Data controller: StC Payroll Giving, Unit 97C+D, Harvey Drive, John Wilson Estate, Whitstable, Kent, CT5 3QZ
Data Protection Officer: Suzanne Turner, 220 vale Road, Tonbridge, TN9 1SP t: 01227 376998 e: firstname.lastname@example.org
StC Payroll Giving collects and processes the personal data of donors. STC Payroll Giving is committed to being transparent about how it collects and uses that personal data, and to meeting its data protection obligations.
Information that StC Payroll Giving collects:
StC Payroll Giving collects and processes a range of information about you. It collects: • Your name and address • Other contact details, including your email address and telephone number • Date of birth • Your charity(s) of choice and the amounts of your chosen donation(s) • The identity of your employer, your National insurance number, payroll details and chosen HMRC registered Payroll Giving Agent (PGA)
StC Payroll Giving collects this personal data in a variety of ways. Personal data may be collected from you via: • Giving forms completed by you or on your behalf • Online forms completed by you • Your employer’s flexible benefits or other portals (if it has them)
Your personal data will be stored securely within StC Payroll Giving’s donor systems and in other IT systems, predominantly using Citrix Sharefile for any data transfers.
Why does StC Payroll Giving process personal data?
StC Payroll Giving processes your personal data in line with our “legitimate interests” in ensuring that all of our donors’ charitable giving wishes and instructions are respected and fulfilled. In order for your donation to be processed, StC Payroll Giving must always share your name, address, employee and/or national insurance number, choice of charity(s) and donation amount with your employer’s Payroll Department and with the chosen HMRC registered Payroll Giving Agent (PGA). Your employer has a contract with the PGA, who are in turn responsible for passing the money that you donate to your chosen charity(s). [If your employer has an existing relationship with a different named organisation (e.g. a payroll provider or flexible benefits provider), we may need to share your details with that organisation in order to process your donation in accordance with your wishes. We must also always pass your name, address, employer details, charity choice and donation amount to your chosen charity(s) so that they can match your actual financial donation with the personal data about you which we supply to them. Unless you have given us your consent, we will inform your chosen charity(s) that you have not consented to your personal data being used for secondary marketing or other donation solicitation purposes. If you have given us your consent to share your personal data with your chosen charity(s) for secondary marketing or other donation solicitation purposes, we will do so but only to the extent that you have given consent for this to happen.
Who has access to data?
Your personal data may be shared internally by employees and officers of StC Payroll Giving if access to that information is necessary for the proper performance of their roles. Your personal data will always be shared with your employer (and, where appropriate, your employer’s payroll provider and/or flexible benefits provider), and the relevant PGA; but only to the extent necessary to facilitate the making of your charitable donations in accordance with your wishes; or, where appropriate, to facilitate reimbursement credits from StC Payroll Giving to your chosen charity(s). We always share your personal data with chosen charity(s) for the purposes of ensuring the matching of your details with the income that your chosen charity(s) receives through the relevant PGA; but only to the extent required to achieve that purpose. We may share address, telephone and email contact information with your chosen charity(s) who may use it for secondary marketing or donation solicitation purposes; but only to the limited extent that you have consented to the sharing of your personal data for that purpose.
How does StC Payroll Giving protect data?
StC Payroll Giving takes the security of your data seriously. StC Payroll Giving has internal policies and controls in place to minimise the risk of your personal data being lost, accidentally destroyed, misused or disclosed, and is not accessed or shared except a) by its officers or employees in the performance of their duties; or b) as otherwise explained in this privacy notice. Where StC Payroll Giving engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does StC Payroll Giving keep data?
StC Payroll Giving holds your personal data for 3 years in order to address administrative queries from your employer or chosen charity(s).
As a data subject, you have a number of rights. You can: • Access and obtain a copy of your data on request • Require StC Payroll Giving to change incorrect or incomplete data • Require StC Payroll Giving to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing • Object to the processing of your data where StC Payroll Giving is relying on its legitimate interests as the legal ground for processing. If you would like to exercise any of these rights, please contact our Data Protection Officer (contact details as above). If you believe that StC Payroll Giving has not complied with your data protection rights, you have the right to complain to the Information Commissioner’s Office.
StC Payroll Giving does not use your personal data for automated decision-making.
Issue Date: 19th February 2018