This Privacy and Data Protection Statement explains our information practices, including how we use your information, how you can update it or ways to unsubscribe. We will only collect and use information from you in line with this statement. We encourage you to read the summaries below.
East Anglian Air Ambulance is a charity registered in England and Wales Charity No 1083876, Registered Company number 04066700.
East Anglian Air Ambulance (Trading) Limited, trading as Friends of East Anglian Air Ambulance, is a company registered in England and Wales at Helimed House, Hangar 14, Gambling Close, Norwich Airport, Norwich, Norfolk, NR6 6EG – Registered Company number 04136827
Registered with the Information Commissioner’s Office Data Protection Registration No. Z3529278
This privacy statement explains our information and data protection practices, including how we use your information and how you can update it or unsubscribe. We will only collect and use information from you in line with this statement. We encourage you to read the summaries below and to click on “Learn More” if you would like more detailed information on a particular topic.
If you would like this privacy statement in print format, please contact us or call 03450 669 999. We may make changes to this statement from time to time. If we do so, we will post the changes on this page, and they will apply from the time we post them.
This statement was last changed on 01/11/2022.
When you browse our website, visit and contribute on our social media pages, or communicate with us, we collect certain types of information (explained in full below).
The more information we have, the more efficiently we can operate and the more funds we can direct to saving lives. It is important that you read the full statement to understand what information we hold, how we may use it, and what your rights are. Briefly,
- We collect data to help us operate effectively and to provide you with the best experiences possible from interacting with East Anglian Air Ambulance. You provide some of this data directly, for example in completing forms online, emailing, donating, and talking to us.
- We collect information to provide services or goods, information, fundraising for our lifesaving work, administration, research, to better understand our supporters, and for the prevention/detection of crime.
- In some cases, we may undertake specific research to help us communicate with our supporters better, such as examining financial or other indicators.
- On our website we endeavour to keep personal information secure by using SSL technology (‘Secure Sockets Layer' which is a standard security technology for establishing a safe link between a two computers).
- We will use your information for our own marketing purposes, where we have your permission.
- We will never sell or share your information with any other organisation for marketing purposes.
- We only share data where we are required to by law or with carefully selected, trusted partners who work on our behalf.
- We will only keep your information for as long as is necessary or according to law.
- Some information is collected automatically when you visit our website. Our website collects information on site use including cookies and analytics. Please read our website Terms & Conditions for more information.
Please read the full statement below so you have all the details you need or contact us if you have any queries. Together we save lives.
We will only ever collect the information we need to deliver our charitable objectives – including data that will be useful to help improve our services. We collect two kinds of information:
- Personal information such as name, postal address, phone number, email address, date of birth (where appropriate and/or legally required), or other information about you that you have chosen to share with us.
- If you contact us, we will ask for your name and preferred contact details (such as phone number, email address or postal address). We may ask for more information, but we will only ask for the information we need to help you with your enquiry.
- If you sign up for any of our newsletters or email communications, we will ask for your name and email address. We will also give you the option to tell us your postal address, and to tell us if you would like us to send you additional communications about news or events that might interest you.
- You can control your communications preferences at any time by updating your preferences via our website, downloading a form online and returning it to us, by email to firstname.lastname@example.org or by calling our Supporter Engagement Team 03450 699 999.
We will only contact you if you have given us specific consent (for example the ‘tick boxes’ on our website and other forms that we use, see preferences on our website for how to opt in and out of various communications) or where there is ‘legitimate interest’.
Legitimate interest is a term used by the Information Commissioner’s Office (ICO) to ensure that our needs and your needs are looked at in balance and decisions to process data, or contact you, are only made when there is good reason for us to do so.
We will manage, use, and store the information you give us securely, in line with the Data Protection Act 1998 and General Data Protection Regulation 2016.
We will use the information you provide to:
- Communicate with you our supporters (customers)
- Provide you with information that we think may be of interest to you such as communications about our lifesaving missions, products and services, and fundraising
- Process payments, deliver products and communicate with you about orders
- Administer your lottery membership, event registration, donations, and gifts in wills
- Administer volunteer records
- Carry out surveys, in-house research and learn more about our supporters to help us gain a better understanding and to enable us to improve our service to you. This research may be carried out internally by our employees or we may ask another company to do this for us
- Record any contact we have with you
- Prevent or detect fraud or abuses of our websites and enable third parties to carry out necessary functions on our behalf.
- Some data investigations we undertake may be for due diligence for donors, to meet UK money laundering regulations. You can review EAAA’s Supporter Promise and you can request a copy of our Fundraising Policy.
GDPR legislation, which is regulated under the Information Commissioner’s Office – ICO, protects your rights. We will consider any right you wish to exercise and do our best to comply. These rights fall into the following categories:
Your right to be informed
We will keep you informed of how we use your data, why we use your data, and only act in accordance (unless legally required otherwise) with your preferences where you have made them known.
Your right of access
This is your right to see all the data we (or any other organisation) hold on you and is called a ‘subject access request’. This means you can ask us to share with you a copy of all the data we hold on you, such as current and past addresses, your donation history, and any other personal information we may hold.
Your right to rectification
If we have incorrect information about you, we must put it right including updating third parties who are processing on our behalf where possible. We will comply with these requests as quickly as we can and confirm with you that we have done so. They may take up to 28 days to take effect if, for example, you have changed your address, but our mailing house has already run the latest mailing of our newsletter.
Your right to erasure
You have the right to be removed completely from our database, erasing all history of contact. We will consider any request to erase personal information and will keep minimum data to ensure we can identify you so that we do not contact you again. This would fall under ‘restricted processing’ (see below).
Your right to restrict processing
When processing is restricted, we are permitted to store your personal data, but not further process it. You can retain just enough information about the individual to ensure that the restriction is respected in future.
Your right to data portability
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
Your right to object
Individuals have the right to object to:
- processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- direct marketing (including profiling); and
- processing for purposes of scientific/historical research and statistics
In other words, you have the right to object to or ‘opt out of’ us processing your data in any way you choose, though we hope you will let us know your preferences so that we can comply with your requests/preferences without you having to object.
Your rights in relation to automated decision making and profiling
Individuals have the right not to be subject to a decision when:
- it is based on automated processing; and
- it produces a legal effect or a similarly significant effect on the individual.
We must ensure that individuals are able to:
- obtain human intervention.
- express their point of view; and
- obtain an explanation of the decision and challenge it.
This would include processing such as profiling and screening. We have explained that in more detail below. You can opt out of automated processing at any time by contacting us.
Your right to complain
You also have the right to complain. Please visit the making a complaint section on our website for details on how to do this. For any data protection or use of your personal data related complaints please contact EAAA in the first instance. We will thoroughly investigate the complaint and come back to you with a response.
If your complaint relates to information under the Data Protection Act or GDPR (General Data Protection Regulation) and you are not happy with our response it may then be referred to the Information Commissioner’s Office (ICO).
Find out more details about your rights related to Data Protection from the Information Commissioner’s Office (ICO).
EAAA have officially achieved a Cyber Essentials Plus accreditation, meaning our charity has protection in place to guard against the most common cyber threats. This also means we are a safe haven for the receipt of confidential patient data from across the region. In the future it will allow our clinicians to obtain a significant amount of outcome information on our patients, something they don't often get to find out.
- To raise the money, we need every year to keep our Helicopter Emergency Medical Service ready to respond, EAAA undertakes a wide range of marketing activities to reach new and existing supporters, and donors.
- You may receive information from EAAA about the goods or merchandise we provide (such as our Christmas card range), fundraising appeals, activity and events, information about our missions and the other work we do that is part of our charitable mission.
- You may, at any time, opt out of receiving information from EAAA, and we aim to make your preferences as easy to manage as possible so you can keep receiving the information you want. We will never give, sell, or exchange your information with other organisations for marketing purposes.
- If we contact you by email, every email message we send will always include a link to unsubscribe and opt out of receiving future messages if you wish.
- If we contact you by other means, you can again change your preferences and opt out of any communication method by contacting us by post, email email@example.com or phone 03450 669 999 or updating your choices via our website www.eaaa.org.uk/preferences.
We respect your right to choose how we contact you and what information we send you – please let us know your preferences. To update your preferences or unsubscribe from any communications, please visit www.eaaa.org.uk/preferences or contact us.
EAAA will never sell or share your information with any other organisation for commercial purposes.
We will only share your information:
- if we are required to do so by law
- for our partners to provide services we cannot deliver, such mailing houses, IT specialists and research firms. We only choose partners we can trust who abide by the requirements of the Data Protection Act and after completing appropriate due diligence
- if we believe it is necessary to protect or defend our rights, property, personal safety of our people or visitors to our premises or websites.
In line with best practice, your information is stored by EAAA on computers located in the UK and on data servers within the EU. We may also store information hard copy or paper formats, which is stored securely.
We place great importance on the security of all our supporters’, customers’, and patients’ data. We have security measures in place to protect against the loss, misuse, and alteration of personal data under our control. Only authorised personnel may access user information and we use secure sockets layer (SSL) software to encrypt financial and personal information you input before it is sent to us.
While we cannot ensure or guarantee that loss, misuse, or alteration of data will not occur while it is under our control, or where it is transmitted across the internet, we will do our utmost to protect the security of your information.
Where we have provided a password enabling you to access specific parts of our websites, it is your responsibility to keep this password confidential. We advise you not to share your password with anyone.
We will keep your information only for:
- as long as we need it to provide you with the goods, services or information you require
- to effectively manage your relationship with us
- comply with the law
- to ensure we do not communicate with people that have asked us not to.
When we no longer need information, we will always dispose of it securely. Please contact us if you would like to know more about our Data Retention or Information Governance Policies.
We are required by law to keep some information for a specified time, such as your Gift Aid Declaration which we must hold for six years.
When you support us with a donation or by playing the lottery or raffle, we will also keep your details for a reasonable time to ensure we have the records on hand should you have any query in the future.
We also keep basic information on file for suppression purposes, for example to ensure we can exclude you from future contact.
For further details on how we retain, archive and destroy data please see EAAA’s Data Retention Policy.
We use two services, Dotdigital and Campaign Monitor, for our automated email systems, and this system monitors the site. They will only track users clicks if you have accepted cookies.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
Data profiling and screening
To make sure that we send you the right information, and that we advertise in the right places to reach more people like you who care about our lifesaving work, EAAA may sometimes undertake data profiling and screening.
Data profiling is the process of examining our database of information on our supporters and collecting statistics or informative summaries about that data. You have the right to opt out of this at any time. To opt out please contact us, or you can email firstname.lastname@example.org.
We may use the data you provide to help us to understand your interests, so we can try to analyse and predict what other activity, products, services and information you and others like you might be most interested in and not send offers or information that is not of interest. This enables us to tailor our communications to make them relevant and interesting for you. We may also combine this with information held in the public domain. If you do not want us to process your data in this way, it is easy to opt out – just contact us.
We may also match group data against other external databases to understand more about our supporters and their habits or attitudes as a group. For example, knowing what newspapers are most read by our supporters helps us identify where to advertise to find more people like you, who care about our lifesaving work.
By allowing EAAA to profile your data, we may understand more about you as individuals and as a group. This helps us to spend cost-effectively on fundraising and make the best possible use of your generous donations. You can opt out at any time.
Data screening is where we match your details against another database to ensure we are up to date. Examples of this could be the National Change of Address database (NCOA) from Royal Mail (which uses data from their redirection service), helping us to keep in touch with you if you have moved recently and given your permission for this information to be shared. Another example is screening against a database of the recently deceased. We know that sending mail to a recently deceased member of the family can be distressing; by running this data matching service we can reduce the possibility of EAAA contacting someone who has passed away. This screening is only effective if you have officially notified a death.
By allowing EAAA to screen your data, we will be able to reduce the number of wasted letters and newsletters sent to supporters who have moved or passed away. It will help us to spend our money wisely, making sure that even more of the donations we receive can go towards our lifesaving work. You can opt out at any time.
Wealth screening and prospect research
Wealth screening is where we use external information sources and compare our data with external data, using specialist agencies, to understand your financial position. EAAA has limited expertise and resources to carry out all this work in-house and may wish to use an agency to compare our data with publicly available information. You can opt out at any time.
Prospect research is where we do this manually, through reading media articles and referencing other publicly available information. This can help to identify people that are likely to have an affinity with our cause and understand better the type of relationship that they might prefer to have as part of their philanthropic giving.
We may undertake individual prospect research where we believe there is a reason to do so, and we will be in contact with you as soon as is practically possible and feasible to ensure you are fully informed of any data, we hold about you. We will use Legitimate Interest as the legal basis for processing this kind of data, so we need to make sure that your interests are examined in balance with the charity’s. Care will be taken when undertaking research to ensure that the sources of publicly available information that we use are assessed against your reasonable expectations to ensure that only relevant personal data is captured. You can opt out at any time.
Why might we want to do this?
Wealth screening and prospect research helps EAAA to understand our supporters and donors better so that we can tailor our communications and relationship with you. We might do this by looking at the information we have regarding your history and engagement with us, how and when you have supported us in the past, the method of past giving and what message or communication initiated the gift. If you have already shown an interest in supporting EAAA, or we are made aware of another reason why a relationship between you and us may be beneficial, it helps us to understand how you might be able to help before we approach you.
From time to time the Charity carries out research and data cleansing to ensure individuals are not inappropriately contacted either due to lack of interest in the cause, incomplete preferences, or at a significantly higher financial level than it appears they could typically afford. The information we discover will not be used in a way that would be deemed ‘unreasonable’.
By doing this we minimise the potential of our research activity resulting in inappropriate contact. By being able to better understand existing supporters and potential new donors, we can be more cost-effective in our work – sending out appropriate, tailored communications that are more likely to be welcomed, rather than a ‘one size fits all’ approach.
If you are not happy for us to include your details if we undertake any screening or research, please let us know. If we undertake research on individuals that we then decide to contact, we will let you know what data we have collected as soon as is practical. We will ask for your preferences at this time and comply with your wishes.
To manage what information you receive from us, please visit our preferences section on the website. If you have any queries about data privacy, how we store or use your data, have any questions or concerns about this Privacy Statement, or would like to receive a printed version please email: email@example.com or telephone our Supporter Engagement Team on 03450 669 999.
The following is for information purposes only and does not constitute part of our privacy statement.
What is data protection?
Data protection is about protecting people from the misuse of their personal information.
Data protection legislation aims to prevent harm to those individuals that businesses, charities and government process data about by creating legal responsibility for keeping the information as safe as possible.
Fundraising, for example, is a vital operation for EAAA, for which collecting information to build and expand our list of supporters is a perfectly legitimate objective. However, to prevent harm to those supporters, we need to ensure your information is not misused, does not fall into the wrong hands and that (where appropriate) individuals consent to their information being used in this way. Any charity you support or organisation you do business with, should have clear data protection, information governance and privacy policies – as EAAA does.
Like EAAA, organisations will use your data to help promote their business or charity, or provide services and information. You have rights over your personal data, and organisations will ask you what you want from them by collecting your preferences. These preferences can be collected by phone, email, website, letter, or face to face. It is vitally important that organisations collect and store your preferences, and let you know what they want to do with your data and why.
For any organisation to grow its customer or supporter base, it will need to contact more people. There are many ways they can do this, for example advertising on television or radio, in newspapers or on websites; they can also buy data from legitimate data providers. These may be your full address and contact details, or just email addresses, but the important thing is that your data cannot be sold to an organisation unless you have given permission for that to happen.
An example of how EAAA might buy the names of new people to contact is from survey collection. An online survey company may ask a series of questions (offering a prize or other incentive for completion) and one of the tick boxes in the survey could be ‘Do you want to hear about the work of East Anglian Air Ambulance’ and if you tick yes, then you have given your permission for us to contact you, via the survey company.
If you receive a piece of unexpected mail, email, or telephone call, you can ask where your details came from.
Your details may also be published publicly, and organisations can use this information for reference purposes (for example data screening and profiling). Some of these information sources are free to access, others may require membership, a subscription or other fee. Your details may appear in any number of publicly available sources such as:
- Aircraft Registry
- Companies House
- The Charity Commission
- The Electoral Register (you can opt out of the ‘open register’)
- The UK Ship Register
- Who’s Who
Other sources may be compiled, such as business guides (e.g. Dun & Bradstreet in the UK, or Hoovers internationally) and The Times Rich List. There are also organisations that specialise in screening, and they will use lots of different publicly available resources to compile multiple levels of data on an individual.
The internet also holds millions of personal details, some secure, some public. As well as search engine results identifying individual details such as social media pages, personal websites and blogs, information may also be compiled into public reference information such as Wikipedia.
Most contact that you will receive will either come from data where you have given your permission either directly or to a third party. In the past the sharing of your data may have been an ‘opt out’ tick box on a form or website, so not ticking the box assumes you do not mind sharing. In this case you just need to review your permission with whoever has your data.
In the first instance, you need to contact the organisation and ask where they got your details from, and then you can ask to have your details removed. For example, when EAAA buys new data, we only use agencies that provide details on individuals who have given explicit permission for their data to be shared. If we are contacted and asked not to contact someone again, we make sure that we identify this on our database (so that we can make sure we never contact them again) and tell them where and how we acquired their data and, if it is from a third party, who to contact.
If you receive unwanted phone calls and mail, there are three main services that will help you manage this:
The Fundraising Preference Service (FPS): is the free service, managed by the Fundraising Regulator, that helps supporters and donors to end contact with charities they no longer want to hear from. It is the UK's only official service that helps you manage the contact that supporters and donors receive from all registered charities in England, Wales and Northern Ireland.
More details on the FPS can be found on their website
Telephone Preference Service (TPS) is the UK’s only official ‘Do Not Call’ register for landlines and Mobile numbers. It allows people to opt out of unsolicited live sales and marketing calls.
It is free and quick to register a telephone number. Doing so will reduce the number of unwanted sales and marketing calls people receive. If a number is registered with the TPS/CTPS, organisations (including charities) are legally required – by the Privacy and Electronic (EC Directive) Regulations 2003 – to refrain from calling it. In the UK, the Information Commissioner’s Office enforces the law and has power to fine organisations that break it.
Organisations are required to screen against TPS/CTPS at least once every 28 days,
Donors and supporters can visit the TPS website or call 0345 070 0707 for more information.
Mail Preference Service (MPS) is a free service which enables people to have their names and home addresses in the UK removed from lists used by companies and organisations. The MPS will prevent the receipt of unsolicited direct mailings sent from member companies of the Data & Marketing Association and we will take steps to prevent the receipt of unsolicited direct mailings from companies which are non-DMA members.
It will not stop mail that has been sent from overseas, un-addressed material or mail addressed to The Occupier. People who register can expect to continue to receive mailings from companies and organisations with whom you have done business in the past. If a supporter or donor wishes these mailings to be stopped, they must notify EAAA directly. It will take up to 4 months for the Service to have full effect.
Visit the MPS website or call 0207 291 3310 for more information.
Registering with these organisations should help reduce the number of unsolicited communications you receive, but unfortunately will not prevent illegal or poor practice (though both can be reported to the Information Commissioner’s Office).
If you are registered with TPS, for example, and receive an unsolicited call, the first thing you should do is ask the caller if they know you are registered with TPS. It may be that you do have an existing relationship with the caller (such as an energy provider) in which case it may be legitimate for them to call you.
In the UK you should not receive any unsolicited emails, and all emails must have an ‘unsubscribe’ option on the bottom. This is covered by Privacy and Electronic Communications Regulations (PECR).
There are some organisations that act illegally (for example random dialling of domestic phones in relation to an accident at work, or PPI reclaim). Quite often these calls are computer-generated, and in many cases, they are from companies operating outside the UK so that they can evade UK laws.
Many spam texts ask you to text STOP or UNSUBSCRIBE if you do not want to receive more messages. Advice is not to respond at all because your reply confirms that your number is a live one, which means it is likely to be sold on which could mean even more spam in the future. We also recommend going ex-directory to reduce the availability of your phone number.
This information is for guidance only and does not constitute a comprehensive list of resources or legal advice. If you are concerned that your data is being used illegally or have other concerns about how your data is being used, please contact the Information Commissioner’s Office who are responsible for Data Protection in the UK.
If you have found this information useful, or would like to suggest any improvements, please let us know.