Privacy Policy

Who are we?

The Wandle Trust (part of the South East Rivers Trust) is an environmental charity dedicated to the restoration and protection of rivers and other waterbodies in the south east of England.

Your Privacy

We are committed to keeping your personal data safe. This Privacy Policy explains what data we collect, how and why we use it and how we keep it safe. It outlines your rights under the new EU General Data Protection Regulation legislation (GDPR), and how we will ensure that you remain in control of your personal data.

Why do we collect personal data?

We need to collect some types of personal data to help deliver our vision of healthy ecosystems for all across the south east of England. In line with GDPR, we will only collect, store and use your personal data when we have identified a clear purpose and reason to do so, e.g. you have asked us to contact you about volunteering opportunities. This is known as our lawful basis for processing data.

The reasons we may collect personal data are outlined below:

1. To send you information about our work

We have a South East Rivers Trust Mailing List which we use to send subscribers information about the work we do and events they might be interested in attending.

We have a School Education Mailing List which we use to promote our schools education programme.

Both of the above are defined as Direct Marketing by the Information Commissioners Office (ICO). Our lawful bases for processing your data for this direct marketing are:

  • Legitimate Interest: As a local school, you might be interested in what we can offer you and your students. We will only ever contact you using the school’s business details which are in the public domain.
  • Opt-in Consent: The South East Rivers Trust Mailing List is opt-in only, meaning you will have given us your consent to contact you via email. Similarly, schools and other staff members are welcome to join our Project Kingfisher Mailing List if they opt-in and give this consent.

We respect your right to update the information we hold about you, or your right to be removed from the list and your details forgotten at any time. Should you want to remove yourself from either list, please contact us on info@southeastriverstrust.org, or click the ‘unsubscribe’ button at the footer of one of our campaign emails.

You may be a partner or landowner working with us on one of our projects. In this case, we would only send you relevant information on project progress, key updates and to gather information for reporting and monitoring purposes. The lawful basis for this contact would be legitimate interest or contractual.

2. To enable you to volunteer with us at events and on specific projects

If you are signed up to our South East Rivers Trust Mailing List, you will receive information about our upcoming events.  You will have given us permission to be included on this Mailing List and therefore our lawful basis for sending this information is consent.

You may be a trained volunteer on one our current citizen science projects.  For these projects, you will have applied to be part of these and received training with us. As part of this training, you will have given us your consent to store your details enabling us to contact you with project updates and feedback on the data you collect for us.

The Privacy Notice for each role is outlined below as well for your information.

  • River Guardians: If you are one of our River Guardians, you will have given us your permission to contact you about the project, store your contact details (email) and use your postal address to send you the equipment. All of this will have been covered in your training and we will have asked you to give us consent to hold this information. The information is stored securely within the Trust’s database and only shared with relevant staff working on the project. Some information might be shared with our funders but this will always be anonymised and you will not be identified from it.
  • Pollution Patrol: If you are one of our trained Pollution Patrol volunteers, you will have given us your permission to contact you about the Pollution Patrol project and relevant news about pollution incidents on the river, store your contact details (email, telephone and postal address) and to keep records of the time you have spent volunteering for us. All of this will have been covered in your training and we will have asked you to give us consent to hold this information. The information is stored securely within the Trust’s database and only shared with relevant staff working on the project. Some information might be shared with our funders but this will always be anonymised and you will not be identified from it.
  • Riverfly: If you are one of our trained Riverfly Monitors, you will have given us your permission to contact you about the Riverfly project, store your contact details (email and telephone) and to keep records of the time you have spent volunteering for us. Your contact details will have been shared with a Site Coordinator so you are able to join the monthly surveys, however this will have been done with your knowledge and express permission.  All of this will have been covered in your training and we will have asked you to give us consent to hold this information. The information is stored securely within the Trust’s database and only shared with relevant staff working on the project. Some information might be shared with our funders but this will always be anonymised and you will not be identified from it.
  • River Rangers: If you have undertaken River Ranger training with us, you will have given us your permission to contact you about the Invasive Non-Native Species project, store your contact details (email and telephone) and to keep records of the time you have spent volunteering for us. This will have been covered in your training and you will have given us consent to hold this information. The information is stored securely within the Trust’s database and only shared with relevant staff working on the project. Some information might be shared with our funders but this will always be anonymised and you will not be identified from it.
  • Hit Squad: If you are a trained member of our Hit Squad you will have given us your permission to contact you about the Invasive Non-Native Species project, store your contact details (email and telephone), keep records of the relevant training qualifications you hold and any known medical conditions which we need to know to protect your wellbeing. We may also hold your bank details to reimburse you for expenses you have incurred as part of the project. This will have been covered in your training and we will have asked you to give us consent to hold this information. The information is stored securely within the Trust’s database and only shared with relevant staff working on the project. Some information might be shared with our funders but this will always be anonymised and you will not be identified from it.

3. To respond to your enquiries

If you have got in touch with us to make an enquiry (via the telephone, email, letter, Social Media or our website contact form), we will use the information you have provided to us to respond. After we have dealt with your enquiry, we will delete your information from our system.

What personal data do we collect and how?

1. Basic Information

  • Your name, email, telephone number
  • Your postal address for specific projects
  • Your bank details if you are donating to us or claiming expenses

This information will have been collected directly from you.

2. Additional information about you

  • A record of the events you have attended and activities you have been involved in
  • How much time you have spent volunteering with us and on which activities
  • Photos of you at our events

This information will be gathered through our event sign in sheets. There will always be a clear Privacy Notice stating what we are collecting this from you and why.

3. Sometimes we collect more detailed information to help us feedback to our funders and partners about our work. This may include demographic data such as your age, gender, ethnicity and employment status. When we do so, we will be very clear as to why we are collecting this information, and we will only do so with your specific consent. If we are sharing this information with funders, we will be very clear about this when we are collecting the data and it will be anonymised.

4. Using our website

Leaving a comment

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive (or smart phone, tablet or other device) and are used to improve your online experience.

It is important to understand how cookies work, what they are for and when they are being used.

Once you agree, the cookie file is added to your computer and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

At SERT, we use cookies for a variety of reasons, such as to monitor how many people have visited our website. More information about cookies can be found at www.allaboutcookies.org

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. The cookies we use in no way give us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

5. Sensitive Personal Data

We do not normally collect or store sensitive personal data. This includes information about health, beliefs or political affiliations.

There are some circumstances where we will need to gather such information (e.g. a funder requires it). When we do so, we will be very clear as to why we are collecting such information, and we will only do so with your specific consent. We will always give you an option to opt out of providing such information and in these situations; we will always collect the data from you directly.

If you are a volunteer with us on certain projects, we may collect extra information about you, for example:

  • references
  • criminal records checks
  • details of emergency contacts
  • medical conditions

To abide by the Health & Safety Act (1974), we may also collect sensitive personal data in case of an accident on our premises or at one of our events. This information will be recorded in our Accident Report folder and will be retained for three years for legal reasons. The information will be anonymised into a report for the Trust to help improve the safety of our work and events. This is kept on file indefinitely but cannot be attributed to an individual.

6. Children and young people

We will not collect, store or process your personal details if you are under 13 years old, unless with have the permission of your parent or guardian to do so.

How do we store the data?

1. Security

If your personal data is electronic, it will be stored on a secure Trust computer. Personal data stored physically will be kept securely on our premises. For both, we control who has access to information.

Our staff have received in-house data protection training on our policies and we have a set of data protection procedures which staff are required to follow when handling personal data.

All of the personal data we process is processed by our staff in the UK, however for the purposes of IT hosting, or reporting to external funders, your information may be situated outside of the European Economic Area (EEA).

For example, we use the following cloud-based technology to store and process some data and, where we have your consent to do so, we use photos on our social media accounts to promote what we do.

We have checked that the software below is GDPR compliant and have provided links to their relevant Privacy Policies.

How long will we keep your data for?

We will only keep your data as long as necessary. For each data category, we have assessed how long we need to keep it to ensure we protect your individual rights but also abide by relevant laws and best practice. If you want to find out more about how long we keep data for, please get in touch.

Your rights

Under GDPR, you have rights as an individual.

The right to be informed: Our Privacy Policy outlines how we capture your data, how we store it and how we use it. If you have any questions about this, please get in touch.

The right of access: You are entitled to know what data we hold on you. If you would like to see a record of what we hold, you can send a Subject Access Request to us and we will respond within one month.  Send your request to the Administrator at info@southeastriverstrust.org

The right to rectification: We will update any information we hold on you that is inaccurate or incomplete.

The right to erase: You can ask us to remove or anonymise the information we hold on you.

The right to restrict processing: You can ask us to stop using your personal data at any time.

The right to data portability: You can ask to obtain your personal data from us for your own purposes.

The right to object: You can ask to be excluded from any marketing activity.

Rights in relation to automated decision making and profiling: We will not subject you to a decision that is based on automated processing.

Making a complaint

Overall responsibility for this policy and its implementation lies with the Boards of Trustees.  While we endeavour to protect your privacy, you are entitled to make a complaint if you feel we have failed to do so.

You can make a compliant directly to us. If you do so, it will be treated confidentially.

If you feel we have not handled your compliant properly, you can get in touch with the Information Commissioner’s Office directly.

For further assistance with complaints regarding your data, please contact the Information Commissioner’s Office, whose remit covers the UK.

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Telephone: 0303 123 1113         Email: casework@ico.org.uk

Leaving our website

If you leave our website, by clicking a link to an external site, we are not responsible for the privacy practices of any of these other websites.  If you have followed a link from this website to another website you may be supplying information to a third party.

Get in touch

Should you wish to find out more about the information we hold about you, or about our Privacy Policy, please contact us:

Administration Officer, South East Rivers Trust, c/o London Borough of Sutton, 24 Denmark Road, Carshalton, SM5 2JG.

Telephone: 0845 092 0110               Email: info@southeastriverstrust.org

Our office hours are Monday – Friday, 9am – 5pm.