment dates;
• Gift Aid Information;
• IP address (automatically collected);
• web browser type and version (automatically collected);
• operating system (automatically collected); and
• a list of URLs starting with a referring site, your activity on Our Sites, and the site you exit to (automatically collected).
4. How Do We Use Your Personal Data?
How We use your Personal Data:
General Data Use
We use your Personal Data to provide the best possible services to you. This includes:
• providing and managing your Account;
• providing and managing your access to Our Sites;
• personalising and tailoring your experience on Our Sites;
• supplying Our services to you;
• personalising and tailoring Our services for you;
• responding to communications from you; and
• processing donations, including in accordance with due diligence and our obligations under charity law.
Under the Applicable Data Protection Laws We will ensure that your Personal Data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your Personal Data if at least one of the following legal bases apply:
• Consent: you have given consent to the processing of your Personal Data for one or more specific purposes;
• Contract: processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
• Legal: processing is necessary for compliance with a legal obligation to which We are subject;
• Vital Interests: processing is necessary to protect the vital interests of you or of another natural person;
• Public Task: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller; and/or
• Legitimate Interest: processing is necessary for the purposes of the legitimate interests pursued by Us or by a third party, except where such interests are overridden by the fundamental rights and freedoms of you, as the data subject.
Our Sites request your consent to receive communications from Us at the point that you create an Account and through third party organisations at the point you make a donation. We give you a clear idea of the types of information We want to send you, including news about Our organisation, projects, events and ways you can get involved plus you can also opt in to receive information about Our fundraising activities. We may use your Account history to tailor the marketing and/or fundraising information you receive from Us in order to give you a better experience. We give you control to choose and change how you would like to be contacted, whether it be by email, post or telephone/text.
We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the Applicable Data Protection Laws and relevant Privacy Laws. You can manage your marketing preferences at any time by emailing [email protected]
Legitimate interests and legal obligations
We also use the Personal Data you provide for a number of legitimate purposes and to comply with Our legal obligations.
For marketing related to fundraising We may, where consent has not yet been captured, rely on a legitimate interest basis. We will only contact people with previous event attendance history (such as Sleep In The Park), or those who have made a previous donation Us, who We feel may be interested in exploring further support opportunities We have available.
We personalise Our marketing communications so that they are more relevant to you. You can ask Us to stop sending you marketing messages at any time, as detailed more fully in section 11.
We classify data into groups and segments on the basis of event participation history, such as Sleep in the Park, community fundraising or one-off donation contributions over time and information that is provided when you create an Account, such as your postcode. We use anonymised data for this profiling.
We conduct analytics to better understand Our development as an organisation. We use anonymised data for this analytical research.
We conduct research to support a number of Our fundraising and income generation activities as a charity. This includes but is not limited to: ensuring that Our fundraising campaigns, events and fundraising communications are targeted in the most effective way; evaluating the effectiveness of these campaigns and making changes where required; determining whether certain individuals may be interested in supporting Us, including as a major donor; ensuring We conduct campaigns and fundraising activity in compliance with law and industry codes of practice; and ensuring that We have reasonable knowledge of prospective donors to minimise the risk of reputational damage to Us.
We conduct the following research using existing supporter data and/or information from publicly available sources:
Fundraising Events. We conduct analysis of previous event attendance, postcode or other information on Our own database to market Our Fundraising Events. This activity where Our audience is segmented is not targeted at specifically identifiable individuals in the first instance. We use Personal Data such as contact details to send individuals information about Us, Our fundraising activities, events and campaigns in a targeted manner to make sure Our budget is used effectively and appropriately.
Fundraising. We conduct analysis of Our database by previous donations, event attendance, postcode and other information on Our database to contact Our donors who might be interested in further supporting Our fundraising campaigns (which could include appealing for individual donations, fundraising event attendance and fundraising on Our behalf). This activity where Our customer base is segmented is not targeted at specifically identifiable individuals in the first instance and communications sent to individuals thereafter are done so in accordance with Our legitimate interests.
Major Gift Prospects. For a smaller number of Our donors, where We want to better understand their engagement with Us and their potential interest in supporting Us further, We carry out research on information in Our own database such as their connections to participating in events and history of giving to Us and We may seek additional information from third party sources such as the following websites:
Google – google.co.uk and other search engines;
Office of the Scottish Charity Regulator - oscr.org.uk;
Public register of companies - beta.charitycommission.gov.uk;
Companies House - beta.companieshouse.gov.uk/;
LinkedIn - linkedin.com;
Websites of similar organisations and charities;
Company websites, newspaper archives, and housing market websites;
UK Electoral Roll and Directory Enquiries – 192.com; and
Social Media platforms including Twitter, Instagram and Facebook where that information is publicly available, compatible with your privacy settings and you have shared it voluntarily.
We endeavour to make sure that any research and data collection We do is only sourced from publicly available sources where an individual would, in our view, have reasonable expectation that their information may be freely read by the public or the individual has freely made information available in respect of their business and philanthropic interests. We do not seek to gather information where it is reasonable to conclude that the individual has made an effort to keep that information private such as information on family life or personal relationships that exist outside the business world.
We carefully balance our legitimate interests against your interests as an individual. You can exercise your rights (as outlined in section 13) over your Personal Data at any time.
5. How and Where Do We Store Your Data?
All Personal Data is stored securely in accordance with Applicable Data Protection Laws.
We only keep your Personal Data for as long as We need to in order to use it as described above in section 4, and/or for as long as necessary to fulfil the purpose. In any event, We will conduct an annual review to ascertain whether We need to keep your Personal Data. Your Personal Data will be deleted securely if We no longer need it.
Data security is of great importance to Us, and to protect your Personal Data We have put in place suitable physical, electronic and managerial procedures to safeguard and secure Personal Data collected through Our Site.
Steps We take to secure and protect your Personal Data include:
• keeping a Data Processing Activities Log, which We review every 6 months to ensure security measures for data processing are sufficient and adhered to;
• securing all Personal Data in an online cloud based system (Office 365) with restricted access; and
• ensuring We use password protection on files if We ever exchange Personal Data via emails.
Notwithstanding the security measures that We take, it is important to remember that the transmission of Personal Data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting Personal Data via the internet to Us.
6. Do We Share Your Data?
We do not sell, rent or trade your Personal Data to third parties for marketing or research purposes. We may share your Personal Data with third parties to supply services to you on Our behalf. These may include payment processing, delivery of goods, and search engine facilities. In some cases, the third parties may require access to some or all of your Personal Data. Where any of your Personal Data is required for such a purpose, We will take all reasonable steps to ensure that your Personal Data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law, such as a Data Processing Agreement between Us and the Third Party. By providing your Personal Data to third party organisations, this does not therefore give them consent to contact you, this is to ensure We can provide the best possible service to you. We currently contract with:
• Spoonfed Online Catering Software by Aptus Systems Limited;
• City Sprint Couriers;
• Virgin Money Giving;
• MTC Media;
• Mazars LLP;
• Get Response;
• Baker Goodchild;
• Mail Chimp;
• Google Analytics;
• Red61 – a ticketing database to issue tickets for Sleep In the Park participants;
• Salesforce – CRM database;
• Facebook Ad Manager; and
• Ascensos Ltd – Telephone Marketing Company.
Some of those third party recipients may be based outside the European Economic Area — for further information including on how We safeguard your Personal Data when this occurs, see section 7 below.
We may compile statistics about the use of Our Sites including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners and advertisers. Data will only be shared and used within the bounds of the law.
In certain circumstances We may be legally required to share certain data held by Us, which may include your Personal Data, for example, where We are involved in legal proceedings, where We are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you in order to share your Personal Data in such circumstances and will comply as required with any legally binding request that is made of Us.
7. Transfer of your Information out of the EEA
We may share your Personal Data with third parties that are based outside the EEA whose processing of your Personal Data will involve a transfer of your Personal Data to locations outside the EEA.
Whenever We transfer your Personal Data out of the EEA, We ensure that a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
• We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission; or
• Where We use service providers based in the US, We may transfer data to them if they have signed up to the EU-US Privacy Shield which requires them to apply similar protections to Personal Data shared between Europe and the US as would be applied if being shared within the EEA.
Please contact Us using the contact details outlined in section 14 if you want further information on the specific mechanism used by Us when transferring your Personal Data out of the EEA.
8. What Happens If Our Business Changes Hands?
In the event that any of your Personal Data is to be transferred in such a manner, you will be contacted in advance and informed of the change.
9. How Can You Control Your Data?
When you submit information via Our Sites, you may be given options to restrict Our use of your Personal Data. We aim to give you strong controls on Our use of your Personal Data (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails or by emailing [email protected]).
You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service, the Corporate Telephone Preference Service, and the Mailing Preference Service. These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.
10. Your Right to Withhold Information and Your Right to Withdraw Information After You Have Given it
You may access certain areas of Our Sites without providing any Personal Data at all. However, to use all features and functions available on Our Sites you may be required to submit or allow for the collection of certain Personal Data.
You may withdraw your consent for Us to use your Personal Data as set out in section in 4 at any time by contacting Us using the details set out in section 14, and We will delete your Personal Data from Our systems. However, you acknowledge this may limit Our ability to provide the best possible services to you.
11. How Can You Access Your Data?
Under Applicable Data Protection Laws, you can request to see full details of the Personal Data that We hold about you. In order to initiate a request with Us about your Personal Data, please send Us a description of the information you would like to access using the contact details outlined in Section 14.
If you would like to lodge a complaint with the supervisory authority, please contact the Information Commissioner’s Office at www.ico.org.uk.
12. Summary of Your Rights under Applicable Data Protection Laws
Under the Applicable Data Protection Laws, you have:
• the right to request access to, deletion of or correction of, your Personal Data held by Us;
• the right to complain to a supervisory authority;
• be informed of what data processing is taking place;
• the right to restrict processing;
• the right to data portability;
• object to processing of your Personal Data; and
• rights with respect to automated decision-making and profiling (see section 13 below).
13. Automated Decision-Making and Profiling
In the event that We use Personal Data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) on you, you have the right to challenge such decisions under Applicable Data Protection Laws, requesting human intervention, expressing your own point of view, and obtaining an explanation of the decision from Us.
The right described in the preceding paragraph does not apply in the following circumstances:
• The decision is necessary for the entry into, or performance of, a contract between you and Us;
• The decision is authorised by law; or
• You have given your explicit consent.
Where We use your Personal Data for profiling purposes, the following shall apply:
• Clear information explaining the reasoning for profiling will be provided, including its significance and the likely consequences;
• Appropriate mathematical or statistical procedures will be used such as formulas or algorithms;
• Technical and organisational measures necessary to minimise the risk of errors and to enable such errors to be easily corrected shall be implemented; and
• All Personal Data processed for profiling purposes shall be secured in order to prevent discriminatory effects arising out of profiling.
14. Contacting Us
1 St Colme Street
+44 (0)131 220 8206
For general enquiries please contact Us at [email protected] and if you would like to speak to someone about your Personal Data and its use, please contact our data protection lead at [email protected]
Please ensure that your query is clear, particularly if it is a request for information about the Personal Data We hold about you (as under section 3 above).