Tiggywinkles is committed to protecting and respecting your privacy.
This Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.
Any questions regarding this Policy and our privacy practices should be sent by email to GDPR@tiggywinkles.org or by writing to Tiggywinkles Wildlife Hospital, Aston Rd, Haddenham, Bucks, HP17 8AF. Alternatively, you can telephone on 01844 292511.
Who are we?
Tiggywinkles, registered charity number 286447 (the “Charity”) is the World’s busiest wildlife hospital and has been providing life-saving care to thousands of sick, injured and orphaned British wild animals each year since 1978. Wildlife Hospital Trading Ltd is a trading subsidiary of the Charity which trades only to raise funds for the Charity’s objectives. Within the context of this policy “we" means both the Charity and the Trading Company. For the purpose of General Data Protection Regulation (GDPR), each of these organisations are data controllers. The registered address for the Charity and the Trading Company is Tiggywinkles Wildlife Hospital, Aston Rd, Haddenham, Bucks HP17 8AF.
How do we collect information from you?
We obtain information about you when you use our website, for example, when you contact us about our products and services, make a donation, take out an adoption or make a purchase of goods through our online shop. In order to perform any of these options you will be required to disclose personal data through one of our online forms.
What type of information is collected from you?
The personal information we collect might include your name, salutation, address, email address, postal address, telephone number, IP address. If you are kind enough to support our work online financially, your information will be taken by one of our third-party payment processors, all of whom specialise in the secure online capture and processing of financial transactions. The companies we use to process these transactions are as follows:
• Barclaycard for one-off Credit card/Debit card transactions
• PayPal for one-off payments online payments
• Smart Debit for recurring payments
We will only use third-party companies that have signed an agreement to comply to the GDPR standards.
How is your information used?
We may use your information to:
• process a donation, membership or adoption that you have made;
• process online shop orders that you have submitted;
• process another one of our services.
• to carry out our obligations arising from any contracts entered into by you and us;
• seek your views or comments on the services we provide;
• notify you of changes to our services;
• send you communications which you have requested and that may be of interest to you. These may include information about campaigns, appeals, other fundraising activities;
• send you a newsletter to keep you up to date with our life-saving work.
• process a work/volunteering/student placement application.
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example the collection of Gift Aid). We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
Who has access to your information?
We will never sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes however we may pass on your personal information to our third-party service providers for the purposes of completing tasks and providing services to you on our behalf (for example, we use an FCA regulated company for processing Direct Debits).
When we use third party service providers, we disclose only the personal information pertinent to the task and we have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond the Tiggywinkles network unless we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
When you use our secure online payment pages, the transaction will be processed by one of our third-party payment processors, who specialise in the secure online capture and processing of payments. If you have any questions regarding secure transactions, please contact us on 01844 292511 or GDPR@tiggywinkles.org
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about the vital work we do then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information.
We will not contact you for marketing purposes by email, phone, text message or by post unless you have given your prior consent. We will not contact you for marketing purposes if you have indicated that you do not wish to be contacted. You can change your marketing preferences at any time by contacting us by email at email@example.com or telephone us on 01844 292511.
You have the right to ask for a copy of the information we hold about you. This is called a Subject Access Request. If you wish to make a Subject Access Request please write to the Data Protection Warden at Tiggywinkles Wildlife Hospital, Aston Rd, Haddenham, Bucks HP17 8AF. Please note that we will require information on what you want to see as well as proof of your identity so Subject Access Requests must be made by post with the relevant supporting information. If you have any questions, please send these to GDPR@tiggywinkles.org.
For further information see Information Commissioner’s guidance https://ico.org.uk/for-organisations/guide-to-data-protection/principle-6-rights/subject-access-request/
You may ask us to rectify information you think is inaccurate, and you may also ask us to remove information which is inaccurate. Where you inform us of this, we will correct our records accordingly. If you would like us to stop using your personal data for this purpose, or if you would like to exercise any of your rights please Contact Us. We will act in accordance with your instructions as soon as reasonably possible.
You have the right to refer a complaint with the Information Commissioner’s Office ("ICO") who can be contacted https://ico.org.uk/concerns
Do we share your personal data?
The Charity may share your information with our data processors as well as trusted partners that work with us in connection with our charitable purposes. We require these third parties to comply strictly with our instructions and the data protection laws and we will make sure that appropriate controls are in place.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third-party site.
We are committed to protecting the privacy of the young people that volunteer with us, fundraise for us, attend events, visit our centre or engage on our website. Where necessary we will obtain the consent of a parent or guardian in order to collect and use personal data of children.
If you are a child and would like to get involved, please ensure that we have the consent from a parent or guardian before providing your personal information to us.
We will retain your personal data in line with our retention policy, unless a valid business reason exists which means we need to retain personal data for longer.
Website Users plus inappropriate website content
If you post or send any content that we believe to be inappropriate, offensive or in breach of any laws, make defamatory statements on our forums or social media pages, we may use your personal information to inform relevant third parties such as your internet provider or law enforcement agencies.
Our website uses Google Analytics. This is a website statistic tool that provides useful information on how users navigate our website. We can use this information to make changes to our website in order to improve the overall experience for our supporters visiting our website.
Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information is encrypted and protected with the following software 128 Bit encryption on SSL. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer and Google Chrome.
While we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Transferring your information outside of Europe
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU”). These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in May 2018.