mothers2mothers (m2m) as the data controller is committed to both protecting your personal information and being transparent about its usage. This policy covers m2m employees, partners, donors, volunteers, advocates, suppliers, those who make payments to m2m, and those who request information from us.
m2m collects and maintains different types of information on the basis of consent, legitimate interest, and any information necessary for contract. The types of information m2m collects are as follows:
- Non-personal information such as web pages accessed and social media sites visited. This helps m2m determine how many people visit our website and social channels on a regular basis, and how popular these channels are. This information does not tell m2m anything about who you are or where you live. It simply allows m2m to monitor and improve services. Please see m2m’s “cookies” policy for further information.
- Personal information including your name, postal address, phone number, email address, and date of birth (where appropriate). In certain circumstances, outlined in the Major Gifts section below, m2m may collect further information about you that can be found in the public domain, including profession and interests.
- Payment information, including credit card number and expiration date, and billing information.
m2m uses your information for a variety of reasons including to:
- Fulfil your requests – for example, making donations, attendance at events, participation in campaigns and research, and provision of information.
- Record m2m’s contact with you so that m2m can be as effective as possible in future contacts with you.
- Comply with charity laws and other regulations.
- Handle orders, deliver products and communicate with you about orders, where appropriate.
- Provide you with information if you have agreed to it, that m2m thinks may be of interest to you as outlined in our marketing section below.
From 25 May 2018, m2mUK operates an opt-in only policy with regards to mass marketing. This means that m2m will only send you marketing materials if you have specifically agreed to receive it, and m2m will only share it with you in the methods that you have indicated. Marketing material refers to automated, mass invitations to events, m2m newsletters, and information about m2m campaigns and appeals.
If you would like to receive m2m marketing materials but have not opted-in, you can do so by emailing Europe@m2m.org or by calling: +44 (0)203 867 7120.
As outlined above, m2m will use your personal data to process donations and payments. Any credit card information collected will be disposed of immediately following the successful processing of a payment.
m2m may carry out research to determine the potential of an individual to become a regular donor or a member of our Global Giving Circle. Areas that m2m may research include profession, charitable interests and propensity to support m2m. You can opt-out of this research at any time by contacting m2m using the information provided at the end of this policy (see page 5).
m2m uses publicly available data, from reputable sources, where an individual may expect their information to be publically available. This includes data from Companies House, corporate and charity websites, media coverage, and business due diligence websites.
m2m may also, from time to time, use the services of an external vendors/consultants to carry out further relevant research. m2m ensures such vendors are General Data Protection Regulation (GDPR) compliant in the manner in which m2m uses data with and from such third parties within the European Union (EU).
- m2m will not sell or trade personal information to or with other organisations. From time to time, m2m may share certain personal information with other reputable third party organisations where m2m considers it necessary (for example, with suppliers organising events on our behalf).
- Personal details are kept confidential. m2m will take precautions to prevent the loss, misuse or unauthorised access to or alteration of personal information provided to m2m. Our website does not store personal information when it is entered into one of our contact preference forms-it links directly to our secure global database.
- m2m uses Secure Sockets Layer (SSL) technology to protect against the loss, misuse, and unauthorised access to and alteration of the information under our control. Unfortunately, the transmission of information via the Internet is not always completely secure. Although m2m makes every effort to protect personal information, m2m cannot guarantee the security of personal information transmitted to m2m. Any transmission of personal information is at your own risk. m2m is not responsible for circumvention of any privacy settings or security measures m2m employs for your protection.
- m2m may send communications to you by email. E-mail is not a fully secure means of communication, and while m2m makes every effort to keep systems and communications protected m2m cannot guarantee the security of such communications.
- m2m makes no representations about any other websites, and when you access any other website through a link on our website (including social media sites) you should understand that it is an independent site and that m2m has no control over that website or the manner in which your personal information is collected through those websites. Those websites may have their own privacy policies and m2m encourages you to review those policies or contact the website operators directly to understand how your personal information is used.
- If you have made a Gift Aid declaration in the UK, m2m may disclose the information you have provided as part of the declaration to HMRC for the purpose of reclaiming Gift Aid on your donation.
- m2m may disclose your personal information if the organisation is requested or required to do so by a regulator or law enforcement or to protect m2m, for example in cases of suspected fraud or defamation or to comply with any other applicable legal obligation.
- Security measures may not prevent all losses and m2m is not responsible for any damages or liabilities relating to security failures.
m2m stores your data on a secure private server. As m2m is a global organization, our Customer Relationship Management system is a global cloud-based database and is held on a secure third-party server. This database is secured and there are multi-faceted protection levels to ensure the safety of your personal data. Therefore, your data may be accessed by m2m employees outside of the country in which you live to send global communications (such as newsletters) and to perform research.
Only personal information such as your name, contact details, donation information, and notes regarding our relationship and our contact with you are stored on this system. No credit or debit card information is stored on this system and is never transferred outside of the country where you have provided.
Information may also be held on secure computers in the country in which your donation originated. m2m may also store information in paper files for which adequate security measures are in place to ensure the security of this data.
In respect to financial transactions, m2m maintains your personal information for as long as the law requires for tax or accounting purposes. This may be for up to six years after a particular transaction.
The General Data Protection Regulation* provides you certain rights over your data and how m2m uses it. These include the right to:
- Access the personal information m2m holds about you, known as a subject access request
- Object to or restrict the processing of your personal information
- Object to your information being used for marketing purposes
- Rectify your personal information if you believe it is incorrect
- Request the deletion/erasure of your personal information. Please note that in certain circumstances m2m may need to retain your data for a specified period to comply with our legal obligations, for example with regards to financial transactions
- If you are in the UK, you may make a complaint to the Information Commissioner’s Office via ico.org.uk
*The Protection of Personal Information Act (POPI Act) is South Africa’s equivalent of the EU GDPR. The Protection of Personal Information Act, 2013 (PPI Act) aims to promote the protection of personal information processed by public and private bodies by, among others, introducing certain conditions for the lawful processing of personal information so as to establish minimum requirements for the processing of such information.
The Information Regulator (South Africa) is, among others, empowered to monitor and enforce compliance by public and private bodies with the provisions of the PPI Act. For enquiries or information, please contact:
The Information Regulator (South Africa)
316 Thabo Sehume Street,
Tel: 012 406 4818
Fax: 086 500 3351
Phone: +44 (0)203 867 7120
Post: mothers2mothersUK, St Mark’s Studios, 14 Chillingworth Road, London, N78QJ, United Kingdom
This policy was last updated on 9 October 2018. m2m regularly reviews this policy and may make relevant amendments at any time. Please visit this page from time to time to check for any specific updates.