WHO WE ARE
Accounting for Sustainability (A4S) is a registered charity, number 1195467, of 2 Finsbury Avenue, Floor 2, London, EC2M 2PP. Further details are available here. A4S is a data controller within the meaning of the Data Protection Act 2018 (DPA).
Our relationship with our supporters and the public at large is of great importance to us. This policy, together with other notices provided from time to time (for example on collection forms, communications with you or on this website), sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us (whether by your access to this website or otherwise).
OUR NETWORK OF CHARITIES
A4S works (and may from time to time share information) with The Prince of Wales’s Charitable Fund (PWCF – the parent company) and its subsidiaries. Further details of the entities within the PWCF 'group' are available here. Furthermore, A4S may from time to time work with and share information with The Prince of Wales’s charities. All these organizations are together referred to as “the Charities”. Each charity is a data controller in its own right, separate from A4S.
The relationship between A4S and the Charities involves a limited degree of relevant and proportionate information sharing, carried out in the legitimate interests of both A4S and the Charities in supporting their individual and collective aims, as well as being in the legitimate interests of our supporters as explained below.
DATA PROTECTION STATEMENT
We are committed to making sure that our communications with you are secure, proportionate and targeted. All personal data is held and processed in accordance with A4S’s own policies, the DPA and the General Data Protection Regulations. Our policy is that staff who handle personal data have received relevant data protection training.
Any personal data we hold on members of the public is generally held on A4S’s secure CRM, or sometimes in hard copy in secure rooms or filing systems, and are accessed by authorized staff only. Most information that we hold will have been obtained directly from you, with some from publicly available sources such as those mentioned below.
INFORMATION WE COLLECT
Personal data held and processed by A4S may include:
Contact information, such as:
- Your contact details.
- Your communication preferences.
- Records of communications and interactions we have had with you.
- Biographical details.
Information about attendees to our events (both in person and online) such as:
- Your name and contact details.
- Organizational affiliation(s).
- For some in person events we may ask for your address in order to send out formal written invitations and/or dietary requirements if food is offered as part of the event to ensure that we cater appropriately.
- Please note that we record and publish some of our webinars on our website. Therefore any comments or participation you make as part of that webinar will be made publicly available. We do notify attendees at the start of our webinars that they will be recorded.
Information about participants of the A4S Academy such as:
- Your contact details.
- Your communication preferences.
- The name and contact details of your sponsoring CFO.
- Records of communications and interactions we have had with you (including attendance at events) which may include event recordings.
- Biographical details and a photograph, if one is provided by you or made visible by you on our electronic communication platform.
- Documents you submit as part of the programme including the Participant Pledge, Implementation Plan and Progress Report which may include your personal opinions.
- Details of the winners of awards achieved at the end of the programme.
Where relevant, for example in keeping records of donors and potential donors, A4S may obtain biographical information, such as:
- Your name and gender.
- Your family and partner/spousal details.
- Your professional activities and employment.
- Information you have publicly shared on social media.
- Your charitable and philanthropic interests.
Financial information, such as:
- Information necessary to process any donations made, including Gift Aid status.
- Your donation history with us (which we must keep for 7 years).
- Details of any purchases with us, e.g. event tickets, or competitions entered.
- Donations made with other organizations, notably the Charities.
- Our assessment of your ability to make donations.
- Bank details of our suppliers.
- Please note that we do not store any credit/debit card details in our database.
We may use external data agencies to ensure that our contact details for you are up to date, allowing us to continue to communicate with you in accordance with your existing preferences. If you do not wish A4S to do so, please email email@example.com or write to Accounting for Sustainability, 2 Finsbury Avenue, Floor 2, London, EC2M 2PP.
WHY DO WE COLLECT THIS DATA?
In some cases we collect the data out of a contractual necessity e.g. so both A4S and you are fulfilling the obligations set out in our supplier terms and conditions or any contract that might be in place.
Other times we collect the data because it is a legitimate interest of the organization to process the information, for example to maintain and manage our professional networks and working groups. We process the personal details of participants in the A4S Academy and other events we run. This is so that we can manage guest lists and ensure attendees receive necessary joining and other instructions or updates.
In other cases, we hold the information because you have given us your consent. If the basis for collecting and processing your data is based on your active consent, such as newsletter subscribers, you also have the right to withdraw your consent at any time.
WE USE THIS DATA TO:
- Provide you with information about the work and activities of A4S. This might include sending you publications, e-newsletters, and invitations to events.
- Conduct donor research to gain a better understanding of our supporters, inform our fundraising strategy and target our communications more effectively and appropriately.
- Share information within the Charities group to ensure any approaches to donors are handled sensitively and proportionately, and to prevent the same donors receiving multiple approaches at the same time from different members of the Charities.
- Internal record keeping, including the management of any feedback or complaints.
- Administrative purposes e.g. regarding a donation you have made or an event you have registered for or attended, including security for that event.
- Furthering our charitable objects, including asking you to donate or otherwise help us raise funds, but always in accordance with best fundraising practice.
- Ensure that the ways in which we communicate with you do not conflict with your communication channel preferences if specified (for example, by post, telephone or electronic means).
- Invite you to provide expert opinion or review of professional resources and case studies.
- If you complete the Self-Assessment Tool, to enable you to receive a copy of your results.
- Administration of the A4S Academy including enrolment of participants, review of engagement and progress and conferring of awards.
- Paying you for goods or services if you are a supplier.
Electronic tools may be used to monitor the impact of A4S’s communications, such as using email tracking to record when an email we send to you has been opened.
YOUR DATA AND THIRD PARTIES
If you interact with A4S through a third party (for example, making a donation via a third party) then we may obtain information about you from that third party, but only if you have given your explicit consent to that third party sharing your information.
We jointly run two annual award programmes with third parties. These are the Finance for the Future Awards run with the Institute of Chartered Accountants in England and Wales (ICAEW) and Deloitte and the International Case Competition with Rotman School of Management. If you apply to enter one of these awards your data will be processed by our partners as part of the entry process and shared with us in our capacity as a member of the judging panel.
Data will not be disclosed to external organizations other than those acting as agents for A4S, or suppliers or partner organizations who (for example) help to develop content or manage (for example) guest lists for events; with the Royal Household where it needs access to relevant guest lists; with relevant agencies such as the police or security services for ensuring screening and safety at events; with HRH The Prince of Wales or any special guest at a specific event who will be involved in thanking a supporter; or with Charities with whom A4S has a legitimate interest to do so. A4S does not sell any of its data to third party organizations. Guest lists for certain events may be shared with other participants and within post-event communications.
We engage a number of third parties to provide software and IT solutions to support our processes. They operate as data processors on our behalf and do so on the basis of written instructions. They are under a duty of confidentiality and are obliged to implement appropriate technical and organizational measures to ensure the security of data.
The third party data processors we use are:
- Salesforce – for the provision of our CRM system and the storage of contact information. Data stored in Salesforce is maintained on servers located in EEA. Here is a link to Salesforce’s Privacy Notice.
Campaign Monitor – for our monthly newsletter distribution via email and management of your communication preferences. Campaign Monitor is a global company and your data is stored on servers in the USA. Campaign Monitor have implemented the European Commission’s Standard Contractual Clauses (SCCs) to ensure the adequate protection of UK and EU citizen’s data. Campaign Monitor’s privacy notice can be accessed here.
- Zoom Webinar – For registrations to online events and webinars. Zoom is a global company and your data may be stored on servers in the US and other countries. Zoom relies on the European Commission’s Standard Contractual Clauses (SCCs) to ensure the adequate protection of UK and EU citizen’s data. Zoom’s privacy notice can be accessed here.
- Qualtrix – For the provision of the Self-Assessment Tool and associated analytics. Qualtrix is a global company and your data may be stored on servers in the US and other countries. Qualtrix relies on the European Commission’s Standard Contractual Clauses (SCCs) to ensure the adequate protection of UK and EU citizen’s data. Information about how Qualtrix processes personal data is here.
Where we host an in person event at an external venue we may share attendee details with the venue operator for security and health and safety purposes. If food is offered as part of an event we may ask for and share dietary requirements with catering suppliers to ensure that we cater appropriately.
We may have to share certain information with relevant authorities upon request, for example the Charity Commission, or to HM Revenue and Customs in respect of any Gift Aid claims.
USE OF PUBLICLY-AVAILABLE INFORMATION FOR PROFILING, RESEARCH AND DUE DILIGENCE
To ensure that we understand you and your philanthropic interests, and identify new prospects of interest to our charitable aims, we may use additional information where available from external sources to improve our understanding.
This will be a combination of publicly-available information, for example drawn from search engines, company resources and news media; information from third party consultants, intermediaries, mutual contacts and databases; and what you have provided to us, such as past donations and career information. We may also use data from social media sites like LinkedIn, Facebook and Twitter, depending on your privacy settings and/or interactions with A4S or the Charities.
Please note however that before seeking or accepting major donations we are required, at law and in accordance with good governance and reputational practice, to conduct a certain level of due diligence, including reviewing publicly available personal data relating to political exposure, criminal convictions and offences. Due diligence is conducted in accordance with the A4S’s gift acceptance policy.
HOW LONG DO WE KEEP YOUR INFORMATION FOR?
We keep your information in accordance with our retention policy. We will keep your personal data for as long as we continue to have an active relationship with you. We will delete personal data if you request us to, or if we have had no contact with you for more than 7 years. Please note we will keep your name and the relationship we had with you permanently as part of our historical record. We are also bound by legal requirements to retain some information for set periods. For example we keep information relating to Gift Aid for 7 years in accordance with tax legislation as well as best practice and we must keep details of your donation history for 7 years for accounting purposes.
A4S commits to holding this data securely, both in its electronic systems and in staff protocols, and treating it with sensitivity. Data will only be held for as long as it is necessary for the above purposes.
IP ADDRESSES AND COOKIES
During your use of the site we may collect information about your computer, including where available your IP address, operating system and browser types, for system administration and to report aggregate information to third parties (including organizations connected with A4S). This is statistical data about our users' browsing actions and patterns and does not identify any individual. For the same reason, we may obtain information about your general Internet usage by using a cookie file which is stored on the hard drive of your computer.
YOUR INFORMATION RIGHTS
- As a data subject, you have a number of rights. You can:
- Access and obtain a copy of your data on request.
- Ask us to change incorrect or incomplete data.
- Ask us to delete or stop processing your data, for fundraising purposes (except as necessary to maintain suppression lists).
- Object to the processing of your data where we are relying on our legitimate interests as the legal ground for processing.
- Request a copy of the data you have provided to us in an agreed format, so that you can reuse it or transfer it to another data controller if you wish.
- Ask us whether we use automated decision making or profiling when processing your data.
- Please note that none of these rights are absolute and we reserve the right to refuse your request where exceptions apply.
CONTACT INFORMATION AND FURTHER ADVICE
Please contact Accounting for Sustainability by email firstname.lastname@example.org or in writing at Accounting for Sustainability, 2 Finsbury Avenue, Floor 2, London, EC2M 2PP for any requests or related enquiries.
If you have concerns about the use of your personal data, the Information Commissioner's Office is an independent body set up to uphold information rights in the UK. They can be contacted through their website: www.ico.org.uk or their helpline on 0303 123 1113, or in writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
1st October 2021