Privacy Policy

This privacy policy will explain how our organisation collects, store and uses your personal data we collect from you

Contents

• How do we collect your data? 
• What data do we collect?
• How will we use your data?
• Sharing your personal information
• How long we keep your information
• How do we store your data securely?
• Cookies
• How to change the way we contact you
• How to contact the appropriate authorities
• How to contact us
• Last updated

This privacy policy also explains when we are acting as Data Controller or Data Processor in relation to your personal information, and what this means when engaging your rights under the Data Protection Act 2018.

How do we collect your data?

• We collect your personal data in the following ways:
  When you interact with us/directly from you: Such as submitting an enquiry through our website, interact with Pilotlight through the organisation you work for, share your information with us at an event, make a donation to support our work. For example, if you register your interest or get in touch with us regarding any of our programmes or online through a form on our website.
• When you interact with third parties: From time to time, you may be interacting with Pilotlight indirectly through one of our trusted third party organisations. This normally comes to us via organisations such as your employer or the charity partner we are working with as part of a programme delivered by Pilotlight.

While Pilotlight remains responsible for how we process your personal data and the third party organisations used are GDPR compliant, Pilotlight cannot and will not be responsible for how they process your personal data. 

In order to ensure that our communications are appropriate and tailored to you, we may also gather personal data that is publicly available to build up a better picture of you and your interests. This might include collecting demographic and behavioural data on digital platforms so we can consider how best we can work together. To do this, we would carry out research that may involve the use of third party organisations to provide us with data and might gather publicly available data. 

• Via social media: If you engage with us on social media, you might give us permission through interactions on the relevant site to process your personal data from those accounts. The data that we are given access to will vary according to the social media site but will always be in line with the terms of that service.
• When you visit our website: We gather data and insights from our website that may include information such as which pages you visit or how long you spend reading a page. This data helps us to improve your online user experience. Please see the Cookies section below for more information.
• When your information is available in the public domain: We may also collect or receive information about you from other sources, including public sources to understand more about you. By understanding more about you, we are able to ensure that our communications are tailored and relevant to you. The public sources we use may include, Companies House, the Charity Commission of England and Wales, the Scottish Charity Regulator, social media sites and the media. 

What data do we collect?

The personal data that we collect will depend on how you interact with us and the purpose for collecting your personal data.

If you are a participant in one of our programmes and either enquired directly or been referred to us by your employer/organisation then we are a Data Processor of the following information:

• Identity and contact information such as your name, telephone number and email address.
• Employment details of your current employer and job title, along with a summary of relevant skills for a programme delivered by Pilotlight.

If / when you then decide to move forward and we engage in a project or programme then we become the Data Controller of this information – as outlined below.

If you are one of our Programme participants we are the Data Controller and we collect:

• Identity and contact information such as include your name, postal address, email address, telephone or mobile number, email address, photographic ID, date of birth, gender, ethnicity, sexuality, disability and social mobility.
• Health information relating to your role and any reasonable adjustments that may be relevant.
• Employment history details of your current employer and job title, along with a summary of relevant skills for a programme delivered by Pilotlight and feedback from participating charities.

We use this information to comply with the terms of any contract with you to seek out and arrange Participant opportunities, to fulfil our legal obligations as a registered charity and to pursue our legitimate interests in arranging, monitoring and evaluating programme/s delivered by Pilotlight.

If you are applying for a job with us, we are the Data Controller of your personal data. We collect:

• Identity and contact information such as include your name, postal address, email address, telephone or mobile number, email address, photographic ID, date of birth, gender, ethnicity, sexuality, disability and social mobility.
• Financial information relating to your employment, such as your bank details, taxpayer status, salary and employment benefits.
• Health information relating to your role and any reasonable adjustments that may be relevant.
• Employment history such as references from your previous roles, and performance reviews of your time with us.

We use this information to comply with the terms of your employment contract and to fulfil our legal obligations as an employer.

We work with third parties to fulfil our legal obligations and for key functions such as recruitment, HR and payroll processing. 
If you are a visitor to our website, we disclose all the Cookies that are collected during your interaction on our website, please refer to this page to find out more.

How will we use your data?

We will always make sure we have a lawful basis for processing your personal data, these will include:

• To fulfil our administrative purposes which might include activities such as keeping records of your relationship with us, document any complaints or feedback, contact you with regards to your query or contract with Pilotlight, process donations or payments etc. 
• To carry out wider Pilotlight work which might include activities such as the processing of your interaction and relationship with Pilotlight to inform future planning, carry out research on organisations and individuals who Pilotlight could work with in the future, to apply for funding from private or public sources, conduct due diligence on current and prospective customers. 
• For direct marketing to conduct analysis and ensure that our website, services and information that we provide is accurate and relevant to our audiences, also to measure the effectiveness of our marketing communications to you, such as by telling us if you have opened an email we sent you. 
• To comply with the law – we have a number of statutory and regulatory obligations that we must fulfil and that requires us to have the right compliance records in place.
  We are legally required to comply with regulations put in place by governing bodies and so we will from time to time be obliged to pass on personal data. These governing bodies may include: HMRC, the Charity Commission of England and Wales, the Scottish Charity Regulator and Companies House.
• To fulfil our or a trusted third party’s legitimate interests – we are a charity and you can find a copy of our charitable objects on the Charity Commission website here - https://register-of-charities.charitycommission.gov.uk/en/charity-search/-/charity-details/1059660/governing-document. We will ensure that out legitimate interests do not override your rights or the rights of a third party.

We work with businesses, charities and individuals to achieve those aims and it is therefore sometimes necessary to collect and use personal data to achieve those objectives. We do not carry out unreasonable processing, where it is more than necessary to achieve those objectives or where the of use your personal data would cause you harm.

On a practical basis, this allows us to carry out functions such as handling complains or queries, looking at ways in which we can improve our services and gathering intelligence about the success of the programmes delivered by Pilotlight .

• Consent – in some instances we will process your personal data where you have provided consent. However, this is likely to be very minimal and occur where you have positively opted in to marketing communications. Consent can be withdrawn at any time and most of the information we collect is necessary, for the reasons set out above.

If you wish to change your communication preferences, please contact us and allow one month for your request to be processed.

Where possible, we anonymise the data involved so that we can use statistical information without needing to keep a record of any information which identifies you.

Your data protection rights

Under UK data protection law, we must have a lawful basis for collecting and using your personal data. There is a list of possible lawful bases in the UK GDPR, more information available here https://ico.org.uk/for-the-public/. 

The lawful basis for processing your data may affect your data protection rights which are:

• Your right to be information – to know when, how and what information we hold about you and the ways in which it is used.
• Your right of access - you have the right to ask us for copies of your personal data.
• Your right to rectification - you have the right to ask us to correct or delete your personal data you think is inaccurate or incomplete. 
• Your right to erasure - you have the right, in some circumstances to ask us to delete your personal data.
• Your right to restriction of processing - you have the right, in some circumstances, to ask us to limit how we use your personal data.
• Your right to object to processing - you have the right, in some circumstances, to object to your data being processed.
• Your right to data portability - you have the right to ask that we transfer personal data you gave us to another organisation, or to you.
• Your right to withdraw consent - you have the right to withdraw your consent for us to process your personal data at any time, where we are relying on consent as the lawful basis for using your personal data.

If you make a request, then we must respond to you within one month. To make a data protection request, please contact us using the contact details used in this Privacy Policy.

Sharing your personal information

Sometimes we will share your personal data with trusted third parties in order to carry out our work, fulfil our obligations to you or work as efficiently as possible. When we share your personal information we will share it with trusted third parties who act as Data Processors on our behalf, with a lawful basis for doing so and in accordance with the law. We share it with them so that they can perform services on our behalf as instructed and there will be a contract in place which will require them to comply with UK law on data protection ensuring that they have adequate systems in place to protect the security of your personal information.

We may on occasion provide your data to digital advertising agencies or social media who work on our behalf such as Facebook, Instagram, X (formerly Twitter), LinkedIn so that we can reach more people like you. You are able to change your preferences directly through the specific social media website or app if you would like your data to not be included.

We may be required to disclose your personal information under our legal obligations to regulatory bodies such as HMRC for processing Gift Aid claims.

We will not sell your data to any third parties.

How long we keep your information

We have your best interests at heart and so will not store your data for longer than required for legal requirements, regulatory or business needs therefore we will securely store your personal data for as long as it is reasonably necessary to fulfil the purpose for which the data was collected for, including for legal, accounting or reporting purposes. 

Here are some examples of retention periods: 

• Data collected for marketing purposes will be stored until you withdraw consent. After a period of a year of inactivity you will no longer receive communications from us but for relationship management purposes your marketing history with us will still be stored. 
• Financial data that has been collected in the donation process, we will store your data for as long as legally required. For example, HMRC requires us to keep all data related to Gift Aid claims for a minimum period of six years following the end of the tax year that the donations was made in where Gift Aid was claimed.

We regularly and no less than every five years carry out a review of the information we hold and carry out a process of deleting data that is no longer required according to the legal basis for processing your data.

Please do get in touch with us if you have any further questions.

How do we store your data securely?

We make sure that appropriate physical, technical and human controls are in place to ensure we take good care of your personal data.

The transmission of personal data over the internet is never guaranteed to be completely secure and as a result, we strive to protect your personal data but Pilotlight cannot guarantee the security of the personal data that you transmit to us, thus you do so at your own risk. We will make every effort to ensure the safety and security of our systems, and those of our partners who work on our behalf. 

All staff who have access to your personal data have received GDPR training so they understand the importance of keeping your information safe and secure at all times. We have put in place internal policies and measures to support them in this.

We ensure that additional controls are in place for financial, sensitive and special categories of personal data (for example information about health or religion), which meet regulatory and legal requirements for managing these types of information.

We do not transfer your personal data outside the UK / EU. We make sure there are appropriate safeguards in place to make sure your personal data and rights are still protected.

Cookies

For more information on how we use Cookies, click here.

How to change the way we contact you

If you would like to change your communication preferences or unsubscribe from communications with us at any time then please let us know by submitting this form.

How to contact the appropriate authorities

The ICO’s address:           
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint

How to contact us

If you make a request, we typically have one month to respond to you. If you would like to exercise any of these rights, please contact us:

Email: [email protected]

Call us at: 02080 012 636

Or write to us: 5th Floor, 14 Bonhill Street, London, EC2A 4BX

Last updated December 2024.

From time to time, we may make changes to this policy, please always refer to the latest version on our website.  Any changes made will apply from the date the Policy is updated on this page and will govern the way in which we collect and process personal data.