Philips Search and Rescue Trust (PSRT) is committed to protecting the privacy of our donors and supporters. We carefully abide by the requirement under the Privacy Act 2020 and the guiding Privacy Principles.
How we collect your data
There are a number of ways we collect donor and supporter data including:
- At the point of donation
- Through our website forms
- At events
- Through data acquisition companies for the purpose of generating new donations – we use reputable data companies, and we can trace where the data we have acquired and had the approval to collect has come from
What data we may collect
From donors and supporters, we may collect:
- Telephone numbers
- Email addresses
- Date of birth
If you request that your donation is to remain anonymous, we will respect your wishes and will not store your data in our system. Please notify us of your request by calling 0800 11 10 10 or emailing [email protected]
How we use your data
We may use your data, in line with the Privacy Act and the Privacy Principles, as outlined below.
- To send donation receipts
- To send thank you letters for donations and updates about the impact your donations make
- To inform donors and supporters on rescue helicopter news and events
- For internal analysis and record keeping
- For general communication through email, mail, phone, and SMS
- For the general operating purposes of our organisation
Accessing & updating your data
We are committed to having accurate donor data in our donor database, so we can ensure you get the communications you need.
We actively try to update donor details whenever possible so from time to time you may receive a call from us to check that we have the correct information for you on file.
If your personal details change, we ask that you please let us know. You can do this by calling 0800 11 10 10 or emailing [email protected] to request what details we hold and to let us know of the changes you may require.
Changing your communication preferences
We want to communicate with our donors and supporters in the way that best suits them. We encourage you to let us know what you would like to receive from us, and how you would like to receive it, and we will do our best to communicate with you this way.
You can contact us on 0800 11 10 10 or email [email protected] to update your communication preferences whenever you like.
Sharing or disclosing of your data
We do not sell your data to any organisations and will not share your data with other organisations unless we are required to by law. Our donor data is used specifically for the purpose of raising funds for PSRT’s rescue helicopters and operational bases.
As part of this purpose, we may provide your data to third-party suppliers that we have agreements with, for the purpose of contacting you for donations or to discuss other rescue helicopter activities with you. These organisations have strict privacy policies that they adhere to, to protect your data.
We will provide you with links to the relevant supplier’s privacy policies should you need these – please get in touch on 0800 11 10 10 or email [email protected] with your request.
Additionally, some of our website applications are provided by third-party suppliers where their privacy statement applies, not PSRT’s.
Your messages to the rescue helicopter team
During the donation process, you have the option of writing a message to your rescue helicopter team – we reserve the right to use these comments in our communication, however, we will not disclose your personal details with these comments unless you have authorised us to do so.
Storage and security of donor and supporter information held
We take reasonable steps to ensure your personal information is protected from misuse, loss, disclosure, or unauthorised access. We may hold your information in either electronic or hard copy form.
All electronic data, including donation history, is stored in our donor database. We have a cyber security framework in place to protect our donor database and website.
M365 is protected by multifactor authentication – this means all user accounts have to authenticate to enable access. PSRT also utilises a firewall (Sophos) which prevents external access.
To process online donations through our website we use Stripe, and to process direct debits from your bank account we use Flo2Cash – both reputable processing companies that have strict security measures.
For online donations
We do not receive your financial information, i.e. credit card details, when you make a donation online using Stripe.
For direct debits
For all direct debits, we will either ask you to fill in and sign an authorisation form authorising the deductions, or we will record our conversation with you, with you expressly giving your permission to make the deductions. These recordings or authorisation forms will be kept on your donor record.
We use Flo2Cash for direct debits. Through our Flo2Cash account, we can make some changes to your direct debit, with your written or recorded permission.
Access to our Flo2Cash account is strictly controlled, with access only given to PSRT team members who are responsible for actioning/altering direct debits.
For donations taken over the phone or through mail
For all mail or phone donations, you may deal with any member of the PSRT team – all team members operate with strict confidentiality and within PSRT’s donor details handling policy.
Once mail or phone donations have been processed, we keep your financial details/related information in our archives for seven years. This is in line with our audit requirements and these details are kept in a locked room. After seven years, the paperwork is securely destroyed.
We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
PCI DSS COMPLIANCE
PCI DSS, the Payment Card Industry Data Security Standard is a set of security requirements relating to the protection of card holder data.
PSRT follows PCI DSS best practices, including having a secure and professionally maintained network, monitored anti-virus and firewall software, data access control, and secure storage.
Our payment providers Stripe and Flo2Cash are both PCI DSS compliant.
If at any point we decide to use personally identifiable information in a manner different from what we’ve stated at the time of data collection, we will notify you and provide you with the option to opt-out of us using your information in this different manner.
We also collect information through this website using cookies, including third-party cookies.