Updated May 2018

NewLink Wales takes your privacy extremely seriously. We actively monitor and review our processes to ensure we are compliant with current legislation around data protection, and we aim to be as transparent and open as possible about what we do with your data, and why we do it. If at any time you have any questions about your data, you can contact us to discuss.


The Short Version

Visiting our website:

When you visit our website, we collect your IP address, the browser you use, your operating system, roughly where you are, and the language your system uses. This is retained by Google Analytics, outside of the EU, in accordance with their privacy policy. We just need this info to give us stats on how our website is doing, which we sometimes share with our partner organisations. We don’t use this for anything else, and we keep it for three years. We may also place certain cookies on your computer to allow website features to work. These can be disabled using your browser’s tools.

Using our website

If you complete other actions on our website that aren’t related to accessing a service -  like setting up a fundraising page, making a comment or a donation, or creating an account -Raising IT will store this information for up to 7 years. If you’ve set up a website account, you can alter any details you’ve provided there. Details removed here won’t apply to application forms listed below, and won’t unsubscribe you from MailChimp emails.

Filling out applications and other forms

If you send us info to access one of our services, like filling out a training booking form, volunteer application or DDRS payment and booking, we retain that data ourselves for up to three years, or seven years where financial data is involved. We use this data to facilitate your access to services, and we may share it with trusted partner organisations to operate our services or to allow you to access theirs. We retain this data on our premises or on our computer systems (see below). When you’re engaged with our services, we may ask you to fill out other forms, such as feedback or placement forms - we’ll treat that data in the same way.

If you fill out application forms on our website, the above applies – and the info is also stored by our web partners, Raising IT, for one year before being anonymised.

Our computer systems:

When you provide us with data, we store it on our own IT systems. This means that it’s retained by our IT partners, Orbits IT. They don’t keep it any longer than we’ve stated here, and they don’t do anything with it themselves.

E-mail signups

If you sign up to newsletters, either directly or by ticking a box on one of our forms, we upload some info about you to MailChimp. This is usually just an e-mail address, but may also include your name and organisation. If you sign up directly via MailChimp, they may also collect your e-mail address and rough location. You can unsubscribe at any time by clicking the link in the footer of a MailChimp e-mail, or contact us to remove your data from MailChimp.

Your data rights:

If you ever want to access, correct or delete your data, you can contact us. You can also contact us to request we stop processing data, or to restrict the data we process. To do this, contact us via [email protected]

If you have a complaint about how we handle your data, you can make a complaint to the Information Commissioner’s office. (Visit https://ico.org.uk/concerns/ or call 0303 123 1113)


The Detailed Version

Who are we?

We’re NewLink Wales, a Substance Misuse and Wellbeing charity, based in Wales. We are Registered Charity No: 1085545 and Registered Company No: 4142393. Our registered address is NewLink Wales, Meridian Court, North Road, Cardiff, CF14 3BE.

Data we collect:

Cookies and technical analytical data

When you visit our website, certain cookies may be placed upon our machine to facilitate your use of our website. These are easily removed or blocked using your browser’s in-built tools.

In addition, like the majority of websites we capture certain information about your computer to allow use to see how our website is used. This includes your IP address, browser, operating system, approximate geographical location, and the language your system is set to. No other identifiable information about you is captured.

This information is captured by Google Analytics, and used by us to view reports on how our website is functioning, and the volume of traffic to our website, and on occasion to report this performance to trusted partner agencies where requested. We do not use this data for any other reason.

This data is retained for a period of three years.

  1. Information about Google Analytics Cookies and how to reject or delete them:
    1. http://www.google.co.uk/intl/en/analytics/privacyoverview.html and http://www.google.com/intl/en/policies/privacy/ads/#toc-analytics
  2. To opt out of being tracked by Google Analytics across all websites visit
    1. http://tools.google.com/dlpage/gaoptout
  3. Google’s privacy policy:
    1. http://www.google.com/intl/en/privacypolicy.html

Data you submit for the purposes of accessing our services, or while engaged with a service

When you access one of our services – such as a Volunteering service, a Training course, or DDRS – this will often involve submitting initial information via our website, if you choose to do so. (Other methods of providing this data exist, and are subject to the policies for data retained on our IT systems as outlined below). When you’re engaged with our services, we may ask you to fill out other forms, such as feedback or placement forms - we’ll treat that data in the same way.

Data submitted via our website is processed by our web partner, RaisingIT, who retain it for a maximum of one year. After this time has elapsed, the data is anonymised – some elements of the data are retained, but will no longer be personally identifiable. RaisingIT’s servers are situated entirely within the EEA and are subject to relevant EU legislation.

Information submitted in this manner is also retained by us on our IT systems and, in some cases, as secure physical records held in our premises. Our standard retention period for all data of this kind is three years, with the exception of any data related to financial transactions, which is retained for seven years.

Data stored on our IT systems is processed by our IT partner, Orbits IT, who retain it in line with our data retention policies outlined above. Orbits IT’s servers are situated entirely within the EEA and are subject to relevant EU legislation. 

At times, the data you submit when requesting access to a service may be shared with trusted partner organisations or public authorities. This only takes place where necessary to facilitate delivery of services, such as those delivered in partnerships with other organisations, or where we are required to disclose data to authorities by law.

Our basis for processing this data under GDPR is Contract. We process this data because you have asked us to, and because it is necessary to access those services to which you have requested access.

Data you submit when making payments to us

When you make payments to us via our website – such as booking for an event, registering for a DDRS course or making a donation, transaction data (including personal data such as your name and billing address) is passed to our payment providers – Stripe, GoCardless, and Paypal with Braintree – for the purpose of enacting the transaction. Each of these providers operate some servers outside the EEA.

Stripe

GoCardless

Paypal

The above will also apply if you make payments over the phone – these are processed via the same platform. We also retain data on the transaction for our own records and for auditing purposes. Our retention period for financial information is seven years.

Information provided when making payments is also retained by our IT and web suppliers, and by ourselves – this is covered in ‘Data you submit for the purposes of accessing our services, or while engaged with a service‘ above.

Our basis for processing this data under GDPR is Contract. We process this data because you have asked us to, and because it is necessary to perform actions which you have asked us to perform.

Other data you may submit via our website

When completing other actions via our website not included in those listed above, such as making a donation, setting up a fundraising page or creating an account, this data will be stored by Raising IT for up to seven years.

If you have an account on our website, you can alter the details you’ve entered through your account at any time by visiting the ‘My Details’ section of the website when logged in.

Please note: if you have previously provided us with your e-mail address and asked us to send you e-mail updates, changing your contact settings within your website account will not unsubscribe you from MailChimp emails. For details on how to this, see ‘Data usage for Marketing Purposes’ below.

Information removed from an account wont’ affect Training, Volunteering or DDRS application forms you may have submitted to us via the website as these are not tied to your account. You can contact us separately to remove these using the details listed in ‘Exercising your Data Rights’ below.

Data usage for Marketing Purposes

When supplying data to us, we may provide you with the option to opt-in to receiving information in future regarding additional services, events or opportunities we feel may be relevant to you; this information will be related to the services we’ve provided for you previously.

If you consent to receiving such communications from us, details will be uploaded to third-party provider MailChimp. The information uploaded is generally just an e-mail address and the service under which you consented to these communications, but may also include your full name, telephone number and the organisation you work for. If you sign up to our updates via MailChimp directly, the data they capture also includes your IP address, approximate geographical location, and the time and date you signed up.

MailChimp provides tools for you to correct, update or otherwise amend the information held on you for the purposes of receiving these communications, and also the ability to opt-out of these communications at any time. You can access these tools via the footer of any e-mail we send to you via MailChimp.

Note that opting out does not mean that your information is removed from MailChimp – this can be done either by contacting us (see ‘Data Rights’, below) or by contacting us directly.

MailChimp operates servers outside the EEA. For more information about MailChimp protects data, see section 16 below.

Our basis for processing this information under GDPR is Consent – we’ll only perform the above actions with your data if you provide opt-in consent for us to do so. You may withdraw this consent at any time, as outlined above.

Exercising Data Rights

Under GDPR, you have the right to request all data we hold on you, to the rectification or amendment of that data, and to the deletion of any of that data. You are also able to request data portability.

If you believe that NewLink Wales has not complied with your data protection rights, you can complain to the Information Commissioner. (Visit https://ico.org.uk/concerns/ or call 0303 123 1113)

Objecting to data processing

You also have the right to object to or request restriction of data processing, including data processed for the purposes of direct marketing.

Contacting us regarding your rights

In order to file a request related to any of your data rights, please contact us at [email protected].

We will respond within one calendar month, or sooner where GDPR stipulates.