LAST UPDATED: August 2019
For the purposes of the applicable data protection laws (the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), together with any implementing legislation, in particular, the Data Protection Act 2018), the company responsible for your personal information is Birdline U.K. Ltd. This Policy is incorporated into Birdline’s General Terms & Conditions and applies to all the Personal Information obtained and stored by us.
We will not rent, swap or sell your Personal Information to other organisations for them to use in their own marketing activities. However, we may, seek your permission to share data with another closely allied charity, for example if we intend to perform a home check on their behalf or vice-versa.
Why do we collect your data?
The general data protection register provides a variety of legal basis for processing and storing your data. In most cases these will fall into one of the following categories:
- where you have provided your consent to allow us to use your data in a certain way;
- where the processing is required so that we can carry out an agreed (contracted) service on your behalf; or
- where the processing is necessary in order for us to comply with a legal obligation.
When you register with us and set up a membership account in order to receive our services, the legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. This contract may necessitate us to contact you from time to time and to store your data. We may also process your data in order to fulfill our legal obligations.
What Personal Information do we collect?
Birdline collects information that, alone or in combination with other data, could be used to identify you (Personal Information), such as (but not limited to), your e-mail address, name, physical address, telephone number, as well as information about your lifestyle and home-life which is pertinent to your application to foster or rehome a bird with us.
- Make decisions regarding your suitability to safehouse or foster a bird;
- make decisions regarding our ability to rehome your bird;
- maintain complete records of the bird’s history;
- operate the Website and deliver services;
- communicate with you about the services you use, as well as respond to requests for assistance, including account verification support if you’ve having difficulty accessing your account.;
- display user content associated with your account and make sure it is available to you when you use our services;
- understand and improve how our users use and interact with our services; and
- publicly disclose aggregated statistics regarding our users’ use of our services.
How do we collect your data?
Birdline uses a variety of methods to collect Personal data including but not limited to:
- The software, products and services made available through our website;
- via content you uploaded, entered, or otherwise transmitted in connection with your use of our website;
- by telephone calls with you;
- by postal communication with you;
- by e-mail communication with you;
- via information provided on birdline’s social media;
- from your personal social media; and
- through homecheck visits.
Automatically collected information
When you visit our website, we automatically collect information about your computer hardware and software such as your IP address, browser type, domain names, access times, operating system, cookie information, referring website addresses, pages visited, links clicked, text entered, and Internet Service Provider. We analyse and use this information to better understand how our users use the service, to maintain and improve our service, and in some cases, to publicly disclose aggregated statistics regarding our services.
We may also collect anonymous demographic information which is not unique to you, such as your postal code and preferences (Non-Personal Information). Non-Personal Information is not linked to your Personal Information (for example, your IP address).
The Website uses “cookies” to help you personalise your online experience. A cookie is a text file that is placed on your hard drive by a web page server. Our cookies do not run programs or deliver viruses to your computer. Cookies are uniquely assigned to your computer, and can only be read by a webserver in the domain that issued the cookie to your computer.
One of the primary purposes of cookies is to provide a convenient feature to save you time. The cookie tells the server that you have returned to a specific page. For example, if you personalise the Website pages, or register with the Website, a cookie helps the Website recall your specific information on subsequent visits. When you return to the same Website, the information you previously provided can be retrieved, so you can easily use the Website features that you customised.
We may place the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of the Website. They include, for example, cookies that enable you to log into secure areas of our Website or make use of e-billing services.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to the Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to the Website, the pages you have visited and the links you have followed. We will use this information to make our Website more relevant to your interests and for remarketing as described below.
Data security & integrity
Birdline is committed to taking reasonable and appropriate steps to protect the Personal Information that we hold from misuse, loss, or unauthorised access. Following our data breech in July 2019 (see here for more information), we have reviewed and improved the technical and organisational measures we use. The website is now entirely funded by Birdline alone and we no longer have any risk of threatened or actual extortion from former Volunteers and IT companies associated with the previous site.
We have migrated the website from the commercial content management platform WordPress.com and now use the open source software provided by WordPress.org. The website is now hosted on a private server, in a controlled, secure environment, with protections from unauthorised access, use or disclosure.
The website has a current SSL certificate. However, while we do our best to protect your Personal Information, we cannot guarantee the security of all data which is transmitted to the Website or to another website via the internet or similar connection. If we have given you (or you have chosen) a password to access certain areas of the Website, please keep this password safe.
It is against our policy that volunteers keep any Birdline documents in personal clouds or locally on their devices. Paper forms are secured, scanned, emailed and posted to the Data Manager as soon as possible by Area Coordinators and Area Managers. They are then archived in a private and secure storage premises.
Other forms of computer generated data data, including but not limited to spreadsheets, documents, images and emails are created and stored with organisations which are committed to operating in accordance with the GDPR. We have opted for business level products with Google G-Suite and Microsoft Office 365, whose policies and procedures are available on the internet.
If you suspect any misuse or loss or unauthorised access to your personal information, please contact us immediately.
Personal Information access and disclosure
We will only disclose Personal Information to third parties when:
- we use vendors, lawyers and service providers to assist us in meeting business or operating needs, such as providing legal services, hosting our Website, communicating with users, delivering and improving our services, e-mail communication, invoicing and payments, customer support services and analytics. These service providers may only access, process or store Personal Information pursuant to our instructions and to perform their duties to us, and in accordance with applicable laws and regulations; or
- when we have your explicit consent to share your Personal Information; or
- when we determine that disclosure is required to protect the rights, property, or personal safety of Birdline, our volunteers, members, birds and users of the Website;
- or to respond to lawful subpoenas, warrants, or requests by public or regulatory authorities, including requests by law enforcement authorities; or
- if we merge it’s another charity.
Under the GDPR, you have various rights in relation to your Personal Information, such as the rights of access, rectification, restriction, objection, portability, and erasure. Please note that these rights are subject to certain limitations set forth in applicable law.
To exercise these rights, please contact us. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of applicable laws. Please note that we may keep a record of your communications to help us resolve any issues you raise.
However, due to the nature of what we do, we may find it necessary to retain your Personal Information, even if you ask us to remove it. This is because it is important that we are able to maintain complete as possible histories of the birds in our care. So for example, a record of the original owner and all safe houses and fosterers will be on the bird’s records and therefore will not be removed.
Details of phone interview and home check outcomes may also need to be kept, (including failed applications), in order for us to ensure future applications from those individuals are processed appropriately. When a member cancels their membership as a result of a complaint, records may be kept of the complaint, and the member, for compliance purposes.
We also reserve the right to maintain a copy of relevant data for legal, tax or regulatory purposes, but in such event, we will do so only for as long as necessary to fulfil those regulatory purposes.
If you believe that we have not complied with this Policy or your data protection rights, you have the right to file a complaint with the UK Information Commissioner’s Office, however, we hope that you’ll attempt to resolve the complaint with us first. Please see our complaints policy in the first instance.
Links to third party websites
We do not intend to solicit or collect Personal Information from anyone under the age of 18. If you are under 18, do not enter information on this Website or engage our services. If you believe a child of yours under the age of 18 has entered Personal Information, please contact us to have the data removed and terminate the child’s account.
Changes to this Policy
We will occasionally update this Policy to reflect changes in the law and feedback from our members and volunteers. We encourage you to periodically review this Policy to be informed of how we are protecting your Personal Information.