This fundraising privacy statement applies to COPE Galway and summarises how we obtain, use, and manage our supporter’s personal data. We want our supporters to have confidence in how we collect and process any personal information shared with us.
1. Who are we?
COPE Galway is a registered charity (CRA number 20011314) and Company Limited by Guarantee (Company no. 248134), with a registered office at Calbro House, Tuam Road, Galway, H91 XR97. COPE Galway is the Data Controller and we are committed to protecting and respecting your privacy in compliance with the Data Protection Acts 1988 and 2003 (as amended), and GDPR.
COPE Galway has achieved the Charities Institute ‘Triple Locked Standard’, a standard awarded to charities that actively display openness, transparency and integrity to beneficiaries and donors and operate to the triple lock standards of transparent reporting, ethical fundraising and good governance.
COPE Galway offers support services for individuals and families who are affected homelessness, women and children experiencing domestic abuse and older people in the community. We work in partnership with individuals, groups, businesses and agencies in the community to provides services, support and advocate on behalf of people in Galway who are vulnerable and isolated.
Contacting COPE Galway
Our Postal Address: COPE Galway, Calbro House, Tuam Road, Galway, H91 XR97
General Contact: firstname.lastname@example.org
Data Protection Queries: email@example.com
Phone: 091 778 750 (9am – 5pm, Monday to Friday)
2. General Statement
COPE Galway recognises that without the good will, support and trust of the public we would not be in a position to raise the funds needed to deliver on our mission. To that end, our approach to responsible fundraising focuses on five overarching principles which we further commit to in our Donor Charter:
- We value our donors and treat them with respect, honesty and openness
- We fundraise with integrity
- We are accountable and transparent in our fundraising activities
- We effectively utilise funds that are raised for their intended purpose
- We welcome feedback from, and work in partnership with, our donors
COPE Galway is working to constantly improve its governance of personal data to ensure we comply with current legislation and guidance.
- We are committed to protecting your privacy
- We collect information only for the purpose intended
- We do not share your personal information with other parties for marketing purposes
- We do not store bank/credit card details and security codes
We promise to respect information about you, and keep it safe.
3. The data we collect about you
COPE Galway uses the personal data of our Donors and Supporters for a variety of reasons that are directly related to our fundraising to support delivery of our services. You can optout of any use of your data at any time by contacting our Fundraising Team at firstname.lastname@example.org
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes
- first name,
- last name,
- title (optional),
- age range (not date of birth),
- PPS numbers (for tax back giving).
- Contact Data* includes
- postal address**,
- business address,
- email address and
- telephone numbers.
- Financial and Payment Data includes bank or credit card details.
- Profile Data includes your
- place of employment,
- spouse/important relationships,
- feedback and
- survey responses.
- Marketing and Communications Data includes
- your preferences in receiving marketing from us and
- your communication preferences.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, information about your health).
*We require two data identifiers in order accurately allocate donations to donor profiles.
**When different, we record only the preferred postal but not billing address.
4. How is your personal data collected?
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity and Contact information by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- Fill out a form on our website -register or submit an expression of interest in an event
- Make a donation;
- Donate goods to our charity shop;
- Attend a meeting at a school or business;
- Attend an event;
- Participate in a fundraiser or appeal;
- Complete a survey; or
- Give us some feedback.
As part of our research, we may also obtain information from publicly available sources.
5. How we use your personal data
For fundraising at COPE Galway, we collect, consider and use your and other individuals’ personal information for the following reasons:
- To respond to your contact enquiries or requests for information
- To process your donations and contact you regarding any questions related to your donation if necessary
- To deliver receipts and acknowledgments for donations and fundraising activities
- To comply with our legal obligations (e.g. passing relevant information to Revenue to comply with financial reporting regulations and tax reclaims).
- To register you for COPE Galway events and activities you have expressed an interest in
- To record your contact preferences
- To contact you, in line with your preferences, to ask for support and to give you updates on our work
- To administer your donation or support, including processing Tax Back Giving
- To carry out legacy administration and to communicate effectively with the families of people who have left us a donation in their Will
- To keep a record of your relationship with us
- To improve our fundraising and communications methods
- To reduce fraud and detect credit risk
We analyse information about our supporters for the following reasons:
- To ensure our communications are relevant and appropriate to the people we send them to and more closely match donors’ interests
- To help us ask for support in a way that you will feel comfortable with and consider appropriate
- To avoid wasting charitable funds on making inappropriate and unwelcome requests for support
- To identify donors who may be able and willing to give more support (for this we use, for example, publicly available demographic information, listed directorships, etc.)
We conduct fundraising appeals by direct postal mail, by email, and by advertising. If you have provided us with your postal address, we will contact you by post in relation to fundraising unless you opt-out.
When you provide your telephone number or email address, we will ask you if we can send you fundraising materials by email or phone you. This may be by way of a tick box, conversation over the phone or it could be by giving you an optional field you can fill in if you want to. You can opt-out of phone or email contact at any time by following the instructions in the communication, or by contacting us directly.
We also undertake appeals through our Website, Facebook and other social media Platforms.
Dealing with People in Vulnerable Circumstances
We are committed to protecting vulnerable supporters as well as protecting the interests of people in vulnerable circumstances when fundraising for us.
We run several fundraising, awareness and donor appreciation events throughout the year. If you have given us your email address, postal address, or telephone number we may use them to let you know about current and future events and remind you about them if:
- For postal addresses, you are not opted-out of receiving postal communication.
- For telephone and email addresses, if you are opted in to receiving updates and event information.
You can ask to be removed from our communications at any time by using the links provided or by contacting the Data Protection Officer.
COPE Galway sends out occasional newsletters to keep supporters and donors updated about how they are supporting our clients and services at COPE Galway.
These Newsletters are sent by post or by email.
- If you have given us your postal address, we might send you a newsletter by post unless you tell us you don’t want to receive them (opted-out).
- If you have given us your email address for the purposes of sending you an email, we will send them to you until you tell us you have changed your mind (opted-out)
From time-to-time newsletters may contain details about how you can donate or otherwise support COPE Galway.
You can ask to be removed from our contact list for Newsletters at any time by using the links provided or by contacting the Data Protection Officer.
Tax Back Giving
If a donor has given €250 or more in one calendar year they are eligible for Tax Back Giving.
COPE Galway contacts donors by post with the CHY3 revenue form enclosed. The donor is requested to sign the form with their PPSN and signature. Forms are valid for 3 consecutive years, starting from the year stated on the form. If a donor does not respond via post, COPE Galway may try to contact the donor again via post or phone.
Conducting Surveys of Donors and Supporters
We like to know how well we are doing in meeting your expectations. From time to time we engage in surveys of donors and supporters. These surveys are also a great opportunity for us to make sure we have correct and up to date information on donors and supporters.
If you don’t want to receive surveys from us you can opt-out at any time by contacting the Data Protection Officer.
Leaving a Legacy
From time-to-time we will communicate with existing donors and supporters about remembering COPE Galway in their Will. Just like with our other fundraising appeals we may use your email address, postal address, or telephone number where appropriate to contact you for that purpose.
You can opt-out of receiving information about leaving a legacy at any time by contacting the Data Protection Officer.
Where we receive a legacy, we will communicate with the parties concerned in accordance with the wishes communicated to us by the acting solicitor.
We are grateful for our network of supporters who work in the community to fundraise on our behalf. If you contact us to get involved in community fundraising, we will use your postal address, email address, and phone number to contact you about community fundraising activities and to send you fundraising materials, advice, and any guidance on our standards and codes of conduct for fundraisers.
You can ask to be removed from our contact list for Community Fundraisers at any time by contacting the Data Protection Officer.
Statistical Analysis of Donors
To help us ensure that our fundraising campaigns are efficient, effective, and not annoying to people, we may conduct statistical analysis of donors using a variety of demographic profile data obtained from third parties such as the CSO and Facebook or from our own CRM. This helps us identify how best to use our resources as efficiently as possible and also how to minimise the annoyance to our donors and supporters that can be caused if our requests for support become too frequent.
This analysis is carried out on anonymised data sets and donors and supporters are then matched to specific categories called “segments”. These segments are used to help support fundraising campaign planning and execution.
You can ask to be excluded from this type of analysis by contacting the Data Protection Officer but you may receive a greater number of fundraising requests than otherwise or you may receive communications from us that might not be relevant to you or your lifestyle and donation history.
Profiling and Wealth Screening
COPE Galway wants to ensure that communications to supporters and potential supporters are personal, relevant and timely. When we run our appeals we carry out a Legitimate Interest Assessments and Wealth Screening Processes. Wealth screening entails that we may seek additional information including geo-demographic and/or other personal information which may include identification of an individuals’ capacity to give using publicly available information sources. We may also carry out our own research into our supporters, again using publicly available information or information that you provide us with. This allows us to tailor our fundraising and marketing activities to make them as appropriate as possible for our supporters and reflect their interests as closely as possible.
You can read more about Legitimate Interest under the section titled “Legal basis for processing your personal data”.
If you do not wish to be subject to such profiling or wealth screening, please contact our Data Protection Officer to change your permissions.
Our marketing literature has clear opportunities for you to tell us your preferences about being contacted in the future, or not being contacted at all. However, if you prefer you can contact our Data Protection Officer to change your permissions.
6. Who we share your information with
We will only share information where it is necessary for the purpose of concluding a contractual arrangement with you (such as processing sponsorship), or where it is in our legitimate organisational interests (for example, if we run an event in partnership with another named organisation your details may need to be shared in order that they can help us run the event). If such processing or sharing ever relates to your sensitive personal data, we will always do so only with your consent.
We may need to disclose your details if required to the police, regulatory bodies or legal advisors.
We do not sell personal details to third parties for any purpose.
Third Party Platforms and Services
To execute our fundraising and donor management objectives we work with third party suppliers and often have to share personal data such as names and addresses or email addresses with them as well as sensitive data like bank accounts and debit/credit card details.
- Payment Processing Services – Blackbaud Merchant Services, Stripe, Global Payments and PayPal (We do not store your card details on our website or databases.)
- Marketing Agencies including Public Fundraising Donor Recruitment Agencies and Call Centres
- Postal Mail Marketing companies
- Fundraising Platforms – iDonate, JustGiving
- Donor and donation details are recorded on Blackbaud The Raisers Edge NXT – Customer Relationship Management software (Raisers Edge).
- For Direct Debit Mandates the donors bank account details are collected and stored on the Raiser’s Edge.
- We also receive donations through third party platforms, these include: Facebook, Benevity, CAF America, GivenGain, GoFundMe, iDonate, Just Giving, LikeCharityText, Your Cause
7. How long we retain your information:
The periods for which we retain Donor and Supporter data are kept under regular review.
Generally, we will retain information for as long as is necessary for us to comply with the purposes for which you provided it to COPE Galway, or to comply with applicable regulatory, legal, contractual, statutory obligations and audit requirements.
|Stored securely on CRM system
|Deactivate donor record (after 3 years of inactivity)
|Delete personal data after 7 years (financial requirement)
|Stored securely on CRM system
|Delete IBAN record and mandate once requested
|PAIN (Bank) Reports deleted annually
|4 years (while form active)
|CHY3 form with PPS number stored on CRM system. Form (and PPS number) deleted once processed for active years.
8. Legal basis for processing your personal data
By law we are permitted to process your information for at least one of these reasons:
- In order to perform a contract or where you have given explicit consent to use your personal information to provide the service that you have requested and communicate with you in the way(s) that you have agreed to in the way you have asked e.g. to process your donation transaction, to undertake appropriate security checks to prevent against fraud, to process tax back giving, to acknowledge receipt of your payment and to assign to specific funds or projects
- Where there is a legal requirement, for example, where we are required by law to share your personal details with financial regulatory bodies
- Legitimate interest – The General Data Protection Regulator allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests, as long as that processing is fair, balanced and does not unduly impact your rights, such as to invite you to thank you for your support or inform you about how your donation is making a difference. Where we rely on legitimate interest in relation to marketing, we will always provide an option to opt out of future communications every communication we send (See our Statement of legitimate Interest)
9. Storing and safeguarding your personal information
At COPE Galway, we understand the importance of keeping your information secure and confidential. We take reasonable security, technical and organisational measures to ensure that the personal data we hold on you is protected from loss, misuse, alteration or destruction, and to prevent any unauthorized or unlawful disclosure or processing.
Access to our fundraising data is strictly controlled by the Raisers Edge CRM system and can only be accessed by people who need it to do their job. Certain data, for example some sensitive data, is additionally controlled and is only made visible to members of staff who have a reason to work with it.
Some of the 3rd Party services or suppliers we use are based outside the EU/EEA. When your data is transferred outside the EU/UK, we ensure your data is processed only in countries that provide an adequate level of protection for your data or where the recipient provides appropriate safeguards, such as model contract clauses, binding corporate rules or mechanisms like the EU-U.S. By submitting your personal data, you are agreeing to this transfer, storing or processing.
Reports and reconciliation documents that contain personal donor data are stored on a secure computer located in our office and/or on a secure server hosted internally by COPE Galway and backed up by KeepITSafe. The document folder is visible only to the necessary staff within the Fundraising and Finance teams and if password protected.
10. Your Data Protection Rights
You have the following rights under data protection legislation:
The right to be informed. You have the right to be told how your personal information is collected, maintained and how it will be used.
The right to access. You can request for a copy of personal information COPE Galway holds on you.
The right to rectification. If you think the personal information COPE Galway holds on you is incorrect or incomplete, you can request that we correct or complete it. We do our best to keep your personal information accurate and up to date when you provide us with the information we need to do so.
The right to erasure or “to be forgotten”. You can request to have COPE Galway erase your personal data from our systems.
The right to restrict processing. You may ask COPE Galway to restrict the processing of your personal data, under certain conditions.
The right to object to the processing. You have the right to stop COPE Galway from processing your personal information, under certain conditions.
The right to withdraw consent. Where processing is based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
The right to data portability. You can request that COPE Galway move, copy or transfer your personal information from one service provider to another.
The right to object to automated decisions. Where the automated processing of your data has a legal or significant effect on you, you have the right to object to it.
If you would like to exercise any of these rights, please contact the Data Protection Officer.
You also have the right to lodge a complaint to the office of the Data Protection Commission.
The Data Protection Commissioner
We review and update our policies from time-to-time and update this document accordingly. Updates may occur particularly when we change how we use your information, and change our technology and products.
Last updated: 25 July 2022