This Privacy and Data Protection Statement explains our information practices, including how we use your information, how you can update it or ways to unsubscribe. We will only collect and use information from you in line with this statement. We encourage you to read the summaries below.
If you would like this privacy statement in print format, please contact us or call 03450 669 999. We may make changes to this statement from time to time. If we do so, we will post the changes on this page and they will apply from the time we post them. This statement was last changed on 17/05/2018.
East Anglian Air Ambulance is a charity registered in England and Wales Charity No 1083876, Registered Company number 04066700.
East Anglian Air Ambulance (Trading) Limited, trading as Friends of East Anglian Air Ambulance, is a company registered in England and Wales at Hangar E Gambling Close, Norwich Airport, Norwich, Norfolk, NR6 6EG – Registered Company number 04136827.
Registered with the Information Commissioner’s Office Data Protection Registration No. Z3529278.
When you browse our website, visit and contribute on our social media pages or communicate with us, we collect certain types of information. The more information we have, the more efficiently we can operate and the more funds we can direct to saving lives. It is important that you read the full statement to understand what information we hold, how we may use it, and what your rights are. Briefly;
- We collect data to help us operate effectively and to provide you with the best experiences possible from interacting with East Anglian Air Ambulance. You provide some of this data directly, for example in completing forms online, emailing and talking to us
- Some is collected automatically when you visit our website
- We collect information to provide services or goods, information, fundraising for our lifesaving work, administration, research, to better understand our supporters, and for the prevention/detection of crime
- In some cases we may undertake specific research to help us communicate with our supporters better, such as examining financial or other indicators
- On our website we endeavour to keep personal information secure by using SSL technology (‘Secure Sockets Layer’, a standard security technology for establishing a safe link between a two computers)
- We will use your information for our own marketing purposes, where we have your permission
- We will never sell or share your information with any other organisation for marketing purposes
- We only share data where we are required to by law or with carefully selected, trusted partners who work on our behalf
- We will only keep your information for as long as is necessary or according to law
- Our website collects information on site use including cookies and analytics. Please read our website Terms & Conditions for more information
Please read the full statement below so you have all the details you need or contact us if you have any queries. Together we save lives.
We will only ever collect the information we need to deliver our charitable objectives – including data that will be useful to help improve our services. We collect two kinds of information:
- Personal information such as name, postal address, phone number, email address, date of birth (where appropriate and/or legally required), or other information about you that you have chosen to share with us.
If you contact us, we will ask for your name and preferred contact details (such as phone number, email address or postal address). We may ask for more information, but we will only ask for the information we need to help you with your enquiry.
If you sign up for our newsletter, we will ask for your name and email address. We will also give you the option to tell us your postal address, and to tell us if you would like us to send you additional communications about news or events that might interest you.
We will only contact you if you have given us specific consent (for example the ‘tick boxes’ on our website and other forms that we use; see preferences on our website for how to opt in and out of various communications) or where there is ‘legitimate interest’.
Legitimate interest is a term used by the Information Commissioner’s Office to ensure that our needs and your needs are looked at in balance and decisions to process data, or contact you, are only made when there is a very good reason for us to do so.
We will store the information you give us securely, in line with the Data Protection Act 2018.
We will use the information you provide to:
- Communicate with our supporters and customers
- Provide you with information that we think may be of interest to you such as communications about our lifesaving missions, products and services, and fundraising
- Process payments, deliver products and communicate with you about orders
- Administer your lottery membership, event registration, donations and gifts in wills
- Administer volunteer records
- Carry out surveys, in-house research and learn more about our supporters to help us gain a better understanding and to enable us to improve our service to you. This research may be carried out internally by our employees or we may ask another company to do this for us
- Record any contact we have with you
- Prevent or detect fraud or abuses of our websites and enable third parties to carry out necessary functions on our behalf.
Some data investigations we undertake may be for due diligence for donors (please contact us for a copy of Ethical Fundraising Policy) and to meet UK money laundering regulations.
The new GDPR legislation (which comes under the Information Commissioner’s Office – ICO) has improved your rights. We will consider any right you wish to exercise and do our best to comply. These new rights fall into the following categories:
EAAA have officially achieved a Cyber Essentials Plus accreditation, meaning our charity has protection in place to guard against the most common cyber threats. This also means we are a safe haven for the receipt of confidential patient data from across the region. In the future it will allow our clinicians to obtain a significant amount of outcome information on our patients, something they don't often get to find out.
To raise the money we need every year to keep our Helicopter Emergency Medical Service ready to respond, EAAA undertakes a wide range of marketing activities to reach new and existing supporters. You may receive information from EAAA about the goods we provide (such as our Christmas card range), fundraising appeals and events, information about our missions and the other work we do that is part of our charitable mission. You may, at any time, opt out of receiving information from EAAA, and we aim to make your preferences as easy to manage as possible so you can keep receiving the information you want. We will never give, sell or exchange your information with other organisations for marketing purposes.
We respect your right to choose how we contact you and what information we send you – please let us know your preferences. To update your preferences or unsubscribe from any communications, please visit www.eaaa.org.uk/contact/update-preferences or contact us.
In line with best practice, your information is stored by EAAA on computers located in the UK and on data servers within the EU. We may also store information in paper files.
We will hold different types of data for different periods. How we schedule this is recorded in our Data Retention Policy. You can view this policy here.
In line with best practice, your information is stored by EAAA on computers located in the UK and on data servers within the EU. We may also store information in paper files.
For financial and technical reasons we may, on occasion, decide to use the services of a supplier outside the European Economic Area (EEA), which means that your personal information is transferred, processed and stored outside the EEA. We will only use services that are covered by the international data protection agreement known as the Privacy Shield. If you would like to receive further information about which services we use that may transfer your data outside the EEA, and the security around such services, please contact us.
We place great importance on the security of all our supporters’, customers’ and patients’ data. We have security measures in place to protect against the loss, misuse and alteration of personal data under our control. Only authorised personnel may access user information and we use secure sockets layer (SSL) software to encrypt financial and personal information you input before it is sent to us.
While we cannot ensure or guarantee that loss, misuse or alteration of data will not occur while it is under our control, or where it is transmitted across the internet, we will do our utmost to protect the security of your information.
Where we have provided a password enabling you to access specific parts of our websites, it is your responsibility to keep this password confidential. We advise you not to share your password with anyone.
We will keep your information only for as long as we need it to provide you with the goods, services or information you require, manage your relationship with us, comply with the law, or to ensure we do not communicate with people that have asked us not to. When we no longer need information, we will always dispose of it securely. Please contact us if you would like to know more about our Data Retention, Archiving and Destruction Policy.
We are required by law to keep some information for a specified time, such as your Gift Aid Declaration which we must hold for six years.
When you support us with a donation or by playing the lottery or raffle, we will also keep your details for a reasonable time to ensure we have the records on hand should you have any query in the future. We also keep basic information on file for suppression purposes, for example to ensure we are able to exclude from future contact.
Please contact us if you would like to know more about our Data Retention, Archiving and Destruction Policy.
Data profiling and screening
We may use the data you provide to help us to understand your interests, so we can try to analyse and predict what other products, services and information you and others like you might be most interested in and not send offers or information that is not of interest. This enables us to tailor our communications to make them relevant and interesting for you. We may also combine this with information held in the public domain (see How you can control your data). If you do not want us to process your data in this way, it is easy to opt out – just contact us.
We may also match group data against other external databases to understand more about our supporters and their habits or attitudes as a group. For example, knowing what newspapers are most commonly read helps us identify where to advertise to find more people like you, who care about our lifesaving work.
By allowing EAAA to profile your data, we may understand more about you as individuals and as a group. This helps us to spend cost-effectively on fundraising and make the best possible use of your generous donations. You can opt out at any time.
Data screening is where we match your details against another database to ensure we are up to date. Examples of this could be the National Change of Address database (NCOA) from Royal Mail (which uses data from their redirection service), helping us to keep in touch with you if you have moved recently and given your permission for this information to be shared. Another example is screening against a database of the recently deceased. We know that sending mail to a recently deceased member of the family can be distressing; by running this data matching service we can reduce the possibility of EAAA contacting someone who has passed away. This screening is only effective if you have officially notified a death.
By allowing EAAA to screen your data, we will be able to reduce the number of wasted letters and newsletters sent to supporters who have moved or passed away. It will help us to spend our money wisely, making sure that even more of the donations we receive can go towards our lifesaving work. You can opt out at any time.
Wealth screening and prospect research
Wealth screening is where we use external information sources and compare our data with external data, using specialist agencies, to understand your financial position. EAAA has limited expertise and resources to carry out all this work in-house, and may wish to use an agency to compare our data with publicly available information (see How you can control your data). You can opt out at any time.
Prospect research is where we do this manually, through reading media articles and referencing other publicly available information. This can help to identify people that are likely to have an affinity with our cause, and also understand better the type of relationship that they might prefer to have as part of their philanthropic giving.
We may undertake individual prospect research where we believe there is a reason to do so, and we will be in contact with you as soon as is practically possible and feasible to ensure you are fully informed of any data we hold about you. We will use Legitimate Interest as the legal basis for processing this kind of data so we need to make sure that your interests are examined in balance with the charity’s (see ‘How we use your information’ above). Care will be taken when undertaking research to ensure that the sources of publicly available information that we use are assessed against your reasonable expectations to ensure that only relevant personal data is captured. You can opt out at any time.
Why might we want to do this?
Wealth screening and prospect research helps EAAA to understand our supporters better so that we can tailor our communications and relationship with you. We might do this by looking at the information we have regarding your history and engagement with us, how and when you have supported us in the past, the method of past giving and what message or communication initiated the gift. If you have already shown an interest in supporting EAAA, or we are made aware of another reason why a relationship between you and us may be beneficial, it helps us to understand how you might be able to help before we approach you.
From time to time the Charity carries out such research to ensure individuals are not inappropriately contacted either due to lack of interest in the cause, possible known preferences, or at a significantly higher financial level than it appears they could typically afford. The information we discover will not be used in a way that would be deemed ‘unreasonable’. By doing this we minimise the potential of our research activity resulting in inappropriate contact. By being able to better understand existing supporters and potential new donors, we can be more cost-effective in our work – sending out appropriate, tailored communications that are more likely to be welcomed, rather than a ‘one size fits all’ approach.
If you are not happy for us to include your details if we undertake any screening or research, please let us know.
Data protection is about protecting people from the misuse of their personal information. Data protection legislation aims to prevent harm to those individuals that businesses, charities and government process data about by creating legal responsibility for keeping the information as safe as possible. Fundraising, for example, is a vital operation for EAAA, for which collecting information to build and expand our list of supporters is a perfectly legitimate objective. However, to prevent harm to those supporters, we need to ensure your information is not misused, does not fall into the wrong hands and that (where appropriate) individuals consent to their information being used in this way. This is why any charity you support or organisation you do business with, should have clear data protection and privacy policies – as EAAA does.
Data Protection in the UK is covered by UK and EU legislation (and will remain so even when the UK exits the EU) and the governing body is the Information Commissioner’s Office where you can find full details of the Data Protection Act 2018.
Like EAAA, organisations will use your data to help promote their business or charity, or provide services and information. You have rights over your personal data, and organisations will ask you what you want from them by collecting your preferences. These preferences can be collected by phone, email, website, letter or face to face. It is vitally important that organisations collect and store your preferences, and also let you know what they want to do with your data and why.
For any organisation to grow its customer or supporter base, it will need to make contact with more people. There are many ways they can do this, for example advertising on television or radio, in newspapers or on websites; they can also buy data from legitimate data providers. These may be your full address and contact details, or just email addresses, but the important thing is that your data cannot be sold to an organisation unless you have given permission for that to happen.
An example of how EAAA might buy the names of new people to contact is from survey collection. An online survey company may ask a series of questions (perhaps offering a prize or other incentive for completion) and one of the tick boxes in the survey could be ‘Do you want to hear about the work of East Anglian Air Ambulance’ and if you tick yes, then you have given your permission for us to contact you, via the survey company.
If you receive a piece of unexpected mail, email or telephone call, you can ask where your details came from.
Your details may also be published publicly, and organisations can use this information for reference purposes (for example data screening and profiling). Some of these information sources are free to access, others may require membership, a subscription or other fee. Your details may appear in any number of publicly available sources such as:
- Aircraft Registry
- Companies House
- The Charity Commission
- The Electoral Register (you can opt out of the ‘open register’)
- The UK Ship Register
- Who’s Who
Other sources may be compiled, such as business guides (eg Dun & Bradstreet in the UK, or Hoovers internationally) and The Times Rich List. There are also organisations that specialise in screening, and they will use lots of different publicly available resources to compile multiple levels of data on an individual.
The internet also holds millions of personal details, some secure, some public. As well as search engine results identifying individual details such as social media pages, personal websites and blogs, information may also be compiled into public reference information such as Wikipedia.
Most contact that you will receive will either come from data where you have given your permission either directly or to a third party (see Where do organisations get my name from, above). In the past the sharing of your data may have been an ‘opt out’ tick box on a form or website, so not ticking the box assumes you do not mind sharing. In this case you just need to review your permission with whoever has your data.
In the first instance, you need to contact the organisation and ask where they got your details from, and then you can ask to have your details removed. For example, when EAAA buys new data, we only use agencies that provide details on individuals who have given explicit permission for their data to be shared. If we are contacted and asked not to contact someone again, we make sure that we identify this on our database (so that we can make sure we never contact them again) and tell them where and how we acquired their data and, if it is from a third party, who to contact.
If you receive unwanted phone calls and mail, there are three main services that will help you manage this:
The Telephone Preference Service (TPS) and the Mailing Preference Service (MPS). For example, before EAAA makes any phone calls, we compare your data against the TPS and if you are registered, we will not call unless you have specifically opted in to receiving calls from us (or unless you have won the lottery!). Newly established is the Fundraising Preference Service (FPS), a website based service which allows members of the public in England and Wales to end ALL direct marketing communications from a specific charity.
Registering with these organisations should help reduce the number of unsolicited communications you receive, but unfortunately will not prevent illegal or poor practice (though both can be reported to the Information Commissioner’s Office). If you are registered with TPS, for example, and receive an unsolicited call, the first thing you should do is ask the caller if they know you are registered with TPS. It may be that you do have an existing relationship with the caller (such as an energy provider) in which case it may be legitimate for them to call you.
In the UK you should not receive any unsolicited emails, and all emails must have an ‘unsubscribe’ option on the bottom. This is covered by Privacy and Electronic Communications Regulations (PECR).
There are some organisations that act illegally (for example random dialling of domestic phones in relation to a possible accident at work, or PPI reclaim). Quite often these calls are computer-generated, and in many cases, they’re from companies operating outside the UK so that they can evade UK laws. Many spam texts ask you to text STOP or UNSUBSCRIBE if you don’t want to receive more messages. Advice is not to respond at all because your reply confirms that your number is a live one, which means it’s likely to be sold on which could mean even more spam in the future. We also recommend going ex-directory to reduce the availability of your phone number.
This information is for guidance only and does not constitute a comprehensive list of resources or legal advice. If you are concerned that your data is being used illegally or have other concerns about how your data is being used, please contact the Information Commissioner’s Office who are responsible for Data Protection in the UK.
If you have found this information useful, or would like to suggest any improvements, please let us know.