Privacy Policy

This data privacy policy explains how we use any personal information we collect about you.

The Software Charity is committed to data protection and security. This privacy policy details the information that The Software Charity collects about our customers and other users. We always aim to be as transparent and clear as possible but if you have any questions you should get in touch with us

Who We Are

We are The Software Charity, a registered UK charity (registration number 1199034). We use “TSC” to refer to ourselves in this policy for brevity.

Our registered office is Bridge House, Station Approach, Great Missenden, Buckinghamshire HP16 9AZ.

We are registered with the Information Commissioner’s Office (ICO) in the UK, and have appointed a Data Protection Officer whose details are known to the ICO. You can contact our DPO regarding any data protection or privacy matters, including where you want to know what data we hold about you, using our contact form (mark your enquiry for the attention of the DPO), or by email at dpo@thesoftwarecharity.org.

What We Do

We make and operate software for other charities to use. We therefore process information about the charities and individuals who use our software. We also conduct the sorts of activities you’d expect any charity to do, including managing information about our donors and other people that we have contact with.

Definitions

“Personal data” relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data processor’s possession or likely to come into such possession.

"Data Protection Law" means all data protection laws and regulations applicable to the UK including (i) the UK Data Protection Act 2018; (ii) UK General Data Protection Regulation ("UK GDPR"); (iii) the Privacy & Electronic Communications Regulations 2003 ("the PECR") relating to electronic communications; (iv) In the event that the EU GDPR (as defined in the Data Protection Act 2018) applies to activities, we will comply with the EU GDPR; and applicable national implementations of (iii) and (iv).

“TSC” means us, The Software Charity.

“You” or “your” means the individual or organisation who is using one of our services.

“Data controller” means the organisation that ultimately controls and makes decisions about personal data. TSC is the controller of some, but not all of the information that we collect and process, since much of it is processed on behalf of our customers who use our services. The Data controller is ultimately responsible for the data. If you have questions regarding a particular type of data that TSC is not the controller for, we may need to direct you to the data controller. This will generally be one of our customers.

“Data processor” means the organisation that captures, stores and processes information. This may be the same organisation as the controller, but it can also be a different organisation. For example, TSC processes data on behalf of other organisations, and is therefore the processor but not the controller.

“Customer” means an organisation (normally a charity) who is using a TSC service to help run their organisation, for example a charity that is running an event and using SignMeUp to help manage this process.

“User” means a member of the public who is interacting with a TSC service, for example registering for an event in SignMeUp.

What Information We Collect

The below table lists the data that we collect and process, the lawful basis for doing so, who the controller is, the purposes for doing so and how long it is retained for. This includes data that we collect as part of our core charity activities, as well as during operation of the services we provide such as SignMeUp.

Note that where the data controller is not TSC, then the other organisation has responsibility ultimately for providing a lawful basis for processing the data and other decisions related to the data such as how it will be used.

You can find the full list of personal data that we process at the below location:

https://docs.google.com/spreadsheets/d/e/2PACX-1vQPYLxJRQiA5hqD-vdSWsn8jaKxo622gDmNdoBTPhZBOJL-nF7SFOX-P2ZycgqQJEFWoqcXMbFP8AiQ/pubhtml?gid=248619510&single=true

Who We Share Data With

We only share your information with our customers who use our services, when you use our services and consent for us to do so. We make it clear which organisations we will share your data with, and ask for and record your consent. For example, when you register to volunteer or attend an event in SignMeUp, we need to share your information with the organisation running the event and will make this clear when you register.

When we share your data in this way, it is covered under the privacy policy of the organisation that we are sharing it with. We will present you a link to the organisation’s privacy policy before you agree to share your data so that you can review it. It is the other organisation’s responsibility to keep their privacy policy up to date and make sure that it is accurate and adhered to.

In some cases we also share your data, again with your prior consent, with services who perform important tasks as part of our services (for example, processing criminal background checks when applying to volunteer at events in our SignMeUp system).

Your Rights

In relation to your own data, you have the right to request any of the following:

  • The right to request a copy of your personal data which TSC holds about you

  • The right to request that TSC corrects any personal data if it is found to be inaccurate or out of date;

  • The right to request your personal data is erased where it is no longer necessary for TSC to retain such data;

  • The right to withdraw your consent to the processing at any time

  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable)

  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

  • The right to object to the processing of personal data, (where applicable)

  • The right to lodge a complaint with the Information Commissioner's Office.

Where TSC is not the controller for the types of data you are exercising your rights for, you should initially contact the organisation that is the data controller (see the above table to understand who this will be). If you’re not sure, or if the controller is TSC, contact our DPO directly using the information that we list in the “Who We Are” section above.

You are not required to pay any charge for exercising your rights.

Changes to our Privacy Policy

We keep our Privacy Policy under regular review and we will place any updates on this web page. Our Privacy Policy was last updated on 16th January 2024.

Contact the Regulator

You can contact the Information Commissioner's Office, including to register a complaint, in the UK on 0303 123 1113.

Their normal opening hours are Monday to Friday between 9am and 5pm (excluding bank holidays).

Live chat service https://ico.org.uk/global/contact-us/live-chat/

Available 9am-5pm Monday to Friday (excluding bank holidays).

Or write to the ICO at: The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5A