Who we are
Swiss Benevolent Society (“us”, “we”, or “our”) operates the website www.swissbenevolent.org.uk (the “Website”). This page informs you of our policies regarding the collection, use, and disclosure of Personal Information we receive from users of the Website.
What personal data we collect and why we collect it
Personal data
Personal data means any information relating to an individual person who can be identified from that data, such as name and contact details. Identification can be by that information alone or in association with any other information in the data controller’s possession. The processing of personal data is governed by the General Data Protection Regulation (‘the GDPR’).
Data controller
Swiss Benevolent Society is the data controller. This means it decides how your personal data is processed and for what purposes. SBS, through its board of trustees, complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access, and disclosure; and by ensuring that appropriate technical measures are in place to protect personal data. The Swiss Benevolent Society takes these obligations seriously and does not use your personal data in any way you would not expect.
Purposes for which the Swiss Benevolent Society processes your personal data.
SBS processes personal data for the following purposes:
- to comply with company and charity administration obligations.
- to maintain its financial accounts and records, including the processing of Gift Aid donations.
- to manage and administer employment records and comply with statutory obligations in relation with PAYE, NI, and Pension.
- to manage and administer general client support (such as moral advice)
- to administer and manage client financial application.
- to administer and manage incoming donations.
- to process its members list.
- to process its trustees list.
- to organise seminars.
- for social media marketing and mailing list inclusion, but only with your explicit consent.
Lawful bases for processing your personal data.
SBS relies on the following ‘lawful bases’ for processing personal data:
- Processing is necessary to comply with a legal obligation; or
- Processing is necessary for the performance of a contract or agreement between you and the Swiss Benevolent Society; or
- Processing is necessary based on the legitimate interests of SBS. Briefly, these are:
- to achieve the SBS’s objectives as a charity to enhance the quality of life of fellow Swiss in the UK, old and young, from all walks of life, who are experiencing difficulties.
- to benefit individuals, such as clients and persons submitting enquiries.
Collection of Data from Children
SBS adheres to strict regulations regarding data collection from children/minors. We only collect data from a child/minor in the following situations, and only with the explicit consent of their legal guardian:
- When a child’s information is necessary to assess a financial aid application (e.g., bursary) for their benefit.
- When a child’s legal guardian submits a specific help request on their behalf.
Comments
If you leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
Our Website uses cookies to enhance your experience and gather information about your usage of the site. Cookies are small text files that are placed on your device by websites you visit. They help us analyze web traffic and improve our Website. We use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better Website experience by enabling us to monitor which pages you find useful and which you do not. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the Website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Who we share your data with
Sharing Personal Data
Personal data is treated as strictly confidential and is only shared with others:
- to comply with a legal obligation (e.g., Companies House, Charity Commission, HM Revenue & Customs for Employment Obligations and Gift Aid donations, Pension Provider, and SBS Auditors); or
- Based on a contract to directly benefit the recipient, such as:
- Scholarships or bursaries secured by SBS with educational institutions.
- Discounted rates for events or relevant goods and services negotiated by SBS with external providers; or
- with your explicit consent for specific purposes, such as social media marketing or mailing list inclusion; or
- In very limited circumstances, with local authorities, but only if they have a legal basis for the request, such as a statutory power or court order. This could involve: Benefit fraud investigations, vulnerable beneficiary well-being checks, public health emergencies (limited). We carefully assess all requests and only share the minimum data required, prioritizing beneficiary privacy.
At the Swiss Benevolent Society (SBS), we may share your webuser data with trusted third-party service providers for specific online purposes in order to enhance your online experience and support our operations. These providers include:
- Google Analytics: We use Google Analytics to analyze website traffic and better understand how visitors interact with our website. Google Analytics collects information through cookies and similar technologies to provide insights into user behavior. Please review Google’s Privacy Policy to learn more about how they handle your data: Google Privacy Policy.
- MonsterInsights Analytics: We also utilize MonsterInsights to gain insights into website usage patterns and improve our online presence. MonsterInsights helps us understand user interactions with our site. For details on how MonsterInsights handles your data, please refer to their Privacy Policy: MonsterInsights Privacy Policy.
- Social Media Platforms: We maintain a presence on various social media platforms, including Facebook, Instagram, Twitter, LinkedIn, and WhatsApp. By interacting with our content on these platforms, you may be providing personal data to the respective social media companies. Please refer to the privacy policies of these platforms for information on how they process your data: Facebook Data Policy, Instagram Data Policy, Twitter Privacy Policy, LinkedIn Privacy Policy, WhatsApp Privacy Policy.
- Mailchimp: We use Mailchimp to send email newsletters and updates to our subscribers. Your email address and other relevant contact information may be shared with Mailchimp for this purpose. Mailchimp’s Privacy Policy outlines their data handling practices: Mailchimp Privacy Policy.
Please note that these third-party service providers have their own privacy policies and practices, which may differ from ours. We take measures to ensure that any data sharing is conducted in accordance with applicable data protection laws and that your personal data remains secure. We encourage you to review the privacy policies of these providers to understand how your data is used and protected.
How long we retain your data
Data Retention Periods
Data is kept by SBS only for as long as is necessary for the purpose it was collected or to comply with legal or regulatory obligations. The following data retention periods apply:
- SBS Welfare officer and trustees: as long as necessary for legal compliance.
- Donations: 8 years after the last donation.
- Applicants for funding – successful: 8 years after completion of project.
- Applicants for funding – unsuccessful: 5 years after application.
- Patrons: 3 years after ceasing to be a patron.
- Persons submitting enquiries: 5 years after the enquiry.
- General personal data: Maximum of 6 years after the last interaction with the client.
- Special category data: Shortest possible period to fulfil the original purpose, generally not exceeding 2 years (unless justified by exceptions under UK data protection law).
- Financial records: 8 years to comply with tax and accounting regulations.
- Legal records: As per legal advice and statutory requirements.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
Your Rights and Your Personal Data
Unless subject to an exception under GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of the personal data which the SBS holds about you (a ‘subject access request’).
- The right to request that the SBS corrects any personal data if it is inaccurate or out of date.
- The right, where there is a dispute about the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to request that your personal data is erased if it is no longer necessary for SBS to retain it.
- The right to withdraw your consent to the processing at any time.
- The right to request that the SBS provides you with your personal data and where possible, to transmit it directly to another data controller.
- The right to object to the processing of personal data.
- The right to file a complaint with the Information Commissioner’s Office.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Data Security
We are committed to protecting your personal data from unauthorised access, disclosure, alteration, or destruction. We employ a range of technical and organisational measures to achieve this, including:
- Regularly backing up data and the use of encrypted data cloud storage
- Anti-virus programs and firewalls.
- Multi-factor authentication on our CRM and other software.
- Individual accounts with strong passwords for each staff member and trustee. Limiting data access to employees who have a legitimate business need.
- Keeping all software up-to-date.
Data Minimisation
We are committed to the principle of data minimisation. We only collect and retain the personal data necessary for the purposes outlined in this Notice. We conduct regular data screening by the data controller and promptly delete any data no longer required. We have procedures in place to securely delete personal data that is no longer required. These procedures comply with relevant legal requirements.
Further processing
If we wish to use your personal data for any purpose not covered by this Data Privacy Notice, then we will provide you with a new notice setting out the relevant purposes and processing conditions prior to doing so. Whenever necessary, we will seek your prior consent to the new processing.
Compliance & Responsibilities
Failure to comply with this policy may result in disciplinary action and potential legal consequences.
– Data Protection Officer (DPO): Oversees policy implementation and compliance.
– Board of Trustees / Directors: Ensure teams adhere to retention and deletion procedures.
– Administrator / Employees: Implement technical measures for secure deletion.
Contact information
In relation to all relevant rights and queries, please contact the Company Secretary, Ms Nadine Hoffzimmer, at info@swissbenevolent.org.uk, tel.0207 8369119.
You can contact the Information Commissioner’s Office on 0303 123 1113 or via email: https://ico.org.uk/global/contact-us/email/ or at: The Information Commissioner’s Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Address & Contact Information
Swiss Benevolent Society
79 Endell Street London WC2H 9DY Tel. 0207 8369119 info@swissbenevolent.org.uk www.swissbenevolent.org.uk
Additional information
International Data Transfers:
Please be aware that some of your personal data may be transferred to, stored, and processed in countries outside of the European Economic Area (EEA). These countries may have data protection laws that are different from the laws of your country. However, we will ensure that suitable safeguards are in place to protect your personal data in accordance with applicable data protection laws. By using our Website and providing your personal data, you consent to the transfer of your personal data to countries outside the EEA.
Age Restrictions:
Our Website is not intended for use by individuals under the age of 18. If you are under 18, please do not provide us with any personal data.
Data Breach Procedures:
At the Swiss Benevolent Society (SBS), we are committed to safeguarding your personal data and take data security seriously. In the unlikely event of a data breach or suspected data breach, we have established robust procedures to promptly assess, address, and mitigate any potential risks to your personal data.
Our Approach:
- Immediate Action: Upon discovering a data breach or suspected breach, our dedicated team will take immediate action to assess and contain the situation. We will launch an internal investigation to determine the scope and nature of the breach.
- Risk Assessment: Our team will conduct a thorough risk assessment to evaluate the potential impact of the breach on your rights and freedoms. This assessment helps us determine the appropriate response measures.
- Mitigation: We will take all necessary steps to mitigate the impact of the breach and prevent any further unauthorized access or disclosure of your personal data.
- Notification: If the breach poses a risk to your rights and freedoms, we will notify you without undue delay. Our notification will include information about the nature of the breach, the types of personal data affected, and the steps we are taking to address the situation. We will also provide guidance on any actions you can take to protect your information.
- Supervisory Authority Reporting: Depending on the severity of the breach, we may be required to report it to the relevant supervisory authority in accordance with applicable data protection regulations. This reporting ensures transparency and accountability in addressing breaches.
Your Role: Your prompt cooperation is essential in the event of a data breach. We recommend that you regularly review the communications we send you and promptly follow any instructions provided, including changing passwords or updating security settings.
Prevention and Security: At SBS, we continuously implement security measures to prevent data breaches. These measures include encryption, regular vulnerability assessments, access controls, and staff training on data security best practices.
Stay Informed: We are committed to keeping you informed throughout the breach resolution process. Our priority is to ensure the security and integrity of your personal data and to provide you with timely updates as we address the breach.
Changes to the Privacy Policy:
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes.
Download our Privacy Notice for Data collected and processed in our Office: