Privacy policy - BT MyDonate

Our privacy and cookie policy

Welcome to our privacy and cookie policy

In this policy, "we" and "our" means MyDonate.

We want you to be confident we’ll protect your personal information and respect your privacy. This policy explains how we use your personal information - what information we collect about you (including from third parties), why we collect it and what we do with it. Please read it carefully. It applies to people who use the MyDonate service, which include donors, charities and fundraisers.

This policy also applies if you don’t use the MyDonate service as a charity, donor or fundraiser, but you interact with us, such as by - responding to a survey, enter a prize promotion, call our helpdesk, generally enquire about our service or otherwise provide your personal information to us.

If you need to give us personal information about someone else in relation to our service, the privacy policy will also apply. And if we need the consent of the other person to use that information, we’ll ask you to get that consent on our behalf. We review our privacy policy regularly. It was last updated on 25 May 2018. And we’ll tell you if we change the policies, as set out here.

We’ve included a glossary which explains the meaning of any technical terms we use.

Who are we?

MyDonate is a no commission, online fundraising service for UK based charities to raise money using BT’s own end to end payment processing system. The Service includes the operation of the MyDonate website, the collection of charity donations, management of the collection of Gift Aid from HMRC, and transfer of funds via BACS to the charity’s designated bank account.

The MyDonate service is run by British Telecommunications plc.

What’s not included?

This policy doesn’t apply to the information we hold about companies or organisations. It tells you how we use personal information but doesn’t create a contract with you.

It also doesn’t apply when your personal information is passed on to your chosen charity, your information will be handled by them in accordance with their privacy policy.

You can link to third party websites from our website. This privacy policy doesn’t apply to the use of your personal information by those third parties. And it doesn’t apply to personal information a charity or fundraiser makes available on their fundraising page, that is their responsibility, and their privacy policy (if applicable) will apply.

It also doesn’t cover the collection and use of your personal information practices by other companies and organisations that advertise our products and services and that use cookies, tags and other technologies to serve and offer relevant online advertisements to you. For information about how we use cookies on our website, please see the cookies section below.

You should review the privacy policies of those third parties before providing your personal information to them.

What we collect, what we use it for and who we share it with

What kinds of personal information do we collect and how do we use it? 

To use our service

The personal information we collect about you depends on why and how you interact with us. We’ve explained the different ways we use your personal information below.

If you don’t give us the correct information or ask us to delete it, we might not be able to make your donation or provide you with our fundraising facility service.

Charity Representatives

If you’re registering a charity to receive donations through MyDonate, we ask for your contact details and other personal information as you are making the application.  If you’re not the treasurer or finance director of the charity then we also require the same details for either the treasurer or finance director of your charity.  If either of these people gets in touch with us, we need their personal information as we may need to check their identity.
This means we’ll:

  • Record details about your charity, which will include setting up an account to enable donations to be made to your charity, and to confirm they have been received.
  • Update you on the status of your application.
  • Train our people and suppliers to provide you with assistance.
  • Undertake surveys, analytical analysis on usage of our service and research about our service for quality and improvement purposes.

We use these types of personal information to do this:

  • Your contact details and information required to validate your charity. This includes your name, address, telephone number, email address, credentials required to validate your identity and that you are a representative of your chosen charity.
  • Your payment and financial information, including your bank account details to process the donations made to your charity.
  • Your communications with us, including e-mails, live-chats, letters, survey responses and phone conversations.  We’ll also keep records of any settings or communication preferences you choose
  • Information from cookies placed on your device that we need in line with our cookie policy

Where we use this information for identity verification, training, analytics or research purposes, we do so because it is in our legitimate interests to do so.  Improving our service, making sure our people are appropriately trained and preventing and detecting fraud are in our interests of operating and managing a fundraising platform.

For all other instances, we use this information to perform our contract (or to prepare a contract) and provide our service to you.  

Fundraisers

If you’re creating a fundraising page, we ask for your contact details and other personal information to create your account. 

This means we’ll:

  • Record details about you and your fundraising event to set up your fundraising page(s).
  • Update you on the status of your fundraising page and close the page once your event has finished. Your personal data is anonymised 6 years after the page is closed. This includes the page URL, free text and any images you uploaded. After your personal data has been anonymised, whilst the page is not fully deleted from our systems, it becomes inaccessible to the public.
  • Update you on the status of the fundraising event of your choice. If your page is linked to a charity event, you will be informed if the charity change, limit or extend the date and/or duration of the event.
  • Train our people and suppliers to provide you with assistance.
  • Share the information with the charity you have chosen to fundraise to manage the fundraising activity. Personal data can only be used for marketing communication by the charity if you have explicitly opted in
  • Undertake surveys, analytical analysis on usage of our service and research about our service for quality and improvement purposes.

We use these types of personal information to do this:

  • Your contact details.  This includes your name, address, telephone number, email address.
  • Your communications with us, including e-mails, live-chats, letters, survey responses and phone conversations.  We’ll also keep records of any settings or communication preferences you choose
  • Information from cookies placed on your device that we need in line with our cookie policy.
  • Information from any secure online social media or third party source (e.g. Google, Facebook or PayPal). For example, you can link your MyDonate account with Facebook (enabling ‘Log in with Facebook’).

Where we use this information for identity verification, training, analytics or research purposes, we do so because it is in our, and those of the charities we share it with, legitimate interests to do so.  Improving our service, making sure our people are appropriately trained and preventing and detecting fraud are in our interests of operating and managing a fundraising platform.

For all other instances, we use this information to perform our contract (or to prepare a contract) and provide our service to you.

Donors

We’ll use your personal information to manage your donation. 

This means we’ll:

  • Record details to manage and administer your donation.  Including contacting you with service updates, for example if there is a problem with a donation you have made.
  • Train our people and suppliers to provide you with assistance.
  • Undertake surveys, analytical analysis on usage of our service and research about our service for quality and improvement purposes.
  • Give information to a third party where necessary to contact you about your donation. For example, when claiming Gift Aid, we have to pass your name and address to HM Revenue and Customs when you make your donation who authorise these claims.
  • Pass your information to your nominated charity as necessary to administer your donation. You can make an anonymous donation without registering with MyDonate, but we still need to collect your name and address to verify your identity. If you make an anonymous donation, we will pass your details to the charity that you have donated to so they can verify your identity, but not to owner of the fundraising page.
  • Your personal data is anonymised 6 years after the donation is made. This includes any message you may have written to the charity or fundraiser.

We use the following personal information to ensure you can use our donation service:

  • Your contact details and other information to confirm your identity and your communications with us. This includes your name, gender, address, phone number, email address, passwords and credentials. If you do not want to create an account, we can accept donations by guest users.
  • Your payment and financial information including your bank account details, to administer your donation. We’ll have to pass these details to your bank, to process your donation. If you opt in to Gift Aid, you will confirm that you are a UK tax payer.
  • Your communications with us, including e-mails, live-chats, letters, survey responses and phone conversations.  We’ll also keep records of any settings or communication preferences you choose
  • Information from cookies placed on your device that we need in line with our cookie policy.
  • Information from any secure online social media or third party source (e.g. Google, Facebook or PayPal). For example, you can you can link your MyDonate account with Facebook (enabling ‘Log in with Facebook’) and use PayPal to make a donation using your PayPal account.

Where we use this information for identity verification, training, analytics or research purposes, we do so because it is in our, and those of the charities we share it with, legitimate interests to do so.  Improving our service, making sure our people are appropriately trained and preventing and detecting fraud are in our interests of operating and managing a fundraising platform.

For all other instances, we use this information to perform our contract (or to prepare a contract) of facilitating your donation to your chosen charity or fundraising event. 



To prevent and detect crime

We’ll use your personal information to help prevent and detect crime and fraud. We’ll also use it to prevent and detect criminal attacks on our network or against your equipment.  We monitor traffic, trace nuisance or malicious calls, and track malware and cyber-attacks.

To do that we use these types of personal information:

  • Your contact details and other information to confirm your identity and communications with us. This includes your name, gender, address, phone number, email address, passwords and credentials
  • Your payment and financial information
  • Details of the fundraising event and / or donations you’ve made

We use this personal information because we have a legitimate interest in protecting our network and business from attacks and to prevent and detect crime and fraud. We also share it with other organisations (like other communications providers, the charities that use our MyDonate platform and banks) who have the same legitimate interests.  Doing this helps make sure our network works properly and helps protect you from attacks.



According to the law

We might have to disclose personal information about you to law enforcement agencies to help detect and stop crime, prosecute offenders and protect national security. They might ask for:

  • Your contact details. This includes your name, gender, address, phone number, email address, passwords and credentials required to validate your identity and your communications with us
  • Your communications with us, like calls and emails
  • Your payment and financial information
  • Details of the fundraising event and / or donations you’ve made

The balance between privacy and law enforcement is challenging. But we only share your personal information when the law says we have to, we have strong oversight of what we do and we have expert advice to make sure we’re doing the right thing. You can read more about the way we deal with this in BT’s report on Privacy and free expression in UK communications.

We’ll also share personal information about you where we have to legally disclose it to another person. That might be when a law obliges us to disclose that information or because of a court order.

In limited circumstances, we may also share your information with other public authorities, even if we are not compelled to. However, we would need to be satisfied that a request for disclosure is lawful and proportionate. And we would require appropriate assurances regarding security and use of the information, and retention.



To create aggregated and anonymised data

We’ll use your personal information to create aggregated and anonymised data. No-one can identify you from that data. We’ll use it to:

  • Make sure our platform and website is working properly. We’ll continuously improve and develop our network and products and services for our customers
  • Run management and corporate reporting, research, analytics and to improve business efficiencies
  • Give third parties aggregated and anonymous insights

We use the following personal information to generate aggregated and anonymised data:

  • Your demographic details. This includes your gender and address
  • Your payment and financial information
  • Information from cookies and tags placed on your device
  • Details of the charities and fund raising events you’ve raised money for or donated to

We have a legitimate interest in generating insights that will help with the operation of our fundraising platform or would be useful to third parties.


Protecting your information and how long we keep it

How do we protect your personal information? 

We have strict security measures to protect your personal information. This includes checking your identity when you contact us, following our security procedures and applying appropriate technical measures.

How long do we keep your personal information?

We’ll keep:

  • Details required by HMRC for the purposes of managing Gift Aid payments for a period of 6 years from the date of the fundraising event taking place.  After that period, we will destroy your personal information but retain aggregated and anonymous data which does not identify you in any way, for example, the value of donation or amount raised.
  • Details to manage your MyDonate page for a period of 6 years after the account is deactivated if it relates to a fundraising account, or 6 years after a fundraising page is closed. Your fundraising event page will be removed from the search facility after this period.

In other cases we’ll store personal information for the periods necessary for the purposes for which the data was collected or for which it is to be further processed. And sometimes we’ll keep data for longer if we need to by law.

Accessing and updating how we use your information

You can access and update the information we hold about you by logging in to your account or contacting us at our helpdesk. Once we’ve looked at your request, we’ll let you know when you can expect to hear from us.
We’ll always try to help you with your request but we can refuse if we believe doing so would have a negative effect on others or the law prevents us.  And even though we have to complete your request free of charge, we are allowed to reject requests if:

  • they’re repetitive;
  • you don’t have the right to ask for the information; or
  • the requests made are excessive.

If that’s the case, we’ll explain why we believe we don’t have to fulfil the request.

Want a copy of the data we hold about you?

You can ask us for a copy of the information we hold about you by contacting us at our helpdesk.  To help us manage your request, please let us know what information you are interested in and how we know you, for example whether you are a donor or fundraiser.

It will normally take us up to one month to get back to you but could take longer (up to a further two months) if it’s a complicated request or we get a lot of requests at once.

We’ll reply electronically unless you ask us to send the information by post. 



Concerned about what we're doing with your personal information?

You can ask us to correct, complete, delete or stop using any personal information we hold about you by contacting us at our helpdesk

If you want us to stop using personal information we’ve collected via cookies on our website or apps, you should either change your cookie settings below or through the privacy app settings on your device

In some cases, we might have to keep information, even if you ask us not to. That could be for legal reasons, like reporting to HMRC, to keep providing our service, or for another legitimate reason.  But we’ll always tell you why we keep the information.

We aim to maintain our service in a way that protects information and respects your request.  Because of this, when you delete or change (or ask us to delete or change) your information from our systems, we might not do so straight away from our backup systems or copies on our active servers. And we may need to keep some information to fulfil your request (for example, keeping your email address to make sure it’s not on our contact list).  We may not be able to fulfil a request to delete certain information that has been made publically available due to technical limitations, for example where your fundraising page includes your name and the URL used to publicise it has been shared on publically available platforms, such as Google.

Where we can, we’ll confirm any changes. For example, we’ll check a change of address against the Postal Address File, or we might ask you to confirm it.

If we’ve asked for your permission to provide a service, you can permission withdraw that permission at any time.  It’ll take us up to 30 days to do that.  And it only applies to how we use your personal information in the future, not what we’ve done in the past.



Moving to another provider and want to take your personal information?

If we provide you with our fundraising donation service, or you’ve said we can use your information, you can ask us to move, copy or transfer the personal information you have given us. You can ask us to do this by contacting us here

We’ll send your personal information electronically. And we’ll do our best to send it in another format if needed.

We’ll always try to help you with your request. But we can refuse if sharing the information would have a negative effect on others, for example because it includes personal information about someone else, or the law prevents us from doing so.

It will normally take us up to one month to get back to you but could take longer (up to a further two months) if it’s a complicated request or we get a lot of requests at once.



How to contact us and further details

Who to contact if you have a question about how we use your information?

You can get in touch with our data protection officer by email cpo@bt.com or write to the address below and mark it for their attention.

If you’d like any more details, or you have comments or questions about our privacy policy, write to us at:

PO Box 2681
BT Centre
81 Newgate Street
London
EC1A 7AJ

If you want to make a complaint on how we have handled your personal information, please contact our data protection officer who will investigate the matter and report back to you.  If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the data-protection regulator in the country where you live or work. For the UK, that’s the Information Commissioner - https://ico.org.uk/   

How will we notify you of changes to the policy?

Our privacy policy may change from time to time.  We will post any changes on this page for a minimum of 30 days and, if the changes are significant, we will provide a more prominent notice (if appropriate this will be in the next communication we send you).    

Cookies

Visitors to our website

When someone visits https://www.btplc.com/mydonate/ we use Google analytics to collect standard log information about them and general details of visitor behaviour patterns. We do this to find out how many people visit the site. We collect this information in a way that does not identify anyone. We do not seek to link that information to anyone or use it in any other way.

Do we use cookies?

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or to provide information to the owners of a website about how it is being used by visitors to that website.

For example, we use cookies as part of Google analytics, to see if someone has viewed our website previously.

If you do not want us to do this then you can visit here to opt out of this service.   

Glossary

We have included a description of how the technical terms we use are generally interpreted. 

  • Aggregated data means grouped information, for example the total number of donations made in a month.
  • Anonymised data means data which has had all personally identifiable information removed.   
  • Apps means an application, such as one you’ve downloaded to your mobile or portable device.
  • MyDonate, we or our means the MyDonate service which is run by British Telecommunications plc registered office 81 Newgate Street London EC1A 7AJ (Company Number 1800000).
  • Binding corporate rules are designed to allow multinational companies to transfer personal information from the European Economic Area (EEA) to their affiliates outside of the EEA and to keep to data-protection legislation.
  • Cookies are small text files (up to 4KB) created by a website and stored in the user's connected device – either temporarily for that session only or permanently on the hard disk (called a persistent cookie). Cookies help the website recognise you and keep track of your preferences.
  • Model contracts are standard contractual clauses set by the European Commission. They offer enough protection of people’s privacy, fundamental rights and freedoms when their personal information is moved from within the EEA to outside of it. The contracts keep to data-protection legislation.
  • Personal information means information that identifies you as an individual, or is capable of doing so.
  • Tags are an instruction inserted on a website that specifies how the site, or a part of the site, should be formatted and how it’s performing.

MyDonate is not responsible for the content fundraisers post on their pages, but if you see something you feel is offensive or inappropriate, please let us know