Dementia Pathfinders: Our contact details are also at the bottom of this privacy notice.
About whom do we process data?
Dementia Pathfinders processes personal data which relates to our clients’ and supporters and potential clients and supporters. We also process data about people who work for our clients and others with whom we have or have had a business connection.
The legal status of data given to us by a client is controlled by a contract between ourselves and the client. This determines how we use personal data passed to us by the client. We only use this data in the way in which the client has requested. In that respect, we act as a Data Processor as defined in the Data Protection Act 1998, and from May 25, 2018, the GDPR. Ultimate control of the personal data remains with the client. Some of our work requires us to collect additional data from clients and potential clients whom we meet. In that respect, we act as both Data Processor and Data Controller. We also act as a Data Controller in respect of data we hold on those who work for our clients and potential clients, as well as others with whom we have a business connection. When we process data as a Data Controller we rely on three grounds for lawful processing:
For the purpose of administering contracts with clients, to the extent that we process personal data we do so because it is necessary for the administration of a Contract
For our marketing and other promotional activity, we process data because it is in our Legitimate Interest unless the law requires us to obtain your consent in which case we will only process data with your consent
When carrying out client activity we will usually seek Consent to process data, for example, to make interview notes if conducting a feasibility study. In some cases, and especially before we have met someone whom we may be seeking to interview, we will process data because it is in our Legitimate Interest to do so in order properly to advise our client
Please see ‘your rights’ below for details of what Legitimate Interest and Consent mean in this context, and your rights associated with either of terms.
What data do we process?
In carrying out our work as consultants, we hold data, whether as a Data Processor or Controller, which helps us to understand an individual and their relationship with the organisation they support or may support. This information may include:
Basic personal details, including name and age
Nature of the relationship with our client, including information about past giving to the client and hoped for future giving
Financial, business and networking information since this often has a material impact on the way in which the person pursues their philanthropic interests
Educational information and affiliations to organisations which are in the public domain
ctNotes of meetings, correspondence and conversations which we may have with the data subject
In carrying out administrative and marketing work for our own firm, information we hold
• Employment and contact information
• Communications preferences
We have extensive provisions to ensure data is kept securely. These provisions are revised on an ongoing basis as technology changes. We use encrypted email and cloud storage facilities to store information and correspondence.
What do we do with the data?
In general terms, we use data to provide both general and specific advice to clients on the planning and implementation of fundraising and supporter relations activities. This may include statistical analysis of data provided to or obtained by us.
If we are carrying out interviews with clients and potential clients and supporters, we seek a person’s permission to take and to keep notes of our conversation(s) and correspondence. We ask the person to tell us what we may disclose to the client and what we may not. We may securely retain our notes following the close of a particular contract with the client since we have found that these are useful to the client should they choose to work with us again. It is also important for us to know with whom we have met in order that we can properly respect the relationship between a particular individual and the client(s) with whom that person interacts.
In pursuit of our own business interests we use personal data to manage our contractual
relationship with clients and to send news of interest about our firm and its services and about broader areas of interest to clients. We may do this by post, telephone or email.
Those who provide us with email addresses via our website will be sent our e-news from time to time. Each newsletter contains an unsubscribe option and we can also remove you from the list if you send a request to our head office whose contact details are below.
To whom do we disclose information?
In our capacity as a Data Processor we never disclose any personal data to a third party unless the client to whom the data belongs requests or permits us to do so in writing. In our capacity as a Data Controller we do not pass control of personal data to any other organisation except with the consent of the individual data subject, unless required to do so by law.
We may use email or cloud-based data storage services based outside the European Economic Area. In such circumstances we will always ensure that adequate protection is in place such that data is secure. Data will always be transferred to, and stored by, such services in an encrypted form.
How long do we retain information?
In our capacity as a Data Processor we keep information for so long as the contract with our client requires. In our capacity as a Data Controller we keep information for as long as is necessary for us to carry out our work. In respect of interview notes we and the data subjects often find it very helpful if we have a record of discussions that took place between us even many years earlier. If a donor wishes us to remove this information we will of course comply with that request. This can be affected by contact with our Head Office by mail, phone or email. For administering our own business, we retain personal data while clients are working with us and for a reasonable time beyond until such a time as repeat business seems unlikely. A data subject may ask us to remove them from our database or from the receipt of communications at any time. This can be affected by contact with our Head Office by mail, phone or email.
You have a number of rights in respect of your data:
If we are processing data with your consent then you have the right to withdraw that consent without prejudice.
If we are processing data because it is in our Legitimate Interest to do so then you have the right to require us to stop such processing
You have the right to request a copy of any data we hold about you.
You have the right to complain about the way in which we process your data. The address to which any complaints should be addressed is below
ukYou also have the right to complain to the Information Commissioner about the way in which we have processed data. Contact details are at www.informationcommissioner.org.
How to contact us