Privacy Policy

Medair UK
Who we are?

Medair is an international humanitarian organisation dedicated to relieving human suffering in some of the world’s most remote and devastated places. We reach people in underserved communities that have been damaged by natural disasters, conflicts and other crises. In doing so, we help people recover with dignity and develop skills to build a better future.

Medair UK is a charity registered in England and Wales (number 1056731), our company number is 3213889.

Medair UK is a national affiliate office part of the Medair International network. Medair International’s headquarters are in Ecublens, Switzerland.

For further information about our commitment to your privacy, please contact us by:
Email: united.kingdom@medair.org
Mail: 333 Canterbury Court, 1-3 Brixton Road. London, SW9 6DE
Telephone: +44 (0) 208 7720 100

How do we respect your privacy?

Medair UK is committed to respecting your privacy, and we promise to take appropriate steps to protect your personal data. Medair’s values of integrity and accountability guide our approach to care for your personal data as responsible stewards so that it is used appropriately and kept safe.

We collect selected personal data of our employees, beneficiaries, donors, trustees, board members, consultants, contractors, volunteers, interns, vendors, prospective employees and others who interact with our organization.

Our privacy policy takes into account several legal instruments, including:
– The UK General Data Protection Regulation (GDPR) – Privacy and Electronic Communications Regulations
– These laws apply whether data is stored electronically, on paper or in another format. To comply with these laws, personal data must be collected and used fairly, securely and only for lawful reasons.

We recognize that people who engage with Medair UK, via our website or through other means, may have questions about the personal data they provide to us and how we treat that information. This policy addresses those questions and explains how and why we use your information.

What personal data do we collect? Where do we collect it from?

Medair UK will only collect the personal data we need and are legally allowed to possess. Personal data is information that can be used to identify or contact you. This includes data such as names, email and

postal addresses, telephone numbers, mobile telephone numbers, bank account details, credit and debit card details, and social media presence. It also includes Internet Protocol (“IP”) addresses (data which identifies the location of a computer on the internet), information about pages visited on our website and files downloaded from our website.

We collect information in the following ways:

Information you give us directly
Medair UK collects personal data in connection with specific activities, for example, when you:
– donate to us
– sign up for our email communications
– register for an event
– apply for a job
– are hired by or volunteer with Medair UK
– visit our website
– complete a survey or feedback form
– provide us with a business card

Information you give us indirectly
Your information may be shared with us by fundraising sites like Just Giving, Charities Aid Foundation (CAF), Stewardship, FinDock, SmartDebit or The Big Give. These independent third parties only share your personal data when you indicate that you wish to support Medair UK. You may wish to review their privacy policies to understand how they will use your data.

Information we collect from your use of our websites
Like most organisations, we use cookies and similar technologies to make our website faster and easier to use. Cookies are small data files placed onto your computer or mobile device when you access the internet. By using our website, you agree that we can place cookies on your computer or mobile device. If you wish to restrict or block cookies, you should review your browser settings. For more information, please read our cookies policy (www.medair.org/cookie-policy).

Third party digital communication and processing services
Medair UK uses third party digital communication services such as Campaign Monitor, Salesforce and Google Analytics to assist us in marketing and financial donations processes, as well as in recruitment communications. Personally identifiable information is collected during tracking of email recipient activity, website usage and processing of donation. These companies have access to information only at the level needed to perform their functions. We require that these companies keep such information confidential. Such information is used to refine our web site content and layout, to process financial donation and to improve communication with our donors and candidates.

Information from third parties
We may receive information about you from third parties if you choose to engage with us via Facebook, Instagram, Twitter or other such social media platforms.

Information from publicly available sources

We may combine information you provide to us with information available from publicly available sources to gain a better understanding of our supporters and those who engage with us, so that Medair UK can be as relevant to you as possible and better tailor our requests for support. Public sources may include Companies House, Charity Commission, the Electoral Register, company websites, ‘rich lists’, social networks such as Linkedin, political and property registers and news archives. 

As a fundraising organisation, we undertake in-house research and from time to time engage specialist agencies such as Prospecting for Gold to gather information about you from publicly available sources, for example, Companies House, the Electoral Register, company websites, ‘rich lists’, social networks such as Linkedin, political and property registers and news archives.    

For organisations such as churches, trusts or schools, we may additionally gather information from your public website. 

Sensitive personal data
Certain categories of personal information are more sensitive. This is known as sensitive or special category personal data and covers health information, race and ethnicity, and religious and political opinions amongst other categories. We will only collect sensitive data about you if there is a proper and legal reason to do so. Such reasons may include conducting appropriate checks on job applicants to match your application profile appropriately to the relevant role, or being aware of any health concerns in relation to working in a humanitarian environment.

If you give us sensitive information about yourself, for example about your religious beliefs or your physical or mental health, please be aware that we may keep this information. When we do so, we will seek your consent. We will only keep this information where it is relevant to your interaction with us and only for as long as it is necessary. We promise to keep it secure.

As a Christian charity, we may process personal data relating to where you worship, or what role you play in a church. We will only do this where you tell us you are happy for us to use this information, or where you choose to make this public (e.g. on your church website). We will never disclose this information about you outside Medair without your consent.

Personal data of children
When you register for an event, make a donation, sign up to volunteer or interact with Medair UK in any other way, you are stating that you are 18 years of age or older or are acting with the consent of your parent or guardian. When we collect personal data about someone under 18 years of age, we will make it clear why we are collecting this information and how it will be used.

If you are under 18 and would like to get involved with us or make a donation, please make sure that you have your parent or guardian’s permission before giving us your personal information.

For application purposes for the field, it is necessary to collect data about children in order to make good decisions around placement of staff in humanitarian environments.

How do we use your personal data?

We may use your personal data in the following ways:

– to acknowledge our gratitude for donations we receive from you

– process donations you give us, or support your fundraising for us, including Gift Aid

– ask for financial support and non-financial support such as volunteering or prayer

– to send you program updates and fundraising communications

– to record the contact we have with you

– to invite you to participate in surveys or provide feedback

– to ensure that potentially vulnerable people are treated appropriately, particularly in regard to donations

– to conduct fundraising research

– to analyse and improve the services we offer

– to analyse the use of our websites and ensure security and optimal performance

– to establish a volunteer or employment relationship with you

– engage with your church (if you have given us information about it), for example by providing speakers or offering church packs

– understand whether you might want and be able to support us with a larger gift. This may involve looking at personal information about you through in-house desk research

– approach you in your professional capacity, for example as a Trustee or church leader, to talk about supporting our work

– track the success of our communications by recording whether or not you open or respond to our email or other electronic communications

– to ensure compliance with applicable laws, for instance those relating to taxes or anti-money laundering

As a fundraising organisation, we undertake in-house research and from time to time engage specialist agencies to gather information about you from publicly available sources We may also carry out wealth screening to fast track the research using our trusted third party partners. You will always have the right to opt out of this processing. We may also carry out research using publicly available information to identify individuals who may have an affinity to our cause but with whom we are not already in touch. We also use publicly available sources to carry out due diligence on donors in line with the charity’s Gift Acceptance Policy and to meet money laundering regulations.

This research helps us to understand more about you as an individual so we can focus conversations we have with you about fundraising and volunteering in the most effective way, and ensure that we provide you with an experience as a donor or potential donor which is appropriate for you. If you would prefer us not to use your data in this way, please contact us on the details below.

When do we share your personal data and with whom?

Medair UK will never sell your personal data to other organisations. Medair UK will never share your personal data with other organisations for them to use for their own purposes.

Medair UK does share information with organisations who provide a service to us, for example, companies who help us manage our website, process financial transactions, and support our human resources and fundraising departments. We will ensure our service providers enter into processing agreements that comply with UK GDPR. We will also ensure that appropriate controls are in place.

Medair UK does share personal data where it is under a legal obligation to do so.

Our cloud-based systems are shared between Medair International and each of Medair’s national affiliate offices, including Medair UK. Robust internal controls ensure that Medair UK supporters personal data relating is only accessible by Medair UK staff and contractors. See ‘Where do we store your personal data?’ for further information.

Medair UK may also share details of job prospects and candidates made at events with Medair Swiss headquarters to enable centralised recruitment communications.

If you are interested in or apply for a job through Medair’s Swiss Headquarters they may share your information with Medair UK so that we can communicate with you and support you in your professional interest in Medair. A list of other Medair affiliate offices and their associated privacy policies can be found here.

When applying for field roles, we may send your information to field country programmes for them to review candidate applications.

Where do we store your personal data?

We use cloud-based systems to process data – that means data may be processed outside of the European Economic Area (EEA). We only let this happen when we believe your data will be kept safe. We do everything we can to make sure your data is looked after as described in this policy. By giving us your personal data you are agreeing to us using cloud-based systems to process it.

Our cloud-based systems are shared between Medair International and each of Medair’s affiliate offices. Robust internal controls ensure that Medair UK supporters personal data is only accessible by Medair UK staff and contractors.

If you apply for a job with Medair International your personal information will be stored on secure servers and processed by Medair International staff.

How we protect your personal information?

We place great importance on the security of personal data in our possession. We understand the significance of this responsibility and we take appropriate technical and organisational measures to protect your personal data from loss, misuse or alteration. For example, we encrypt our online forms, routinely monitor our network against data breaches and utilize industry standard SSL (secure sockets layer) certificates.

Nevertheless, the transmission of information over the internet or by other methods is never completely secure. While we take appropriate precautions to protect personal data, we cannot guarantee the security of information transmitted to our website or through other means. Therefore, any transmission is at your own risk. Payment card details we receive on our website are passed securely to our payment processing provider according to the Payment Card Industry Security Standards. Unless you have given us permission to retain your bank account or credit card details, such details are securely destroyed once your donation has been processed. We hold bank account details for the purposes of collecting regular payments in accordance with local regulations.

How long do we keep your personal data?

We keep your information for as long as it’s necessary or legally required. For example, subject to UK law, Medair UK retains donation records for at least seven years. We will not retain your credit card or bank account information unless you have given us permission to do so. We will keep your recruitment and employment related data for as long as necessary or legally required. If you request to receive no further contact from us, we’ll keep some basic information about you on our suppression list to avoid sending you unwanted materials in the future. Such information will be minimised to ensure we only keep what is necessary. When your information is no longer required we will ensure that it is disposed of in a secure manner.

What is our lawful basis for collecting and using personal data?

Organisations need a lawful basis to collect and use personal data under data protection law. Current law allows for six ways to process personal data (and additional ways for sensitive personal data). Four of these are most relevant to the way in which Medair UK collects and uses personal data:
– a person has given consent (for example, to send you direct marketing by email or SMS)
– processing that is necessary for compliance with a contract (to process a direct debit)
– to meet a legal obligation (including financial reporting and other regulatory compliance purposes)
– our legitimate interests.

Our legitimate interests include:

– administration and operational management (including responding to solicited enquires, providing information and services, research, events management, the administration of volunteers and employment and recruitment requirements)
– fundraising and recruitment (including managing campaigns and donations, vacancy emails, event invitations, sending direct marketing and thank you letters by post)

Where you provide us with sensitive personal data, such as where you worship or any medical information about you, we will process this using one of the following permitted criteria:

– with your explicit consent (i.e. you make clear to us that you are happy for us to hold this information)
– where you manifestly make this information publicly available – such as on a church website; or
– where you have regular contact with us in connection to your religion or place of worship.

We will hold your data securely and only those who need to will be able to see or use this information.

For organisations such as churches or NGOs, we may contact you where we have a legitimate interest – i.e. where we believe it is reasonable to do so. Again, we will only do so after carefully considering how it might affect you and the potential benefits of contacting your organisation.

Where we contact you in a professional capacity rather than a personal one, for example about your job role, we will usually consider you to be a ‘corporate subscriber’ under Data Protection Regulations or Law.

As a ‘corporate subscriber’ we are permitted to contact you unless you tell us that you would like no further contact from us. We may also send you mail, unless you tell us that you don’t want us to do so. Further information on this (which is generally referred to as a ‘business to business’ approach) can be obtained at the Information Commissioner’s Office website and on the Telephone Preference Service website.

Personal data may be legally collected and used if it is necessary for a legitimate interest and is not overridden by your fundamental rights and freedoms. If you would like to change our use of your personal data, please get in touch with us using the details found below.

What are your rights?

Data protection laws provide you certain rights. You have the right to request access to your personal data. You may also have the right to request that your personal data be corrected or erased, object to its processing or have access to it restricted. You also have the right to receive a copy of your personal information or to have your personal information sent to another entity. We may ask you for additional information to confirm your identity before disclosing information requested to you or processing your request.

Preferences

If you want to change what we send you, or how we contact you, just let us know – e.g. you can tell us that you no longer want fundraising materials, or you can ask us to contact you by email rather than post.

Updating your details

It’s really helpful if you keep your details with us up-to-date. Just get in touch and let us know if things change.

Sometimes we use a Post Office address search or postcode lists etc. to check data you send us. This could be when, for example, we are unsure of what address you’ve written on a form.

We won’t use these sources to gather information you haven’t given us, for example if you’ve left a telephone number blank. Nor will we automatically update changes of address – we will normally only update your address when you tell us it’s changed. But if you are a regular giver, and items such as Medair News are returned to us, we may use external sources to update your address details. This is so we can let you know how your money has been spent through our news and stories.

Your suppression rights

Please contact us using the contact methods below if you have any question about this Privacy Policy or if you would like to:

– update the way we communicate with you or your contact details
– opt out of your data being kept or processed for any of the above reasons
– ask us to delete your personal data
– ask us to give you an electronic copy of the information we have about you so you can send it to another organisation (data portability)
– ask to see what information we have about you. We will respond within one month
– exercise your rights in connection with your personal data – know more about our commitment to you privacy – ask for an explanation of how we process your data

Email: united.kingdom@medair.org , or Mail: 333 Canterbury Court, 1-3 Brixton Road. London, SW9 6DE or Telephone: +44 (0) 208 7720 100

For more information about your rights under the General Data Protection Regulation, visit the Information Commissioner’s Office website at https://ico.org.uk.

Changes to the privacy policy

We may periodically revise or update this policy to reflect changes in our practices or in the law. If we make any significant changes in the way we treat your personal data, we will make this clear on our website or by contacting you directly. We encourage you to visit this section of the website regularly to review any changes that may have been made.

Complaints

You can also contact us if you’re worried about anything in this policy or if you want to make a complaint.
You can also make a complaint about the use of your personal data with the Information Commissioners Office (ICO), the UK data protection regulator. You can do this by calling the ICO helpline or through the ICO website. For details, visit https://ico.org.uk/concerns/.