How Virgin Money Giving holds and uses information about you.
This notice explains how Virgin Money Giving holds and uses your personal information.
Special categories of information
We do not ask for or require special categories of information. This includes information about race or ethnic origin, religion, trade union membership, health and genetic and biometric data. Where you post this information on your fundraising page about yourself or anyone else you understand this will be visible by those visiting your fundraising page. By posting this information you are providing your consent to this. You are also confirming you have the consent of anyone else the information relates to.
Data Protection law requires us to have one or more of the following reasons for using your information:
1. "Contract performance" – where the information is needed to provide the fundraising and donation services we provide.
2. "Legal obligation" – where we are required by law to process your information, e.g. to verify your identity.
3. "Legitimate interest" – in some cases we're allowed to use your information where, on balance, the benefits of us doing so are legitimate and not outweighed by your interests or legal rights e.g. for our own management analysis and reporting purposes.
4. "Consent" – in some cases we may obtain your consent to use information in a particular way or where the law requires consent to be obtained e.g. if you agree to identify yourself as a donor on a fundraising page.
These are the main ways we'll use your personal information (and the reasons for doing so):
We use your information to provide you with and administer the relevant services described in our "General terms and condition of use for fundraisers and donors". This includes administering secure access to personal fundraising pages and other online services, processing and acknowledging receipt of donations and accounting for them to the relevant charity. We may also send you emails to help you administer your account or to tell you about changes to our service. (Contract performance)
Whilst you are fundraising, we use your information to send you emails and reach you with content on social networking sites. This is designed with the sole purpose of helping you with your fundraising but you can opt out of these at any time. However, if you do, you will miss out on important fundraising tips, alerts, reminders and any rewards we provide from time to time for hitting certain fundraising milestones - although you will remain eligible for any rewards. If you donate through our website regularly, we may get in touch to help you manage that donation. (Contract performance)
If you agree, we will also use your information to send you marketing – see more on marketing below. (Consent)
To combat the threats posed to our society by terrorism and money-laundering and to avoid losses caused by financial crime such as fraud. We may use information about you for the purpose of preventing, detecting and prosecuting financial crime and the funding of terrorism. (Legal obligation)
To run our business in a correct and commercially sensible way and to comply with our legal and regulatory responsibilities, we may use the information about you to help us do this, e.g. to analyse the performance of our marketing, products and any trends or behaviours. (Legitimate interest)
We may also use the information about you to help us develop and test our systems (including new technologies and services) to ensure that they are safe and will work in the ways in which we expect them to. When we do this we'll use processes and technologies that are designed to keep this information secure. (Legitimate interest)
We do not use your information to make automated decisions or undertake profiling about you to determine if we will provide you with our products or services.
With your permission we would like to keep you updated with our news, tell you about fundraising challenges and give you updates on Virgin Money Giving and Virgin Money products and services we think may be of interest to you. You have a legal right to tell us at any time that you don't want to receive this information and you want to withdraw your consent. You can do this by contacting us or unsubscribing from any marketing emails you may receive.
Charities you fundraise for or donate to would also like to send you information about their news, appeals and promotions they think may be of interest to you. If you have consented to receive marketing from a charity through us (see "Who do we share information with?" below), you may opt out at a later date. You have a right at any time to stop that charity contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, you will need to contact the charity directly to tell them to stop.
We may need to transfer your information outside the UK and the EEA to other Group companies, service providers, agents, subcontractors and regulatory authorities in countries where data protection laws may not provide the same level of protection as those in the UK and the EEA, such as the USA. In these cases we’ll take all reasonable steps necessary to make sure your information is protected to UK standards. This may be through only allowing transfers to countries which the EU Commission has decided ensures an adequate level of protection for your information (an "adequacy decision"), or we have put in place our own measures to ensure adequate security as required by data protection law.
These measures include having recognised safeguards in place with our commercial partners, such as carrying out strict security checks on our overseas partners and suppliers, backed by strong contractual undertakings approved by the relevant regulators such as the EU style model clauses or where our commercial partner is a signatory to a recognised and binding code of conduct. You can find out more information about standard contractual clauses as detailed by the ICO. Visit their website at ico.org.uk and search for 'International Transfers'.
To find out more about any particular uses of information in countries outside the EEA, the existence of an “adequacy decision” for that country or the safeguards we have put in place, please contact our DPO.
The United Kingdom left the European Union on 31 January 2020 and so we will need to transfer your personal information to the UK and to other jurisdictions outside of the European Economic Area so that you can continue to use our products and services. Transfers of your personal data from the EU to the UK will proceed on the basis of an Adequacy Decision by the European Commission in favour of the UK or on the basis of adequate protections which comply with EU GDPR and we will need to continue to comply with EU GDPR in relation to how we process your personal data. In particular, we will continue to keep your data secure.
Should you wish to contact us with any questions you have on how we use your information or about your data rights and our obligations as a Data Controller, you can contact our EU representative The Data Warehouse by post at Keizersgracht 482, 1017EG, Amsterdam, Netherlands or by email at firstname.lastname@example.org. You can also contact our Data Protection Officer by email at CYBG.email@example.com or by post at Group Data Protection Officer, Group Risk, Level 3, 51 West George Street, Glasgow, UK, G2 2JJ.
You have the right to access the information we hold about you, ask us to rectify any of that information, erase it, restrict or object in whole or part to the processing of it and ask us to make the information we hold about you portable. If you want to exercise any of these rights, please send an email to firstname.lastname@example.org
We'll retain information for no longer than is necessary and this will mean that we'll continue to hold some information for a period of time after our relationship has ended. This is to comply with our legal and regulatory obligations to keep records of our relationship, to resolve disputes or where it may be needed for future legal proceedings.
If for whatever reason you are unhappy with any way we are using your personal data you should contact us in the first instance so that we can understand your issue and try and resolve it. We may ask our Data Protection Officer to look at your situation. You can contact our Data Protection Officer by email at CYBG.email@example.com or by post at Group Data Protection Officer, Group Risk, Level 3, 51 West George Street, Glasgow G2 2JJ.
If we can't resolve the issue you have the right to complain to the Information Commissioners Office (ICO). The ICO is the UK's independent body set up to uphold information rights. For further information visit ico.org.uk