At Kids Operating Room we rely on the generosity and support of individuals like you to carry out our vital work providing global surgery for children. We are committed to protecting the personal details that we process when you engage with us.
This Privacy Notice explains why we may ask for your personal information and tells you what we will do with it.
We collect and use personal data to manage our relationships with children, their families, doctors, partners and supporters, and to better understand how we can meet and exceed their expectations. This allows us to operate and fundraise more efficiently and effectively to ultimately help us reach our goal that every child should have access to safe surgery.
Please read this Privacy Notice carefully, along with our website terms and conditions and any other documents referred to, to understand how we collect, use, and store your personal information.
The Privacy Notice tells you:
- Who we are
- Where we collect information from
- Information we collect
- What we do with your information
- Legal Basis for processing your information
- How we update your information
- Who we share information with
- How we keep your data safe
- How long we store your data for
- Changes to the Privacy Notice
- Your Rights
- Further information
By providing us with personal information, you consent to its collection and use as set out in this Privacy Notice. We aim to be clear, transparent and to use your information in a way that you would reasonably expect us to. We may update this Privacy Notice from time-to-time so please check it regularly.
If you have any questions about this Privacy Notice or our website cookies please contact our Data Protection Officer by email or by post using the postal address below.
1. Who we are
Kids Operating Room is a charity that operates to provide safe surgery for children throughout the world. We are a registered Scottish charity (SC 048523). The principal office is Kids Operating Room 107 George Street, Edinburgh, EH2 3ES.
2. Where do we collect information from?
We collect information in the following ways:
Information you give us
- Kids Operating Room may obtain personal information from you when, for example, you complete an online form to participate on a programme, register with us for a mailing list, apply to become a volunteer, take part in an event or make a donation.
Information from Third Parties
- We may also receive information about you from independent third parties, such as fundraising sites like JustGiving or Virgin Money Giving, event organisers such as the London Marathon or mailing list brokers. We will only receive information from third parties in this way if you have given your consent for your information to be passed on to us. You should check their Privacy Notice when you provide your information to understand how they will process your information. Once we have obtained this information from the third party it will be covered by our Privacy Notice as well as by the originating third party.
Information we get from your use of our website and services
- We collect information about the services you use and how you use them, like when you watch a video on YouTube, visit our websites or view and interact with our adverts and content
Information in the public domain
- We may obtain some information from publicly available sources such as Companies House, newspaper articles or open postings on social media such as Facebook and LinkedIn.
3. What information do we collect?
Depending on how you interact with us, the types of personal information that Kids Operating Room collects may include:
- Your title, name, gender and date of birth;
- Your contact details (address, email, phone number and social media contact details);
- Family and spouse/partner details, relationships to other supporters;
- Your professional activities and employment details;
- Current interests and activities;
- Gift aid status and records of donations;
- Contact preferences;
- Information about your wealth;
- Media articles about you;
- Your IP address, location, browser type and information on how you interact on our website;
- Your bank or credit card details in line with payment card industry standards; and,
- Any other information provided by yourself at the request of Kids Operating Room.
Where appropriate we may also ask your interests and motivation for supporting Kids Operating Room, although we will never make this question mandatory, and only want to know the answer if you are comfortable providing us with that information. In some limited circumstances, the personal information that Kids Operating Room collects may include information that is considered 'sensitive data'. This may include personal information regarding racial or ethnic origins, political opinions, religious beliefs, health and also information concerning criminal offences. Where this information is collected we will tell you so you know why it is needed. If you are under 13 you should ask permission of a parent or guardian before sending personal or sensitive information to anyone online.
4. What might we do with your information?
If you support us, for example by making a donation, volunteering, registering to fundraise, or signing up for an event, we will mainly use your information to:
- Provide you with the services, products or information that you asked for;
- Provide you information about other services, products or information we think might interest you where you have consented to being contacted;
- Administer your donation or support your fundraising, including processing Gift Aid;
- Build up a better picture of you and your interests so we can consider how best to ask for your support;
- Send you surveys, and for market research;
- Invite you to events;
- To contact you if you enter your details onto one of our online forms, and you don’t ‘send’ or ‘submit’ the form, to see if we can help with any problems you may be experiencing with the form or our websites;
- Keep a record of your relationship with us and record the contact we have with you; and
- Ensure we know how you prefer to be contacted.
We use tracking tools to improve the effectiveness of our communications with you, including tracking whether you open emails we send you and which links you click within a message. We may also use personal information to carry out due diligence in line with our Ethical Fundraising Policy, so that we are fundraising in accordance within the law and our internal policies and procedures.
5. Legal Basis for processing your information
Under the UK GDPR and the DPA, we must have a legal reason to collect, keep and use your data. We rely on the following legal basis for processing your data:
- Legitimate Interests
We process your personal data for our legitimate interests to allow us to run Kids Operating Rooom as a charitable entity effectively and in pursuit of our objectives. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. We will always ensure that your personal data will not be used where our interests are overridden by the impact on you.
The following are some examples of instances where we process your data for our legitimate interest:
- Direct marketing: We will send postal marketing and fundraising requests which further the aims and objectives of Kids Operating Room and don’t unduly impact the rights of the individual.
- Profiling and analysing information: We carry out limited profiling and research to help us understand our donors and potential donors, including gathering information from publicly available resources to give an insight into philanthropic interests and ability to support Kids Operating Room. (See below for more details).
Profiling and analysing information of our supporters
- In order to tailor what type and level of support we ask you for, we may analyse personal information we collect about you including how you have engaged with us previously, demographic information, measures of affluence, philanthropic interests and networks.
- We may also use information in the public domain, for example listed Directorships or typical earnings in a given area.
- In some instances, we may use third party wealth screening companies or insight companies to provide us with general information about you (please refer to section 6 for further information on data shared with third parties).
You can opt out of your data being used for profiling and wealth screening techniques by contacting our Data Protection Officer.
6. How we update your information
We review records of our supporters and volunteers to ensure your data is as accurate as possible and always appreciate it if you let us know if your contact details change. Where possible we use publicly available sources to keep your records up to date for example, the Post Office’s National Change of Address database, or information provided to us by other organisations as described in Section 1. It is important that we keep your personal data as up to date as possible so that we can cross reference your information with the Mail and Telephone
7. Who we share your information with
We are committed to protecting your data and therefore it will never be sold to external organisations and will only be disclosed to those acting as agents and data processors carrying out work on our behalf. Where we enter into a relationship with an external party, any such arrangements will be subject to a formal agreement between Kids Operating Room and that organisation to protect the security of your data.These Parties may include:
- Suppliers who send out communications on our behalf, such as invitations to our events;
- Wealth screening and insight companies;
8. How we keep your data safe
We aim to ensure that there are appropriate, physical, technical and managerial controls in place to protect any personal information you may provide to us, for example our online forms are always encrypted and our network is protected and monitored. Within our offices all our staff receive training on handling data securely. Where we use external companies to collect or process data on our behalf, we carry out comprehensive checks on them before we work with them and ensure that contracts are in place that set out our expectations and requirements. We may need to transfer your personal data outside of the European Economic Area (EEA) to allow them to perform services on our behalf (for example invitation or participation in an event outside of the EEA in support of Kids Operating Room). In doing so your data may be stored or processed outside of the EEA. Where this happens, we will endeavour to ensure that your data is being processed in accordance with the appropriate security requirements in line with our legal responsibilities, and by submitting your details in such circumstances you agree to this transfer.
Despite all of our precautions no data transmission over the internet can be guaranteed to be 100% secure. So, whilst we will always strive to protect your personal information, we cannot guarantee the security of any information which you disclose to us and so wish to draw your attention that you do so at your own risk.
9. How long we store your data for
We will hold your personal information on our systems for as long as is necessary for the relevant activity. If you request that we stop sending you marketing materials we will keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us, we won’t keep any information that we don’t need.
10. Changes to this Notice
Any changes to this Notice will be notified by displaying the word 'NEW' next to the 'Privacy Notice' link on our Site at least 30 days before putting such changes into effect. This Privacy Notice was last updated in April 2021.
11. Your Right
Your rights in respect of the personal information we hold about you are set out in more detail below. If you wish to exercise any of these rights or make a complaint, you can do so by contacting our Data Protection Officer by writing to; Kids Operating Room, 107 George Street, Edinburgh, EH2 3ES or by email. You can also make a complaint to the Information Commissioner's Office, https://ico.org.uk/.
- Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge. Please make all requests for access in writing and provide us with evidence of your identity so that we can identify you.
- Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and your personal situation means that you would object to processing on these grounds. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection.
- Consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
- Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
- Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, or you have withdrawn consent, or where we have no lawful basis for keeping it.
- Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
- Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
Please note, some of these rights only apply in certain circumstances. If one of your rights does not apply, we will contact to tell you why.
12. Further information
The laws governing how your personal data can be used are:
- General Data Protection Regulation 2016/679
- The Privacy and Electronic Communications Regulations 2003
- Data Protection Act 2018
You can also contact the Information Commissioner’s Office (ICO) at www.ico.org.uk to find out more or report a concern. The ICO is UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. We work with them to make sure that we collect, store, and use your information appropriately and not do anything you would not reasonable expect us to do with your data.