To give you more transparent and clear information on how we process your personal data, we have divided our Privacy Notice into different sections. Depending on how you interact with us, different sections of the notice will apply to you. Within these sections, we describe what personal data we collect, how we use it and what your rights are.
If you have any questions regarding your personal data, please contact us at email@example.com.
Updated August 2023.
Who are we?
The Noah’s Ark Charity raises money to enable the hospital to provide world class care to children.
The charity’s support of the children’s hospital is focussed in three main areas: namely environment and facilities, equipment and direct patient care, and, support for patients and families.
The Noah’s Ark Charity is a registered charity (registered charity number: 1069485) and we are also registered as a company limited by guarantee (company number: 03486361).
Unless otherwise stated, within the context of this policy, the terms “we” and “the Charity” means the Noah’s Ark Charity and our trading subsidiary.
Basis for processing personal information
The Charity uses any one of the following lawful basis for processing your personal information:
a) You have consented to us processing your data
b) There is a contractual relationship with you
c) We are legally obliged to process your data
d) We believe it’s in the legitimate interest of either you as the data subject, or us as the Charity, to process your data. Legitimate interest can be used where there is a reasonable purpose to process an individual’s data. For more information on legitimate interest, please see the ICO’s websiteor contact us
e) We believe it is in the public interest to process your data and this interest is supported by clear law e.g safeguarding, equality.
It’s important that the personal information the Charity obtains is held, used, transferred and otherwise processed in accordance with the legislation.
The law sets out a couple of additional grounds over and above those listed above, however the Charity is only using the grounds detailed above. In the future, if the grounds for processing change, the notice will be updated to reflect this. For more information about how the policy is changed please contact us.
The Charity gets its authority to process your personal information from the legal requirements set out in the following legislation (laws):
- Data Protection Act 2018 (incorporating the UK General Data Protection Regulation)
- Privacy and Electronic Communications Regulations.
Your personal information is processed and stored in accordance with the legal requirements in the corresponding laws.
Information processed by the Charity
Personal information is information that can be used to identify you. You can find examples of personal information in the four categories below.
Category 1: identification information
- date of birth
- email address
- landline number
- mobile number
- postal address
Category 2: personal life information
- family and friend connections, such as parents and siblings
- job role
- type of organisation you work at
- activities by the charity that you may be interested in.
Category 3: economic and financial information and donation history
- bank account details
- credit/debit card details
- whether you are a UK tax-payer so that we can claim Gift Aid (we don’t collect information about your tax payments, only whether you are a tax-payer).
Category 4: connection information
- browser information
- device data
- location data.
Special category (or sensitive information)
Information in this category is more sensitive than in the categories above and includes:
- health and medical information
- criminal convictions
- diversity monitoring information.
The Charity doesn’t usually collect this type of information unless there’s a clear reason for doing so. An example of when collecting this information is necessary is participating in an event where we need this information to ensure we provide you with the appropriate facilities.
The Charity may also collect health information if you tell us about your experiences with the hospital.
We will make it clear when and why we are collecting this information.
How we collect personal information
We collect information about you in the following ways:
- when you, or someone on your behalf, makes a donation to us
- when you register to participate in an event either directly with the Charity or through a third-party and have indicated that you wish to fundraise for us
- when you complete a satisfaction survey
- when a relative provides your name and contact details as an emergency contact
- when you become a registered volunteer for the Charity
- when you agree to 3rd parties such as Royal Mail to provide us with your details
- when you engage in our social media or digital advertising
- when you voluntarily give the Charity your personal information
- when you order products from the Noah’s Ark Charity Shopwhen you subscribe to our charity publications or email newsletters
- to monitor the quality of our fundraising activities
- when you read or download information from our website.
Photography and images
The Noah’s Ark Charity uses photography, images and film.
The images are used in media (such as newspapers, magazines, websites or broadcast outlets), on social media, in publications, on our website, in printed or online fundraising materials, in fundraising and awareness films or by our corporate partners who help us raise money to support the Charity.
Patient Case Studies
Photography, images and film created for patient case studies is taken and used with your consent.
We will discuss with you how your, and/or your child’s, image and information is going to be used and ensure you are happy for it to be used in this way. You can ask us to stop any time.
Where an event is organised by the Charity, we will ask you for consent to use any photographs taken where you are the focus of the image. Permission will be requested either prior, during or after the event.
Where the photograph does not focus on you as an individual, e.g where you appear in the background of the photograph, or, as one of a number of people in a group shot, it is not normally necessary for us to ask your permission. We will ensure the terms and conditions of the event tell you if there will be photographers present.
If you do not want your photograph taken, please either tell the photographer or a member of the charity team at the time, if it is convenient to do so, or contact the Charity after the event. You can change your mind at any time.
Where the event is organised by a third party, we will use photography from the event under our legitimate interests. We will be clear in our terms and conditions of entry if this is the case. If you do not want your photograph taken, please either tell the photographer at the time, if it is convenient to do so, or contact the Charity after the event.
At some events there may be photographers present who represent the media or the event organiser and for whom the Charity is not responsible. Please review the terms and conditions issued by the event organiser for more information and inform the event organiser of your preferences and wishes in respect of photography taken.
The Charity has an online shop offering for sale items such as cards, toys, clothing and accessories.
We will process information about you from category one and category three above, in order to fulfil your order.
The shop also offers “virtual gifts” where you can donate money, send e-cards or buy gifts for someone. Where you use this service, we will also process information about your gift recipient. This will consist of their name and postal or email address depending on the method of delivery of the gift.
If you no longer want us to process your personal information, please share your preference with us by contacting us at firstname.lastname@example.org.
The reasons the Charity collects and uses information
We’ll collect and use your information for one or more of the following reasons:
1) Under the lawful basis of contractual necessity for processing, we collect and use your information as follows:
- to process your order and send you the items that you have ordered through our shop
- for the purposes of you entering a raffle, prize draw or competition
- to award grants for specific research programmes and monitor the impact of research funding
- to process direct debit donation claims.
2) Under the lawful basis of legal obligation for processing, we collect and use your information as follows:
- where the collection is required or authorised by law
- to administer any requests where you are exercising your legal rights
- to assess your personal information for credit risk, age verification or fraud prevention. Charities can be targeted for illegal purposes such as money laundering and therefore we are required to monitor financial activity and report suspected fraud to the appropriate authorities.
3) Under lawful basis of consent for processing, we collect and use your information as follows:
- for your participation or expressed interest in an event, ensuring you have all the required information
- to ask you to help the Charity by raising money on our behalf or donating money to us but always in accordance with our supporter commitment
- where you made a donation in celebration of another individual and that individual, or a related person, wishes to know who has given
- the taking and use of photography, images or film in case studies, media and press publications and marketing materials.
4) Under the lawful basis of legitimate interest for processing, we collect and use your information as follows:
- to process any donation(s) or gifts we may receive from you
- to provide you with information about the Charity’s work or activities that you have requested
- for internal record-keeping such as to manage feedback or respond to complaints
- the administration, organisation and management of events where you are taking part
- to send you marketing materials by post (unless you’ve asked us not to)
- to administer and monitor grant funding
- to help us identify new supporters
- to analyse and improve our services regarding:
- supporting the hospital.
- for data quality and data analytics purposes
- to support effective and efficient record-keeping
- to use IP Addresses:
- to block disruptive use
- to record website traffic
- to personalise content based on previous visitor history.
- the use of photographs and images taken during third-party managed events
- when a relative (e.g a staff member, volunteer or event participant) provides your contact details as their emergency contact
- to invite you to participate in surveys regarding your experience with the Charity or market research.
5) Under the lawful basis of public interest for processing, we collect and use your information as follows:
- to ensure we comply with the Equality Act 2010
- to monitor and promote equal opportunities and treatment to you
- to ensure we pro-actively promote a diverse and inclusive range of case studies in our press and marketing materials.
Credit, debit card and payment information
Donations to the Charity can be made via credit or debit card payments, direct debit, standing order, Charity Aid Foundation (CAF) vouchers, cash and cheques.
Payments for purchases can be made online or over the phone.
We ensure that all payments or donations are carried out securely and, where applicable for payment cards (such as MasterCard and Visa payment), are processed in accordance with the Payment Card Industry Data Security Standard (PCI DSS).
To find out more about PCI DSS standards visit their website at pcisecuritystandards.org.
Your payment information
In addition to keeping your payment information safe during the payment process, we will:
- not store your credit or debit card details
- securely destroy all card details and validation codes once the payment or donation process is complete
- immediately delete any emails received that contain any credit or debit card details
- only allow authorised staff to process payments and access payment details.
Other payment options
We also offer Mobile Wallet payment options, such as ApplePay and Google Pay, for some services. To process payments made through Mobile Wallets we use a third party called Stripe Payments Europe Ltd (Stripe).
Profiling means gathering information about individuals and analysing their characteristics and behaviour patterns to place them in a certain category to help inform the efficiency of the Charity’s fundraising activity or to help identify possible new supporters. It’s a procedure that involves processing personal information using a series of statistical deductions to make predictions about people, which makes an inference based on the qualities of others who appear statistically similar to the individual whose personal information is being processed.
How we use profiling
We aim to ensure that our fundraising activity and marketing communications are appropriate and timely. We want to send you the most relevant information and only promote donation opportunities that we believe you are most likely to be interested in.
To do this, we may use your personal information which at times includes previous transactions and communication history, alongside profiling techniques and insight companies to help us identify other people who may have an interest in supporting our Charity or to provide us with general information about you such as information you have volunteered about your lifestyle and purchasing habits. To assist us, we may use public registers or third-party information services, such as Experian’s Mosaic product.
You can request to not have your information used in this way.
High value fundraising
To enable us to fundraise for high value giving opportunities appropriately and effectively, we will research individuals and organisations to help us identify suitable major donors, corporate partners, patrons, and committee or appeal board members.
This research helps us to identify individuals or organisations who have the capacity to make substantial donations, who appear to have an interest in supporting our cause and who may be able to help us to raise funds through volunteer support for our appeals, events or partnership opportunities.
Processing of information for high value fundraising
We use our legitimate interests to process your information for high value fundraising research.
The processing of your information in this way for high-value fundraising is instrumental in enabling us to support large-scale projects and initiatives that benefit the Noah’s Ark Children’s Hospital Charity. We appreciate that you expect us to conduct such processing in an efficient and professional manner whilst taking your right to privacy into account.
We will inform you of the processing we undertake when we first contact you and then at further regular intervals throughout the lifetime of our contact with you. You can exercise your rights at any time.
How we undertake research
We are careful to ensure information collated is not excessive or intrusive and is sourced reliably and appropriately.
Any research is undertaken using only credible, publicly available information. This may include sources such as national and local press, Companies House, Charity Commission and from social media sites such as LinkedIn. We’ll only use these where the data has been deliberately made public. We may also use appropriate third-party sources to identify and inform professional approaches to prospective donors, partners and volunteers.
We don’t routinely collect large volumes of personal information related to your health, racial or ethnic origin, or religious or political beliefs. However, occasionally the research we undertake may include limited information which falls within this description. We recognise the sensitivities of this information and will only process and record this information if you tell us directly and agree to this processing.
Ethical screening and minimising risk
To comply with our obligations as a charity, we must also take reasonable and appropriate steps to know who our donors are, particularly where significant sums are donated.
Using charity law as a legal basis for processing, we may conduct due diligence to provide assurances that donations and support are from appropriate sources. This is to safeguard our reputation and to help us mitigate any associated risk.
We have clearly defined principles that guide how we engage in mutually beneficial relationships with companies, foundations and individuals. These principles ensure that we raise money legally, safely and transparently.
The nature and extent of due diligence research is proportionate to the fundraising opportunity. This doesn’t mean that we’ll research lots of personal details about every donor or question every donation. Any information we collect for these purposes will only consist of what is necessary for us to meet these requirements and will be processed in line with your rights.
Marketing and communication preferences
We use marketing communications to keep you up to date with what we’re doing, how you can get involved, and news and features about the charity which we feel will be of interest to you. This may include newsletters, surveys, financial appeals, raffle appeals, fundraising opportunities or updates about the hospital.
We use a variety of methods to send marketing to you including post, telephone and electronic channels.
Electronic marketing includes the use of:
- text messages
We’ll always ask your permission before we send you electronic marketing.
The Charity uses social media to communicate with you and share information about campaigns or events. Currently we use Facebook, LinkedIn, and Instagram. We do this through advertising on your social media or through posting messages and information on our own social media pages which you may choose to “like”, “follow” or interact with.
For our supporters who are also Facebook users, we work with Facebook to use tools that Facebook make available to us to advertise to you. These tools enable our communications to appear on news feeds, and this is called a “custom audience”. We will only do this if you have already consented to us sending you marketing via email and where we believe the marketing communication may be of interest to you. Where this is the case, your name and e-mail address will be uploaded in an encrypted format to Facebook. Facebook will determine if you have a Facebook account and then place the marketing directly on your news feed. We may also use the same tool in a slightly different way to ensure you don’t receive unnecessary marketing communications.
We take your privacy and rights seriously but still deem your interest to us important. For this reason, we use our legitimate interest to use your information and communicate with you in this way. Therefore, we will not ask for your permission to market to you through social media, but you are always free to inform us that you do not want us to contact you in in this way.
You can also update your preferences within the social media site to stop receiving marketing. For further information on Facebook in particular, please see their terms of service and their data policy.
This is where you receive information about the Charity through your mail box.
Postal marketing enables us to contact a wide range of individuals and is an easy way to keep you updated. It allows you to donate and get involved in your own time and in a way which isn’t intrusive for you.
For this reason, and after careful consideration, we use our legitimate interests to send marketing in this way. This means that we won’t ask you for prior permission to send you marketing by post, but you can always tell us if you no longer want to receive post.
Changing your marketing preferences
You can stop receiving marketing communications altogether or change your preferences at any time either by following the instructions in the communication you have received or by contacting us at email@example.com
We won’t use your information for marketing purposes if you have asked us not to. However, we may retain your details on a suppression list to help ensure we don’t continue to contact you.
Website tracking and Cookies
Cookie: a small text file that is placed on your computer or mobile device when you access our websites. This allows the website to recognise your device and store information about your preferences and actions.
Spotlight tag: records access to a website as part of online advertising. Spotlight tags allow us to track, measure and report on activities that happen on our website after you see or click on an ad. These tags allow us to measure the effectiveness of our online marketing campaigns. These files are provided to us by our Ad Partners and organisations such as DoubleClick. For more information about DoubleClick please visit doubleclick.net.
Web beacon: an invisible graphic that is placed on a website or in an email and used to monitor the behaviour of the user visiting the website or sending the email. When you open an HTML email that we have sent you, this graphic is downloaded from a web server and generates a record showing that the email was opened, how many times it was forwarded (if any) and which links within the email were clicked.
For all areas of our websites which collect personal information, we follow best practice for web and data security. Although we cannot 100% guarantee the security of any information you give us, we enforce strict procedures and security features to protect your information and prevent unauthorised access.
Wherever possible, we will keep this information anonymous so that it will not identify you as an individual visitor to our websites.
The Noah’s Ark Charity uses different types of Cookies to accomplish the tracking described above and these are summarised below. Please click below to go to the Cookie Preference Centre and find out more about what these cookies do and which may be in use on your device.
These are necessary for the website to function and cannot be switched off in our systems. You can set your browser to block or alert you about these cookies, but some parts of the site may not work properly if you do. These cookies do not store any personally identifiable information.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and can help us identify issues with the website. All information these cookies collect is aggregated and therefore anonymous.
These enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages.
Social Media Cookies
These are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests.
These may be set through our site by our advertising partners. They do not store directly personal information but are based on uniquely identifying your browser and internet device.
All but essential cookies require your consent to be placed on your device, and you will be asked if you would like to consent the first time you visit our website, and every 12 months thereafter through our cookie banner. You can change your preference at any time by clicking the button (below the browser information) to go to the Cookie Preference Centre.
You can disable Essential Cookies using your browser settings. Details of how to do this are listed below.
Browser cookie settings
If you would like to prevent cookies from being set by our website, the following links will help:
How to change your cookie settings in Firefox
How to change your cookie settings in Internet Explorer
How to change your cookie settings in Google Chrome
Safari (OS X)
How to change your cookie settings in Safari (OS X)
How to change your cookie settings in Safari (iOS)
How to change your cookie settings in Android
To find out more about cookies, please visit allaboutcookies.org.
We don’t sell or swap your information with any third party for their marketing purposes.
However, we do share and/or receive information from the recipients set out below:
1) Our Data Processors are organisations who:
- act as a fundraiser for the Charity;
- provide us with information and help us place marketing (subject to your communication preferences and our internal policies and procedures);
- will build a profile using information shared and return the profile to us, such as Experian;
- help us identity possible new supporters;
- help us keep our records up-to-date and accurate;
- help us investigate and respond to complaints and enquiries; and
- who sell the charity products through our shop.
2) Volunteer Boards and committees who we share information with, where it is appropriate to do so, to enable us to accept donations or to pursue support.
3) Other third-parties where we are legally required to do so, including:
- the police
- contracted parties who enable us to enforce or apply our terms and conditions or rights under an agreement
- third-party organisations where there is a need and we have entered into an information sharing agreement
- to protect us, for example in the case of suspected fraud or defamation
- government bodies or regulatory bodies including the Charity Commission or Fundraising Regulator.
All our data processors are carefully selected and are trusted partners of the Charity. All our trusted partners are required to comply with data protection laws and our high standards and are only allowed to process your information in strict compliance with our instructions. We will always make sure appropriate contracts and controls are in place with our trusted partners and we regularly monitor all our partners to ensure their compliance.
We do not share your information for any other purpose.
We aim to ensure that all information we hold about you is accurate and kept up-to-date. We use services provided by trusted third-party organisations, such as the National Change of Address Register (facilitated by Royal Mail), to assist us with this. We also screen our records against other registers such as the Bereavement Register to ensure we do not contact individuals inappropriately.
If we believe the information we hold is not up-to-date, we will either update our records to reflect the information received from those services detailed above, or contact you and ask you to update this.
Similarly, if you believe any of the information we hold is inaccurate, or, your circumstances change, please advise us and we will ensure our records are updated as soon as possible.
Storing your Information
The Charity maintains a secure back-up of its information. This enables us to ensure that in the event of an incident which disrupts normal business operations, we can restore these operations as quickly as possible, continuing to provide support in the meantime.
We aim to store all information within the UK.
In some situations, it is possible that your information may be transferred outside the UK either to a country within the EEA, or worldwide. This may occur where, for example, one of our trusted partners processing information on our behalf has servers located in a country outside the UK.
Protecting children, young persons and vulnerable adults
If you are aged 16 or under, and would like to participate in an event, donate or get involved with us, please make sure that you have your parent/guardian’s permission before giving us your personal information. For some individuals we may require parental consent prior to collecting or using any personal information.
Where we collect information about you, we will make it clear as to the reasons for collecting this information and how it will be used.
The Charity recognises the importance of protecting individuals who may be in vulnerable circumstances and follows the sector best practice on, including that issued by the Institute of Fundraising, Treating Donors Fairly.
We believe that this guidance helps to support our staff and fundraisers who come into contact with supporters in providing high quality customer care, ensuring anyone donating to the Charity is in a position to make a free and informed decision.
If you would like to find out more about the Institute of Fundraising’s guidance, please follow this link.
You have a number of rights available to you and these are set out below.
Right to be Informed
Right to Rectify Inaccurate Information
You have a right to ask the Charity to correct any data we hold and process that is no longer correct. You can also ask us to complete information that is incomplete.
Right to Restrict Processing
You have a right to choose what personal information held about you is processed and limit the information that you no longer want the Charity to process.
Right to Portability
You have a right to ask the Charity to send a copy of the information we hold about you to another organisation.
Right of Access
You have a right to ask us whether we are processing your personal information. Where this is the case, you can ask us to supply you with the information.
Right to Erasure
You have a right to ask the Charity to delete the information we hold on you where:
- it is no longer required for processing
- you no longer consent to the processing
- where you object to processing.
Right to Object to Processing
You have the right to object to the processing of your information where:
- this is carried out by us under the basis of public interest or legitimate interests
- this is processed for direct marketing purposes
- this is processed for scientific or historical research purposes, or statistical purposes.
Right not to be subjected to Automated Decision Making
You have a right not to have your information processed using solely automated means with no human intervention, including any profiling activity.
You can exercise any of these rights at any time by contacting us at firstname.lastname@example.org
If you are unhappy with the way your information is being processed, you may lodge a complaint with the UK’s Supervisory Authority, the Information Commissioner. They can be contacted on 0303 123 1113 or via their website.
This policy was last updated in August 2023 and replaces all previous versions.
We will regularly review and update this document.