In order for Anglo-Indian Concern (AIC) to fulfil its function as a charity, we process personal data
which relates to our supporters, donors, trustees as well as other contacts. AIC is committed to
maintaining the appropriate confidentiality, integrity and security of personal data that we process
by complying with both our legal and ethical obligations in respect of data protection and privacy.
We are committed to protecting personal data from being misused, getting into the wrong hands as
a result of poor security or being shared carelessly, or being inaccurate, as we are aware that people
can be upset or harmed if any of these things happen.
This policy sets out the principles AIC adheres to when processing personal data and outlines the
operational aspects of our various data processing activities.
The privacy and security of your personal information is extremely important to us. This privacy
policy explains how and why we use your personal data to make sure you stay informed and can be
confident about giving us your information.
This policy applies if you’re a supporter of AIC (donor, volunteer, supporter, trustee) visit our
website, email, call or write to us.
We’ll never sell your personal data and will only share it with organisations we work with when it’s
necessary and the privacy and security of your data is assured.
Who are ‘we’?
In this policy, whenever you see the words ‘we’, ‘us’, ‘our’, ‘AIC’, it refers to Anglo-Indian Concern.
Anglo-Indian Concern (Reg. Charity number 205846) is a charitable organisation set up to support
our partner “The Vine Charitable Trust” (VCT) in Chennai India.
VCT began in 1992 and its goal is to work alongside the most disadvantaged members of the Anglo
Indian community in Chennai in order to enhance their life chances through education or to enable
increased dignity for those who are older or disabled and unable to support themselves.
should be sent to the Chair either by post or by email (see contact details below)
How this policy applies to you and what you need to know
As a trustee or volunteer processing personal information on behalf of AIC, you are required to
comply with this policy and ensure that any procedures that involve personal data follow the rules
set out in this policy. If you think that you have accidentally breached the policy it is important that
you contact the Chair immediately so that we can take swift action to try and limit the impact of the
Anyone who breaches the Data Protection Policy may be subject to disciplinary action, and where
that individual has breached the policy intentionally, recklessly, or for personal benefit they may also
be liable to prosecution or to regulatory action.
Before you collect or handle any personal data as part of your work for AIC, it is important that you
take the time to read this policy carefully and understand what is required of you, as well as the
organisation’s responsibilities when we process data.
Our procedures will be in line with the requirements of this policy, but if you are unsure about
whether anything you plan to do, or are currently doing, might breach this policy you must first
speak to the Chair.
If you are an individual whose personal data we hold and use. We will handle your personal
information in line with this policy.
Training and guidance
We will provide general training at least annually for all trustees and volunteers to raise awareness
of their obligations and our responsibilities, as well as to outline the law.
We may also issue procedures, guidance or instructions from time to time. All trustees and
volunteers must set aside time to look together at the implications for their work of this policy.
What personal data do we collect?
We may collect information from you in the following ways:
(b) You make a donation to us, or respond to our mailings and appeals (this includes when you
sponsor a child, student or adult yourself or on someone else’s behalf);
(c) We send you updates on your sponsorship;
(d) You contact us in relation to volunteering for us, act as an ambassador or fundraise on our
(e) You attend an event (e.g. AIC annual service);
(f) You request and/or receive a copy of the newsletter or any other materials from us;
(g) You register to sponsor a child or adult; or
(h) You contact us with enquiries or other correspondence (including via social media) or become
involved with us in another way (e.g. by indicating you would like to hear more from us, or you
would like to make a donation to us).
(i) You are a trustee
We process personal data in both electronic and paper form and all this data is protected under data
protection law. The personal data we process can include information such as names and contact
details, education or employment details, and visual images of people. We’ll only collect the
personal data that we need.
If you interact with us in one of the ways listed above, we may collect and process personal
information about you such as:
(a) Your name, address, email address, telephone number,
(b) Records of your correspondence with us, if you have contacted us;
(c) Details of your visit to our website, including your IP address;
(d) Financial information such as a record of your payment for our accounts and information
required for claiming gift aid if relevant;
(e) Whether you have a relationship to another supporter (e.g. husband/wife).
Whilst most of the work in the UK is carried out by the Trustees from time to time people volunteer
to help us. In these instances we may need to use your personal data to manage your volunteering,
from the moment you enquire to the time you decide to stop volunteering with us. This could
include: contacting you about a role we think you might be interested in, expense claims you’ve
made and to recognise your contribution.
We may keep additional personal information on trustees to enable us to report to the Charity
Commission and other government departments in order to allow us to comply with relevant
How we use your personal data
We’ll only use your personal data on relevant lawful grounds as permitted by the EU General Data
Protection Regulation (from 25 May 2018)/UK Data Protection Act and Privacy of Electronic
Personal data provided to us will be used for the purpose or purposes outlined in any fair processing
notice in a transparent manner at the time of collection or registration where appropriate, in
accordance with any preferences you express. If required by any lawful authority investigating
suspected illegal activities, we may need to provide your personal data.
We will process your personal information in accordance with this policy and our obligations under
applicable data protection laws and regulations, for one or more of the following reasons:
(a) To administer your donation or support your fundraising, including processing Gift Aid;
(b) To provide you with the newsletter, Annual service details, update you on your sponsorship,
activities or information you have indicated you are happy to receive or which you have asked for;
(c) To comply with applicable laws and regulations, and requests from statutory agencies;
(d) For our own internal administrative purposes and to keep a record of your relationship with us;
(e) To keep you up to date with the activities of AIC and to provide you with information about us,
our fundraising campaigns, the opportunity to leave a gift in a will, our events, our services, and any
other information, products, activities or services that we provide or provide access to (e.g.
(f) To provide you with information about volunteering opportunities;
(g) To provide essential event information where you have signed up to attend;
(i) To manage your communication preferences with us generally;
(j) To ensure that content from our website is presented in the most effective manner for you and
for your computer/mobile device.
If you request to receive no further contact from us, we will keep some basic information in order to
avoid sending you unwanted materials in the future, and to ensure that we do not accidentally store
details for the same person multiple times. If we did not retain this information then this could result
in us contacting you again as we would no longer have a record of your request not to be contacted.
We will keep your personal data for no longer than is necessary for the purposes for which it is
processed, in accordance with our internal policies.
What must we tell individuals before we use their data?
If personal data is collected directly from the individual, we will inform them about; our contact
details and those of the chair, the reasons for processing, and the legal bases, explaining our
legitimate interests, and explaining, where relevant, the consequences of not providing data needed
for a contract or statutory requirement; who we will share the data with; if we plan to send the data
outside of the European Union; how long the data will be stored and the individuals’ rights.
This information is commonly referred to as a ‘Privacy Notice’.
This information will be given at the time when the personal data is collected.
When we need consent to process data
Where none of the other legal conditions apply to the processing, and we are required to get
consent from the individual, we will clearly set out what we are asking consent for, including why we
are collecting the data and how we plan to use it. Consent will be specific to each process we are
requesting consent for and we will only ask for consent when the individual has a real choice
whether or not to provide us with their data.
Consent can however be withdrawn at any time and if withdrawn, the processing will stop.
Individuals will be informed of their right to withdraw consent and it will be as easy to withdraw
consent as it is to give consent.
What is a cookie?
Cookies are text files containing small amounts of information which are downloaded to your device
when you visit a website. Cookies are then sent back to the originating website on each subsequent
visit, or to another website that recognises that cookie. Cookies are useful because they allow a
website to recognise a user’s device. You can find more information about cookies at:
|Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering|
|your preferences, and generally improve the user experience. They can also help to ensure that|
|adverts you see online are more relevant to you and your interests. The cookies used on this website|
|have been categorised based on the categories found in the ICC UK Cookie guide.|
Category 1: strictly necessary cookies
These cookies are essential in order to enable you to move around the website and use its features,
such as accessing secure areas of the website. Without these cookies services you have asked for,
cannot be provided.
Category 2: performance cookies
These cookies collect information about how visitors use a website, for instance which pages visitors
go to most often, and if they get error messages from web pages. These cookies don’t collect
information that identifies a visitor. All information these cookies collect is aggregated and therefore
anonymous. It is only used to improve how a website works.
By using our website, you agree that we can place these type of cookies on your device.
Links to other websites
Our website may, from time to time, contain links to and from other websites. If you follow a link to
any of these websites, please note that these websites have their own privacy policies and that we
don’t accept any responsibility or liability for these policies. Please check these policies before you
collected by AIC.
How can I change my contact preferences?
We’d love to stay in touch, but we don’t want to out-stay our welcome. You can choose how you
would like us to get in touch with you. You can do this by contacting us or by responding to emails
we will periodically send out asking you to confirm your preferences. If we currently contact you by
post we will send out requests by post asking you to express your preferences.
We’ll always act upon your choice of how you want to receive communications (for example, by
email, post or phone).
However, there are some communications that we need to send. These are essential to fulfil our
promises to you as donor or sponsor. Examples are:
Sponsor-related mailings such as updates on the person you are sponsoring.
Queries relating to gift aid or confirmation of whether the donation was gift aided.
Additional information may be required if a major donation is made in accordance with the Charity
Commission regulations. We will contact you directly and advise you of the additional information
Updating your data and preferences
We want you to remain in control of your personal data. If, at any time, you want to update or
amend your personal data or information preferences please contact us in one of the following
Email us at email@example.com
Call us: 01480 454736
Write to: Anglo-Indian Concern, 4a The Stiles, Godmanchester, Huntingdon, Cambs PE29 2JF
Please provide your full name, address and email address if applicable.
Verification, updating or amendment of personal data will take place within 30 days of receipt of
Your data protection rights (DPO)
Under the General Data Protection Regulation, became law in the UK in May 2018, you are also
granted a number of additional rights. These include:
(a) The right to rectification;
(b) The right to erasure;
(c) The right to restrict processing;
(d) The right to data portability;
(e) The right to object;
(f) Rights in relation to automated decision making and profiling.
For more information on these rights please read the relevant guidance issued by the ICO:
Subject access rights
If you would like further information on your rights or wish to exercise them, please write to the
Chair c/o 4A The Stiles, Godmanchester, Huntingdon, PE29 2JF or email
firstname.lastname@example.org putting SAR in the subject heading.
You will be asked to provide the following details:
The personal information you want to access;
Where it is likely to be held;
The date range of the information you wish to access
We will also need you to provide information that will help us confirm your identity. If we hold
personal information about you, we will give you a copy of the information in an understandable
format together with an explanation of why we hold and use it.
Once we have all the information necessary to respond to your request we’ll provide your
information to you within one month. This timeframe may be extended by up to two months if your
request is particularly complex.
What to do if you’re not happy
In the first instance, please talk to us directly so we can resolve any problem or query. You also have
the right to contact the Information Commissions Office (ICO) if you have any questions about Data
Protection. You can contact them using their help line 0303 123 113 or at www.ico.org.uk.
Keeping your information
We will only use and store your information for as long as it is required for the purposes it was
collected for. How long it will be stored for depends on the information in question, what it is being
used for and, sometimes, statutory legal requirements.
How we secure your data
Information system and data security is imperative to us to ensure that we are keeping our
supporters, volunteers, and donors safe.
We will use appropriate measures to keep personal data secure at all points of the processing.
Keeping data secure includes protecting it from unauthorised or unlawful processing, or from
accidental loss, destruction or damage.
We will implement security measures which provide a level of security which is appropriate to the
risks involved in the processing.
In assessing what measures are the most appropriate we will take into account the following, and
anything else that is relevant:
a) the quality of the security measure;
b) the costs of implementation;
c) the nature, scope, context and purpose of processing;
d) the risk (of varying likelihood and severity) to the rights and freedoms of individuals;
e) the risk which could result from a data breach.
Measures may include:
a) technical systems security;
b) measures to restrict or minimise access to data;
c) measures to ensure our systems and data remain available, or can be easily restored in the case of
d) physical security of information;
e) organisational measures, including policies, procedures, training and audits;
f) regular testing and evaluating of the effectiveness of security measures.
Keeping records of our data processing
To show how we comply with the law we will keep clear records of our processing activities and of
the decisions we make concerning personal data (setting out our reasons for those decisions).
Disclosing and sharing information
We do not sell or share your personal information for other organisations to use for commercial
purposes. However information may be given to us by third parties, for example fundraising sites
such as Just Giving. They will do so pursuant to their own policies on data protection and privacy. It
understand how they will process your data and may share it with others.
Personal data collected and processed by us may be shared with the following groups where
AIC trustees and volunteers;
Third party cloud hosting and IT infrastructure providers who host the website and provide IT
support in respect of the website and storage of data;
Also, under strictly controlled conditions:
We may also disclose your personal information to third parties if we are under a duty to disclose or
share your personal data in order to comply with any legal obligation, or in order to enforce or apply
of AIC, our supporters and donors. This includes exchanging information with other companies and
organisations for the purposes of fraud protection.
Storage of information
AIC operations are based in the UK and we hold our data within the European Union (EU). Some of
our systems are provided by US companies and whilst it is our policy that we prefer data hosting and
processing to remain on EU-based solutions, it may be that using their products results in data
transfer to the USA. However we only allow this when we certain it will be adequately protected.
(e.g. US Privacy Shield or Standard EU contractual clauses).
Dealing with data protection breaches
Where trustees or volunteers, think that this policy has not been followed, or data might have been
breached or lost, this will be reported immediately to the Chair.
We will keep records of personal data breaches, even if we do not report them to the ICO.
We will report all data breaches which are likely to result in a risk to any person, to the ICO. Reports
will be made to the ICO within 72 hours from when someone in AIC becomes aware of the breach. In
situations where a personal data breach causes a high risk to any person, we will (as well as
reporting the breach to the ICO), inform the individuals whose information is affected, without
undue delay. This can include situations where, for example an email containing sensitive
information is sent to the wrong recipient. Informing individuals can enable them to take steps to
protect themselves and/or to exercise their rights.
and why we use your personal data and new legal requirements. Please visit our website to keep up
to date with any changes. The current version will always be posted on our website.