Privacy Policy for Fundraising Activities

We may collect and process the following types of personal data during our fundraising activities:

• Contact Details: Name, address, email, and telephone number.
• Donation Information: Records of your donation/s, including the amount, frequency, payment method, and any gift aid information.
• Financial Information: Bank details, credit/debit card information, or other payment details required for processing donations.
• Communication Preferences: Your preferences for how we contact you, including email, phone, or postal mail.
• Marketing Data: Your preferences regarding receiving our marketing materials, including newsletters or updates.
• Browser Data: IP address.

We collect your personal data in several ways, including:

• Directly from you when you donate or sign up for information about GamCare.
• Automatically through our website when you visit, such as through cookies or web analytics.

We use your personal data for the following purposes:

• Processing Donations: To process your donations, including any gift aid claims.
• Fundraising Communications: To send you specific updates about our fundraising activities, developments, and events, subject to your preferences
• Responding to enquiries: To respond to your queries or provide information you request from us.
• Compliance with Legal Obligations: To comply with our legal obligations, including financial reporting and auditing.
• Marketing: To send you marketing communications (e.g. updates on GamCare’s work such as our Annual activity Report) where you have provided consent or where we are otherwise permitted by law. You can opt out at any time.

We process your personal data on the following lawful bases, as defined under the GDPR:

• Consent: Where you have provided consent for us to send you marketing materials or fundraising updates.
• Contract: Where processing is necessary for the performance of a contract with you (when applicable) (e.g., processing a donation or event registration).
• Legitimate Interests: Where it is in our legitimate interest to use your data for fundraising purposes/activities or to improve our services, provided it does not override your rights.
• Legal Obligation: Where we are legally required to process your data, such as for tax reporting or compliance with charity laws.

We will not sell or rent your personal data to third parties.

However, we may share your data with trusted third parties for the following purposes:

• Payment Processors: To process donations and payments.
• Service Providers: To provide IT, web hosting, or analytics services.
• Legal and Regulatory Authorities: Where required to comply with legal obligations, such as HM Revenue & Customs for gift aid claims.

We ensure that any third parties we work with comply with data protection laws and maintain appropriate security measures to protect your data.

We will retain your personal data for as long as necessary for the purposes for which it was collected or to comply with legal obligations, such as tax reporting. We will retain your data for six years. When we no longer need your data, we will securely delete it.

Under the GDPR, you have several rights regarding your personal data:

• Right to Access: You have the right to request access to the personal data we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccuracies in your data.
• Right to Erasure: You have the right to request the deletion of your personal data where it is no longer needed for the purposes for which it was collected.
• Right to Restrict Processing: You can request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You can request that we provide your data in a structured, commonly used, and machine-readable format, or transfer it to another organisation.
• Right to Object: You have the right to object to our processing of your personal data for marketing purposes or where processing is based on legitimate interests.
• Right to Withdraw Consent: Where we rely on your consent to process your data, you can withdraw it at any time.

To exercise any of these rights, please contact us using the details provided at the end
of this policy.

We are committed to ensuring the security of your personal data. We use appropriate technical and organisational measures to protect your data from unauthorised access,
loss, or damage. This includes industry standard encryption technologies, secure servers, and regular security audits. In the event of a data breach occurring, we shall comply with the provisions of the UK GDPR and Data Protection Act in handling it.

Our website uses cookies to enhance your experience and to analyse site traffic. A cookie consists of information sent by a web server (our site) to a web browser (the application you use to access the site, like Google Chrome) which stores it. Information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

We may update this Privacy Policy from time to time to reflect changes in the law or our data practices. Any changes will be posted on our website, via the updated policy, and where appropriate, we will notify you by email or through other means.

GamCare is the data controller responsible for your personal data.