East Anglian Air Ambulance is a charity registered in England and Wales Charity No 1083876, Registered Company number 04066700.

East Anglian Air Ambulance (Trading) Limited, trading as Friends of East Anglian Air Ambulance, is a company registered in England and Wales at Hangar E Gambling Close, Norwich Airport, Norwich, Norfolk, NR6 6EG – Registered Company number 04136827

Registered with the Information Commissioner’s Office Data Protection Registration No. Z3529278

This privacy and data protection statement explains our information practices, including how we use your information and how you can update it or unsubscribe. We will only collect and use information from you in line with this statement.  We encourage you to read the summaries below and to click on “Learn More” if you’d like more detailed information on a particular topic.

If you would like this privacy statement in print format, please contact us or call 03450 669 999.  We may make changes to this statement from time to time. If we do so, we will post the changes on this page and they will apply from the time we post them.   This statement was last changed on 27/07/ 2017.

  • The statement in brief

    When you browse our website, visit and contribute on our social media pages, or communicate with us, we collect certain types of information (explained in full below). The more information we have, the more efficiently we can operate and the more funds we can direct to saving lives.  It is important that you read the full statement to understand what information we hold, how we may use it, and what your rights are.  Briefly,

    • We collect data to help us operate effectively and to provide you with the best experiences possible from interacting with East Anglian Air Ambulance. You provide some of this data directly, for example in completing forms online, emailing and talking to us.
    • Some is collected automatically when you visit our website.
    • We collect information to provide services or goods, information, fundraising for our lifesaving work, administration, research, to better understand our supporters, and for the prevention/detection of crime.
    • In some cases we may undertake specific research to help us communicate with our supporters better, such as examining financial or other indicators.
    • On our website we endeavour to keep personal information secure by using SSL technology (‘Secure Sockets Layer’, a standard security technology for establishing a safe link between a two computers).
    • We will use your information for our own marketing purposes, where we have your permission.
    • We will never sell or share your information with any other organisation for marketing purposes.
    • We only share data where we are required to by law or with carefully selected, trusted partners who work on our behalf.
    • We will only keep your information for as long as is necessary or according to law.
    • Our website collects information on site use including cookies and analytics. Please read our website Terms & Conditions for more information.

    Please read the full statement below so you have all the details you need or contact us if you have any queries. Together we save lives.

  • The information we collect

    We will only ever collect the information we need to deliver our charitable objectives – including data that will be useful to help improve our services. We collect two kinds of information:

    • Non-personal information such as IP addresses (the location of the computer on the internet) and the pages viewed. This helps us to determine how many people use our website, the number of and how often people visit, and how popular particular pages are. This information doesn’t tell us anything about who you are or where you live. It simply allows us to monitor and improve our service.  We use cookies and analytics on our websites to do this
    • Personal information such as name, postal address, phone number, email address, date of birth (where appropriate and/or legally required), or other information about you that you have chosen to share with us.
    • If you contact us we will ask for your name and preferred contact details (such as phone number, email address or postal address). We may ask for more information, but we will only ask for the information we need to help you with your enquiry.

    If you sign up for our newsletter, we will ask for your name and email address. We will also give you the option to tell us your postal address, and to tell us if you would like us to send you additional communications about news or events that might interest you.

    You can control your communications preferences by letting us know by downloading a form online and returning it to us, or by email to feedback@eaaa.org.uk.

  • How we use your information

    We will only contact you if you have given us specific consent (for example the ‘tick boxes’ on our website and other forms that we use, see preferences on our website for how to opt in and out of various communications) or where there is ‘legitimate interest’.  Legitimate interest is a term used by the Information Commissioner’s Office to ensure that our needs and your needs are looked at in balance and decisions to process data, or contact you, are only made when there is a very good reason for us to do so.

    We will store the information you give us securely, in line with the Data Protection Act 1998.  We will also be updating this policy in line with the new General Data Protection Regulation which will be fully enforceable in May 2018.

    We will use the information you provide to:

    • Communicate with our supporters and customers
    • Provide you with information that we think may be of interest to you such as communications about our lifesaving missions, products and services, and fundraising
    • Process payments, deliver products and communicate with you about orders
    • Administer your lottery membership, event registration, donations and gifts in wills
    • Administer volunteer records
    • Carry out surveys, in-house research and learn more about our supporters to help us gain a better understanding and to enable us to improve our service to you. This research may be carried out internally by our employees or we may ask another company to do this for us
    • Record any contact we have with you
    • Prevent or detect fraud or abuses of our websites and enable third parties to carry out necessary functions on our behalf.

    Some data investigations we undertake may be for due diligence for donors (please contact us for a copy of Ethical Fundraising Policy) and to meet UK money laundering regulations.

Your Rights

The new GDPR legislation (which comes under the Information Commissioner’s Office – ICO) has improved your rights. We will consider any right you wish to exercise and do our best to comply. These new rights fall into the following categories:

  • The right of access

    This is your right to see all the data we (or any other organisation) hold on you and is called a ‘subject access request’. This means you can ask us to share with you a copy of all the data we hold on you, such as current and past addresses, your donation history and any other personal information we may hold.   Find out more from the ICO.

  • The right to rectification

    If we have incorrect information about you, we must put it right including updating third parties who are processing on our behalf where possible.  We will comply with these requests as quickly as we can and confirm with you that we have done so.  They may take up to 28 days to take effect if, for example, you have changed your address but our mailing house has already run the latest mailing of our newsletter. Find out more from the ICO.

  • The right to erasure

    You have the right to be removed completely from our database, erasing all history of contact.  We will consider any request to erase personal information and will keep minimum data to ensure we can identify you so that we do not contact you again.  This would fall under ‘restricted processing’ (see below).  Find out more from the ICO.

  • The right to data portability

    The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.  It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.   Find out more from the ICO.  Find out more from the ICO.

  • The right to object

    Individuals have the right to object to:

    • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
    • direct marketing (including profiling); and
    • processing for purposes of scientific/historical research and statistics

    In other words, you have the right to object to us processing your data in any way you choose, though we hope you will let us know your preferences so that we can comply with your requests without you having to object. Find out more from the ICO.

  • Rights in relation to automated decision making and profiling

    Individuals have the right not to be subject to a decision when:

    • it is based on automated processing; and
    • it produces a legal effect or a similarly significant effect on the individual.

    We must ensure that individuals are able to:

    • obtain human intervention;
    • express their point of view; and
    • obtain an explanation of the decision and challenge it.

    This would include processing such as profiling and screening.  We’ve explained that in more detail below.  Find out more from the ICO.

  • Right to complain

    You also have the right to complain.  You can read more in our or contact the Information Commissioner’s Office directly.  We’d also appreciate your comments and feedback.   You have right to complain to the Information Commissioner’s Office (ICO) which is the national data protection authority in the UK.

About marketing

To raise the money we need every year to keep our Helicopter Emergency Medical Service ready to respond, EAAA undertakes a wide range of marketing activities to reach new and existing supporters.  You may receive information from EAAA about the goods we provide (such as our Christmas card range), fundraising appeals and events, information about our missions and the other work we do that is part of our charitable mission. You may, at any time, opt out of receiving information from EAAA, and we aim to make your preferences as easy to manage as possible so you can keep receiving the information you want.  We will never give, sell or exchange your information with other organisations for marketing purposes.

If we contact you by email, every message we send will include a link to opt out of receiving future messages if you wish.  If we contact you by other means, you can again change your preferences and opt out of any particular method through contacting us by post, email feedback@eaaa.org.uk or phone 08450 669 999 or updating your choices via our website www.eaaa.org.uk/preferences.

We respect your right to choose how we contact you and what information we send you – please let us know your preferences.  To update your preferences or unsubscribe from any communications, please visit www.eaaa.org.uk/preferences  or contact us.

Sharing your information

We will never sell or share your information with any other organisation for commercial purposes.  We will only share your information:

  • if we are required to do so by law
  • for our partners to provide services we cannot deliver, such mailing houses, IT specialists and research firms. We only choose partners we can trust who abide by the requirements of the Data Protection Act
  • if we believe it is necessary to protect or defend our rights, property, personal safety of our people or visitors to our premises or websites.

Storing your information

In line with best practice, your information is stored by EAAA on computers located in the UK and on data servers within the EU. We may also store information in paper files.

We place great importance on the security of all our supporters’, customers’ and patients’ data. We have security measures in place to protect against the loss, misuse and alteration of personal data under our control. Only authorised personnel may access user information and we use secure sockets layer (SSL) software to encrypt financial and personal information you input before it is sent to us.

While we cannot ensure or guarantee that loss, misuse or alteration of data will not occur while it is under our control, or where it is transmitted across the internet, we will do our utmost to protect the security of your information.

Where we have provided a password enabling you to access specific parts of our websites, it is your responsibility to keep this password confidential. We advise you not to share your password with anyone.

We will keep your information only for as long as we need it to provide you with the goods, services or information you require, manage your relationship with us, comply with the law, or to ensure we do not communicate with people that have asked us not to. When we no longer need information, we will always dispose of it securely.  Please contact us if you would like to know more about our Data Retention, Archiving and Destruction Policy.

How long we keep your information for

We are required by law to keep some information for a specified time, such as your Gift Aid Declaration which we must hold for six years.

When you support us with a donation or by playing the lottery or raffle, we will also keep your details for a reasonable time to ensure we have the records on hand should you have any query in the future.

Please contact us if you would like to know more about our Data Retention, Archiving and Destruction Policy.

Cookies

Most websites use cookies, which are small text files saved on your computer by websites you visit. Cookies can help to give you a more personalised web experience.

We use cookies to track how you use our website so we can make your online experience better for you. Third parties may use cookies, web beacons, and similar technologies to collect or receive information from our website and elsewhere on the internet and use that information to provide measurement services and target ads. These cookies are not used to identify you personally.

For more information on how we use cookies, and what happens when they are enabled or disabled, please visit our website Terms & Conditions

Data profiling and screening

To make sure that we send you the right information, and that we advertise in the right places to reach more people like you who care about our lifesaving work, EAAA may sometimes undertake data profiling.  Data profiling is the process of examining our database of information on our supporters and collecting statistics or informative summaries about that data.  We will only do this with your data where you have given us specific permission.

When analysing this data, we may compare your individual details against other data resources (see further advice in ). We will compare information such as giving history, location, and gender.  This will help us to ensure that we communicate in the most appropriate way with you.

We may also match group data against other external databases to understand more about our supporters and their habits or attitudes as a group. For example, knowing what newspapers are most commonly read helps us identify where to advertise to find more people like you, who care about our lifesaving work.

If you have not given us permission, we will not perform any kind of profiling or screening on your personal details, including seeking out a new address if you have moved.

By allowing EAAA to profile your data, we may understand more about you as individuals and as a group.  This helps us to spend cost-effectively on fundraising and make the best possible use of your generous donations.  If you are happy for us to include your data in profiling, please let us know by email to feedback@eaaa.org.uk.

Data screening is where we match your details against another database to ensure we are up to date. Examples of this could be the National Change of Address database (NCOA) from Royal Mail (which uses data from their redirection service), helping us to keep in touch with you if you have moved recently.  Another example is screening against a database of the recently deceased.  We know that sending mail to a recently deceased member of the family can be distressing; by running this data matching service we can reduce the possibility of EAAA contacting someone who has passed away.  This screening is only effective if you have officially notified a death.

By allowing EAAA to screen your data, we will be able to reduce the number of wasted letters and newsletters sent to supporters who have moved or passed away. It will help us to spend our money wisely, making sure that even more of the donations we receive can go towards our lifesaving work.

If you are happy for us to include your details if we undertake any profiling, please let us know.

Wealth screening and prospect research

Overview

Wealth screening is where we use external information sources and compare our data with external data, using specialist agencies, to understand your financial position.  EAAA has limited expertise and resources to carry out all this work in-house, and may wish to use an agency to compare our data with publicly available information (see How you can control your data).

Prospect research is where we do this manually, through reading media articles and referencing other publicly available information. This can help to identify people that are likely to have an affinity with our cause, and also understand better the type of relationship that they might prefer to have as part of their philanthropic giving.

We will not undertake any wealth screening without your express permission.  We may undertake individual prospect research where we believe there is a reason to do so, and we will be in contact with you as soon as is practically possible and feasible to ensure you are fully informed of any data we hold about you.

Why might we want to do this?

Wealth screening and prospect research helps EAAA to understand our supporters better so that we can tailor our communications and relationship with you.  We might do this by looking at the information we have regarding your history and engagement with us, how and when you have supported us in the past, the method of past giving and what message or communication initiated the gift.  If you have already shown an interest in supporting EAAA, or we are made aware of another reason why a relationship between you and us may be beneficial, it helps us to understand how you might be able to help before we approach you and ask something inappropriate.

By being able to understand existing supporters better and potential new donors, we can be more cost-effective in our work – sending out appropriate, tailored communications that are more likely to be welcomed by our supporters, rather than a ‘one size fits all’ approach.

If you are happy for us to include your details if we undertake any screening, please let us know.  If we undertake research on individuals and would like to contact you, we will let you know as soon as is practical.  We will ask for your preferences at this time and comply with your wishes.

Contact us

To learn more about how you can control what information you receive from us, please visit our preferences web page.   If you have any queries about data privacy, how we store or use your data, please email: feedback@eaaa.org.uk or telephone our reception on 03450 669 999.

If you have any questions or concerns about this Privacy Statement, or would like to receive a printed version, please contact us or call 03450 669 999.

  • What is data protection?

    Data protection is about protecting people from the misuse of their personal information. Data protection legislation aims to prevent harm to those individuals that businesses, charities and government process data about by creating legal responsibility for keeping the information as safe as possible. Fundraising, for example, is a vital operation for EAAA, for which collecting information to build and expand our list of supporters is a perfectly legitimate objective. However, to prevent harm to those supporters, we need to ensure your information is not misused, does not fall into the wrong hands and that (where appropriate) individuals consent to their information being used in this way.  This is why any charity you support or organisation you do business with, should have clear data protection and privacy policies – as EAAA does.

    Data Protection in the UK is covered by UK and EU legislation (and will remain so even when the UK exits the EU) and the governing body is the Information Commissioner’s Office where you can find full details of the Data Protection Act 1998.

  • What will organisations do with my data?

    Like EAAA, organisations will use your data to help promote their business or charity, or provide services and information.   You have rights over your personal data, and organisations will ask you what you want from them by collecting your preferences.  These preferences can be collected by phone, email, website, letter or face to face.  It is vitally important that organisations collect and store your preferences, and also let you know what they want to do with your data and why.

  • Where do organisations get my name from?

    For any organisation to grow its customer or supporter base, it will need to make contact with more people.  There are many ways they can do this, for example advertising on television or radio, in newspapers or on websites; they can also buy data from legitimate data providers. These may be your full address and contact details, or just email addresses, but the important thing is that your data cannot be sold to an organisation unless you have given permission for that to happen.

    An example of how EAAA might buy the names of new people to contact is from survey collection. An online survey company may ask a series of questions (perhaps offering a prize or other incentive for completion) and one of the tick boxes in the survey could be ‘Do you want to hear about the work of East Anglian Air Ambulance’ and if you tick yes, then you have given your permission for us to contact you, via the survey company.

    If you receive a piece of unexpected mail, email or telephone call, you can ask where your details came from.

    Your details may also be published publicly, and organisations can use this information for reference purposes (for example data screening and profiling).  Some of these information sources are free to access, others may require membership, a subscription or other fee.  Your details may appear in any number of publicly available sources such as:

    Other sources may be compiled, such as business guides (eg Dun & Bradstreet in the UK, or Hoovers internationally) and The Times Rich List.  There are also organisations that specialise in screening, and they will use lots of different publicly available resources to compile multiple levels of data on an individual.

    The internet also holds millions of personal details, some secure, some public.  As well as search engine results identifying individual details such as social media pages, personal websites and blogs, information may also be compiled into public reference information such as Wikipedia.

  • How can I stop unwanted contact?

    Most contact that you will receive will either come from data where you have given your permission either directly or to a third party (see Where do organisations get my name from, above).  In the past the sharing of your data may have been an ‘opt out’ tick box on a form or website, so not ticking the box assumes you do not mind sharing.  In this case you just need to review your permission with whoever has your data.

    In the first instance, you need to contact the organisation and ask where they got your details from, and then you can ask to have your details removed.  For example, when EAAA buys new data, we only use agencies that provide details on individuals who have given explicit permission for their data to be shared.  If we are contacted and asked not to contact someone again, we make sure that we identify this on our database (so that we can make sure we never contact them again) and tell them where and how we acquired their data and, if it is from a third party, who to contact.

    If you receive unwanted phone calls and mail, there are three main services that will help you manage this:

    The Telephone Preference Service (TPS) and the Mailing Preference Service (MPS).  For example, before EAAA makes any phone calls, we compare your data against the TPS and if you are registered, we will not call unless you have specifically opted in to receiving calls from us (or unless you have won the lottery!).  Newly established is the Fundraising Preference Service (FPS), a website based service which allows members of the public in England and Wales to end ALL direct marketing communications from a specific charity.

    Registering with these organisations should help reduce the number of unsolicited communications you receive, but unfortunately will not prevent illegal or poor practice (though both can be reported to the Information Commissioner’s Office).  If you are registered with TPS, for example, and receive an unsolicited call, the first thing you should do is ask the caller if they know you are registered with TPS.  It may be that you do have an existing relationship with the caller (such as an energy provider) in which case it may be legitimate for them to call you.

    In the UK you should not receive any unsolicited emails, and all emails must have an ‘unsubscribe’ option on the bottom.  This is covered by Privacy and Electronic Communications Regulations (PECR).

    There are some organisations that act illegally (for example random dialling of domestic phones in relation to a possible accident at work, or PPI reclaim).  Quite often these calls are computer-generated, and in many cases, they’re from companies operating outside the UK so that they can evade UK laws.  Many spam texts ask you to text STOP or UNSUBSCRIBE if you don’t want to receive more messages. Advice is not to respond at all because your reply confirms that your number is a live one, which means it’s likely to be sold on which could mean even more spam in the future.  We also recommend going ex-directory to reduce the availability of your phone number.

Disclaimer

This information is for guidance only and does not constitute a comprehensive list of resources or legal advice.  If you are concerned that your data is being used illegally or have other concerns about how your data is being used, please contact the Information Commissioner’s Office who are responsible for Data Protection in the UK.

If you have found this information useful, or would like to suggest any improvements, please let us know.