Privacy Policy

We appreciate the importance of maintaining the confidentiality of information that you have shared with us. This notice describes the types of non-public personal
information we collect and explains what we do with this information. The ways that we protect privacy as required under applicable privacy laws, including under the UK General Data Protection Regulation (the “UK GDPR”) and other UK privacy laws (the “Privacy Laws”).

In this notice, the terms “we,” “our” and “us” refer to CANDI, its directors, employees and registered representatives, whether such individuals are engaged directly by us as employees or as independent contractors.

We do not rent or sell to anyone the personal information that is entrusted to us.

We only share personal information with others as is allowed by law.

Types of Non-Public Personal Information that We Collect

In the conduct of our business, we collect and maintain various types of information about clients and members, including: personal identification information (e.g. name, address, telephone/fax numbers, electronic addresses, date of birth, National Insurance No and tax identification number). Such information is collected from signup documentation and other forms as provided to us.

How We Use Personal Information

We collect non-public personal information only to fulfil our contractual obligations, our statutory obligations and/or for our legitimate business purposes and for other purposes for which we have a lawful basis under the Privacy Laws. The following summarizes the principal ways in which we use your non-public personal information:

• The provision of our services.
• To help us comply with applicable laws and regulations.
• To help us inform clients, members and donors of ongoing opportunities.

In addition, we may, and only with your consent, process your personal information in order to communicate with you for marketing purposes. In this event, we may
provide additional information that we believe may be of interest, including about our activities, or services, news updates, events offered by or in conjunction with us. You have the right to unsubscribe when you have provided consent to receive these communications by emailing info@candicharity.co.uk or by following the instructions in any such communication, e.g. by clicking on the link to unsubscribe.

Protecting Non-Public Personal Information from Unauthorised Access

Safeguarding the confidentiality, security and integrity of your non-public personal information is very important to us. We have established systems, policies and
procedures designed to protect your personal information physically, electronically and procedurally from being accessed by unauthorised persons. Employees are trained in our privacy policies and procedures, including the proper handling of client information. Employee access to non-public personal information is limited to those with a legitimate business reason for such access.

We require that all employees, financial professionals and third parties providing services on our behalf keep client information confidential.

Data Retention

We will retain your personal information for a period of at least six years from the date on which the relevant relationship, for which purpose such personal data was provided, has ended (or if later the date on which the last contact was completed or the last entry to the record was made). Thereafter, we will delete (or otherwise erase, de-identify or pseudonymise or equivalent) any such personal information except as required or permitted by applicable law or regulation.

Data Privacy Rights

You have certain rights relating to the personal information we hold in accordance with and subject to the Privacy Laws to: (i) check whether we hold personal information about you and to access such data (in accordance with our policy); (ii) request the correction of personal information about you that is inaccurate; (iii) have a copy of the personal information we hold about you provided to you or another controller where technically feasible; (iv) request the erasure of your personal information; and (v) request the restriction of processing concerning you. To do so, please send your request to Fay Hicks Executive Director, fayhicks@candicharity.co.uk

Prospect Research and Wealth Screening

As a fundraising organisation, we carry out targeted fundraising activity to ensure that we are contacting people with the most appropriate communication, which is relevant and timely and will ultimately provide an improved experience for you.

In doing so, we carry out limited in-house profiling and research to help us better understand and communicate with our donors and potential donors. To support this activity, we may use automated or manual processes such as wealth screening to analyse and segment our data using trusted third party partners. Such information is compiled using publicly available data, e.g. directories, Companies House, charity registers, and social media platforms such as LinkedIn. You will always have the right to opt out of this processing.

We may also carry out research using publicly available information to identify individuals who may have an affinity to our cause but with whom we are not already
in touch.

We also use publicly available sources to carry out due diligence on donors in line with the charity’s Gift Acceptance Policy and to meet money laundering regulations. If you would prefer us not to use your data in this way, please email us at info@candicharity.co.uk or call us on 07891175152

Changes to this Notice

We may change this privacy policy from time to time. The latest version is posted on our website.

Updating personal details

If any of the information that has been provided to us changes, for example if you change your email address, please let us know by sending an email to info@candicharity.co.uk

What if I have a question?

Please email Fay Hicks fayhicks@candicharity.co.uk  if you have any questions about this privacy policy. You may also make a complaint, in accordance with applicable Privacy Laws to a supervisory authority. The UK supervisory authority is the Information Commissioner’s Office.