In preparation for the EU General Data Protection Regulation (GDPR) coming into effect on 25 May 2018, we will be making some important enhancements that will help you make the most of the information that we collect and share with you.
When we provide you with personal information about your supporters, you will be Data Controllers in respect of that information and therefore responsible for ensuring that you handle it in compliance with the GDPR.
We recommend that you seek further advice on processing an individual’s information and GDPR compliance. For starters, here’s the latest industry information.
What are we changing?
1. Consent for direct marketing
Our changes will enable you to send direct marketing by email to your supporters (covering news, appeals and promotions). You will be able to access a clear record of who has consented to receive marketing from your charity, as well as when and what they agreed to. This consent will be collected using an opt-in tick box.
We are exploring options for future enhancements so that we can collect consent for you to send marketing via multiple channels of communication. Watch this space.
2. Younger users of our site
We will be allowing anyone who is 13 or over to use Virgin Money Giving. Users younger than this will be told to ask their parent(s) or guardian(s) to register with us to help them fundraise. We will ask upfront if users are under 18 and provide 13-17 year olds with guidance on staying safe online and also restrict some features. We will tell you in the charity reporting portal if someone fundraising for you is under 18 but we will never collect marketing consent from them.
3. Access to data through our reporting portal
You will continue to have access to the information we collect about users who create a fundraising page. You will continue to see the donations you have received but will no longer see the personal information of the person who made a donation, unless they have consented to receive marketing from you. We will start removing this data from May.
There will be new fields in our charity reports giving you the date and time when marketing consent was collected and to let you know if your supporters are under 18.
We will not be collecting marketing consent or the age of a user through our APIs. We are working on future enhancements that will allow us to do this. This won’t be ready for May.
4. Data Subject Rights
The GDPR enhances existing data subject rights and also introduces new rights. As Data Controllers, both of us must respond to individual GDPR related requests. We will let you know in good time if an individual whose data we have shared with you has exercised their rights, so that you can meet your GDPR obligations.
5. Privacy notices
We will be updating our privacy notices. These will cover the sharing of information with you. You will also need to make your own privacy notices available to individuals.
When are we making changes?
We will be rolling out all of our GDPR system updates in May ahead of the regulation coming into effect, at which point we will be updating relevant parts of our online customer journey, and updating systems behind the scenes and our charity reporting portal.
We’ll be in touch again at the start of May to confirm the date these changes will take place and to let you know about relevant changes to our charity Terms and Conditions.
What next steps should you take?
You should consider whether the marketing consents collected through our site prior to the enhancements we are making in May remain valid under the GDPR. You should also make sure you have everything in place to comply with the GDPR prior to using personal information.
We recommend speaking with your trustees, Data Protection Officer (if you have one) or legal advisers if you are unsure whether or not to use any of the information we share with you.
To help answer specific questions about Virgin Money Giving’s GDPR compliance and the changes we are making in May, please see our GDPR Q&As.
If your questions are not answered by our Q&As, please email us at firstname.lastname@example.org and we’ll do our best to help you.