Privacy and Cookies

We adhere to the principles relating to Processing of Personal Data set out in the GDPR which require Personal Data to be:

• Processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency);
• Collected only for specified, explicit and legitimate purposes (Purpose Limitation);
• Adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed (Data Minimisation);
• Accurate and where necessary kept up to date (Accuracy);
• Not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is Processed (Storage Limitation);
• Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality);
• Not transferred to another country without appropriate safeguards being in place (Transfer Limitation); and
• Made available to Data Subjects and allow Data Subjects to exercise certain rights in relation to their Personal Data (Data Subject's Rights and Requests).

We only aim to collect the minimum amount of information needed and will delete it when it is no longer needed. We will collect this data in a number of ways both directly and indirectly.

Directly

You may give us personal data about you (such as your name, address, e-mail address and phone number) whenever you contact us, either by telephone, letter, our website (https://heritage.sheffieldeagles.com) or in any other way. For example, we will obtain your personal data when you contact us, communicate with us or sign up to receive email. When you contact us, we may keep a record of that correspondence.

Indirectly

We may also receive information about you that you provide to other sources such as Mailerlite - the provider of our online newsletter platform. We may add to and merge this with any information we already hold about you. You should check their Privacy Policy when you provide your information to fully understand how they will process your data. We may also receive information that you post or contribute to our social media pages (e.g. in comments, messages and photographs on Facebook, Twitter or other social media).

Personal and Special data we may collect about you as an employee or volunteer

We may also process special categories of personal data (sensitive data) to enable us to support employment or volunteering. For example racial and ethnic origin, offences (including alleged offences), complaints, accidents, and incident details. If we are processing any personal information that is regarded as ‘special category’ or ‘sensitive’ as referred to above, we will only do this with your explicit consent.

What personal data we collect and how we use it

The type of information we collect and how we will use it will depend on why you are providing it.

If you support us, volunteer, share items or sign up for an event, we will usually collect:

• Your full name
• Your contact details
  

Where it is appropriate we may also ask for:

• Your date of birth
• Your bank or credit card details
• Information relating to your health (so we can provide you with appropriate help and support or we can assess your suitability to take part in an event)

Examples of how we could use your data:

• Help us identify you and any previous contact we may have had with you;
• Provide you with information about other goods and services we offer that are similar to those that you have already enquired about
• Notify you about changes to our services
• Ensure that content from our site is presented in the most effective manner for you and for your computer or other device
• Seek feedback on how we can improve the service we offer
• Improving our services
• Analyse the effectiveness of our marketing and communication
• Keep a record of your relationship
• We may monitor your use of the Website through the use of cookies and similar tracking devices. For example, we may monitor how many times you visit our website, which pages you go to, traffic data, location data and the originating domain name of a user’s internet service provider. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. Please see refer to our cookie policy for further information
• If you receive emails from us we may also be able to monitor which of our emails you have opened and any links within the emails that you click on

Legal basis for using personal data

The Eagles Foundation relies on the following legal conditions that are described:

• Consent: When you opt-in to receive information from us we use this consent to send you updates about our news, events and other activities.
• Legal obligations: Sometimes it is necessary to process your data for us to comply with our legal obligations.
• Legitimate interest: We have conducted a legitimate interest assessment and will, in some circumstances, rely on sending you information by post. Unless you have specifically opted out of communications, you may receive information from us.
• Vital interest: where processing is needed to protect your vital interests (or those of someone else) e.g. in an emergency.
• As an equal opportunities employer, we may process your data to allow us to monitor our diversity and evaluate our training and development needs
• Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.

We will never sell, rent, or trade your personal data however we may disclose your personal data to:

• Our affiliated organisations and subsidiaries, and to service providers who render services to us or you on our behalf (all of which are contractually obligated to act only on our instructions and in accordance with applicable laws, including GDPR and PECR ).
• We also may disclose your information if required by law or to enforce our legal rights.
• Our agents and service providers (who help run some of our administrative operations such as web hosting, payment processing, maintenance services or email distribution) some of whom may be outside the EEA (see ‘Transfers of data out of the EEA’ below);
• In order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of sale and supply and other agreements; or to protect the rights, property, or safety of WPCC, our clients, or others. This may also include exchanging information with other companies and organisations for the purposes of fraud protection;
• If WPCC is acquired by another company, personal data held about its clients and supporters will included in the assets transferred.

You have the right to request access to data (Right of Access) which we may process about you. If you wish to exercise this right you should:

• Put your request in writing
• Include proof of your identity and address (e.g. a copy of your driving licence or passport, and a recent utility or credit card bill)
• Specify which information you are seeking
  

You have the right to require us to correct any inaccuracies (Right to Rectify) in your data free of charge. If you wish to exercise this right you should:

• Put your request in writing
• Provide us with enough information to identify you
• Specify the information that is incorrect and what you believe should replace it.
• If upon receipt of this request we agree that the data is incorrect we shall make corrections. Whatever action we take, we will write back to you to inform you of our findings and if necessary any actions we have taken.

You also have the right to ask us to stop processing (Right to Restrict Processing) your personal data for direct marketing purposes. If you wish to exercise this right you should:

• Put your request in writing (an email sent to enquiries@eaglesfoundation.co.uk with a header that says ‘Unsubscribe’ is acceptable)
• Provide us with enough information to identify you
• If your objection is not to direct marketing in general, but to direct marketing by a particular channel (eg email or telephone) please specify the channel you are objecting to.
  

It is also possible to unsubscribe from email marketing only using the ‘unsubscribe’ link provided in each email we send.

You have the right (in certain circumstances) to have personal information held about you erased from our records if it is determined we no longer need it (Right to be Forgotten).

You have the right to have inaccurate personal information amended (Right to Rectification).

The right to ask us to stop using your information in certain situations (Right to Restrict Processing).

You have the right (in certain circumstances) to have a copy of your personal information provided for reuse in another service (Right to Data Portability).

You are able to object (Right to Object) to direct marketing, processing, research and processing based on legitimate interest.

You have the right not to be subject to a decision based on automated processing (Right not to be Profiled)

We will endeavour to update your details as quickly as possible, but please note this may take up to six weeks from the original request date. If you request to be forgotten, this could take up to 6 months to be fully erased.

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:

• Give consent on his/her behalf to the processing of his or her personal data
• Receive on his/her behalf any data protection notices
• Give consent to the transfer of his/her personal data outside of the European Economic Area

A cookie is a small file which is placed on your computer by a site when you visit it. Basic cookies contain the site name and a unique user ID. The next time you visit that site, your browser checks to see if it has a cookie for it and sends the information contained in that cookie back to the site. The site then ‘knows’ that you have been there before, and can, for example, tailor your experience of the site.

Non-essential cookies

Cookies help us to improve your experience of our site but are not essential to its basic functioning. We use these cookies to collect non-personal information about your computer, including, where available, your IP address, operating system and browser type, language and Country, for system administration purposes and to measure our effectiveness. They also enable us to estimate our audience size and usage patterns. This is statistical data about our users' browsing actions and patterns and does not identify any individual. This information helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

Third party cookies

Facebook and Twitter are examples of ‘third party’ cookies on our site. If you click a function on our website that is associated with these parties (eg to share or tweet a piece of information), they will place cookies on your computer. We embed videos on our site using YouTube, which sets cookies on your computer once you click on the video player. As you do not have to sign up to YouTube first in order to play these videos, you will not have accepted their terms and conditions. We do not take responsibility for these cookies, as to make use of these functions you will have already accepted the terms and conditions of use with the relevant party.

Can I refuse cookies?

Yes. You can use a setting on your browser which allows you to refuse to accept cookies. However, if you select this setting it may not work smoothly. Different browsers have different instructions for managing cookies and you may also be able to accept certain cookies and not others. For example, you may be able to refuse third party cookies.