Privacy Notice

1. Introduction

Online Giving Ltd. and its affiliates, subsidiaries and related entities (“Enthuse” or “we”, “our”) are committed to protecting and respecting the privacy and security of the personal data we collect about end customers, potential customers and users of our services (“you/your”).    

The purpose of this privacy notice is to explain what personal data we collect about you when you use our services or when we conduct marketing campaigns and how we will use the personal data. 

We are the controller for the purposes of the UK General Data Protection Regulation (“UK GDPR”). Unless otherwise stated in this privacy statement or as part of the donation process, we will determine why and how personal information is collected and used.

2. Customers and end users

If you use this site or the Enthuse Platform to make a payment to a charity, your personal data will also be provided directly to that charity and/or our client (for example, a professional fundraiser) who has licenced the Enthuse Platform for the benefit of a charity. Once passed to the charity or client, they also become a controller of that personal data and determine their own means and purposes for its use. Please make sure you carefully read and understand the charity’s and/or the client’s privacy policy (as applicable) and the way in which each party will use your personal information (including the ways and purposes for which they may contact you).      

This site contains links to third party websites that have their own privacy policy. You should make sure you carefully read and understand the third parties’ privacy policy before you submit any information on the website.     

3. Personal information we may collect on this site and how we use it 

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR). We are also subject to the EU General Data Protection Regulation (“EU GDPR”) in relation to goods and services we offer to individuals in the European Economic Area (EEA). We will collect personal data in the following circumstances:

Clients (including Charities) who register to use the Enthuse platform to support their fundraising strategy    

When an organisation (including a charity) registers with us as a client to licence our fundraising platform from us, it may provide or we may request personal information about its employees, directors or trustees of the charity. Such information may include an individual’s; name, title, address, email address, personal images, job title and telephone number.

We will use this personal information to manage our relationship with the relevant organisation and perform our contractual obligations, including to notify the charity of any changes to the services and as part of our procedures to keep the Site safe and secure.

As a FCA regulated entity, we are also under a legal and regulatory obligation to carry out Anti Money Laundering (AML), Know Your Customer (KYC) and service background checks on the charity, its directors and potentially board members, this will involve using the personal information provided to carry out these checks. In some circumstances we may use a third-party supplier to carry out these checks for us. Our appointed suppliers will only use the personal information for the purpose of carrying out the background checks and searches that we request.

When processing this information, we rely on the lawful bases of performance of a contract, legal obligation and legitimate interests.

Individuals who open an account on the Site for the purpose of making a donation or fundraising    

In order to use our site and make a donation or fundraise, you will need to register an account or use the guest checkout feature. As part of the registration process you will be asked to provide personal data. When we request information as part of the registration process, we make it clear where the provision of information is required by law and where it is voluntary.

We may collect this personal data directly from you when you create an account or use the guest checkout feature or you may choose to register on our Site using valid social media login details, such as Facebook or Google. We may also collect personal information when you correspond with us by phone, e-mail or otherwise.               

The personal information we collect may include first name, last name, address, e-mail address, phone number and card payment details. If you are eligible for UK Gift Aid, you may also provide your UK domicile address as this may be different from your billing address.

We use this information to:

  • – manage your account with us, make the payments to your chosen charity or to respond to your queries or comments;
  • – perform any contract or other transaction we enter into with you;
  • – provide, activate, manage and support our products or services;
  • – notify you about changes or updates to our sites, products, or services;
  • – operate, evaluate and improve our business (including enhancing and personalising our sites, services, products and communications; developing new sites, services and products);
  • – perform data analytics for internal research or other business purposes;
  • – respond to your enquiries, requests, or other comments;
  • – our initiatives such as diversity and inclusion initiatives;
  • – detect fraud, investigating suspicious activity (e.g. violations of our Website Terms) and otherwise keep our sites safe and secure; and/or
  • – comply with our legal or regulatory obligations.

In addition, if you have given us telephone instructions or e-mail instructions, we will write to you to confirm your donation. We are required to do this by the Charities Commission for England and Wales.    

We will retain account information to make it easier for you to donate to charities in the future. We do not use your personal information for any other purpose and will not sell an account holder’s personal information under any circumstance.    

If you sign up for an event using the Virtual Journey feature, your personal data will not be shared with the map provider, but you agree to your location being marked on the event map at intervals during the event.  If you decide to start your journey in the physical world too and you participate in a group challenge, only your team members will be able to see your location if you are uploading it to the map.

When processing this information, we rely on the lawful bases of performance of a contract, legal obligation and legitimate interests.

4. Cookies

We use cookies to distinguish visitors to the Site. This helps us to provide a better user experience when our website is browsed. Cookies also allow us to assess a visitor’s use and journey through the site, we use this information to improve our site and its functionality. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie policy at www.enthuse.com/cookies/.

5. Disclosure of personal information

We may share personal information with selected third parties including:

Our suppliers. We use third party suppliers for the provision of our services such as for cloud storage and payment processing. Our suppliers will only use individual account holder personal information in accordance with our instructions and to provide services on our behalf.

Charities. We may share your personal data with charities that are registered with our site for fundraising and that you choose to donate to. When we do so we ensure that your data is shared in a secure and safe manner.    

For further information about cookies, please refer to Enthuse’s cookie policy www.enthuse.com/cookies/.

Payment gateways and merchant providers. When an account holder makes a donation, we are required to disclose certain information to payment providers to process the transaction. The information shared with the payment providers will only be used for the payment and will not be stored or used for any other purpose.

We may disclose your personal information to third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our terms of use; or to protect the rights, property, or safety of Enthuse or our users. This includes exchanging personal information with other companies and organisations for the purposes of fraud protection and credit risk reduction.     We may also disclose your data in connection with a corporate transaction, for example, to third parties that may be interested in purchasing our business or assets. If we or substantially all of our assets are acquired by a third party, then your personal information may be transferred as one of the transferred assets.      

6. Marketing

We may collect your basic contact details such as name and email address for the purposes of direct marketing. When we do so we rely on the lawful basis of legitimate interests. We collect contact details either directly from you or from publicly available sources in order to inform you of products we think you may be interested in.

7. How and where we store personal information

We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.

At the end of the retention period, your personal data will be securely deleted or anonymised, for example by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning. It is unlikely that we’ll ever share your personal data outside the UK, European Union or European Economic Area. If, however, it becomes necessary for the purposes of providing our services to you, we will only share it with organisations in countries benefiting from a European Commission adequacy decision or on the basis of Standard Contractual Clauses approved by the European Commission which contractually oblige the recipient to process and protect your personal data to the standard expected within the UK.

8. Security

We have implemented appropriate technical,  organisational and security measures to protect personal information and all personal information we store is held on our secure servers and is encrypted.    

When we receive confirmation of your online donation we do not have access to your full card details. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our site and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.    

9. Your responsibilities

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone and to notify us in the event you become aware that someone has had access to your password.

10. Your rights

You have the following rights in respect of your personal data:

  • You have the right of access to your personal data and can request copies of it and information about our processing of it.
  • If the personal data we hold about you is incorrect or incomplete, you can ask us to rectify or add to it.
  • Where we are using your personal data with your consent, you can withdraw your consent at any time.
  • Where we are using your personal data because it is in our legitimate interests to do so, you can object to us using it this way.
  • Where we are using your personal data for direct marketing, including profiling for direct marketing purposes, you can object to us doing so.
  • You can ask us to restrict the use of your personal data if it is not accurate; it has been used unlawfully but you do not want us to delete it; we do not need it anymore, but you want us to keep it for use in legal claims; or if you have already asked us to stop using your data but you are waiting to receive confirmation from us as to whether we can comply with your request.
  • In some circumstances you can compel us to erase your personal data and request a machine-readable copy of your personal data to transfer to another service provider.
  • You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you wish to exercise your rights, please contact us at [email protected].                

Filing a complaint: If you are not satisfied with how we manage your personal information, you have the right to make a complaint to the UK Information Commissioner at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or online at: https://ico.org.uk/concerns/. Our site may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility for the security, collection or use of your personal information on other websites. Please consult the terms and conditions and privacy policy of the relevant third-party site to find out how that site collects and uses your information before you submit any personal information to these websites.

11. Changes to our privacy notice

This privacy notice was last updated on 7 March 2022.

Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy notice.

12. Contact

Questions, comments and requests regarding this privacy notice  are welcomed and may be sent to [email protected] or addressed to Online Giving Ltd, Office 6, 155 Minories, London EC3N 1AD.

You can also contact our Data Protection Officer, by sending an email to [email protected] or by writing to us at the address above marked for the attention of the DPO.