Effective date: 24 May 2018
We’ll keep this page updated to show you all the things we do with your personal data. This policy applies if you’re a supporter of the National Trust (member, donor, volunteer, tenant, customer, employee) or use any of our services, visit our website, email, call or write to us.
Who are ‘we’?
In this policy, whenever you see the words ‘we’, ‘us’, ‘our’ or ‘Trust’, it refers to The National Trust for Jersey, a registered charity with the Association of Jersey Charities, Registration number 246 and registered with the Jersey Charity Commissioner ( Charity Number 28).
The National Trust for Jersey is a charitable organisation with the aim to permanently protect Jersey’s natural beauty, rich wildlife and historic places for everyone to enjoy and experience.
Information that we share
Your personal information will be made available to those members of our staff who need to see it in order to perform their functions/roles/responsibilities at the Trust in respect of the services you have requested or agreed to use.
Your personal information may be held by us in one or more customer relationship management or CRM database(s). We may consolidate details of your dealings with us across various services to ensure we have clear and accurate records about your use of our services. This helps us to better understand your requirements and how we might provide other services to you.
For external processing
The Trust makes use of expert third party service providers to help it to provide relevant services, such as expert IT providers helping us with our IT systems, or professional auditors. Please note that certain individuals who will see your personal information may not be based within the Trust.
Where required by law we disclose information (for example, to meet legal obligations on the charity or to provide reasonable voluntary cooperation with a relevant police investigation).
Card payments made online are processed by our payment processors in compliance with the payment card industry data security standard. Card details are not shared by ourselves.
Card payments taken over the phone are processed using an approved credit card terminal provided by our payment processor in compliance with the payment card industry data security standard. We will never store card details collected in this way.
For the purpose of collecting membership dues, we collect your bank account details when setting up a regular direct debit. The bank account details collected are passed to a data processor for processing using BACS and the information held on our secure systems.
We’ll never sell your personal data.
What personal data do we collect?
Your personal data (any information which identifies you or which can be identified as relating to you personally) will be collected and used by us in connection with specific activities and services you have signed up to (such as registration or membership requests, booking an event, donations, volunteering, property rental, fundraising and employment) and also to make you aware of additional services provided by us that you may be interested in. We’ll only collect the personal data that we need which will be held on our secure systems. Should you wish to withdraw your consent for us to hold your personal data please advise us in writing.
Personal data provided by you
This includes information you give when interacting with us, for example joining or registering, booking an event or communicating with us. For example:
- Personal details (name, date of birth, email, address, telephone, and so on) when you join as a member or supporter
- Financial information (payment information such as credit or debit card or direct debit details)
- Your opinions and attitudes about the Trust, activities and interests.
If you buy membership as a gift or are the parent of one of our junior supporters your details will be recorded and your association with that relationship together with the details of the individual receiving the gift.
We may automatically collect the following information:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and if you access our website via your mobile device we will collect your unique phone identifier.
- Information about your visit, including, but not limited to the full Uniform Resource Locators (URL) from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information.
- Information about your purchases the types of products purchased.
- Cookies – Cookies are small text files stored on your computer when you visit certain websites. See are Cookies policy for more details.
How we use your personal data
We’ll only use your personal data on relevant lawful grounds as permitted by the Data Protection (Jersey) Law 2018. Personal data provided to us may be used for a variety of purposes depending on the services you have requested or the contract you have entered into with us.
In addition, where agreed with you, we may tailor our communications and dealings with you to better reflect your needs and preferences, such as sending you newsletters.
In carrying out the above we process your personal data in a variety of ways, each of which may have a different legal basis. We may process your personal data because:
•You have given your consent (e.g. for the provision of marketing correspondence)
•It is necessary for the performance of a contract with you (e.g. the purchase of membership, property rental or employment contract)
•In specific situations, we process your data to pursue our legitimate interests in ways which might reasonably be expected and which do not materially impact your rights, freedoms or interests. An example would be where a member of your family or friend purchases a gift membership for you.
Information we generate
We conduct research and analysis on the information we hold which can in turn generate personal data. For example, by analysing your interests and involvement with our work we may be able to build a profile which helps us decide which of our communications are likely to interest you.
Information from third parties
We do not use or buy information or data from third parties.
Retention of data
We will keep your details on record until we have completely dealt with your request, enquiry, or our contract with you and then for a reasonable period afterwards in accordance with data protection or other applicable legislation and our retention policy.
In general, we will retain the personal information that you have provided to us for up to ten years since your last contact with us, for the purposes of audit, analysis and customer management, and the defence of legal claims. However, any personal information provided to us in the relation to a donation of artefacts to be retained in our museums or sites will be kept for significantly longer.
If you’re a volunteer then we may collect extra information about you (e.g. references, criminal records checks, details of emergency contacts, medical conditions etc.). This information will be retained for legal or contractual reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.
Children’s personal data
Children aged under 17 are included on family memberships and are members of the Trust. We collect their names and dates of birth to ensure their right to free admission at our sites and events. We don’t ask children on family memberships for consent to marketing communications so they don’t receive them unless they’ve asked for them
Junior and Young Person membership
Child membership is available to everyone aged 5 to 16. An adult membership constitutes anyone over 17 years of age and can be purchased online, by phone or at our sites.
Student membership is available over the age of 16 if they are in full time education and have a Student ID Card.
Your privacy is important to us so we’ll always keep your details secure. We’d like to use your details to keep in touch about things that may matter to you.
This might be about visiting our sites, volunteering with us, membership, events, conservation work or fundraising.
We’ll only send these to you if you agree to receive them. If at a later date you can change your mind and elect not to receive marketing information. However, you will then miss out on directly being notified about events or other work we do that may be of interest to you.
There are some communications that we need to send. These are essential to fulfil our promises to you as a member, such as renewal membership reminders, our magazines and notice of our Annual General Meeting.
Fundraising, donations and legacy pledges
As a supporter we may invite you to support vital conservation work by making a donation, buying a raffle ticket, getting involved in fundraising activities or leaving a gift in your will.
If you make a donation we’ll use any personal information you give us to record the nature and amount of your gift and claim tax relief where you’ve told us you’re eligible. If you interact or have a conversation with us we’ll note anything relevant and store this securely on our systems.
If you’ve told us that you’re planning to, or thinking about, leaving us a gift in your will we’ll use the information you give us to keep a record of this, including the purpose of your gift.
If we have a conversation or interaction with you (or with someone who contacts us in relation to your will, for example your solicitor), we’ll note these interactions throughout your relationship with us as this helps to ensure your gift is directed as you wanted.
We process customer data in order to fulfil site hire bookings. Your data will be used to communicate with you throughout the process, including to confirm we’ve received your order and payment, to clarify where we might need more detail to fulfil an order or booking, or to resolve issues that might arise with your booking.
Recruitment and employment
In order to comply with our contractual, statutory, and management obligations and responsibilities, we process personal data, including ‘sensitive’ personal data, from job applicants and employees.
Such data can include, but isn’t limited to, information relating to health, racial or ethnic origin, and criminal convictions. In certain circumstances, we may process personal data or sensitive personal data without explicit consent. Further information on what data is collected and why it’s processed is given below.
Contractual responsibilities: Our contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay, paternity leave, pension and emergency contacts.
Statutory responsibilities: Our statutory responsibilities are those imposed through law on the organisation as an employer. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax, social security, sick pay, paternity pay, family leave, work permits.
Management responsibilities: Our management responsibilities are those necessary for the functioning of the charity. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters, e-mail address and telephone numbers.
All employees will have access to the National Trust’s employee handbook.
Sensitive personal data
The Data Protection (Jersey) Law 2018 refers to ‘special category data’ which is personal data that is more sensitive and includes racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.
In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee.
(a) We will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge.
(b) We will process data about, but not limited to, an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policy.
(c) Data about an employee’s criminal convictions will be held as necessary.
How we Store Information
Information collected in relation to your personal details are held on our CRM database Salesforce, which is a web based. We also keep information on our computer system together with some hard copy files, such as correspondence and letters we will have received from you.
How we protect the information that we collect
Hard copy files are held in fire proof cabinets. Electronic information is password protected by authorised users. Our information is backed up regularly to a server.
Updating your data and marketing preferences
We want you to remain in control of your personal data. If, at any time, you want to update or amend your personal data or marketing preferences please contact us in one of the following ways:
Telephone: 01534 483193
Write to us at: The National Trust for Jersey, The Elms, La Cheve Rue, St Mary, Jersey. JE3 3E
Your data protection rights
Under data protection law, you have rights including:
Your right of access -You have the right to ask us for copies of your personal information.
Your right to rectification -You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure -You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing -You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability -You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have four weeks to respond to you.
If you require any more details or wish to exercise your rights please contact us via email, phone or letter.
How to complain
If you are unhappy with the way the Trust has dealt with your Data Protection request you can also complain to the Jersey Office of the Information Commissioner (JOIC).
2nd Floor, 5 Castle Street, St. Helier, Jersey JE2 3BT
email@example.com 01534 716530
Date of last review February 2022