01. Why we collect your data Expand We collect personal data for many reasons, including the proper provision of services, to better communicate with individuals engaged with our work, and to administer events and donations. Depending on how you interact with us, we may process data for the following reasons: to process personal details of referrers required for the administration of emergency accommodation to record and contact you regarding donations you make to Glass Door to communicate with you regarding Glass Door’s work when you have opted-in to this to process donations and administer Gift Aid information for any donation you make to Glass Door to provide you with information about and administer events, including mass participation events, concerts, and supporter nights for our internal administrative purposes, and to keep a record of your relationship with us to manage your communication preferences to conduct surveys, research and gather feedback to obtain information to improve Glass Door’s services and user experiences to research to find out more information about our supporter’s and prospective supporters’ backgrounds and interests to provide third parties (namely partner venues, volunteers, and grant providers) anonymised aggregated information on our yearly outcomes to deal with enquiries and complaints to comply with applicable laws and regulations, and to comply with requests from statutory agencies to verify compliance with the terms and conditions governing the use of our website (including monitoring private messages sent through our website private messaging service). Processing applications for job opportunities and/or volunteer placements Sending you communications which you have requested and that may be of interest to you. This may include information about events we have organised. To enter into an employment contract with you and to meet obligations under your employment contract To ensure effective HR and business administration If you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the license you grant to us. Your privacy settings can be used to limit the publication of your information on our website and can be adjusted using privacy controls on the website. Before you disclose to us the personal information of another person, you must obtain that person's consent to both the disclosure and the processing of that personal information in accordance with this policy. We have never sold, supplied nor will ever supply your personal information to any third party for the purpose of their or any other third party's direct marketing.
02. What information we collect Expand We may ask you for the following personal information: your full name contact details – including your postal address, telephone number(s), and email address date of birth gender your bank details when administering a donation or regular gift records of your correspondence and engagement with us, i.e. volunteer and event participation history National Insurance, CVs, and ID documents that you have asked/given permission for us to hold donation history and Gift Aid details your communication preferences information you may enter on the Glass Door website photographs, video, or audio recordings biographical information terms and conditions of your employment, qualifications, skills, entitlements, appraisals, and work history other personal information you share with us Data protection laws recognise certain categories of personal information as 'sensitive' or 'special categories of data' and therefore require greater protection. For example, information about your health, religion, sex life or ethnicity. We do not usually collect sensitive data unless there is a clear and valid reason for doing so and data protection laws allow us. If you visit our website or social media pages, we may automatically collect the following information: the pages you visit your IP addresses the amount of time you spend on our website whether you are a new visitor how you came to our website geographical location the type of device and browser you use However, the information we receive may depend on the privacy preferences you have set on those types of platforms. CCTV When you attend or work at a Glass Door office, you may be recorded on CCTV. We use CCTV to protect the health and safety of those people who work or visit us, and also for the prevention and detection of any criminal activity that takes place on our premises. We will always tell you if we are doing this (through signs in our buildings). Cookies Like many other websites, this website uses 'cookies'. _'Cookie"_ is a name for a small file, usually of letters and numbers, which is downloaded onto your device such as your computer, mobile phone, or tablet. Cookies allow websites to recognise your device so that the site can work more efficiently, and also gather information about how you use the site. We may automatically collect the information above through the use of "cookies" and we will ask you to consent to our use of cookies in accordance with the terms of this policy when you first visit our website. We use the categorisation set out by the International Chamber of Commerce in their UK Cookie Guide, more information on cookies can be found in our cookies policy. You can opt out of all our cookies (except the essential cookies). Blocking or deleting cookies will have a negative impact on the usability of our website. Google Analytics We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use using cookies. The information gathered relating to our website is used to create reports about the use of our website. The Google privacy policy https://www.google.com/policies/privacy/ describes how they treat personal information when we use Google's products and services, including Google Analytics. Sensitive Personal Data We sometimes collect sensitive, personal data about individuals who access our services if you are employed or volunteer for us. This may include information about an individual’s health, religion, sexuality, ethnicity, political and philosophical beliefs, and criminal record. We will only record this data if we either have the individual’s explicit written consent or if we can document an alternative legal basis for processing data in the interest of the proper and safe administration of our services (see the section on the legal basis for processing information).
03. How we collect information Expand Data on individuals may be collected via: any paper forms you complete telephone conversations email communications face-to-face interactions digital forms completed via our website (including CVs and applications), or online surveys third-party companies and websites such as Just Giving, MailChimp and Virgin Money Giving publicly available sources Identity documents – passports, driving licenses etc. digital communication (e.g.: social media and email) CCTV from our premises Please let us know if the personal information that we hold about you needs to be corrected or updated. Please find information on how to contact us in the last section of this notice. If you have a fundraising page or you regularly donate to us and you have a profile with us, you may also update your information by logging into your profile on our website.
04. What we do with your personal information Expand Due to the different uses, we have for different types of data; we handle data on individuals who use our services (individuals we call our "guests") differently than individuals who volunteer at or support Glass Door. Also please find information below on how we handle information about staff and job applicants. Glass Door Services (casework and winter services) If you are a guest and want to know more about how Glass Door uses your personal information then please refer to this document (updated March 2024). Fundraising/campaigning/direct marketing We would love to keep you up to date with our fundraising, marketing, and campaign activity. We use a range of marketing activities and channels to contact our supporters – including our website, face-to-face fundraising, direct mail, and email. We will obtain your consent to contact you by email for marketing purposes. We will send you marketing by post, on the basis of it being within our legitimate interests to do so unless you opt out. See the section ‘Our legal basis for processing data’ for more information about our use of legitimate interests. Glass Door does not engage in telephone campaigning with its supporters. We will only call you if we encounter any issues with your donation, Gift Aid, or sign-up. We send digital and print marketing materials on the following activities: updates about Glass Door’s work and future plans (via print newsletters, annual reports, e-newsletters) to inform you of how your involvement is making a difference in the lives of the people who turn to us for support appeals and fundraising activities – including requests for donations; information about how you can leave a gift in your will, how you can raise money on our behalf, attend or take part in a fundraising event; and updates on the impact that your fundraising activities have had on our work events – primarily our annual Sleep Out event but including details of our challenges, such as RideLondon or other sponsored runs and activities, as well as other events such as concerts and exhibitions in aid of Glass Door. Please note that if you sign up for a Glass Door event, we will also send you administrative communications about how you can take part. On occasion, we will also send you a reminder about the same event in future years in case you want to participate in it again. volunteering – information about how you can help support Glass Door by giving up your time or using your influence to progress our aims, along with updates on the impact of your involvement and invitations to volunteer-specific training and networking opportunities. We respect and value your choices. You have a choice whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about our services, you can opt out at any time by contacting our data manager via the following contact details found at the end of this privacy policy. We will never share or sell your personal data to a third-party organisation for its marketing, fundraising or campaigning purposes. Administrative communications to supporters In addition to the fundraising and marketing communications that you receive from Glass Door, we will also communicate with you by post, telephone, and email concerning administrative and transactional matters. For example, we will email you after you have set up a Direct Debit or to confirm your details. There may also be other occasions where we need to contact you about your donation – for example, if there is a problem with a payment or in relation to your gift aid declaration. On occasion, we will also contact you about an event that you have signed up to participate in, i.e. to provide any other necessary information for our Sleep Out such as dates, things to bring and be aware of etc. Volunteers at Glass Door’s Night Shelters will only be contacted for administrative reasons in extenuating circumstances, i.e. to inform you if a shelter venue has been moved at late notice. As mentioned above, we may still need to communicate with you for administrative purposes even if you have opted out of marketing communications from us. Supporter research and analysis We may use profiling and database segmentation techniques to analyse your personal information and create a profile of your interests, preferences, and ability to donate. This allows us to ensure communications are relevant and timely, to provide an improved experience for our supporters. It also helps us understand the background of our supporters so that we can make appropriate requests to those who may be willing and able to donate more than they already do or leave a gift in their will. This enables us to raise funds quicker and in the most cost-effective way. Our Fundraising team uses information that is already in the public domain (information that has been published in print or online) to identify high-net-worth individuals who may be interested in supporting our work with a major gift. These publicly available sources of information include Companies House, the electoral register, the phone book, the Charity Commission’s Register of Charities, Who’s Who, LinkedIn, company annual reports, and articles in newspapers and magazines. We do not use publicly available sources that we consider would be intrusive for this purpose, such as Facebook, Twitter, JustGiving, the Land Registry, online planning applications, or websites that are like these. We also carry out research to identify existing supporters who may be able to join our major donor programme. This is based both on publicly available information and information our supporters have given us voluntarily (e.g. where a person lives, whom they bank with, what their occupation is and their age). Under data protection legislation, you have the right to object to your data being processed in this way. If you have any concerns, please contact our Fundraising team. We are also legally required to carry out checks on individuals who give us large donations, to comply with our duties in respect of anti-money laundering legislation and the prevention of fraud. Applying for a Glass Door job / Working for Glass Door When you apply for a job with us, your personal data will be collated to monitor the progression of your application, and the effectiveness of the recruitment process through the statistics collected. Where we need to share your data – such as for gathering references, obtaining a Disclosure and Barring Services (depends on the role), or a prison clearance (depends on the role) – you will be informed beforehand, unless the disclosure is required by law. These checks are done only after a position has been offered and only to the successful candidate. We will contact referees supplied by the applicant only after receiving permission from the applicant to do so. Those who are applying for a role at Glass Door will be asked to fill in our Equality and Diversity form so that we can ensure we are reaching a diverse range of candidates. Filling in this form is voluntary, and the information provided will not be used during your recruitment or employment process. All data provided will be anonymous and cannot be used to identify you. Personal data about unsuccessful applicants are held for 6 months after the recruitment exercise is complete for that vacancy. You, as an applicant, can ask us to remove your data before this time if you do not want us to hold it. Once you have taken up employment with Glass Door, you will be provided with a full employee privacy notice. We will compile a file relating to your employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to your employment. Once your employment with us has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it from our files. If you want to know more about how Glass Door uses your personal information, please refer to this document (updated March 2024). Children If a child (<16) signs up and participates in a Glass Door event their details will be added to our system. This is done so we can account for any individual raising money on our behalf as required by law and to track people taking part in our events and fundraisers. Any emergency contact details will be held for the duration of the event; this is so we can ensure the safety of each participant and have access to any emergency contacts if necessary. Once the event is complete, we will then remove all emergency contact details from our system. Any children signing up for an event will not be contacted for direct marketing even if they have opted-in to receive these types of communications.
05. Withdrawing consent Expand You can withdraw your consent, unsubscribe or update your marketing preferences at any point using the details in the ‘Contact us’ subsection of this page. Electronic marketing communications, such as e-newsletters, will have a link to unsubscribe, so you can manage your own communication preferences. If you make any changes to your consent, we will update your record as soon as we possibly can. It may take up to 28 days for our systems to update and stop any postal communications from being sent to you. Email communications will, however, be stopped immediately. If you tell us, you do not wish to receive marketing, fundraising or campaign communications, you may still receive transactional and service-based communications confirming and servicing other relationships you have with us (as described below). You can also opt out of receiving marketing communications from us by signing up for the Fundraising Preference Service. Where possible, we cleanse and remove out-of-date data by checking it against publicly available records such as deceased records. This helps us to improve the delivery rate of our mailings and minimise wasted expenditure.
06. The legal basis for processing personal data Expand We need a lawful basis to collect and use your personal data under data protection law. The law allows for six ways to process personal data (and additional ways for sensitive personal data). Four of these are relevant to the types of processing that we carry out. This includes information that is processed on the basis of: a person’s consent (for example, to send you direct marketing by email or to allow us to advocate on your behalf to external services) a contractual relationship (for example, current and former employees of Glass Door) processing that is necessary for compliance with a legal obligation (for example to process a Gift Aid declaration, for the Health & Safety of volunteers in the night shelters and carrying out due diligence on large donations) Glass Door’s legitimate interests (please see below for more information) Glass Door will ask for written explicit consent when recording sensitive personal data, in some rare circumstances, we may collect information under another condition in data protection law, (see sub-section on ‘Sensitive Personal Data’ within the What information we collect drop-down menu.) Legitimate Interests Personal data may be legally collected and used if it is necessary for the legitimate interest of the organisation using the data if its use is fair and does not adversely impact the rights of the individual concerned. When we use your personal information, we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair. Our legitimate interests include: Charity Governance: including delivery of our charitable purposes, statutory and financial reporting, and other regulatory compliance purposes. Administration and operational management: including responding to enquires, providing information and Glass Door services, research, events management, the administration of volunteers, and recruitment requirements Fundraising and Campaigning: including administering campaigns and donations, sending direct marketing by post, sending thank you letters, analysis, targeting and segmentation to develop communication strategies, and maintaining communication suppressions If you would like more information on our uses of legitimate interests, or to change our use of your personal data in this manner, please get in touch with us using the details in the ‘Contact us’ section below. Whenever we use Legitimate Interest to process data, we perform a Legitimate Interest Balancing Test (LIA) to enable us to consider any potential impact on you (both positive and negative), and your rights under data protection laws. Your information will not be processed if our interests as an organisation override your fundamental rights and freedoms according to the law.
07. Who has access to your data Expand We do not sell or share personal data to third parties for the purposes of marketing. We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers, or subcontractors as far as reasonably necessary to perform or maintain our services. They will only use the data in accordance with this Privacy Policy and wider GDPR laws. They do not use any of this data for their own interests. For instance, when you give consent to receive our e-communications, we use MailChimp to send email newsletters. We occasionally use other service providers to send surveys (e.g.: SurveyMonkey) or invitations (e.g.: Eventbrite). These agents store your data to the extent that it is necessary to perform these functions, in using their service you agree to their T&Cs. Our website host RaisingIT will have access to your data only for the reasons of administering our website and support. They do not use this information in any other way. As per Data Protection law, Glass Door is required to ensure that all information held on you is accurate. Therefore, we undertake a yearly data cleanse/check of our donations database using the third-party provider BRG Direct Ltd (www.brgdirect.co.uk). They are instructed to handle any data in accordance with Glass Door’s Data Protection policy and remove all supporter data from their systems once the cleanse is complete. All our website financial transactions are handled through our payment services provider, Stripe. You can review the provider's privacy policy at https://stripe.com/gb/privacy. Direct Debits are handled through GoCardless. You can review the provider's privacy policy at https://gocardless.com/legal/privacy/. We will share information with our payment services provider only to the extent necessary for the purposes of processing payments you make via our website, refunding such payments and dealing with complaints and queries relating to such payments and refunds. If you would like to see a full list of Glass Door subcontractors please contact our Data Manager, Abbas Bandali (see ‘contact’ section). We have ensured that all our partner organisations who store data on our behalf agree to a Data Processing Addendum, and we have verified their data security complies with our own. Therefore, they cannot give, sell, or rent your information to others for any marketing purposes, and they are required to protect your information to the same degree that we do. We have performed a balancing test on all subcontractors we use and have firm data-sharing contracts in place with. We have identified all organisations from low and moderate risk. All organisations have proved a high standard in availability and performance, and security is their top priority. We review these organisations at least annually and contracts between the parties are reviewed and updated upon contract termination. When data is transferred outside of the UK, appropriate safeguards are in place to ensure adequate levels of security are in place and are in accordance with data protection laws. We may disclose some information to our partners (drop-in centres or volunteer coordinators at our partner churches) as far as it is reasonably necessary for the running of our services and the purposes set out in this policy. We may share anonymised data on volunteers and guests of our services with organisations who are supportive of our aims, for example, funders, partners, volunteers, and supporters. No individual can be identified from this data. We may disclose data where it is necessary to protect the vital interests of an individual. Police or Social Services: there are exemptions within data protection regulations that mean we are under legal obligations to share limited data. This includes the prevention and detection of crime or to prevent benefit fraud.
08. Security Expand The main bulk of our data is held in the cloud using Office 365 and SharePoint (https://privacy.microsoft.com/en-gb/privacystatement). It is protected by Multi-Factor Authentication (MFA), a firewall and stringent passwords. We (and our service providers) use appropriate technical, and organisational measures and precautions to protect your personal data and to prevent the loss, misuse, or alteration of your personal data. Only employees that need access to a portion of data will be granted it, i.e. only caseworkers will have access to guest data and only fundraisers/administrators will have access to donor data. Back-ups of our online server’s data are held by our outsourced IT company (Totality Services - www.totalityservices.co.uk), who securely holds a copy in the case of an error to our online server. The hosting facilities for our website are situated in Ireland and Amsterdam. Transfers to each of these countries will be protected by appropriate safeguards, namely adherence to the GDPR. All electronic financial transactions entered through our website will be protected by encryption technology. You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. However, once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. You are responsible for keeping the password you use for accessing our website confidential; we will not ask you for your password (except when you log in to our website).
09. International data transfers outside of the European Economic Area Expand We use Microsoft Office 365 to store and hold all organisational data, Access UK (Charity CRM) to store all supporter data and In-Form (Salesforce) to manage our winter projects and record our guests’ personal data. These are both multi-tenant cloud services. This means that internal documents and information generated by us are stored in cloud services hosted within the European Economic Area (EEA). However, in some limited cases, we may use data processors that process and/or store data outside of the EEA – for example, project planning software Monday.com for recruitment, payment processors such as Stripe or e-mailing companies like MailChimp. In these cases, we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your information, for example, by entering into a contract that includes prescribed clauses about the use of data, what safeguards may be in place and requesting proof of high-security levels. In regard to personal data that you submit for publication through our website, you acknowledge that it will be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
10. How long does Glass Door hold information? Expand We will retain your personal information for the period necessary to fulfil the purposes in this Notice unless a longer retention period is permitted by law. Different types of information are held for different periods of time in accordance with our internal Data Retention & Deletion Procedure. The length of time that data will be kept may depend on the reasons for which we are processing the data and, on the law, or regulations that the information falls under, such as financial regulations, Limitations Act, Health and Safety regulations etc., or any contractual obligation we might have – such as with employment contracts. Subject to the above, we will typically store data relating to donors and people who have taken campaign actions for seven years after their last donation or interaction, and guests to whom we provide services to for six years after the final communication. Personal data about unsuccessful applicants are held for 6 months after the recruitment exercise is complete for that vacancy. We will not store your credit card details once we have processed a one-off donation. Once the retention period has expired, the information will be confidentially disposed of or permanently deleted. For guest case data, we will anonymise the data under ICO guidance so that no individual is identifiable. You can request the deletion of your personal information at any time, by contacting our Data Manager by emailing [email protected] or via the details at the bottom of this page. If you request to receive no further contact from us, we will keep some basic information about you on our suppression list to avoid sending you unwanted materials in the future. Notwithstanding the other provisions of this section, we will retain documents (including electronic documents) containing personal data: to the extent that we are required to do so by law; if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
11. Your rights Expand You have many rights under data protection (GDPR) legislation. These include: Right of Access You have the right to know what information we hold about you and to ask, in writing, to see your records. We will supply any information you ask for that we hold about you as soon as possible, but this may take up to 30 days. We will not charge you for this other than in exceptional circumstances. You will be asked for proof of identity as the person dealing with your request may not be the staff member you have met before. We need to be sure we are only releasing your personal data to you. This is called a Subject Access Request (SAR) and can be done by: Emailing our Data Manager: [email protected] Writing to our Data Manager, Glass Door Homeless Charity, Argon Mews, London, SW6 1BJ Right to be informed You have the right to be informed how your personal data will be used. This policy, as well as any additional information or notice that is provided to you either at the time you provided your details or otherwise, is intended to provide you with this information. Right to withdraw consent Where we process your data based on your consent (for example, to send you marketing texts or emails), you can withdraw that consent at any time. To do this, or to discuss this right further with us, please contact us using the details in the ‘Contact us’ section below. Right to object You also have a right to object to us processing data where we are relying on it being within our legitimate interests to do so (for example, to send you direct marketing by post). To do this, or to discuss this right further with us, please contact us using the details in the ‘Contact us’ section below. Right to restrict processing In certain situations, you have the right to ask for the processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage. Right of erasure In some cases, you have the right to be forgotten (i.e. to have your personal data deleted from our database). Where you have requested that we do not send you marketing materials, we will need to keep some limited information to ensure that you are not contacted in the future. Right of rectification If you believe our records are inaccurate, you have the right to ask for those records concerning you to be updated. To update your records please contact us using the details in the ‘Contact us’ section below. Right to data portability Where we are processing your personal data because you have given us your consent to do so, you have the right to request that the data be transferred from one service provider to another.
12. Updates and links Expand Updates to this policy We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy. We may notify you of changes to this policy by email or through the private messaging system on our website. Links to other websites The Glass Door website may, from time to time, contain links to the websites of other organisations which may be of interest to you. Linked websites are responsible for their own privacy practices. This privacy policy only applies to the Glass Door website.
How to contact us and where to raise concerns or complaints Expand We are registered as a data controller with the UK Information Commissioner's Office (ICO). Please know you have the right to complain directly to the ICO, which is an independent body responsible for making sure that organisations comply with all UK Data Protection laws. The ICO also deals with concerns raised by members of the public about the way in which organisations look after personal information and deal with subject access requests. If you wish to contact them directly, they can be contacted by: Telephone: 0303 123 1113 By going online to: wwww.ico.org.uk/make-a-complaint You may also write to them: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Our data protection registration number is Z7870443. This website is owned and operated by Glass Door Homeless Charity. We are registered in England and Wales under registration number 1083203, and our office and principal place of business is at Glass Door Homeless Charity, Argon Mews, London, SW6 1BJ. You can contact us by writing to the postal address given above, by using our website contact form, by email to [email protected] or by telephone at 020 7351 4948.