Our Commitment to Your Privacy
This Privacy Policy explains who we are, how we collect, share and use your personal data, and how we protect your right to privacy. We ask that you read and accept the terms of this Privacy Policy before signing up to our service.
To make it easier for you to review the parts of this Privacy Policy that apply to you, we have divided up the information into sections that are specifically applicable to All Fundraisers (Section 1), Premium Account Holders and Group Licensees (Section 2), and Donors (Section 3). The rest of this policy is applicable to everyone.
If we make material changes to this Privacy Policy we will email you or post a notification on our website or app. If you have any questions or concerns about our use of your data then please contact us hello@givealittle.co
Who we are
We started Give A Little, to make contactless giving accessible to all charities and churches, no matter their size. Give A Little enables charities and churches to accept contactless donations both online and in situ via an Android mobile phone or tablet - with or without a card reader, you can find out more on our About page.
Give A Little (we/our) is a trading name of Caution Your Blast Ltd., (registered in England under company number 07203051). Caution Your Blast Ltd. is registered as a data controller with the UK Information Commissioner's Office under registration number ZA444861. Our registered address is Office 7, 35-37 Ludgate Hill, EC4M 7JN, London, and you can contact us via email at hello@givealittle.co
How we collect and use personal data
We only gather and hold the minimum information from you that we need in order to provide our services legally and securely.
All of the personal data that we collect and use is provided directly by you. Either when you share your information via our app or website when signing up (if you are a fundraiser) or when claiming gift aid or requesting a receipt (if you are a donor). This information is limited to your name, email address, street address and for fundraisers, your payment service provider (e.g. SumUp) log in details. If you have contacted us directly via email we will also have any associated personal information which you have chosen to share.
Your rights
You may, at any moment, exercise your rights under data protection law. These rights include your right to access the data which we hold on you, the right to rectification where the information we hold on you is incorrect. You can ask us to restrict or, erase your personal information. You may also object (at any time and for free), to the processing of your personal data for marketing. You have the right to withdraw your consent to any further processing or retention of your personal data. Please contact us on hello@givealittle.co. if you would like to exercise any of these rights.
If you are unhappy with how we have dealt with your request you have the right to lodge a complaint with the Information Commissioner's Office (the UK Data Protection Authority) here or by visiting www.ico.org.uk.
Data retention
You have the right to request the deletion of any personal data which we hold and if we are legally able to, we will delete data in accordance with your wishes.
We are required by law to retain records of the payment information we have collected for a period of at least five years after you have closed your account. We are also obliged by HM Revenue and Customs to hold some personal data for 7 years. After this time we reserve the right to permanently erase your data.
Data Security
We take our obligation to keep your data safe from loss, misuse, unauthorised access, disclosure, alteration, and destruction very seriously. We have in place policies and processes along with a series of physical and technological controls to keep your data safe. All donor data and fundraiser user details are encrypted at rest and in transit. This applies whether that data is held by Give A Little or by a trusted third party. Where data is held by Give A Little, it is stored in the United Kingdom and EEA only. Where data is held by a trusted third party, their privacy policy applies. Links to all applicable third party privacy policies are set out in this information.
Our accounts require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party.
Section 1 – What Fundraisers need to know about how personal data is used by the Give A Little Service
By "Fundraiser", we mean a church, charity or other organisation which enables donors to give using the Give A Little website or mobile app.
How we work with payment service providers (e.g. SumUp and Stripe)
When you create an account with your payment service provider you’ll need to consent to their privacy policy and agree to them sharing your account information with Give A Little.
In order to provide you with fully integrated reporting, when a donation is made we receive a payment summary.
The payment summary which we receive consists of a payment success or failure notice, the amount, currency, a unique transaction code, a time and date stamp, a geolocation (latitude and longitude) if the payment was made via a card machine we also receive an identifier of the fundraisers mobile phone or tablet.
We do not ever receive personal information and in particular we do not have access to any usable card or bank account information.
By law payment service providers verify fundraisers. Details of their search and the information used is not shared with Give A Little.
Whether Give A Little acts merely as a data processor on your behalf or also as a data controller in its own right in relation to data provided by a donor will depend on any alternative purpose for which the donor may have authorised the use of their data.
If you're using Give A Little under a Group License
Fundraisers should be aware that if they are using Give A Little under a Group License, the Licensee will have access to your fundraising data.
Section 2 – What Premium Account Holders/Group Licensees need to know about how personal data is used by the Give A Little Service
How we use your data when collecting your Premium subscriptions
When you subscribe to the Give A Little Premium service we charge a fee. We collect this fee using a card processor called Stripe. When you make a payment to us, Stripe provides us with a payment summary letting us know whether the payment was valid or declined, the amount, currency, time and date and a payment identifier code.
Gift Aid
Where we offer Donors the possibility of enabling Fundraisers to collect Gift Aid, we gather additional data on the basis of Donor consent. The data we collect will include the Donor's name, first line of address and postcode, email address and confirmation that the relevant individual is a UK taxpayer.
Gift Aid data can be accessed via our administration portal. Please bear in mind that Fundraisers are accountable as data controllers when processing Gift Aid data.
Group licences
Give A Little also has the ability to provide aggregated reporting and/or centralised licencing subscription for a group of member fundraisers (charities, charities etc.). In order to take advantage of this service, a charity or church will need to obtain a Give A Little Group License. A Group License is a license obtained by a charity or other organisation enabling the Give A Little app or website to be used by multiple group Member Fundraisers.
Fundraisers should be made aware that if they are using Give A Little through a Group License, the Licensee will have access to their fundraising data.
Section 3 – What Donors need to know about how personal data is used by the Give A Little Service
We take the responsibility of managing your personal data very seriously. Where you make a one off card payment to a Fundraiser via Give A Little we will not have access to your personal information.
There are a few circumstances in addition to those set out above in the 'How we collect and use personal data section' where we will hold your personal information.
-
Where you have requested that we send you a receipt for your donation
If you request a receipt for your donation we will request your email address and send you a receipt via email which includes details of your payment including the time and data, amount, currency, geolocation (if made via a card reader) and the last four digits of your card number. This information will have been made available to us by your Payment Service Provider (e.g SumUp). We will not have access to any of your payment card or bank account details.
-
Making or cease a recurring monthly donation
Where you choose to make a monthly donation we'll send you a receipt email which also includes instructions on how to stop the donation. We will retain your email address and donation amounts (transactions). Your donation amounts will then be shared with Fundraisers.
- To notify you of payment failures.
-
If you have chosen to enable the fundraise to reclaim Gift Aid
If you've chosen to give a little more by allowing the fundraiser to claim Gift Aid, we'll ask you to confirm that you are a UK taxpayer and we'll share these details along with the donation amounts, times and dates with the Fundraiser so that they can claim the Gift Aid. The Fundraiser will be responsible for your data once they have downloaded it from our platform.
How we share personal information
In order to provide our services, we work with trusted third parties to process payments, to communicate with you efficiently and to keep your data safe. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely within the EEA and will only retain it for the period we instruct.
We use Amazon Web Services (Amazon Web Services data privacy faq) for data storage. All data stored using Amazon Web Services is stored either in the European Economic Area or the UK. Data is encrypted both in transit and at rest.
When you send us an email, your email address and the email is stored by Google, our mailbox tool. Google’s privacy policy is here.
We use Help Scout as our communications and customer support tool so that we can deal with your emails efficiently. Help Scout’s privacy policy is here.
We also use Mailjet, an email service provider for donor receipts and for service notifications to fundraisers. You can access their privacy policy using the following link (Mailjet privacy policy).
We will not share your information with any third parties for the purposes of direct marketing.
In some circumstances we are legally obliged to share information, for example under a court order.
Privacy Information For Fundraisers When Processing Donor Payment Data
When you use Give A Little to process donor payments, you are the data controller, and we are your data processor managing data on your behalf, under your instruction. Here is our Data Processing Addendum (“DPA") that explains both our rights and obligations.
How we work with other Payment Service Providers (like SumUp and Stripe)
If SumUp are your chosen payments services provider you can find their approach to data privacy and security in the privacy policy on their website. When you create an account with SumUp you’ll need to consent to their privacy policy and agree to them sharing your account information with Give A Little.
In order to provide you with fully integrated reporting, when a donation is made we process a payment summary from your chosen payment service provider.
The payment summary which we process consists of a payment success or failure notice, the amount, currency, a unique transaction code, a time and date stamp, a geolocation (latitude and longitude) if the payment was made via a card machine we also process an identifier of the fundraisers mobile phone or tablet.
We do not ever process sensitive financial information and in particular we do not have access to any usable card or bank account information.
By law payment service providers may need to verify fundraisers. Details of their search and the information used is not shared with Give A Little.
Gift Aid
Where you offer Donors the possibility of Gift Aid, we process additional data. The data we process will include the Donor's name, first line of address and postcode, email address and confirmation that the relevant individual is a UK taxpayer.
Gift Aid data can be accessed via our administration platform.