The Asher’s List
We are The Asher’s List, a US charitable company limited by guarantee.
We take our duty to process your personal data very seriously. This policy explains how we collect, manage, use and protect your personal data. Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
If you would like more information or would like to change the way we communicate with you, please contact us here:
Personal information is collected directly from you when you interact with The Asher’s List, for example signing up to a campaign action, enquiring about an event, participating in an event, registering as a volunteer or ambassador, signing up to our newsletter, calling our helpline, purchasing a product, making a donation or otherwise communicate with us. Information may be collected in person, over the phone, online, on paper or by SMS.
The information we collect will typically include:
Certain types of personal information are in a special category under data protection laws, as they are considered to be more sensitive. Examples of this type of sensitive data would be information about health (including diagnosis of autism), race, religious beliefs, political views, trade union membership, sex life or sexuality or genetic/biometric information.
We only collect this type of information to the extent that there is a clear reason for us to do so, for example asking for health information if you are taking part in a sporting event, or where we ask for information for the purpose of providing appropriate facilities or support. We will also collect this type of information if you make it public or volunteer it to us.
Wherever it is practical for us to do so, we will make why we are collecting this type of information clear and what it will be used for.
We may also receive information about you from other sources, as explained below.
The Asher’s List complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We collect this information in order to process your requests and to also keep in touch with you about The Asher’s List’s work. Examples include:
Certain third party organisations collect data on our behalf as well as for their own use. We may receive your personal details from third party organisations for our marketing purposes where you have consented for this information to be shared.
We may also disclose or use personal information if required to do so by law and may use external data for the purposes of fraud prevention, for example to comply with money laundering regulations, or otherwise to protect the rights, property or safety of individuals.
Your information may be used to ensure that The Asher’s List complies with the Fundraising Regulator’s Code of Fundraising Practice, which stipulates that we must take steps to assess and manage risks to our work and reputation with regard to certain levels of donation.
Data protection laws mean that each use we make of personal information must have a “legal basis”. The relevant legal bases are set out in the General Data Protection Regulation (EU Regulation 2016/679) and in current USA data protection legislation.
We consider our legitimate interests to include all of the day-to-day activities The Asher’s List carries out with personal information. Some examples not mentioned under the other bases above where we are relying on legitimate interests are:
We only rely on legitimate interests where we consider that any potential impact on you (positive and negative), how intrusive it is from a privacy perspective and your rights under data protection laws do not override our (or others’) interests in us using your information in this way.
When we use sensitive personal information we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route available to us at law for using this type of information (for example if you have made the information manifestly public, we need to process it for employment, social security or social protection law purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).
The Asher’s List takes the care of your data seriously and undertakes to protect your personal information in a range of ways including secure servers, firewalls and SSLencryption.
We follow payment card industry (PCI) security compliance guidelines when processing credit card payments and any personal information transferred between locations will be both encrypted and password protected. Unfortunately, the transmission of information using the internet is not completely secure. Although we will do our best to protect your personal data sent to us this way, we cannot guarantee the security of data transmitted to our site.
We will retain your information for as long as you have an active relationship with The Asher’s List. If you cease to have an active relationship with us or request to receive no further contact, we will retain some basic information in order to avoid sending you unwanted materials in the future.
In some cases we are required to keep some personal information for tax or health and safety purposes as well as records of your interactions with us. We have specific criteria for these cases and for how long we must retain your information.
The Asher’s List is aware that countries outside the European Economic Area have differing approaches to data privacy laws, and that enforcement may not be as robust as it is within Europe’s borders.
Organisations we work with who process data in the USA have verified their data processing standards meet the EU-US Privacy Shield, which sets out clear safeguards and transparency responsibilities for US-based organisations processing data from EU citizens.
Unless subject to an exemption you have the following rights with respect to your personal data:
To request an information access report which details the information we hold about you, please send your request in writing to the The Asher’s List Data Protection Officer at the following address:
Data Protection Officer
We aim to issue an initial response to all enquiries within five working days, and will offer a full response to all information access requests within thirty working days of receipt. The Asher’s List will provide a copy of this information free of charge.
If we wish to use your personal data for a new purpose, not covered by this GDPR notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
This policy was last updated in May 2018.
The Asher’s List reserve the right to make alterations from time to time. Please check our website from time to time for the latest version.