This policy sets out how and why The Give Shop Limited (we, us, or our) collect, use, hold and
disclose your personal information (which we call information). This policy does not apply to
any information that is not ‘personal information’ as defined in the EU retained law version of the
General Data Protection Regulation (2016/679) and the UK Data Protection Act 2018 (“GDPR”) ,
despite us using the term ‘information’ in this policy.
Our commitment to you
We are committed to being transparent about our management of your information and take all reasonable steps to ensure our practices and procedures relating to our activities comply with any applicable requirements in the GDPR, including complying with this policy.
We do so by striving to adhere to the following principles:
- your information will be collected, stored, used and disclosed in accordance with all applicable privacy laws;
- your information will generally only be used where necessary for us to deliver our services or perform other necessary business functions and activities.
We will not use or disclose your information for purposes unrelated to our business’ services and activities unless we have a lawful basis to do so.
Why is your information important to us?
Your information is important to us as we may require it in order to conduct our business and
provide our services to customers who sign up to our app (Customers), Organisations and
charities that we facilitate donations to (Organisations ) and businesses/sponsors who promote their products with us and donate to Organisations (Sponsors). Some of the Key Services we provide include (but are not limited to) the following:
- making our app available to Customers to facilitate donations from Sponsors to Organisations when the Customer purchases products at the Sponsor – in this regard, we will collect information from Customers when they create accounts in our app, set their preferences in the app and provide us other information via the app;
- providing marketing services to Sponsors who sign up with us – in this regard, we will collect information from Sponsors when they sign up with us (whether via our website, by email or in-person and potentially via the app in the future), when Customers purchase products at the Sponsor and when the Sponsor interacts with the app or contacts us to assist in marketing activities;
- facilitating donations by Sponsors to Organisations when Customers purchase products from Sponsors – in this regard, we will collect information from Organisations and Sponsors to facilitate these payments and will pass on information relating to Customers to the Organisations so that they know who is donating money to them;
- continually enhancing and improving our offering to our Sponsors, Organisations and Customers and to contact them to let them know of any new product offerings or benefits we can provide to them – in this regard, we strive to continually improve our business and the services we offer and will collect information from Sponsors, Organisations and Customers via the app, in person, over the phone and via email to achieve that goal;
- complying with all applicable laws and regulations and our obligations to Sponsors, Organisations and Customers; and engaging with service providers or Sponsors as needed, from time to time, to allow us to conduct our activities, including those referred to above.
Our Key Services also include any functions or purposes that we may specify to you at the time of requesting the information, as well as any other functions or purposes for which you provide us the relevant information.
We may also need information to perform functions that are incidental to, or are otherwise
reasonably necessary for us to operate our business or provide our Key Services.
In order to achieve the above, we rely on you to provide us with the most accurate information to enable us to provide you with continually improving services and support.
Collecting your information
What information might we collect?
The types of information we may collect, hold, use or disclose will depend on your dealings with us. Examples of the types of information we collect are set out below.
- information you provide to us directly: we may collect and hold information you provide to us directly. For example, such information may include:
- Contact information: names (such as a Customer’s name who creates an account via our app), addresses (such as postal or email addresses), phone numbers and details of any social media or networking profiles;
- Payment information: bank account details, credit or debit card details (such as for Customers who provide their credit card details via the app so that we can match purchases made by them with a Sponsor and facilitate a donation from the Sponsor to the Organisation) and associated transaction details.
- Demographic information: gender, dates of birth, ages, nationality, titles or languages.
- Sensitive information you provide: We will generally not collect special category data (as defined in the GDPR) from you, unless you provide that information to us directly.
- information from third parties: We may collect information about you from third parties, such as where a Customer purchases a product at a Sponsor’s business and our payment providers notify us that the Customer purchased a product at the Sponsor’s business (as this is how we match Customer purchases to the relevant Sponsor and the desired Organisation). Our lawful basis for processing this data is to perform a contract with you.
- information we create using your information: We may develop information using your information. For example, where you make a complaint, we may develop a record relating to the complaint which may contain your information. Our lawful basis for processing this data is consent.
- information we collect automatically: We may collect information about you automatically when you visit our websites, such as your IP address and device type. Our lawful basis is this is necessary for us to perform our contract with you (i.e. to give you access to the app and our services).
How do we collect your information?
information we request
Ordinarily, we may collect information from you through in-person discussions (e.g. when we speak to a Sponsor about marketing matters), email, telephone, web queries (e.g. when you interact with our website), via the app, online application forms, contracts, event registration platforms, and social media networking platforms (such as Instagram and Facebook). You have the option not to provide any information that we request. Depending upon what information you do not want to provide, we may not be able to deal with you further on a particular matter. If you make a complaint but refuse to provide your contact information, then we may not be able to process or escalate your complaint. Where you provide us with information on request, we do so on the understanding that you consent to our collection because you have this option to refuse to provide that information. Our lawful basis for processing this data is consent.
You may have the option not to identify yourself or identify yourself by a pseudonym. However, this is not generally practical for us as we need to know who you are in order to contact and liaise with you and to ensure that you are authorised to provide credit card information to us.
For example, if you wish to use our app, we will need to know who you are so that we can allow you to access the app to its fullest extent, but we have designed the app so that you can include a nickname (which may be a pseudonym) where your name appears on donation leader boards or the like. However, we still need your legal name when you create an account with us, otherwise we may not know who to contact in the event of a dispute. Where we collect information about you from someone other than you, this is generally because
it would be unreasonable or impracticable for us to do so.
information we do not request
Sometimes you may voluntarily provide us with information that we have not requested. If this
happens, we may use and disclose the information in order to determine whether we could have
collected the information had we requested it. If we consider that we could not have collected
the information, then we may either destroy or de-identify that information as soon as
reasonably practical where required by law.
Holding your information
Your information may be stored in hard copy, electronically or both. We do not adopt or use any identifiers that a government agency may have assigned to you.
Electronic information may be stored on our computer systems and networks and on our
customer relationship management platform, our accounting platform and our email platform.
Our digital systems are protected by mechanisms which may include firewalls, audit logs,
scheduled password changes, internal access limitation processes and internal monitoring,
depending on the relevant system.
Where we store your information, we have put in place suitable measures to ensure it is
protected from misuse, interference, loss or unauthorised access, modification or disclosure.
However, we cannot guarantee that this will never occur. If a serious data breach occurs, and
we believe your information has been compromised, we will assess the breach as soon as we
become aware of it and take all reasonable and necessary steps as prescribed under GDPR.
We also take reasonable steps to destroy or permanently de-identify information that we no
longer need for any purpose required by law.
Retention of information
The amount of time we may keep your information will depend on the circumstances and
whether we have an ongoing business need to retain it. We will retain your information for as
long as we have a relationship with you and for a period of time afterwards where we have an
ongoing business need to retain it, in accordance with our internal retention policies and
practices. Following that period, we will make sure such information is deleted or anonymised
where required by law.
Using your information
We may use your information to perform our Key Services (outlined above) or any activities that are related (or in the case of sensitive
information, directly related) to the performance of our Key Services. We may do these things without your prior consent where the law allows us to do so, including where it is
impracticable for us to obtain your consent.
We may provide your information to regulatory authorities where required from time to time. We may also provide your information to third
parties such as our professional advisors where they are providing services to us and such
information is necessary for them to provide those services.
Do we use your information for direct marketing?
We may use your information to directly market our services, membership matters, events,
publications, changes, notices or offers to you. This marketing material may be sent by email,
electronic direct marketing via our app, SMS, phone or post. We may also use information
collected about you from other individuals for these purposes where it is impracticable to obtain your consent in advance.
You may ‘opt-out’ or raise any concerns you may have regarding these messages by contacting us through our Website.
Disclosing your information
When may we disclose your information?
We may disclose your information to perform our Key Services or any activities that are related
(or in the case of sensitive information, directly related) to the performance of those Key
Services. This may include disclosing information to third-party service providers that we
engage such as those that provide our cloud-based computing systems. We may also disclose information to external contractors (e.g. IT Contractors), but only where those contractors are accessing our records
generally to help us with any issues we are having.
If you are a Customer, we will disclose limited information about you to Organisations that have received donations from your purchases
with Sponsors, such as the amount of the donation, your nickname in the app and your profile photo.
We will not otherwise disclose information unless we believe we have reasonable grounds to do
so or that we reasonably believe you have provided your authorisation. You should be aware
however, that we may be required to disclose information without your consent in order to
comply with any court orders, subpoenas or other legal process or investigation including by tax authorities, if such disclosure is required by law. Where possible and appropriate, we will
attempt to notify you if we are required by law to disclose your information.
Are we likely to disclose information to overseas recipients?
We store your personal data within the UK, European Economic Area (EEA) and Australia. Where
we transfer your collected data to storage outside the European Economic Area (EEA) or the UK,
or it may be processed outside the EEA or the UK so you can receive our services, we will take
all reasonable steps to ensure that your data is treated as safely and securely as it would be
within the EEA or the UK. This means that sometimes we may need to use legally binding
contractual terms between us and any third parties we engage with and the use of the EU–
approved Model Contractual Arrangements. We will still be responsible for protection of your
personal data, even where we have transferred it outside the EEA or the UK.
How can you access and correct your information?
It is your responsibility to ensure that the information you provide to us is accurate, complete
and up-to-date. We may periodically, review your information to ensure that it is accurate, up-to–
date, complete and relevant. Where we have reason to believe that your information may not be
accurate, up-to-date, complete or relevant then we may either attempt to contact you to correct
the information or deidentify or destroy the information as required by law.
You may request access to the information we hold about you, or request that we update or
correct any information we hold about you or ask us to restrict or cease processing your
information or even delete your information, by setting out your request in writing and sending it
by contacting us through our Website.
Where you make a request to access your information, we will do our best to respond within a
reasonable period. While we may allow access and provide the means by which you can access
your information, we may refuse the request where we are entitled to do so under the GDPR or
at law. In this event, we will tell you the grounds for this refusal as well as suggested steps
which may allow you to access your information in the circumstances of our refusal. You may
complain about this refusal by making a complaint as set out below.
Your privacy concerns and making a complaint.
If you have any concerns or are unhappy about how your information is handled, please contact
Post: 55 Baker Street, London, United Kingdom, W1U 7EU
Upon receipt of your concerns we will designate an individual within our organisation who will
liaise with you regarding the complaint and how it can be resolved. We endeavour to provide a
response to your complaint within 30 days of receipt.
Contacting the Information Commissioner’s Office.
We are registered with the Information Commissioner’s Office (ICO), the UK supervisory
authority for data protection issues (). If you have any concerns about data protection,
we would appreciate if you contacted us first so we can discuss these with you before you
approach the ICO.
Address: GPO Box 5218, Sydney NSW 2001
Changes to this policy
This policy will be routinely reviewed to ensure it is accurate, up-to-date and complies with any
and all updates under UK privacy law. The current policy is published on our website or can be
obtained by contacting us using the information above.
This policy was last reviewed and updated July 2022.