Privacy and Cookies Policy

Hospitality Action (HA) is committed to protecting and respecting your privacy. This Privacy Policy sets out how we collect and use your personal information (this means any information that could identify you). This document will help you to understand our views and practices regarding your personal data and how we treat it.

The HA Privacy Policy will change so please check it periodically. This is version 1.0 and was last updated on the 22nd November 2022. If we make any changes to our Privacy Policy we will detail this on our website.

1. Terms we use in our Privacy Policy
2. Who are we?
3. Who our privacy policy applies to
4. What type of information we collect and how we use it
5. How we collect your information
6. The legal basis for using your information
7. Marketing
8. Safety of your information
9. Sharing your information
10. How long we hold your information for
11. Your individual rights
12. What laws we comply with
13. Cookies

1. Terms we use in our Privacy Policy

When we refer to ‘you’ and ‘your’ in this privacy policy, we refer to any individual whose personal information we process from time to time.

When we refer to ‘processing’ of your personal information, this includes obtaining, using, recording, storing and anything we do with it, such as organising, adapting or altering it, retrieving, disclosing it or otherwise making it available to our trusted service partners, combining it with other data or erasing it.

2. Who are we?

Hospitality Action is a leading charity helping people in the hospitality industry through a range of services such as Grants, EAP (Employee Assistance Programme), Golden Friends Scheme and Befriending. We actively fundraise to support our work.

We are Registered Charity No.1101083 | Registered in England & Wales Company No.04914871 incorporated under the laws of England and Wales.

For the purpose of the General Data Protection Regulation (GDPR) (2018) we are a data controller and a data processor. We also work with trusted service partners who are also data processors.

If you have any questions about our Privacy Policy or how we process your personal information, including any complaints, please contact us either by e-mail : info@hospitalityaction.org.uk, by telephone on 0203 004 5500, or by post at our registered office 62 Britton Street, London EC1M 5UY.

3. Who our Privacy Policy applies to

We include in this Privacy Policy personal information we process relating to individuals who are:

• Visiting and using our website.
• Making any enquiry with us (including when enquiring on behalf of someone else e.g. a friend or family member).
• Donating.
• Using our services.
• Attending our events, e.g. registering or booking tickets.

4. What type of information we collect and how we use it

We want to use your information to ensure that we communicate with you in the way you choose, provide you with relevant information about accessing our services, making a donation or attending any of our events.

Personal Information
Personal information we collect includes details such as your name, date of birth, email address, postal address, National Insurance number, gender, telephone number, bank details and credit/debit card details (if you are making a purchase or donation), as well as information you provide in any communication with us. You will have given us this information when accessing our services, using our website, making a donation, registering for an event or in other ways that you may engage with us.

We will use this information primarily:

• To process your donations or other payments.
• To claim Gift Aid on your donations and verify any financial transactions.
• To provide the services or grants that you have requested.
• To update you with relevant messages about your donation, an event or services or goods you have requested.
• To keep a record of your relationship with us.
• Where you volunteer with us, to administer the volunteering arrangement.

If you do not provide the relevant information, we will not be able to process these actions.

We may also use your personal information to:

• Contact you about our work and how you can support us (see section 7 on ‘Marketing’ below for further information).
• To invite you to participate in surveys or research.

Sensitive Personal Information
Data Protection law recognises that some categories of personal information are more sensitive than others. Sensitive Personal Information can include information such as a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation, DBS checks or religious beliefs.

If you provide us with any Sensitive Personal Information by telephone, email or other means, we will treat that information with extra care and confidentiality and always in accordance with this Privacy Policy.

If you give us your specific consent, we may use your story as a case study to highlight the work we do in order to raise awareness within the industry.

If you contact us through our services you may choose to provide details of a sensitive nature. We will only use this information for the purposes of dealing with your enquiry, training, quality monitoring or evaluating the services we provide. We will not pass on your details to anyone else without your express permission except in exceptional circumstances. Examples of this might include anyone reporting serious self-harm or posing a threat to others or children contacting us and sharing serious issues such as physical abuse or exploitation.

5. How we collect your personal information

Data you provide
Your personal data will include data you provide (or later amend), whether: from correspondence with you; verbally to us over the phone or in person; by filling in any field or form on a website; by filling in any printed form we provide you with; by e-mail; from documents you provide use with; and from updates to any information you provide from time to time.

This includes when you: register or subscribe for any services, make a donation, register for an event, or make an enquiry for other services whether in person, by phone, through our website or otherwise; send us your comments or suggestions; subscribe to any newsletter or other publication; and request information, including brochures.

Data obtained from third parties
We may obtain personal data concerning you from third parties, including other charities and their intermediaries; credit, fraud, identity and other searches we may undertake, including searches with public records and regulatory and private organisations; from any business or organisation you are associated with; from telephone numbers identified by the telephone system when you telephone us.

Data generated by us
We and any trusted service partners working for us may generate personal data relating to you, including in connection with responding to and dealing with any enquiry, donation, application for services, information request, suggestion or complaint; or in performing any services, donation, event or other contract with you; or through the analysis of your personal data or data gained from your use of our website. Our trusted third party EAP partners may record telephone calls with you.

Website
By visiting and using our website you or your computer may provide personal data. This includes:

• Information which is automatically provided by your browser to our servers.
• Information recorded on our web servers about your interaction with our website and pages viewed.
• Information we capture or place on your computer or generate using cookies or other technologies on our website.
• Information you input into forms and fields on our website.

We use ‘cookies’ to help our website run efficiently, please see the ‘Cookies’ section 13 below.

6. The legal basis for using your information

In most cases, we will only use your personal information where we have your consent or because we need to use it in order to fulfill a transaction with you, for example because you have purchased an item in our Online Auction on our website.
There are also other lawful reasons that allow us to process your personal information and one of those is called ‘legitimate interests’. This means that the reason that we are processing information is because there is a legitimate interest for HA to process your information to help us to achieve our vision of helping as many people as possible who are in need in the hospitality industry.
If we process your Personal Information under the ‘legitimate interest’ lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that these are adversely affected.
Some examples of where we have a legitimate interest to process your Personal Information are if we contact you about our work, use your personal information for carrying out research to better understand who our supporters are, for our legal purposes (for example, dealing with complaints), or for complying with guidance from the Charity Commission.

7. Marketing

Marketing is vital to ensure HA raises money to help those in need and to raise our profile in the hospitality industry.
Where you have consented to this, we may use your personal data to carry out direct marketing and send you marketing messages, materials, adverts and promotions relating to services we or our trusted service partners provide. You will be free to withdraw your consent to this, or update your choices, at any time, by contacting us as detailed in this privacy policy, as detailed in any direct marketing that you receive or by clicking the unsubscribe link at the bottom of the relevant email communication.

Profiling
We want to improve how we talk to you and the information we provide through our website, services, products and information. To do this we sometimes use profiling and screening methods so that we can better understand our supporters, your preferences and needs, to provide a better experience for you.

We may carry out targeted fundraising activities using profiling techniques based on the information that we hold about you. We may also work with third party organisations that provide additional insight; this may include general information about you that is publicly available.

This information can be appended to the information that you have provided which allows us to use our resources more effectively by better understanding the background of our supporters and making appropriate requests based on what may interest them and their capacity to give.

8. Safety of your information

We are committed to doing what we reasonably can to keep your personal data secure, and have put in place appropriate technical and organisational measures against unauthorised or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data. We have accordingly implemented security policies, rules and technical measures with a view to achieving this.

Unfortunately the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site. We recommend that you encrypt any sensitive personal information sent to us.

For your own privacy protection, we encourage you to maintain anti-virus and other malware protection software on your computers and other devices, and to maintain your own measures to protect your personal data. Please do not include sensitive personal data in any e-mails you may send to us, including payment card information. We recommend that you encrypt any sensitive personal information sent to us. We also encourage you to be careful about whom you give personal data to. Please let us know if someone purports to contact you in our name and you have reason to be suspicious.

Our website may contain links to other sites that may collect personally identifiable information about you. Please be aware we are not responsible for the content or the privacy practices employed by other sites and our privacy policy does not cover these other websites.

Any debit or credit card details which we receive on our website are passed securely to Stripe our payment processing partner, according to the Payment Card Industry Data Security Standard. You can find out more information about PCI DSS here: www.pcisecuritystandards.org.

9. Sharing your information

The personal information we collect about you will mainly be used by our staff (and volunteers) at HA, as well as our trusted service partners, so that they can support you.

We do not sell or share your personal information, or web browsing activity, with other organisations.

We may share your information with our trusted EAP partners who work with us or on our behalf to deliver our services, but processing of this information is always carried out under our instruction. We make sure that they store the data securely, delete it when they no longer need it and never use it for any other purposes.

In some cases, your personal data may be held and otherwise processed by them on our behalf, in which case we will remain responsible for what they do with your personal data, and it will only be held and processed by them in accordance with our instructions, this privacy policy and GDPR.

10. How long we hold your information for

We only keep your personal information for as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations (for example, the collection of Gift Aid).

11. Your individual rights

You have various rights in respect of the personal information we hold about you, which are detailed below. If you wish to make use of any of these rights or make a complaint, you can do so by contacting us at Hospitality Action, 62 Britton Street, London EC1M 5UY, by telephone on 0203 004 5500 or by email as follows;
General enquires: info@hospitalityaction.org.uk
Fundraising/Marketing: fundraising@hospitalityaction.org.uk
Grants: grants@hospitalityaction.org.uk
EAP: eap@hospitalityaction.org.uk

• Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision-making. You can make a request for access free of charge. Please make all requests for access in writing, and provide us with evidence of your identity.

• Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on these grounds. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection.

• Consent: If you have given us your consent to use personal information (for example, for marketing or receiving grants), you can withdraw your consent at any time.

• Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.

• Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.

• Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.

• Restriction: You can ask us to restrict the personal information we use about you, where you have asked for it to be erased or where you have objected to our use of it.

• Automated-decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making.

Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request.

12. What laws we comply with
We process your personal data in accordance with the following data protection law(s): The EU General Data Protection Regulation 2018 (which covers protection of personal data generally) and The Privacy and Electronic Communications (EC Directive) Regulations (PECR) 2003 of England and Wales (which covers, among other things, the use of telephone numbers and email addresses for unsolicited direct marketing).

Our regulator is the UK Information Commissioner: http://www.ico.org.uk/. We also comply generally with the laws of [England and Wales] in relation to the processing of your personal data, and not any other laws.

We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority); or, in order to enforce our Terms and Conditions.

13. Cookies
A cookie is a small amount of data sent to your computer or mobile phone from a website. This means the website can recognise your device (your computer or mobile phone) if you return to the same site.
A cookie often includes a unique identifier, which is a randomly generated number. This is stored on your device’s hard drive. Many cookies are automatically deleted after you finish using a website.
Cookies are not programs and do not collect information from your device.
Cookies make your experience of using websites faster and easier. They allow websites to create a customised view of pages to which you navigate. For example, they are commonly used to authenticate or identify registered users of a website without requiring them to sign in each time they access it. Other uses include maintaining a ‘shopping basket’ of goods a user has chosen to purchase, site personalisation (presenting different pages to different users) and tracking the pages a user has visited on a site for analysis purposes.
Cookies may come with or without an expiry date. Cookies without an expiry date exist until the browser is closed, while cookies with an expiry date may be stored by the device until the expiry date passes.
You can restrict or block cookies set by HA but this may limit your use of some functionality, core pieces of content will still be possible even with cookies disabled.

How to manage your cookies
Cookies are sent to your browser (whether you use Internet Explorer, Google Chrome, Safari or any other browser) by a website and then stored in the cookies directory of your device.

To check and update your cookies settings, you will need to know what browser you are using and what version of it you have. You can usually find this out by opening the browser (just as if you were going to use the internet) and then clicking on ‘Help’ and then ‘About’. This will give you information about the browser version you are using.

To find out how to allow, block, delete and manage the cookies on all standard web browsers, go to www.aboutcookies.org and select the browser and version you are using. You’ll also find information about how to delete cookies from your computer.

If you use a mobile phone to browse the website or other sites that use cookies, please refer to your handset manual for guidance.

Cookies used on the NHD website

Cookie Type

Description

Duration

cookieyes-consent

consentid:NlVYdU9nZkFHMWNsTm1jeTZSeDhRb1F6Uk5hMHV1aTc,consent:yes,action:yes,

necessary:yes,functional:yes,analytics:yes,performance:yes,advertisement:yes

1 year_GRECAPTCHAThis cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.6 monthsPHPSESSIDThis cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.session__stripe_midStripe sets this cookie cookie to process payments.1 year__stripe_sidStripe sets this cookie cookie to process payments.30 minutes