Our Commitment to Your Privacy
Who we are
We started Give A Little, to make contactless giving accessible to all charities and churches, no matter their size. Give A Little enables charities and churches to accept contactless donations both online and in situ via an Android mobile phone or tablet and a SumUp card reader, you can find out more on our About page.
Give A Little (we/our) is a trading name of Caution Your Blast Ltd., (registered in England under company number 07203051). Caution Your Blast Ltd. is registered as a data controller with the UK Information Commissioner's Office under registration number ZA444861. Our registered address is Office 7, 35-37 Ludgate Hill, EC4M 7JN, London, and you can contact us via email at [email protected]
How we collect and use personal data
We only gather and hold the minimum information from you that we need in order to provide our services legally and securely.
All of the personal data that we collect and use is provided directly by you. Either when you share your information via our app or website when signing up (if you are a fundraiser) or when claiming gift aid or requesting a receipt (if you are a donor). This information is limited to your name, email address, street address and for fundraisers, your SumUp log in details. If you have contacted us directly via email we will also have any associated personal information which you have chosen to share.
You may, at any moment, exercise your rights under data protection law. These rights include your right to access the data which we hold on you, the right to rectification where the information we hold on you is incorrect. You can ask us to restrict or, erase your personal information. You may also object (at any time and for free), to the processing of your personal data for marketing. You have the right to withdraw your consent to any further processing or retention of your personal data. Please contact us on [email protected]. if you would like to exercise any of these rights.
If you are unhappy with how we have dealt with your request you have the right to lodge a complaint with the Information Commissioner's Office (the UK Data Protection Authority) here or by visiting www.ico.org.uk.
You have the right to request the deletion of any personal data which we hold and if we are legally able to, we will delete data in accordance with your wishes.
We are required by law to retain records of the payment information we have collected for a period of at least five years after you have closed your account. We are also obliged by HM Revenue and Customs to hold personal data associated with Gift Aid transactions for 7 years. After this time we reserve the right to permanently erase your data.
Our accounts require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party. We cannot resend forgotten passwords either, if you forget your password you’ll need to reset it with SumUp.
Section 1 – What Fundraisers need to know about how personal data is used by the Give A Little Service
By "Fundraiser", we mean a church, charity or other organisation which enables donors to give using the Give A Little website or mobile app.
How we work with SumUp
In order to provide you with fully integrated reporting, when a donation is made we receive a payment summary from SumUp.
The payment summary which we receive consists of a payment success or failure notice, the amount, currency, a unique transaction code, a time and date stamp, a geolocation (latitude and longitude) if the payment was made via a card machine we also receive an identifier of the fundraisers mobile phone or tablet.
We do not ever receive personal information from SumUp and in particular we do not have access to any usable card or bank account information.
By law SumUp has to verify fundraisers. Details of their search and the information used is not shared with Give A Little.
Whether Give A Little acts merely as a data processor on your behalf or also as a data controller in its own right in relation to data provided by a donor will depend on any alternative purpose for which the donor may have authorised the use of their data.
If you're using Give A Little under a Group License
Fundraisers should be aware that if they are using Give A Little under a Group License, the Licensee will have access to your fundraising data.
Section 2 – What Premium Account Holders/Group Licensees need to know about how personal data is used by the Give A Little Service
How we use your data when collecting your Premium subscriptions
When you subscribe to the Give A Little Premium service we charge a fee. We collect this fee using a card processor called Stripe. When you make a payment to us, Stripe provides us with a payment summary letting us know whether the payment was valid or declined, the amount, currency, time and date and a payment identifier code.
Where we offer Donors the possibility of enabling Fundraisers to collect Gift Aid, we gather additional data on the basis of Donor consent. The data we collect will include the Donor's name, first line of address and postcode, email address and confirmation that the relevant individual is a UK taxpayer.
Gift Aid data can be accessed via our administration portal. Please bear in mind that Fundraisers are accountable as data controllers when processing Gift Aid data.
Give A Little also has the ability to provide aggregated reporting for a group of churches or charities. In order to take advantage of this service, a charity or church will need to obtain a Give A Little Group License. A Group License is a license obtained by a charity or other organisation enabling the Give A Little app or website to be used by multiple group Member Fundraisers.
Fundraisers should be made aware that if they are using Give A Little through a Group License, the Licensee will have access to their fundraising data.
Section 3 – What Donors need to know about how personal data is used by the Give A Little Service
We take the responsibility of managing your personal data very seriously. Where you make a one off card payment to a Fundraiser via Give A Little we will not have access to your personal information.
There are a few circumstances in addition to those set out above in the 'How we collect and use personal data section' where we will hold your personal information.
Where you have requested that we send you a receipt for your donation
If you request a receipt for your donation we will request your email address and send you a receipt via email which includes details of your payment including the time and data, amount, currency, geolocation (if made via a card reader) and the last four digits of your card number. This information will have been made available to us by SumUp. We will not have access to any of your payment card or bank account details.
Making or cease a recurring monthly donation
Where you choose to make a monthly donation we'll send you a receipt email which also includes instructions on how to stop the donation. We will retain your email address and donation amounts (transactions). Your donation amounts will then be shared with Fundraisers.
- To notify you of payment failures.
If you have chosen to enable the fundraise to reclaim Gift Aid
If you've chosen to give a little more by allowing the fundraiser to claim Gift Aid, we'll ask you to confirm that you are a UK taxpayer and we'll share these details along with the donation amounts, times and dates with the Fundraiser so that they can claim the Gift Aid. The Fundraiser will be responsible for your data once they have downloaded it from our platform.
How we share personal information
In order to provide our services, we work with trusted third parties to process payments, to communicate with you efficiently and to keep your data safe. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely within the EEA and will only retain it for the period we instruct.
We use Amazon Web Services (Amazon Web Services data privacy faq) for data storage. All data stored using Amazon Web Services is stored either in the European Economic Area or the UK. Data is encrypted both in transit and at rest.
We will not share your information with any third parties for the purposes of direct marketing.
In some circumstances we are legally obliged to share information, for example under a court order.
Privacy Information For Fundraisers When Processing Donor Payment Data
When you use Give A Little to process donor payments, you are the data controller, and we are your data processor managing data on your behalf, under your instruction. Here is our Data Processing Addendum (“DPA") that explains both our rights and obligations.
How we work with other Payment Service Providers (like SumUp and Stripe)
In order to provide you with fully integrated reporting, when a donation is made we process a payment summary from your chosen payment service provider.
The payment summary which we process consists of a payment success or failure notice, the amount, currency, a unique transaction code, a time and date stamp, a geolocation (latitude and longitude) if the payment was made via a card machine we also process an identifier of the fundraisers mobile phone or tablet.
We do not ever process sensitive financial information and in particular we do not have access to any usable card or bank account information.
By law payment service prodivers may need to verify fundraisers. Details of their search and the information used is not shared with Give A Little.
Where you offer Donors the possibility of Gift Aid, we process additional data. The data we process will include the Donor's name, first line of address and postcode, email address and confirmation that the relevant individual is a UK taxpayer.
Gift Aid data can be accessed via our administration platform.