Standards of Practice

NPT UK Privacy Notice

OVERVIEW
Protecting your privacy is a fundamental component of our service. Since our founding, NPT United Kingdom (‘NPT UK’) has been committed to maintaining the confidentiality, integrity and security of personal information entrusted to us by existing donors, potential donors and their respective advisors. Article 5 of the General Data Protection Regulation (“GDPR”) states that Personal Data must be processed lawfully, fairly and in a transparent manner. In line with the GDPR changes, we are updating our Privacy Notice so you can better understand why and how we collect, process and destroy your data. Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.

 

For purposes of this Privacy Notice, the following terms will be defined as follows:

• “Personal Data” or “Personal Information” means any information about an individual from which that person can be identified. Personal Data and/or Personal Information does not include data from which you cannot be identified (i.e., anonymous data).

• “Special Categories” means more sensitive personal data which require a higher level of protection, including information about your race or ethnic origins, political opinions, sex life or sexual orientation, religious beliefs and health data.

 

WHO WE ARE AND HOW TO CONTACT US
NPT United Kingdom Limited, located at 1 Ropemaker Street, London, EC2Y 9HT, United Kingdom, is considered a controller of your Personal Data under GDPR. We determine the purpose for which, and manner in which, any Personal Data is processed as set out in this Notice.

 

WHAT TYPES OF PERSONAL DATA DO WE COLLECT?
NPT UK collects both anonymous data and Personal Data volunteered by you. Personal Information is anything which enables you to be identified in some way, such as your name and an email address. The types of Personal Information collected might include name, date of birth, e-mail address, postal address, telephone number, and bank transfer details. We also use “cookies,” which are text files placed on your computer, to collect information about how the site is used. For more information about our use of cookies and similar technologies, please see our Cookie Policy.

 

LAWFUL BASIS FOR DATA PROCESSING
Where we process your Personal Data as your data controller, we rely on the following (as applicable):

• Consent: We may ask for your consent for our use of your Personal Information for a specific purpose. You always have the right to withdraw your consent.

• Performance of Contract: We will rely on performance of contract as a legal basis when we process your data to perform a contract we have entered into with you or to take steps at your request prior to entering into one.

• Legitimate Interest: We may sometimes rely on our or a third party’s legitimate interest in processing your Personal Data. We will only rely on legitimate interests when we have balanced the legitimate interest against your fundamental rights (see below for additional detail); and

• Legal Obligation: We will process your Personal Data as necessary to comply with legal obligations to which we are subject, including the Internal Revenue Code of 1986, as amended, as it relates to the disclosure of donor names on IRS Form 990 (Return of Organisation Exempt from Income Tax).

 

PURPOSE OF DATA COLLECTED
You may, at times, be asked to supply Personal Information, for example when you inquire about our activities, request information, open a donor-advised fund or other philanthropic account, make a contribution or recommend a grant. NPT UK also collects data when you visit its website. We use this Personal Information for the following purposes:

• to analyse, evaluate and improve our work and services;

• to provide updates on our work and for marketing purposes;

• to ensure we are not contacting people who have asked us not to;

• to administer Gift Aid;

• to satisfy legal obligations which are binding on us;

• for the prevention of fraud or misuse of services;

• for the establishment, defence or enforcement of legal claims;

• to conduct identify, know-your-client, and anti-money-laundering checks;

• to understand more about how the site is used by visitors;

• to provide you with the services, products or information you have requested and communicate with you in general; and

• for administration purposes.

If you do not provide certain Personal Information when requested, we may be limited or unable to provide you with the services you have requested.

 

NPT UK may need to share your Personal Information with associated organisations and agents for these purposes. If you supply such information, NPT UK is legally bound to ensure that such information is only used for the purpose for which it was requested (including the purposes set out in this Notice) and also to ensure that the data is held securely.

 

WHO WE SHARE OUR INFORMATION WITH
The Personal Information we hold about you will be provided to our staff and volunteers who require it in connection with our work. It will also be shared with third party service providers for the purposes outlined in this Notice. The third parties in question will be required to use any Personal Information they receive in accordance with our instructions.

 

There may be times when we are required, by law, to pass on some of your Personal Data to:

• Law enforcement agencies; government bodies; tax authorities; courts, tribunals and complaints/dispute resolution bodies; or

• Other bodies as required by law or regulation.

We also reserve the right to disclose your Personal Information to third parties:

• in the event of a business sale, purchase or reorganisation, or other business transaction, in which case your Personal Information may form part of the transferred assets;

• with our professional advisors (e.g. lawyers), where necessary to protect our interests; and

• in connection with any legal proceedings or prospective legal proceedings, in order to establish, exercise or defend our legal rights.

Otherwise we will not share Personal Information about you with third parties without your consent.

 

INTERNATIONAL TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)

Please note that certain countries outside of the EEA have a lower standard of protection for Personal Information, including lower security requirements and fewer rights for individuals. Personal Information that you provide to us is stored on secure servers in the United States. We have put into effect appropriate procedures to safeguard and secure this information. For example, when using our forms to register or provide information to NPT UK, we use the Secure Service Layer (SSL) encryption method for all secure submissions. This method is generally accepted to ensure that the transmission of personal information is secure. Common browsers make it obvious when information is being passed in a secure manner by displaying either a completed key or a closed lock on the screen. NPT UK will transfer Personal Data outside the EEA only if one of the following conditions applies:

• The European Commission has issued a decision confirming that the country to which we transfer the Personal Data ensures an adequate level of protection for individual’s resident rights and freedoms;

• Appropriate safeguards are in place such as standard contractual clauses approved by the European Commission; or

• You have provided your explicit, informed consent to the transfer.

 

RETENTION
NPT UK will retain your Personal Data only for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal or tax requirements, in accordance with the organisation’s Data Protection Policy.

 

YOUR RIGHTS AND YOUR PERSONAL DATA
Where we rely on your consent, you have the right to withdraw that consent at any time.

 

Please be aware that you also have the following data protection rights:

• The right to be informed about the Personal Data NPT UK collects from and processes about you;

• The right to access Personal Data NPT UK processes about you;

• The right to ratification of your Personal Data where you believe it to be inaccurate;

• The right to erasure of your Personal Data in certain circumstances;

• The right to restrict processing of your Personal Data;

• The right to data portability in certain circumstances;

• The right to object to the processing of your Personal Data; and

• The right not to be subject to automated decision making and profiling. We do not currently use automated decision making processes.

Please note that these are legal rights subject to exemptions, and that we may ask for additional information to confirm your identity before disclosing Personal Information requested to you.

 

You can exercise these rights by contacting us using the contact details below.

 

You also have the right to complain to the UK Information Commissioner’s Office at any time at: ico.org.uk/make-a-complaint/

 

FURTHER PROCESSING
Where we may seek to further process your Personal Data for reasons other than the original purpose for which it was collected, NPT UK shall process such data in a manner compatible with the original purpose.

 

SAFEGUARDING MEASURES
NPT UK has put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties on a ‘need to know’ basis. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

 

NPT UK will only transfer Personal Data to a third party if they agree to comply with those procedures and policies, or put in place adequate measures prior to receiving it. Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the Personal Data.

 

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

SPECIAL CATEGORIES OF DATA
We may, in certain cases and only as permitted by law, process Personal Data which are more sensitive in nature – for example, when undertaking a Know Your Client / Anti-Money Laundering (“KYC-AML”) check. While performing our KYC-AML checks, we may come across a past criminal conviction or other similar information about your past.

 

LEGITIMATE INTERESTS
We may process your Personal Information under the “Legitimate Interests” legal basis. Where this is the case, we will have carried out a “Legitimate Interests Assessment” pursuant to which we weigh your interests and any risk posed to you against our own, and confirm that such processing is a proportionate and appropriate way to further the legitimate interests. Our legitimate interests will include, for example, general administrative purposes, purposes related to Human Resources, marketing and/or day-to-day operations.

 

MARKETING
When sending marketing materials to advisors and/or donors (or other recipients), we may have the option to rely on the advisor’s or donor’s consent, or on Legitimate Interest. We only rely on the Legitimate Interests legal basis for marketing if we have assessed that the information being sent is beneficial to the recipient, and we have weighed our interests against the recipient’s own and there is little to no risk posed, the method and content is non-intrusive, and the material being sent is something the recipient would usually expect to receive.

 

In other circumstances, we are required to obtain consent to send marketing materials – for example, where we are sending marketing to individuals by electronic means (such as email and SMS).

 

You can always opt-out of receiving marketing material from us, by contacting us using the details in this Notice.

This does not apply to purely administrative materials that we send to you, and other non-marketing communications.

 

HOW TO CONTACT US
If you want to review, change or update the Personal Information that you have provided to us; request that you be removed from a mailing list; or address any other privacy concerns you may have, please contact our office at +44 (0)800 133 7540, or by putting your request in writing to NPT United Kingdom, Data Privacy Team, 1 Ropemaker Street, London EC2Y 9HT, UK. These requests can also be made via email to: enquiries@nptuk.org.

 

CHANGES TO OUR PRIVACY POLICY
NPT UK reserves the right to amend this Privacy Notice. Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notice will be provided to you by email.

NPT Transatlantic Privacy Notice

OVERVIEW
Protecting your privacy is a fundamental component of our service. Since our founding, NPT Transatlantic Limited (‘NPT Transatlantic’) has been committed to maintaining the confidentiality, integrity and security of personal information entrusted to us by existing donors, potential donors and their respective advisors. Article 5 of the General Data Protection Regulation (“GDPR”) states that Personal Data must be processed lawfully, fairly and in a transparent manner. In line with the GDPR changes, we are updating our Privacy Notice so
you can better understand why and how we collect, process and destroy your data. Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.

 

For purposes of this Privacy Notice, the following terms will be defined as follows:

• “Personal Data” or “Personal Information” means any information about an individual from which that person can be identified. Personal Data and/or Personal Information does not include data from which you cannot be identified (i.e., anonymous data).

• “Special Categories” means more sensitive personal data which require a higher level of protection, including information about your race or ethnic origins, political opinions, sex life or sexual orientation, religious beliefs and health data.

 

WHO WE ARE AND HOW TO CONTACT US
NPT Transatlantic Limited, located at 1 Ropemaker Street, London, EC2Y 9HT, United Kingdom, is considered a controller of your Personal Data under GDPR. We determine the purpose for which, and manner in which, any Personal Data is processed as set out in this Notice.

 

WHAT TYPES OF PERSONAL DATA DO WE COLLECT?
NPT Transatlantic collects both anonymous data and Personal Data volunteered by you. Personal Information is anything which enables you to be identified in some way, such as your name and an email address. The types of Personal Information collected might include name, date of birth, e-mail address, postal address, telephone number, and bank transfer details. We also use “cookies,” which are text files placed on your computer, to collect information about how the site is used. For more information about our use of cookies and similar technologies, please see our Cookie Policy.

 

LAWFUL BASIS FOR DATA PROCESSING
Where we process your Personal Data as your data controller, we rely on the following (as applicable):

Consent: We may ask for your consent for our use of your Personal Information for a specific purpose. You always have the right to withdraw your consent.
Performance of Contract: We will rely on performance of contract as a legal basis when we process your data to perform a contract we have entered into with you or to take steps at your request prior to entering into one.
Legitimate Interest: We may sometimes rely on our or a third party’s legitimate interest in processing your Personal Data. We will only rely on legitimate interests when we have balanced the legitimate interest against your fundamental rights (see below for additional detail); and
Legal Obligation: We will process your Personal Data as necessary to comply with legal obligations to which we are subject, including the Internal Revenue Code of 1986, as amended, as it relates to the disclosure of donor names on IRS Form 990 (Return of Organisation Exempt from Income Tax).

 

PURPOSE OF DATA COLLECTED
You may, at times, be asked to supply Personal Information, for example when you inquire about our activities, request information, open a donor-advised fund or other philanthropic account, make a contribution or recommend a grant. NPT Transatlantic also collects data when you visit its website. We use this Personal Information for the following purposes:

• to analyse, evaluate and improve our work and services;
• to provide updates on our work and for marketing purposes;
• to ensure we are not contacting people who have asked us not to;
• to administer Gift Aid;
• to satisfy legal obligations which are binding on us;
• for the prevention of fraud or misuse of services;
• for the establishment, defence or enforcement of legal claims;
• to conduct identify, know-your-client, and anti-money-laundering checks;
• to understand more about how the site is used by visitors;
• to provide you with the services, products or information you have requested and communicate with you in general; and
• for administration purposes.

If you do not provide certain Personal Information when requested, we may be limited or unable to provide you with the services you have requested.

 

NPT Transatlantic may need to share your Personal Information with associated organisations and agents for these purposes. If you supply such information, NPT Transatlantic is legally bound to ensure that such information is only used for the purpose for which it was requested (including the purposes set out in this Notice) and also to ensure that the data is held securely.

 

WHO WE SHARE OUR INFORMATION WITH
The Personal Information we hold about you will be provided to our staff and volunteers who require it in connection with our work. It will also be shared with third party service providers for the purposes outlined in this Notice. The third parties in question will be required to use any Personal Information they receive in accordance with our instructions.

 

There may be times when we are required, by law, to pass on some of your Personal Data to:

• Law enforcement agencies; government bodies; tax authorities; courts, tribunals and complaints/dispute resolution bodies; or
• Other bodies as required by law or regulation.

We also reserve the right to disclose your Personal Information to third parties:

• in the event of a business sale, purchase or reorganisation, or other business transaction, in which case your Personal Information may form part of the transferred assets;
• with our professional advisors (e.g. lawyers), where necessary to protect our interests; and
• in connection with any legal proceedings or prospective legal proceedings, in order to establish, exercise or defend our legal rights.

Otherwise we will not share Personal Information about you with third parties without your consent.

 

INTERNATIONAL TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
Please note that certain countries outside of the EEA have a lower standard of protection for Personal Information, including lower security requirements and fewer rights for individuals. Personal Information that you provide to us is stored on secure servers in the United States. We have put into effect appropriate procedures to safeguard and secure this information. For example, when using our forms to register or provide information to NPT Transatlantic, we use the Secure Service Layer (SSL) encryption method for all secure submissions. This method is generally accepted to ensure that the transmission of personal information is secure. Common browsers make it obvious when information is being passed in a secure manner by displaying either a completed key or a closed lock on the screen.
NPT Transatlantic will transfer Personal Data outside the EEA only if one of the following conditions applies:

• The European Commission has issued a decision confirming that the country to which we transfer the Personal Data ensures an adequate level of protection for individual’s resident rights and freedoms;
• Appropriate safeguards are in place such as standard contractual clauses approved by the European Commission; or
• You have provided your explicit, informed consent to the transfer.

 

RETENTION
NPT Transatlantic will retain your Personal Data only for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal or tax requirements, in accordance with the organisation’s Data Protection Policy.

 

YOUR RIGHTS AND YOUR PERSONAL DATA
Where we rely on your consent, you have the right to withdraw that consent at any time.

 

Please be aware that you also have the following data protection rights:

• The right to be informed about the Personal Data NPT Transatlantic collects from and processes about you;
• The right to access Personal Data NPT Transatlantic processes about you;
• The right to ratification of your Personal Data where you believe it to be inaccurate;
• The right to erasure of your Personal Data in certain circumstances;
• The right to restrict processing of your Personal Data;
• The right to data portability in certain circumstances;
• The right to object to the processing of your Personal Data; and
• The right not to be subject to automated decision making and profiling. We do not currently use automated decision making
processes.

Please note that these are legal rights subject to exemptions, and that we may ask for additional information to confirm your identity before disclosing Personal Information requested to you.

 

You can exercise these rights by contacting us using the contact details below.

 

You also have the right to complain to the UK Information Commissioner’s Office at at any time at: ico.org.uk/make-a-complaint/

 

FURTHER PROCESSING
Where we may seek to further process your Personal Data for reasons other than the original purpose for which it was collected, NPT Transatlantic shall process such data in a manner compatible with the original purpose.

 

SAFEGUARDING MEASURES
NPT Transatlantic has put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties on a ‘need to know’ basis. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

 

NPT Transatlantic will only transfer Personal Data to a third party if they agree to comply with those procedures and policies, or put in place adequate measures prior to receiving it. Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the Personal Data.

 

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

SPECIAL CATEGORIES OF DATA
We may, in certain cases and only as permitted by law, process Personal Data which are more sensitive in nature – for example, when undertaking a Know Your Client / Anti-Money Laundering (“KYC-AML”) check. While performing our KYC-AML checks, we may come across a past criminal conviction or other similar information about your past.

 

LEGITIMATE INTERESTS
We may process your Personal Information under the “Legitimate Interests” legal basis. Where this is the case, we will have carried out a “Legitimate Interests Assessment” pursuant to which we weigh your interests and any risk posed to you against our own, and confirm that such processing is a proportionate and appropriate way to further the legitimate interests. Our legitimate interests will include, for example, general administrative purposes, purposes related to Human Resources, marketing and/or day-to-day operations.

 

MARKETING
When sending marketing materials to advisors and/or donors (or other recipients), we may have the option to rely on the advisor’s or donor’s consent, or on Legitimate Interest. We only rely on the Legitimate Interests legal basis for marketing if we have assessed that the information being sent is beneficial to the recipient, and we have weighed our interests against the recipient’s own and there is little to no risk posed, the method and content is non-intrusive, and the material being sent is something the recipient would usually expect to receive.

 

In other circumstances, we are required to obtain consent to send marketing materials – for example, where we are sending marketing to individuals by electronic means (such as email and SMS).

 

You can always opt-out of receiving marketing material from us, by contacting us using the details in this Notice.

 

This does not apply to purely administrative materials that we send to you, and other non-marketing communications.

 

HOW TO CONTACT US
If you want to review, change or update the Personal Information that you have provided to us; request that you be removed from a mailing list; or address any other privacy concerns you may have, please contact our office on 0800 133 7540, or by putting your request in writing to NPT Transatlantic, Data Privacy Team, 1 Ropemaker Street, London EC2Y 9HT, UK. These requests can also be made via email to: enquiries@nptuk.org.

 

CHANGES TO OUR PRIVACY POLICY
NPT Transatlantic reserves the right to amend this Privacy Notice. Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notice will be provided to you by email.