Simplified Privacy Promise

Family support is offered as soon as a family applies for a place at Seashell. It continues while you use our services and as your child or young person prepares to leave. We manage bookings for the family flat, that you can pay to stay in when visiting Seashell. 

We record the attendance of your child or young adult; we set education targets and organise meetings. We provide activities to prepare your young person for adult life like work experience placements. We use assistive technology like switches and software applications for many of our learners.  We communicate with families and with other professionals. We report information to our regulator Ofsted, as well as to the local authority and the Department for Education. 

We create care plans, record achievements and activities and monitor health and medication giving. We organise multi-disciplinary meetings which many professionals who work with the child or young person will attend.  

This includes health support management and monitoring, multidisciplinary meetings, medication management and therapeutic services like Speech and Language Therapy.  We also coordinate with external health services, such as with the GP. We communicate with families and with other professionals. We report information to our regulators e.g. the Care Quality Commission (CQC), as well as to the local authority. 

This includes student nurses and health professionals e.g. physiotherapists participating in teaching, health, and wellbeing. We communicate with the education providers.  

This includes delivery of training courses in our areas of professional expertise, both onsite and at other organisations, accessing apprenticeship programmes.  This includes us working with other organisations like our collaboration with Liverpool John Moores University.   

This includes applications to access personalisation learning programmes that are delivered to young people who students in the school or the college onsite. We hold advisory contracts and an assessment and report service.  

This includes: 

• Recruitment 

• Onboarding 

• Human resources support to staff 

• Payroll 

• Finance 

• Data Protection and Cyber Security 

• IT manages access and use of systems 

• Facilities 

See the employee privacy notice to understand how data is used for staff and authorised users.  

For all services at Seashell, we also manage compliments, complaints and safeguarding and Health and safety management.  

We will market our services to you through our Social Media platforms for you to make a choice if you require further information. We only send you emails and text messages where you have agreed to this and will not send you marketing if you have asked us not to. To withdraw your consent or opt-out from receiving marketing at any time please contact us.

Please see Direct Marketing for more information.

We will fundraise with: 

• Individuals 

• Groups 

• Corporate supporters 

• Volunteers and work with our ambassadors to achieve this.  

We also apply to trusts and foundations for support usually to develop new projects for the benefit of our students and residents.  

Profiling 

We combine information that you have given us with information from sources that are publicly available to: 

• Understand our supporters better, so we can send you information you are interested in. 

• Predict how you might be able to help us in the future. 

• Make sure we do not send marketing to vulnerable individuals, meaning we can raise money in an efficient and ethical manner.  

• Research where the greatest need for funding is.  

If you would prefer that we do not do this for you, please contact us. Please see Profiling for further information.  

We research and profile potential or existing high value donors, to allow us to identify and contact suitable high value donors. This allows us to focus our fundraising resources, and to make sure that our requests for support are tailored to each individual, this helps us to maximise the efficiency of our fundraising. If you would prefer that we do not do this, please contact us. 

We promote our aims and activities online, including via platforms such as: 

• Facebook 

• LinkedIn 

• X (previously known as Twitter) 

• Instagram  

• YouTube 

We may ask a platform to show our adverts to a particular group of individuals. We may also track when individuals click on our adverts.  

We never use special category personal information (e.g. health data) to target individuals and we do not track responses of individuals clicking on our adverts specifically related to our Health and Wellbeing services at Seashell. We may target adverts to individuals searching for SEND support, or our Health and Wellbeing service support.  

For information about the other purposes for which we process personal information, please see How We Use Your Personal Information.

If you have any questions about this Privacy Promise or if you want to discuss your privacy rights. Contact us by email at data@seashelltrust.org.uk or write to the Information Manager Change and Governance, Seashell Trust, Stanley Road, Cheadle Hulme, Cheshire SK8 6RQ.

Sensitive personal information is recognised in special categories including: 

Health or Medical 

Race 

Ethnicity 

Political opinions 

Religious beliefs 

Trade Union membership 

Genetics 

Biometrics 

Sexual orientation 

This information is used to meet our legal obligations for employment and equal opportunities.  

Personal information about criminal convictions and offences (this also includes any allegations) is subject to extra rules.  

• Seashell will sometimes use photos including people. 

This will be done using the lawful basis of legitimate interests.  

• Photos or filming take place for identification and security purposes, health and safety purposes and learning, teaching and service assessment purposes.  

This will be done using the lawful basis of a contract.  

• Sometimes people will be named or quoted in photos or film, where it is not part of their contract with us.  

This will be done using the lawful basis of consent. We only ask for consent where another lawful basis is not applicable and consider the additional requirements of current Mental Capacity Legislation.  

Where we ask you to provide personal information to us on a mandatory basis, we will tell you about this at the time we collect it. If the personal information is needed for a contract or law this will be indicated.  

We will also explain what will happen if you do not provide any mandatory personal information. For example, if you do not provide us with your contact details, we will not be able to provide a service or contact you.

You might also give to us the personal information of third parties who help you e.g. your doctor or dentist. 

Before you give any third-party personal information to us you need to make sure that the third parties are aware of, 

• You are giving their personal information to us. 

• How we will use the personal information 

We may contact a third party to understand the information and about any information that might be given in the future.  

An example of sharing personal information of a third party is, if you contact us on behalf of a family about our services or send us photos including other people. 

You have the right to be told about how we collect and use your personal information. 

We must tell you how we use your personal information; we use this privacy promise to help tell you.

You have the right to ask us if we have personal information about you. 

You have the right to ask for access to the personal information we have about you.  

If you make a request, we have 1 month to collect and give you the information we have about you.  

You have the right to ask us to correct your personal information if it is wrong.  

If any of your personal information changes, for example, you change your phone number, please contact us so we have the correct information. 

You have the right to have a copy of digital data we collect about you; we can pass it to another provider for you. There are rules about when this can be done. 

If you change your mind about us keeping your personal information, let us know.  

If it is not needed for its purpose anymore, there are some rules. 

There are some rules which say that data can be deleted for example if it’s not needed for its purpose anymore, if you do not agree to it anymore. 

It cannot be deleted if we need to keep it as a law tells us too, or there is a legal claim about the data. 

You have the right ask us to delete your personal information. 

Sometimes we will need to keep your personal information and won’t delete it. 

You can ask us to make a decision about stopping using it if you think it is: 

• Not correct. 

• We do not have the right to use it. 

• We do not need it anymore, but you do for a legal claim. 

• It has been used in Legitimate Interest, or Public Interest.  

If you have given consent for us to use your data – you can change it to no longer given. (See "How We Use Your Personal Information".) 

We might still be able to use that data to help with a complaint.  

You have the right to object to: 

• Processing that is based on legitimate interests or performance of a task in the public interest (including profiling) 

• Direct marketing (including profiling for the purposes of direct marketing) 

• Processing for the purposes of scientific, statistical or historical research.  

We must act on any request to stop processing for the purposes of direct marketing. We do not always need to act on requests in relation to processing for legitimate interests and research purposes.  

If you would prefer us not to profile you for the purposes of targeting or tailoring our fundraising efforts, please contact us.

Seashell and our suppliers and people we work with use your personal information for lots of different reasons in these laws: 

• Education Act 1996, 2002, 2011 

• The Care Act 2014 

• Mental Capacity Act 2005 

• Deprivation of Liberty Safeguards 

• The Children’s Act 1989, 2004 

• Education and Skills Act 2008 

• Equalities Act 2010 

• Crime and Disorder Act 1998 

• Working together to Safeguard Children 2023 

Also, your personal information might be used sometimes for reasons that are not obvious to you, for example, during an investigation or complaint. 

We use your personal information under one of the following rules.  

• Legitimate interests 

• Consent 

• Legal Obligation 

• Contract 

• Public Interest 

• Vital Interest 

We may use your personal information in ways that you would reasonably expect. 

You agree to us using your personal information for a reason given at the time we ask, usually by signing and ticking a form or not. 

We will use the personal information you have given to us to obey the law.  

We will use the personal information you have given us to complete a contract we have or before we start a contract.  

We need to collect or use the personal information you have given us to comply with the law.  

We may need to use your personal information to protect your life or someone else’s if none of the other legal bases can be used.  

We use sensitive personal information so that we can: 

• give our services, keep you safe and well when you use our services. 

• to follow rules on Equality, Diversity and Inclusion 

• to see which services you might need. 

• to give you other services and support 

If we want to collect or use any sensitive personal information, we need to make sure we have a reason to. 

This will be in addition to the Legal bases explained before.  

Additional reasons are in UK Data Protection Laws.  

We process your sensitive personal information only, 

• if you have given us your permission or someone who supports you has given us their permission. We will do this by following the Mental Capacity Act, depending on your age.  

• To follow Employment, Social Security or Protection Law 

• In your Vital Interests, to protect your life or someone else’s, when you might not be able to give us your permission. 

• To give Health and Social Care 

• Where you have made this information available to the public 

• For legal claims 

• If it is needed for public interests for example, to protect vulnerable children and adults.  

• If it is needed for public health, for example, reporting infectious diseases. 

• If it is for legitimate activities.  

When we use the health and care information we have, we meet these rules:  

• You have given us permission.  

• You understand that we need this information to give you care. 

• You have given us permission to use your personal information in other ways. 

• We need to collect, share and use your personal information because of the law. 

• We might need to share your personal information if it has been decided that it is more important to share it than to keep it confidential, for example, if we choose to share it with the police if there has been a crime.  

This will be carefully thought about before any personal information is shared.  

We will only use criminal offence information when we have a legal basis in Law. This might be needed for stopping or looking at unlawful acts.  

For example: 

• If we had a recording of a theft on security cameras at our site, we might share this recording with the police. 

• If we need to share information for safeguarding or investigations 
• For us to investigate, we might then bring charges against someone using Seashell to fundraise falsely on our behalf. 

To make sure that we always have the most up to date information about you, we will ask that you check your personal information with us that we have. 

To deliver our services 

• to use this for your care, health, and education. 

• to keep you safe, fit and well when using our facilities and services. 

• to manage our services for example to check what we do, investigate complaints, or as evidence in an investigation. 

• supporting the assessments for funding for Education/ Social care etc 

Communications 

We may contact you, for example, about a query or compliment or complaint or when you are waiting for us to contact you if you left a message. We may do this via phone, post, email. We rely on legitimate interest to do this. 

We use Teams for online meetings, and School Cloud for the school review and progress meetings. 

Issues, incidents, complaints and compliments 

We keep information for issues, incidents, complaints and compliments. This is to follow the rules in laws and to reflect and learn from it. 

Audits 

We work with external providers for finance checking and with Local Authorities for quality checks (audits). 

Right now, we do not share any data for planning or research purposes where the national data opt-out rules would apply. We check all of the confidential information we process yearly to see if this has changed. 

All adults can stop their information being used for this purpose.  

More information is available on the NHS website: https://www.nhs.uk/your-nhs-data-matters/ 

Data Security and Protection Toolkit  

This is completed annually, and Seashell status can be found here: https://www.dsptoolkit.nhs.uk/OrganisationSearch

At present we do not do health or education research. 

We do however look at how we do our work and sometimes show what has improved when large funding donations have been given to Seashell.  

• If you agree to help with one of these reports, you will be asked for your consent to use your comments in the report. We have rules to follow when creating these reports. 

• Sometimes we may also ask for your consent to use your photo in these reports.  

We are working with  

• British Cycling 

• Wheels for all 

• The FA,  

• Greater Sport 

• Greater Manchester Local Pilot 

• Liverpool John Moores University 

• British Triathlon 

• Cycling UK 

• Elite Fc 

• GM Moving 

• Level Water 

• Sale Sharks 

• Summit up climbing. 

Our Sensory Services 

Liverpool John Moores University 

As part of the learning programme, our learners will be on placements in education organisations as part of their practice. Any personal information shared by Seashell to these organisations will be explained in the placement agreement.  

Recruitment Partnerships 

We work with organisations that help with recruitment opportunities, this includes the King’s Trust and Acorn Training.  

External Hire Services 

We use Vivify to support external customers when they hire our facilities.  

When we work with our partners, sometimes the data is anonymised and will be done so in Legitimate interest, or sometimes we will seek your consent to collect and process personal information, or a contract will be in place.  

If we get a larger donation, or when working with Trust Funds or a National Governing body - we write an impact report to explain what we spent it on at Seashell. 

If you make a donation or payment to Seashell or use one of our payment processors (Elovate Payments, JustGiving, Worldpay, TYL, Stripe) these payment processors will receive certain personal information (for example, your name, address and card details, amount) to process your payment.  

All our payment processors are PCI DSS compliant. 

Our Fundraising at Seashell is in partnership with the following providers: 

• JustGiving 

• Charities Trust 

• Benevity 

• CAF 

• Easy Fundraising 

• Go Fund Me 

• Making a difference cards 

They will give us some of that information to: 

• match you to your payment, your name and amount of payment.  

• for accounting and processing your donation or payment. 

• to fix any technical issues with the providers 

We never keep your card details. These payment providers also have their own rules which they will share with you when you make your payment. 

We have a legal obligation to keep records of payments. 

• for tax purposes 

• for Gift Aid donations.  

We have a legitimate interest to accept payments and donations, to let us continue to support our charity. 

We also keep records of donations to see how supportive individuals are, so that we can do our fundraising in the best way to get the most money donated. 

Payment Invoicing 

For some things we issue invoices to collect payments. The payment rules for paying us is 30 days.  

We have a legitimate interest to contact you for the payment of monies owed. 

VAT Exemption Processing 

If a product or service, we purchase for you is VAT exempt then a form will be completed. This could be Seashell’s or a provider’s form with your personal information given by you or your representative. 

This can be:

• to manage our IT systems 

• to test new systems or make the systems we have better. 

• for internal training 

• reflective practice and professional development  

• to action legal claims 

• for Seashell statistical analysis and our service development 

• for a security system  

• access to Seashell, to buildings and IT systems  

• for finance processing 

• to help our staff 

• to support our volunteers 

• to support our visitors 

We have a legitimate interest: 

• to do our processes as well as we can 

• to check we have the people and skills and systems in place to allow us to support individuals to the best of our ability (our core aim).  

We have a legal obligation to: 

• process data for financial reasons - VAT record keeping purposes, fundraising Gift aid processing, Charity Commission rules.  

• to work with law enforcement 

• to work with regulators  

• to work with commissioners 

• To follow laws and rules for example Health and Safety, Safeguarding, SEND Care and Education provision, Data Protection, Cyber Security and Caldicott Principles. 

We have a legal obligation to have filtering and monitoring systems for our Internet and any devices connected to our internet services.  

Filtering is the safety measure we have, to control what can be accessed by anyone using Seashell Internet, for example, videos or harmful information.  

Monitoring is the checking of any online activity to support keeping people safe. Monitoring is completed by a small group of our staff and if it is needed, they can share this information to third parties. This is explained in the Online Safety and Acceptable Usage Policy. 

Monitoring is used to- 

• Identify risks. 

• Help us intervene. 

• Help people use systems safely. 

• Support training 

• Support awareness 

We use software as part of our legal obligation defined in the government’s ‘Keeping Children Safe in Education 2024’ and to keep our adults safe.  

To meet our legal obligations as a charity we must take reasonable steps when we get donations.  

This will include identify verification.  

The reasonable steps are explained in our risk policies. 

We feel we have a legitimate interest to investigate if we are made aware of any fraud. If this involves a criminal offence, then we will take actions to comply with regulatory requirements.  

Examples: 

• False fundraising events 

• Stealing money collection boxes 

• Changing bank details or redirecting cheques 

• Stealing equipment 

Legal obligations for money laundering 

• Know your customer. 

The Know your customer checks help us to verify the identity of new customers and to prevent illegal actions like money laundering or fraud.  

For our staff we will also investigate issues like: 

• Misuse of credit cards 

• Inflating business expenses  

• Diverting digital (electronic) payments to incorrect bank accounts.  

We may report our suspicions, any accusations and/or the results of our internal investigations to the police. 

Seashell has archives created in the public interest. These are held at Manchester Central Library. Most of the archives are very old and don’t mention anyone still living. When they do include personal information, we process it in the public interest.  

Some records may contain sensitive information. Data protection laws allow us to keep this information because it has been archived for the good of the public. We keep these records permanently so they can be used for research for the period of our Archiving.  

Profiling means we collect personal information about a person or a group of people and explore their qualities to understand if they might want or be able to support us.  

We believe that we have a legitimate interest in profiling supporters and potential supporters.  

Profiling means we can understand our supporters better, so we can:  

• send information to you that you are interested in.  

• predict how you might be able to support us in the future. 

• make sure we don’t send marketing to vulnerable people. 

• raise more funds sooner and in a cost-effective way. 

• be more efficient with our resources, donors have told us this is important to them. 

• assess and improve our services. 

• identify which areas in the UK might have a need for our external services support. 

Please see the section on online advertising for information about how your personal information may be used in this way.  

If you would like us not to use your personal information in this way, please contact our Information Manager Change and Governance, contact us.  

We use the information you give us and information that is publicly available, for example social media.  We put this with your information we also have. 

This information includes for example: 

• Your name, age, gender, address, giving history, the events you have joined us on.  

• Surveys you have done, any volunteering or things you are interested in that we do. 

• Publicly available Information you have put on social media - gender, property prices, average earnings, your wealth, where you live, your job, directorships. 

• Publicly available donations e.g. your philanthropic gifts and actions 

For example, we may match your house postcode to find household income, population facts. 

Categorising of your interest areas 

We use this information to see what you might want to do to help fundraise. 

When you have given us consent, we use this information to: 

• send only the right emails and at the right time so that you will like what we send.  

• find potential new supporters for Seashell. 

• What other fundraising you may want to do. 

• contact supporters who may be able to give more donations.  

• to exclude people who are vulnerable from these emails, for example children and vulnerable adults. 

High value donors 

We look for more potential high value donors: 

People Seashell know: 

• if someone has given £5,000 or more to Seashell 

• Asking our existing high value donors to give again. 

• Asking if they will introduce us to people, they think might support Seashell. 

• Asking if they will introduce us to people, we have found on the internet that they know. 

For people we do not yet know, and they do not know Seashell, we may: 

• Invite new high value people to our events. 

• Research new people who we do not yet know. 

They have not given money before, but we think they might want to support Seashell to give a larger donation. 

When we first look at publicly available information about people this is not written down, it involves looking online, for example Google, public LinkedIn, Zoopla. 

We do not process special category data at this stage, unless the person has made it publicly available – for example – interviews, articles, blog posts.  

Fundraising teams do not have access to any information given to Seashell Health, Sensory, Education and Care teams and we never use this information in any research into potential high value donors. 

Creating Research Profiles for new or existing donors 

If our initial research is promising or if someone has donated £5000 or more to use, we will create a research profile of the individual using information sources such as: 

• Internet searches 

• Companies House  

• The Charity Commission 

• Social Media platforms  

We also use these information sources to identify potential new donors who know someone that has previously given at a high level and may have an interest in our cause. If we discover that someone in our network knows a potential donor that we have identified, we might ask them to facilitate an introduction.  

We sometimes ask existing supporters whether they would be prepared to open their networks up to us. An existing supporter may tell us about an individual previously unknown to us and facilitate an introduction. In this scenario, we would advise our existing supporter about our data responsibilities and ask them to ensure that the individual in question is happy for an introduction to take place. Following the introduction, we would direct them to the Privacy Promise and ask them to confirm how they would like to hear from us.  

We may create a research profile on someone who we have never had any contact with before. If an introduction does not take place within two years, then we will delete the profile. If the introduction is successful, within 30 days we will tell this person about the Privacy Promise and we will look to gain their consent to continue the relationship.  

After we have created a research profile, we score potential donors under each of the following headings: 

• Ability to donate 

• Interest and  

• Links that they have to our purpose. 

These scores are an estimation of an individual’s ability to give to us, their interest in giving to us and any links they have to our purpose. This helps us to prioritise our resources and develop more relevant funding proposals as we look to generate support for Seashell and the work we do.  

Lawful grounds for processing 

We rely on legitimate interests as our lawful basis for identifying, researching and otherwise processing the personal information of our high value donors as set out above.  

If an individual tells us directly about their own health details or shares any other special category information with us, we will only collect this information when we have their consent to do so.  

Our relationships team foster long term relationships with our existing and potential donors. However, we are committed to only keeping information about individuals who we have an active relationship with.  

Therefore, we remove the personal information captured in the ways described above if the existing or potential donor has not interacted with the team in the previous two calendar years.  

In all our donor acquisition work we follow our Due Diligence policies and Ethical Fundraising policy.  

Online identifiers 

We do currently use Cookies, and you are able to consent to which ones can be active. We are not responsible for cookies on any sites that are signposted from our sites unless they are our supplier. See Cookies and similar technologies.

We use email tracking in the form of Cookies to contact you and to promote our organisation.  

• Email tracking will not take place for any operational emails when you use our services, for example, “the pool is closed for maintenance”.  

When you receive an email from us, we might receive information about how you interact with the email. This includes: 

• The number of times you have opened the email. 

• If you have clicked links in the email 

• If you have read the email 

• If you have made any donations 

We use this information to: 

• See how successful our email communications and campaigns are. 

• See what you are interested in. 

• Target more marketing campaigns more accurately. 

• Sometimes reduce how often we contact you, if appropriate 

• Remove you from our mailing lists where you have asked to unsubscribe. 

We use an email service provider through Mailchimp and our sports system Legend to do this.  

Lawful basis for processing: we only contact people who have given their consent, unless it is for an administrative task. For example: a thank you for donating, in line with GDPR and PECR.  

We believe that we have a legitimate interest in carrying out email tracking as this means you do not receive irrelevant or unwanted emails, as well as allowing us to use our resources and fundraise efficiently. 

We may: 

• send you information about our work and how you can help us, for example, information about our campaigns, volunteering, fundraising activities and how you can donate to us.  

• tell you about services at our site or online.  

• include information from partner organisations or organisations who support us. 

We will only send you marketing information electronically (e.g. by email or text/SMS) if you have agreed that we can by giving your consent for this. 

• We use Mailchimp, Legend and our own Seashell emails to send you marketing information. 

• We may send marketing information by post or phone you - unless you have opted out or said that you don't want to be contacted.  

• When we use an external provider to send postal mailing, they will ensure that our address records are accurate and up to date, and to stop mailings to people who have died.  

• We rely on legitimate interests for this processing, as we think that we have a legitimate interest to promote Seashell’s work and opportunities to potential and actual supporters. 

You can change your marketing consent by 

• emailing data@seashelltrust.org.uk or calling us on 0161 610 0170. 

• by clicking the 'unsubscribe' link in any of our emails 

If you ask us to stop sending marketing information, we will update our records to stop further mailings as quickly as we can. You may still receive further mailings which were already in progress before you asked us to stop. 

Please see the section on Profiling for further information about how we decide what marketing to send to whom. 

We advertise on Meta and Google as well as some other online platforms and other websites. For recruitment via LinkedIn and other profession specific sites. 

We set rules for our online advertising activities, some for promoting and supporting our fundraising and events. And other rules for information about Seashell.  

You may see our online advertising: 

• On websites - for example newspapers and magazine websites. This is 'contextual advertising'.  

• On an online platform (such as Facebook) based on what the platform knows about their users, e.g. we may ask Facebook to show an advert to people who live around Stockport and are interested in running.   

•  We also share Seashell fundraising information.   

• We do not target individuals based upon any special category personal data. 

We collect how many people clicked through to our information so that we understand whether our advertising and communications are effective.  

Cookies  

If you click to accept cookies for advertising you give consent, we have to have your consent to do this. 

The information stored in cookies may also be used to: create a 'lookalike' or 'similar set' of people with similar interests, features, a thing to identify them to a group of people who clicked on the same thing; or to send another message to you about the same thing you clicked on before.  

This helps us to ensure that our messages/adverts are as low cost as possible for Seashell. We only use this method for our fundraising messages. 

We track what you do in our adverts so that we know when you have clicked on an advert. This helps us see what you think of our adverts, and then to give more similar adverts.  

We do not track the responses of individuals who click on our health service adverts.   

We have rules for approving cookies and similar technologies and will never permit cookies that collect any special category information.  

We do not share special category data with external companies. 

For more information on our use of cookies please see Cookies and similar technologies; and how we use cookies. 

We keep a list of journalists we work with, which includes their contact details. 

We only do this to build relationships with journalists to help us promote our charity.  

We believe the privacy impact on journalists is small.  

We rely upon our legitimate interest in promoting our charitable aims for this purpose. 

Our Media Relations Policy sets out the way we work with media. 

If you donate money to us using Gift Aid, you have to complete a Gift Aid form with your name, home address, and a statement that you have paid at least the donation amount in Tax in that tax year and agree to Gift Aid being claimed. We have to have your consent to process these Gift Aid declarations. 

If you have also chosen to donate to us through giving platforms and agree to Gift Aid, your full name and home address, and details of your donation will be shared with HMRC. If you do not provide this information, your Gift Aid declaration cannot be processed. 

HMRC need us to collect the information in this form to reclaim Gift Aid on your donation, and we keep this for minimum six years. 

If Seashell is potentially the beneficiary of a legacy, we collect the names and contact details of executors in order for us to message them to process the gift. Our Legacy Policy says what we need to do, for example to complete identification verification and due diligence. 

It is in our legitimate interests to receive information about a legacy, and checks are completed to safely receive this. 

If there are specific instructions from the donor about their gift and how they would like this to be used, we will receive these instructions and follow the wishes of the donor.  

We keep Legacy information about potential gifts and communications with those families or information about individuals potentially planning on leaving legacy gifts. 

Our Trustees have a legal obligation under the Charities Act 2011 and Trustee Act 2000 to ensure full payment of legacies, and to ensure all funds gifted to Seashell are used to support Seashell. 

See "How long we keep data".

When you join in one of our fundraising events, (or if you are part of a team, and a representative signs you up), we will ask you to provide information so that we can:  

• confirm your place and send you information about the event.  

• claim Gift Aid (if you choose to donate in this manner) 

• when needed may also ask you for health information, for example your dietary or access needs. 

• For some events we will be the organiser and the controller (such as Seashell dinners or balls).  

• For some events we may take registrations on behalf of the organiser. When you are registering for these events, we will tell you who is the event organiser and if we are sharing the information you provide with the event organiser (e.g. challenge events – climbing, walking). 

When you pay to enter an event, we use a card payment processor such as Worldpay, TYL, Stripe, PayPal, Elovate who process your payment on our behalf. We never store your card payment details; we receive information to match you to your transaction.  

If you send us a cheque, pay by cash or make a direct payment – we collect some information to process this. 

If another organisation is running the event, then we will share your details with them, or you will have applied for the event yourself with them electronically.  

If another organisation is running the event, you may have applied for the event yourself with them electronically, or if not, we will share your details with them.  

Please see the sections on Payment Processing and Gift Aid for further information. 

Depending on the event: 

• we may rely on performance of a contract or your consent to process your information to enable you to take part in the event and to claim Gift Aid.  

• we also have to have explicit consent where you provide us with health information. 

• we use legitimate interest as our lawful reason for raising funds and any payments and for sending you information about the event. 

When you make a donation to us, we ask you for information so that we can process this, for example needing your address to claim Gift Aid  

If you wish, you can agree to receive information about Seashell, and events and fundraising. See direct marketing. 

We use: 

• Card payment processors such as Worldpay TYL, Stripe, Just Giving (for one-off transactions) 

• Elovate for single payments and regular direct debit transactions.  

We never store your card payment details, although we will receive certain information from the payment processors to allow us to match you to your transaction. 

If you have chosen to donate to us through Gift Aid, your full name and home address, and details of your donation will be shared with HMRC: if you do not provide this information, your Gift Aid declaration will be invalid. 

We have to have our consent to claim Gift Aid, and on our legitimate interest in raising funds for processing payments. Please see the section on Processing Payments and Gift Aid for further information. 

Donations of over £5,000 

The Relationship Team may do some basic research on you from publicly available sources for example Google, Zoopla and LinkedIn, to decide if you might be of interest for our Relationship programme.  

This research is undocumented, and it does not include searching for sensitive data or on social media platforms. We rely on our legitimate interest for this. 

Donations of £10,000 - £99,999

We will also do additional due diligence on you and may also profile you (unless you have let us know that you would prefer us not to do this). 

This is also for 

• individuals who we may contact soon for a donation within the same donation range. 

• Any individual, potential individual, volunteers or sponsors where there is a low-level public association with Seashell (e.g. where their name is mentioned in our Annual Report, or where the individual is a secondary sponsor of an event).  

• Any previous individual who is a donor, we may also refresh our due diligence.

Due diligence 

We have a legal obligation to ensure that we are compliant with money laundering law. 

We also follow the charity rules around ethics and gift acceptance.  

We consider that we have a legitimate interest in ensuring that our charity is not associated with persons or causes which could affect our reputation or contradict our values. See our Ethical Donations Policy and Gift Acceptance Policy. 

Criminal Offence Data or Special Category Data 

We will usually rely on the fact that you have manifestly made your information available in the public domain, or if you have provided explicit consent to process such data. 

As a charity we must check the types of donations to follow the rules: these include Gift Aid donations, payroll giving, gifts of trading stock, and gifts of shares and securities.   

Also, we have to check ethical issues about donations, to follow the rules of the Fundraising Regulator. This is for accepting donations, grants, sponsorships, or other partnership giving.  

To do this we collect donor information. 

A legacy gift is where someone leaves a donation in their Will to Seashell. This can be done in the Will in two ways, either a pecuniary gift which is of a specific value, or a residuary gift which is a percentage of their estate after they die.  

We are a controller of this data as well as the payment processor. For example, if you bid via a third-party auction site or selling goods. 

You should read their privacy policies. 

If you do not take the item away at point of purchase, we then contact you to provide certain information after you have paid and to arrange delivery of your items. 

If you choose to make a Gift Aid on your purchase or donation, we will share your Gift Aid information with HMRC. 

We work with payment processors such as Worldpay TYL, Just Giving, Elovate (for single payments and direct debits), who process your payment on our behalf. We never store your payment details, although we will receive certain information from the payment processors to allow us to match you to your transaction. 

Please see the section on Payment Processing and Gift Aid for further information. 

We rely on performance of a contract to process your personal information in order to fulfil your order.  

We rely on legitimate interest in providing you with the product/processing the donation. 

When you enter the lottery, Seashell and Sterling lotteries will process your information, check eligibility to participate and complete administrative tasks. Sterling provides your details to Seashell if you have consented to hear more from Seashell. 

Raffles, lotteries or prize draws 

We will process your data to send out prizes or complete other administrative tasks. 

We have to check that you are old enough to enter. 

Raffles  

We process information to enter following performance of a contract to. We rely on legitimate interests to process your payment. See the sections on Payment Processing and Gift Aid for further information. 

Prize draws 

We rely on legitimate interests to process your information, including to enter you into the prize draw and to notify you if you have won. 

Payment processors such as Worldpay, TYL, Just Giving, Elovate (for single payments and direct debits) process your payment on our behalf. We never store your payment details, although we will receive certain information from the payment processors to allow us to match you to your transaction. See the section on Payment Processing and Gift Aid for further information. 

When you sign up to an: 

• Event 

• Service 

• Training course 

• Webinar  

We collect your personal information to understand if you are suitable.  

We will use this information to register you and provide you with information about the event, service, course or webinar.  

We will also use your personal information (if it applies) to allow you to reclaim any costs from attending a course.  

We also often review who is signing up for our events and courses.  

We might then add you to our marketing list with your agreement. This means that we can send you information about other training courses or Seashell events in the future. Please see the section on Direct Marketing.

Examples of training we provide include: 

• MSI Mandatory Qualification PGDip 

• MSI Intervenors 

• Tactile Communication 

• CHARGE 

• Usher 

• Positive Looking British Sign Language (BSL) 

• Sign Along 

• First Aid 

• Sleep and Supporting Autistic Students in Educational and Residential Provisions 

• Autism Awareness 

Examples of events include: 

• Family Services Webinars to support SEND Families 

• Active and hiring our sports facilities 

Some of the events and courses we offer are free to attend if we have managed to find funding.  

If we are using an independent training provider, we will manage the paperwork and only share your personal information with them for certification, if needed.  

We will also manage your attendance if it takes place at an alternative venue.  

It will be clear when you sign up for training who the provider will be.  

We sometimes use a third party for event registration, for example, Legend and online survey tools such as Smart Survey. 

Please check their privacy terms and conditions, as some third parties such as Eventbrite might collect your personal information for their own purposes such as marketing. Seashell does not have control over this.  

As part of a contract with you we will book you onto the training course and provide you with the details that you need to prepare for the course.  

If we do not have a contract with you, we rely on legitimate interest to increase knowledge about the services we provide or if you have given us your consent.  

We rely on legitimate interest to look at who is doing the course and to understand the impact we are having. It is important to us to understand how we can provide the best service possible.  

We might also collect information about you and any reasonable adjustments. This could include support for your learning, and food allergies where events involve meals.  

This might mean we collect and use your special category information.  

For example, if you tell us, you have an allergy or a health condition which means we need to make special arrangements. When we use this type of information we will only do so with your explicit consent.  

We have specific bursary schemes that can be applied for in Education and Care.  

We have to have your consent to give us your personal information to help us to understand if you are eligible for funding. We have to have your explicit consent if we use your health data as part of this process.  

If we pay a bursary to you, we rely on legitimate interest to keep your information. We need to keep records of who we make payments to; this is needed to keep efficient financial records.  

If we believe that you might be eligible for a charitable grant from another organisation, we will signpost you to that organisation to apply.  

Sometimes we apply for funding to benefit an individual. This is usually for equipment that will be used by them during their time at Seashell. Any equipment will then remain to be beneficial to others.  

The information we collect and then share may vary depending on the funding that is applied for.  

We will usually give the name and contact details of the individual and when we need your health and diagnosis details, we will ask for your consent.  

We also apply for funding to Trusts for groups of individuals who might benefit from funding, if we are given it.  

When we do this, we anonymise the information about you. 

If we use any images as part of the application, you will not be identifiable.  

Visitor Registration 

When you arrive at Seashell, we will collect your: 

• Name 

• Car registration number 

• Company name (if applicable)  

You will then be issued with a badge.  

If you are visiting our homes or education buildings a record of you being in that building will also be made.  

CCTV 

At Seashell we have CCTV cameras on site, so you may be captured on CCTV.  

These cameras are managed by our IT Team. Access to these images is strictly limited, and they overwrite any images every 14 days, unless they need to be kept for longer in certain circumstances.  

This is explained in our CCTV Policy.   

When using CCTV, we rely on legitimate interest to ensure the safety and security of our: 

• Visitors 

• Staff  

• Assets 

CCTV footage may be shared with law enforcement where we have a legal obligation or a legitimate interest in doing so.  

Sometimes we might share CCTV footage with other individuals and authorities where we have a lawful basis for doing so.  

As a user of our facilities 

When our facilities have been hired by an organisation, the organisation are responsible for collecting your personal information. Seashell will only collect your personal information if we need to be told about: 

• Health and Safety reportable incidents related to First Aid incidents. 

• safeguarding incidents 

• data breaches or security incidents.  

If you connect to our Wi-Fi service whilst onsite your device and contact details will be processed by Seashell.  

As a hirer of our facilities 

Seashell will collect the information needed to make a booking and use our facilities safely and securely. Seashell will collect the information needed if there are any: 

• accidents 

• incidents 

• data breaches or security incidents 

If you connect to our Wi-Fi service whilst onsite your device and contact details will be processed by Seashell.  

As our customer (if you are using our Active sports facilities) 

You will have made a booking using our Legend system, and we rely on performance of a contract to provide these services or consent if you have agreed to our marketing services.  

We rely on Legal obligation to process any Health and Safety or Safeguarding information.  

When you contact us by: 

• Telephone 

• Email 

• Post 

• Social Media  

This could be for: 

• A query 

• A complaint 

• A compliment  

We will collect some personal information from you this includes: 

• Contact details 

• Reasons for contacting us. 

We use this information to: 

• Provide you with advice and support. 

• Find out the answer to your query (if we don’t already have it) 

• Investigate a complaint (as appropriate) 

• Pass on your compliment. 

• Create a record on our systems so that we have this available if you contact us again. 

• Follow up in relation to any outstanding issues. 

This is done in line with our Compliments and Formal complaints policy and procedure.  

We will usually rely on legitimate interest for these purposes: 

• Advising and supporting people accessing Seashell and our services 

• Providing information 

• Ensuring that any queries and complaints are quickly and appropriately dealt with 

This is important for maintaining our reputation, which is important if we are to continue providing these services and developing related ones.  

We have our website and online resources including our YouTube channel and closed Facebook group for families and supporters to access.  

Our Communications team may also collect personal information and respond to these where you have:  

• Publicly posted about us on social media or recruitment boards. 

This also includes where we work in partnership with other organisations, we will share and respond to posts.  

Please remember that when you post personal information on social media or recruitment boards, your information is available to the public.   

This information can be viewed online and collected by third parties. We are not responsible for the use of information by any third parties.  

If you are part of a discussion online, we strongly recommend that you do not share any personal information that could be used to identify you including: 

• Your name 

• Your age 

• Your address 

• The name of your employer 

We are not responsible for the privacy of any information that you post. 

If any third-party claims to own any content that you post or send, we have the right to disclose your identity.  

When you are invited to join the group we can view some information about you, this includes your: 

• Name 

• Contact details 

• Age  

• Gender 

In the group we check if what you write is against the rules and remove if needed.  We also reply to questions and queries raised in the group. 

This also provides you with a parent/guardian forum to make contact with other Seashell families.  

As this forum is checked, any personal information in your posts may be collected as part of the checking process.  

Our Social Media policy provides further details on this. 

If there are any specific user queries, these will be dealt with on an individual basis with the Family Services team. They will make contact with you to support you outside of the group.  

We rely on performance of a contract for taking part in the groups and for checking the posts.  

If you choose to post any special category information, like health information, we view this as you making the information available to the public.  

If you post a comment about Seashell on other platforms we may reply publicly to your comments and then look to contact, you to help or answer questions.  

We do this with your consent to agree to be contacted via our email info@seashelltrust.org.uk 

We have these social media accounts Facebook, X (previously known as Twitter), Instagram, LinkedIn, YouTube. 

We use them to tell you about Seashell services and events. When you interact with our social media (for example, by liking or sharing our content, or posting a comment), we may collect personal information from you including your username, as well as any posts you make. We also moderate your posts. 

If you message us privately via social media, we will collect explicit consent for any processing of special categories of data. 

Each Social Media platform is a controller in relation to information you post please see their privacy policy for information about their use of your personal information.  

For example,  

• Facebook’s privacy policy:  https://en-gb.facebook.com/privacy/policy/ 

• LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy 

The way we behave on social media, both as Seashell and as individuals employed by Seashell, is explained in our social media Policy, which includes Online Safety. 

Sometimes we will pay the social media platforms to promote our online posts as explained in Online Advertising. 

Donations on social media 

We sometimes use Facebook for our challenge fundraisers so you can participate in an event and make donations to Seashell. 

Some social media providers offer their opportunity to donate to charity. If you create a fundraiser, or in memory of... for Seashell and have your profile as public, we may use this to suggest ways to contact us about your fundraising and (where privacy settings allow) post a public thank you message. 

If your followers make a public donation for your fundraiser, we may collect this information in order to send a thank you message and/or process the Gift Aid donation if you have said you can give that.  

We use legitimate interest for processing your donation, contacting you about your fundraising, and in thanking you. 

If you have any questions about Fundraising, please contact the team on 0161 610 0170 or email fundraising@seashelltrust.org.uk 

Seashell uses cookies (and similar technologies such as tags) on our website, social media, email solutions, booking and communication systems. We do this to ensure the communications work effectively and it gives you a more personalised experience. 

Sometimes this includes advertising and helps us to have insights into the content we create (for example, to see how many people saw, opened or liked certain content). Please see the section on Online Advertising for further information. 

When you first visit our website, social media or communication channels you will be able to decide which consent to cookies you want to choose. 

If a cookie is no necessary to make our pages work, you will be able to set your preferences at this stage – some cookies collect personal data. 

Where cookies are necessary, we consider that we have a legitimate interest in processing the personal data they collect, as having working website, social media and communication channels is vital Seashell. 

You can at any time amend your consent by clearing cookies from the cache in your computer and rejecting them next time you access our website and software solutions. 

We may also use similar technologies/tags to identify when our emails or social media direct messages are opened when you have agreed to participate in an online event. This allows us to identify whether our marketing and fundraising campaigns are effective, and we consider that we have a legitimate interest in doing so. 

For more information about our use of cookies and tags, different types of cookies, the information they collect and further information about how you can control the types of cookies that are placed on your browser, please see How we use Cookies. 

When you start your journey to volunteering via our website, we collect some information to proceed with your enquiry. If we have identified that we can match an opportunity with your request, you will then create your volunteering profile.  

To set up your profile you will need to provide: 

• Your name 

• Your address 

• Your date of birth 

• Emergency contact details 

• References 

Please note, we will ask for the references and details to follow our Safeguarding onboarding process and DBS check.  

When you apply for a specific volunteering opportunity, we will collect additional information about you to process your application and to allow us to support the placement opportunity. The information we need will vary depending on the role, but this will always be clear from the opportunity description.  

If you then agree, we will you use your contact details to keep in touch with you about Seashell. Please see the section on direct marketing for further information.  

For some roles, we may provide mandatory and/or specific training. We record completion of online training as well as attendance of training sessions. We do this as we need to make sure that all of our volunteers have received appropriate training for any role they are taking on. We will also record information about your volunteering journey with us.  

If you choose to reclaim expenses related to your role, from us, we will process information about any expenses, including: 

• The amount 

• Type of expenses 

• Your name 

• Your bank account details. 

This is so that we can decide whether your expenses should be refunded and to make any payments to you.  

We consider that it is in our legitimate interests to process your personal information as part of your volunteering journey as described above, as this helps us to support our people. The above information is stored in our volunteer database, Kinetic and in our internal SharePoint.  

Group Volunteers 

If you are volunteering as part of a group from a company/organisation we will collect information that is needed to support your visit on the day, this will include: 

• Your name 

• Your email address 

• Car registrations 

• Health and safety information 

• Group risk assessments.  

We consider that this is in our legitimate interests to collect your personal information as part of your volunteering opportunity with us, as this helps us to support you and our people on site.  

Health and safety information is collected for specific risk assessments that we need to put in place to safely support the volunteering opportunity. We have a legal obligation to support our volunteers.  

If our processing goes beyond our legal obligation to support our volunteers we rely on our legitimate interest.  

If you are an individual or volunteer group and have agreed to hear more form us when starting, we will contact you as you have given us your consent to do so. Please see the section on direct marketing for further information. 

We process personal information that you give to us so that we can: 

• Support you as one of our volunteers. 

• Run an effective committee. 

• Ensure the activities of the committee are legally compliant. 

• Ensure that suitable governance is in place.  

• Ensure that we effectively deliver our services. 

• Effectively manage funds donated. 

• Safeguard our assets.  

As a governor or trustee, you may also receive information from our services and other ways you can help including: 

• Opportunities to donate. 

• Volunteer n 

• Fundraise 

We rely on legitimate interest for this unless you have given us your consent. Please see direct marketing.

We will not include anyone under the age of 18 in any digital media categorisation of audiences.  

Our external communications information is about our work, events and activities and is published in line with the relevant lawful reasons and in line with current Mental Capacity legislation.  

If you are interested in fundraising for us and you are under 18, we may need to speak a parent, guardian or representative instead of you or before speaking to you. We may need to record your date of birth, so we know how old you are.  

0-15 years old: if you are aged 15 or under, we will need to speak to your parent or guardian regarding your enquiry. We will not collect any personal data about you. Any information provided will be recorded under the name of your parent or guardian.  

16-17 years old: if you are aged 16-17 then we may need to record your date of birth to create your record. We will not send you any marketing or carry out any processing that would need consent.  

Work Experience 

16-17 years old: you may look to complete work experience at Seashell, for this we will need to collect and process information about your time here, this will include risk assessments to keep both you, our service users and staff safe and well.  

We can talk to your parent, guardian or representative over the phone and then receive written permission either in forms sent via post or electronically or in agreement via email.  

Our fundraising activities might include competitions or ideas involving children about how to raise money. When this happens, we will make sure that any communications or applications also include an adult parent or guardian, following the guidelines above.  

If you are a performer, celebrity, activity or service provider for Seashell, we will collect and use some of your personal information, including your name and contact details. 

Any additional information collected will depend on specific arrangements with you. This information will be used to plan with you for your services and supporting logistics. Your performance may also be recorded where we have agreed this with you.  

Our legal basis for processing will be contract. The performance of our contract with you will either be a standard release form or a contract for services.  

If you are working with our children and young adults, we will also process your personal data in line with requirements in our Safer recruitment policy and procedures, the lawful basis for this is to meet our legal obligations.  

To make sure that we provide you with the best possible service and that we use our resources as well as possible, we use some external suppliers and agencies where appropriate.  

This involves us sharing your personal information with our trusted services providers who we have authorised to act or work on our behalf and who we work with in partnership to deliver and improve services for the purposes set out in this Privacy Promise. This includes organisations who fundraise on our behalf. Some of these organisations act as controllers and others act as processors who act on our instructions only.  

• Local and central government
• Integrated care boards
• Ofsted
• Public Heath
• CQC
• Activity providers
• Department of Health
• Department for Work and Pensions
• Health and Safety Executive
• NHS Services
• Multi-disciplinary teams
• Safeguarding boards
• Seashell Trust staff and representatives
• Families
• Advocates
• Shared care providers
• Professional services
• Trust fund provider (where applications are made specifically for you)
• Professional services consultants

• Local and central government 

• Integrated care boards 

• Ofsted 

• Public Health 

• Department for Education 

• Department of Health 

• Health England  

• Health and Safety Executive 

• Health placement (affiliated university) 

• NHS services 

• EFA (Education Funding Agency) 

• Exam and course accreditation organisations 

• Multi-disciplinary teams 

• Activity providers 

• Our governors 

• Technology solution providers 

• Safeguarding boards 

• Seashell staff and representatives 

• Professional services consultants and  

• Professional services.  

• Ofsted 

• HMRC 

• Public Health 

• Disclosure and Barring Service 

• Health and Safety Executive 

• Local and Central government 

• Department for Work and Pensions 

• Office for National Statistics 

• Financial and audit services (internal and external) 

• Banking services 

• Staff benefit package providers 

• Occupational health and physio service providers 

• Total benefit package providers 

• Learning and development providers 

• Apprenticeship scheme providers 

• EFA (Education Funding Agency) 

• Qualification accreditation providers 

• Activity providers 

• Reference service providers 

• Legal services 

• Law enforcement bodies 

• Trade unions (where you are a member)  

• Our governors 

• Technology solution providers 

• Safeguarding boards 

• Current, past and prospective employers and work experience (for references) 

• Parents and prospective parents 

• Professional services consultants 

• Regulatory body inspectors 

• Professional bodies that you are registered with and  

• Partner organisations.  

• Ofsted 

• CQC 

• Local authorities 

• Government departments 

• Public health 

• Health and Safety executive 

• Legal services 

• Law enforcement bodies 

• Our governors 

• Technology solution providers 

• Safeguarding boards 

• Professional services 

• Disclosure and Barring Services 

• Financial checking services 

• Service accreditation providers 

• Customers 

• Seashell employees 

• Software providers 

• Credit and fraud prevention check providers 

• Seashell staff and representatives 

• Professional services consultants and  

• Professional services.  

• Public Health 

• Seashell employees 

• Partner organisations 

• Law enforcement authorities  

• External catering providers 

• Technology solution providers 

• Safeguarding boards.  

• Volunteer portal provider 

• Public health 

• Background check and reference providers 

• Disclosure and Barring Service 

• Seashell staff and representatives 

• Our governors 

• Technology solution providers 

• Safeguarding boards 

• Law enforcement bodies 

• Regulatory body inspectors 

• Health and safety executive 

• Learning and development systems 

• Professional services  

• Off-site location providers for health and safety purposes. 

• HMRC 

• Gift aid 

• Authorised users 

• Event partners 

• External catering services 

• Trust fund providers (where applications are made) 

• Government departments (when bidding for funding) 

• Offsite location providers for health and safety purposes 

• Email marketing systems 

• Fundraising regulators 

• Legal representatives 

• Health and safety executive 

• Seashell staff and representatives 

• Social media platforms 

• Our governors 

• Technology solution providers 

• Safeguarding boards.  

• Seashell staff and representatives 

• Public Health 

• NHS services 

• National governing bodies 
• • Referral organisations 
  • Activity providers 
  • Background check and reference providers 
  • Safeguarding boards 
  • Health and safety executive 
  • Software providers 
  • Multi-disciplinary teams  
  • Off-site location providers for health and safety purposes.  

• Seashell staff and representatives 

• Public Health 

• CQC 

• Integrated care boards 

• Service commissioners 

• Local authority multi-disciplinary teams (where commissioned by a local authority) 

• Health and safety executive 

• Safeguarding boards 

• NHS services 

• Activity providers 

• Learning and development providers 

• Accreditation providers 
• Off-site location providers for health and safety purposes.  

When we use an external service provider to process personal information on our behalf, we only share the personal information that is needed to deliver the service, and we will have a contract in place that requires the provider to agree to Seashell and Data Protection and Information Security requirements.  

We may share your personal information with others who may be located in the EU, EEA and elsewhere in the world, including the USA and other countries with less data protection rules than those in the UK. Wherever they are located, we only work with companies we trust to keep your information safe.  

We will always try to make sure that appropriate or suitable safeguards are in place to protect your personal information and that any transfer of your personal information follows data protection laws. We usually have standard contract rules and related agreements when transferring personal information to other countries.  

You can get further information on this by contacting us (see Contact Us) although some details may be redacted for confidentiality reasons.  

We are committed to keeping the personal information you share with us protected.  

To do this we have measures in place, these include: 

• Policies 

• Processes 

• Procedures 

• Staff who are responsible for the protection and security of your information 

• Contracts and agreements with staff and others to keep your personal information private 

• Training for all staff who access personal information 

• Access controls to personal information 

• Reporting systems for incidents 

• IT protection systems 

• Checks of suppliers to make sure they look after personal information 

• Following guidance to meet assessment criteria of the NHS Data Security and Protection Toolkit and Cyber Essentials. 

We have a policy which tells us how long we will keep your personal information for, sometimes how long we keep information for is decided by law.  

We will not keep your personal information for longer than we need to. 

Each service has a retention schedule to tell them how long to keep information for.  

All services at Seashell have and maintain retention schedules. For further information about retention please Contact Us.

If supporters leave gifts to us in their Wills, we will keep some information for up to 85 years, this includes: 

• Most recent and previous names and addresses 

• Donations made 

• Communications sent and received 
• Legacy conversations and Will-writing appointments held and legacy status 

We store some of your personal information on our own servers. This is held in line with our Information Security and Data Protection and Retention policies.  

Where we work with service providers to process and hold your personal information for us, we will ensure this is written in a contract or sharing agreement and we will take reasonable steps to make sure that your personal information is treated securely in accordance with this Privacy Promise. We will protect your personal information and ensure that it will be held according to the law.  

We store your information securely in our servers and require the same with all of our service providers.  

Please do remember that information sent over the internet is inherently insecure, and we cannot guarantee the security of information sent over the internet. 

When Seashell does business with suppliers, we are responsible for checking that all correct rules are in place in the contract we sign.  

In cases where we use software provided by other organisations e.g. X (previously known as Twitter), Facebook, Legend, Raisers Edge Mailchimp, Elovate, Seashell will define how we manage and store our information.