Updated 29 July 2019
The Institute of Imagination, which also incorporates iOi Enterprise Ltd (“iOi”, “we” or “us”), promises to respect any personal data you share with us, or that we get from other organisations and keep it safe. We will only process data from other organisations that have gained explicit consent to share your data with us.
We aim to be clear when we collect your data and not do anything you wouldn’t reasonably expect or have consented to. Developing a better understanding of our supporters through their personal data allows us to tell you more about what you want to hear about, make better decisions, fundraise more efficiently and ultimately, helps us to reach our goal of creating space for children to re-imagine the world.
1. Where do we collect information about you from?
We collect information in the following ways:
a. When you give it to us DIRECTLY
You may give us your information in order to sign up for one of our events, join our mailing list, make a donation, fill out a form on www.ioi.london (“our site”), participate in fundraising activity or communicate with us. You control how we use this data to communicate with via our ‘preference centre’ which can be access via emails you receive from us from 25 May 2018. Consent may be withdrawn by you at any time via the preference centre, by contacting email@example.com and via the unsubscribe link on our emails. You might provide your details to us in person, at an event or over the phone. If you provide us with personal details i.e. name, address, telephone number, email address, it will be stored by us. We will not send marketing communication to you unless you have given us verbal consent. Sometimes when you support us, your information is collected by an organisation working for us (e.g. a professional fundraising agency), but we are responsible for your data at all times and the organisations working for us will not retain or store your data.
b. When you give it to us INDIRECTLY
c. When you give permission to OTHER ORGANISATIONS to share or it is available publicly
We may combine information you provide to us with information available from external sources in order to gain a better understanding of our supporters to improve our fundraising methods, products and services. The information we get from other organisations may depend on your privacy settings or the responses you give, so you should regularly check them. This information comes from the following sources:
- Third party organisations: You may have provided permission for a company or other organisation to share your data with third parties, including charities. This could be when you buy a product or service, register for an online competition or sign up with a comparison site. When collecting/storing data from a third party we only accept data that complies with the requirements GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, including the requirements of the Telephone Preference Service, regardless of the country or legal jurisdiction in which the agency is based or operating.
- Social Media: Depending on your settings or the privacy policies for social media and messaging services like Facebook, Instagram, LinkedIn or Twitter, you might give us permission to access information from those accounts or services. You can manage this information in the privacy settings of each Social Network that you use.
d. When we collect it as you use our site
Like most websites, we use “cookies” or similar services to help us make our site – and the way you use it – better, and to collect anonymous information about how this website is used, through Google Analytics. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields. In addition, the type of device you’re using to access our website and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
Our advertising is delivered to you through our approved advertising partners. The cookies accompanying the ads allow us to monitor the effectiveness of the ads, show you adverts relevant to your interests and what you’ve shown an interest in on our site. Any company we allow to add tags or code to our website is approved to ensure that they handle your data responsibly. However, their use of the data is within their control and is subject to their own privacy. For advertising we use Google AdWords, Google Remarketing and Facebook. Click to view their policies and to view how to opt-out of cookies.
e. When you click on our advertising
2. What personal data do we collect and how do we use it?
The type and quantity of information we collect and how we use it depends on why you are providing it.
a. Event attendees
If you buy tickets to one of our events we will usually collect:
- Your name
- Your contact details
- Your bank or credit card details.
You can manage what you hear from us about in the preference centre, which can be accessed using the link in emails we send you. Occasionally, we may include information from partner organisations or organisations who support us in these communications, if you have given us consent to do so. If you don’t want to hear from us, that’s fine. Just let us know when you provide your data, or contact us on 020 7494 9153 or firstname.lastname@example.org or use the preference centre link or the unsubscribe link in the emails we send you to ask to be removed in you have previously signed up.
We do not sell or share personal details to third parties for the purposes of marketing. But, if we run an event in partnership with another named organisation your details may need to be shared to administer the event. We will be very clear what will happen to your data when you register and the third party will not retain your data.
b. Website visitor
With regard to each of your visits to our site we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
We will use information held about you in the following ways:
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep our site safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
- to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
If you support us, for example make a donation, volunteer or register to fundraise, we will usually collect:
- Your name
- Your contact details
- Your date of birth
- Your bank or credit card details.
We will mainly use your data to:
- Provide you with the services, products or information you asked for.
- Administer your donation or support your fundraising, including processing gift aid.
- Keep a record of your relationship with us.
- Ensure we know how you prefer to be contacted.
- Understand how we can improve our services, products or information.
We may also use your personal information to detect and reduce fraud and credit risk. Information stored will be deleted after 24 months of non-activity on the record. Non-activity is defined as ‘no reply’ from you since your last correspondence from iOi. We will delete your contact information at this point, but will retain information about communications we have had with you unless you expressly request to have this data deleted.
d. Building profiles of supporters and targeting communications
We use profiling and screening techniques to ensure communications are relevant and timely, and to provide an improved experience for our supporters. Profiling also allows us to target our resources effectively, which donors consistently tell us is a key priority for them. We do this because it allows us to understand the background of the people who support us and helps us to make appropriate requests to supporters who may be able and willing to give more than they already do. Importantly, it enables us to raise more funds, sooner, and more cost-effectively, than we otherwise would. When building a profile we may analyse geographic, demographic and other information relating to you in order to better understand your interests and preferences in order to contact you with the most relevant communications. In doing this, we may use additional information from third party sources when it is available. Such information is compiled using publicly available data about you, for example addresses, listed Directorships or typical earnings in a given area.
3. How do we keep your data safe and who has access to it?
We ensure that there are appropriate technical controls in place to protect your personal details. All information you provide to us is stored on secure servers. Any payments made though our site will be encrypted using SSL technology. Unfortunately, the transmission of information via the internet is not completely secure.
Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may use external companies to collect or process personal data on our behalf. In this instance we will do comprehensive checks on these companies before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they have collect or have access to. We have ultimate responsibility for your data.
We may share your information with selected third parties, only with your prior consent, including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
- Analytics and search engine providers that assist us in the improvement and optimisation of our site.
Some of our suppliers run their operations outside the European Economic Area (EEA). Although they may not be subject to same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with European and UK data protection laws. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA. We may need to disclose your details if required to the police, regulatory bodies or legal advisors. We will only ever share your data in other circumstances if we have your explicit and informed consent.
4. Keeping your information up to date
You can manage your communications preferences in the preference centre from 25 May 2018, which can be accessed by the link in emails we send you. We really appreciate it if you let us know if your contact details change by contacting email@example.com or calling 020 7494 9153.
5. Your right to know what we know about you, to make changes or to ask us to stop using your data
You have a right to ask us to stop processing your personal data, and if it’s not necessary for the purpose you provided it to us for (e.g. processing your donation or registering you for an event) we will do so. Contact us on 020 7494 9153 or firstname.lastname@example.org if you have any concerns.
You can withdraw consent to be contacted by us at any time via the preference centre from 25 May 2018 and the unsubscribe link on e-communications. You have a right to ask for a copy of the information we hold about you – we’re a small team and we will respond to this request within one month or sooner.
If there are any discrepancies in the information we provide, please let us know and we will correct them. If you want to access your information, send a description of the information you want to see and proof of your identity by post to Team Operations Manager, Institute of Imagination, Second Home, 68 Hanbury Street, London, E1 5JL.
We do not accept these requests by email so we can ensure that we only provide personal data to the right person. If you have any questions please send these to email@example.com, and for further information see the Information Commissioner’s guidance here.