Updated: 2nd November 2023
This Privacy Notice explains when and why we collect personal information about you, how we use it and the conditions under which we may disclose it to others. Your personal data is defined as any information that can directly or indirectly identify you. This notice also explains how we keep your data safe and secure and includes information you need to know about your rights and how to exercise them.
If you have any questions regarding our Privacy Notice and our use of your personal data or would like to exercise any of your rights, please get in touch via the following information
Email us: hello@hatchenterprise.org
Telephone us: +44 20 7993 0074
Write to us: Hatch Enterprise, 53-63 East Street, SE17 2DJ
Data Protection Officer: Jessica Agyeman jessica.a@hatchenterprise.org
If you are unhappy with the way we process your data, please get in touch by using one of the contact above. You can also make a complaint to the Information Commissioner’s Office (ICO) which regulates the use of information in the UK. They can be contacted by:
Telephone 0303 123 1113
Write to the ICO: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Or by going online to www.ico.org.uk/concerns
If you are based outside of the UK, the complaint should be directed to the relevant Data Protection Supervisory Authority in that Country.
We are Hatch Enterprise and for the purposes of UK Data Protection Law we are registered with the ICO under registration number ZB009698. Our registered charity number is 1161801 and our address is 53-63 East Street, SE17 2DJ Our purpose is to support underrepresented entrepreneurs to imagine, launch and grow sustainable and impactful businesses through tailored support, community and partnerships.
We refer to ourselves in this privacy notice as ‘Hatch Enterprise’, ‘we’, ‘Our’.
(charity registration number 1161801) with a registered address at Hatch Enterprise, 53-63 East Street, SE17 2DJ
Hatch Enterprise understands that your privacy is important to you and that you care about how your information is used and shared online. We respect and value the privacy of everyone who visits our websites, engages with us or works with us, and we only collect and use information in ways that are beneficial to you and in a manner consistent with your rights and our obligations under the law.
Appendix 1 – Human Resources (employees, trustees, job applicants and volunteers)
Appendix 2 – Service Users
Appendix 3 – Fundraising, Marketing and Communications
Appendix 4 – Website visitors and cookies
Under data protection laws in the UK and EU, you have certain rights over the personal information that we hold about you. If you would like to exercise your rights, please get in contact with any of the details listed above. Here is a summary of the rights we think apply:
You have the right to be informed as to how we use your data and under what lawful basis we carry out any processing. This Privacy Notice sets this information out however if you would like further information, please get in touch.
You may ask us to delete some or all of your information we hold about you. Sometimes where we have a legal obligation we cannot erase your personal data.
You have the right to object to processing where we are using your personal information such as where it is based on legitimate interests or for direct marketing.
Inaccurate or incomplete information we hold about you can be corrected. The accuracy of your information is important to us and we are working on ways to make this easier for you to review and correct the information that we hold about you. We will also carry out an annual accuracy check. If any of your information is out of date or if you are unsure of this, please get in touch through any of the contact details listed in this notice.
You have a right to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy, or we are not lawfully allowed to use it.
You have a right to request access to a copy of your personal information that we hold about you, along with the information on what personal information we use, why we use it, who we share it with, how long we keep it for and whenever it has been used for automated decision making. You can make a request for access free of charge and proof of identity is required.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right to question the outcome of automated decisions that may create legal effects or create a similar significant impact on you. We currently do not undertake automated decision making.
You can ask us to provide you or a third party with some of the personal information that we hold about you.
Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data
Where personal data is stored outside of the UK and the EEA, safeguards to protect personal data may include but are not limited to the UK Addendum used in conjunction with the EU Standard Contractual Clauses (SCCs), or UK International Data Transfer Agreement (IDTAs). Such safeguards will be subject to Transfer Risk Assessments (TRAs) that Hatch Enterprise will complete prior to the transfer of the data.
This privacy notice is kept under regular review. If we make any significant changes to the way in which we process your information, we’ll make the required changes to this Privacy Notice and will notify you so that you can raise any concerns or objections with us.
When making less impactful changes, we’ll update this notice and post a summary of the changes on our website.
Freelancers, job applicants and current and former employees, trustees and volunteers
You provide several pieces of data to us directly during the recruitment period and subsequently upon the start of your employment/engagement.
In some cases, we will collect data about you from third parties, such as employment agencies or former employers when gathering references.
We keep several categories of personal data on our employees/freelancers/job applicants/trustees and volunteers in order to carry out effective and efficient processes. We keep this data in a personnel file relating to each individual and we also hold the data within our computer systems, for example, our holiday booking system.
Specifically, depending on your type of engagement with Hatch Enterprise, we may process the following types of data:
We may also process special category of data which include health information, sexual orientation, race, ethnic origin, political opinion, religion, trade union membership, genetic and biometric data. We may also process criminal records information if the role involves DBS check.
We are required to use your personal data for various legal and practical purposes for the administration of your contract of employment or your volunteer/trustee agreement, without which we would be unable to employ you. Holding your personal data enables us to meet various administrative tasks, legal obligation or contractual/agreement obligation. We process information in relation to the DBS for our safe recruitment practices.
We only keep your data for as long as we need it, which will be at least for the duration of your employment/engagement with us though in some cases we will keep your data for a period of 6 years after your employment/engagement has ended. If you’ve applied for a vacancy but your application hasn’t been successful, we will keep your data only for 12 months.
Some data retention periods are set by the law. Retention periods can vary depending on why we need your data. Please get in touch by contacting us using the details above if you want to know more about retention period.
Data is destroyed or deleted in a secure manner as soon as the retention date has passed.
Data in relation to your salary is shared with HRMC as part of our legal obligation. Data may be shared with third parties for the following reasons: for the administration of payroll, pension, HR functions (for example the online holiday booking system), administering other employee benefits (such as the Childcare Voucher Scheme). When sharing information with third parties, we have data sharing, processor agreements or contracts in place to ensure data is not compromised. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
When you engage with Hatch Enterprise, we may collect the following information from you during the delivery of our services: name, data of birth, gender, race, ethnicity, religion, contact details, health conditions, behavioural information, life background, criminal records data.
We may also take footage of our events for marketing and communication purposes where you may appear.
We use your personal details to understand your needs and provide you with a better service for the reasons shown below:
Hatch Enterprise’s programmes and services are not directed to children under 18 years of age and we do not knowingly collect personal information from children under 18. If we discover that a child under 18 has provided us with personal information, we will promptly delete such personal information from our systems.
We rely on legitimate interest as our lawful basis for processing your personal data.
When we process special category of data and criminal records, we rely on legitimate interest, substantial public interest, along with additional conditions of the law.
We retain the personal data of all service users for a period of six years post-service. After this time, personal data will be reviewed and securely destroyed.
Information relating to individuals who are referred to us who do not, for whatever reason, progress into one of our services will have their personal data retained for a period of six months.
To ensure we can access the necessary funding to support our programmes, our funders (which may include organisations such as banks, housing associations, legal firms, and foundations) may require us to share your data. This data may include special category like your gender or date of birth. The purpose of sharing this data is to demonstrate to our funders the impact their contributions are making. The transfer and processing of your data will be handled through secure channels in accordance with data sharing agreements mutually agreed upon by both parties. Sharing data about our impact in this way allows us to fundraise and subsidise the costs of our programmes, and therefore provide access to the general public at prices that we hope will be accessible to as many people as possible.
We may use legitimate interest, or consent, to share your personal data for the above reasons. Each organisation acts as individual data controller of your personal information.
To comply with our duty of care and safeguarding, we may need to pass some information raising safeguarding concern with the authorities. In such circumstances, we apply vital interest and legitimate interest as our lawful basis. Data subjects’ rights and other UK GDPR provisions may be restricted when concerning personal data processed in these circumstances. Exceptions and exemptions are applied on a case by case basis.
When you make a donation
Information is provided by you via a donation form on our website or via third party donation platforms (e.g Just Giving and Virgin Money Giving). The information gathered may be: name, email address, Gift Aid sign up, company name if donation made by an organisation, donation details, reasons to engage, postal address
This information allows us to process your donation, and deal with any potential enquiry. We rely on our legitimate interest to process this data. If you agree that we can claim Gift Aid on your donations we are legally required to keep a record of the claim and your Gift Aid declaration.
If you are donating using a third party, please also refer to the privacy notice published on their websites.
When you sign up to our fundraising event
Information is mainly provided by you via our website forms, via third party platforms (e.g Eventbrite,) or in person during the events by through our website. The information gathered may be: name, email address, company name if applicable, donation/payment details, reasons to engage, postal address, email address, contact preference
This information allows us to administer your sign up, process payments, and deal with any potential enquiry. We rely on your consent to process this data.
During these types of events, we may also take photographs and video recording of people attending where you may be included. This information allows us to showcase our work and have an effective external communication. We rely on our consent to process this data.
If you are signing up to an event using a third party, please also refer to the privacy notice published on their websites.
When you show interest in supporting us during our events
Hatch Enterprise hosts several events in a year, where we can interact with you, and reach out to you for further support (for eg. By asking you to fill in your details/ register for our marketing and fundraising on our website). Information is provided mainly by yourself, via online forms. The information gathered may be: occupation, title, details of any correspondence had with ourselves, date of birth, fundraising appeals responses, event participations with us, details of your reasons to engage with us.
This information allows us deal with your enquiry and show you how to get engaged. We rely on your consent to process this data.
Your contact details may be used to provide you with information about our services or our fundraising opportunities. We will only send you fundraising and marketing communications by email, text or other electronic message if you have provided your consent or if you have been involved in a commercial transaction with us. You may opt-out of our fundraising and marketing communications at any time by clicking the unsubscribe link at the end of our e-marketing communication. Alternatively, you can let us know by using any of the contact details listed at the top of this notice.
In case of a generous donation or in order to identify potential high value supporters, we may use profiling and screening techniques. We may undertake in-house research and from time to time engage specialist agencies to gather information about you from publicly available sources, for example, Companies House, the Electoral Register, company websites, ‘rich lists’, social networks such as Linkedin, political and property registers and news archives.
We would gather publicly available information regarding previous charity support, connection to our cause, credibility, geographical, demographic, financial soundness, career information, peer networks and other publicly-available information (e.g. age, address, listed Directorships, hobbies and interests).
If you have already engaged with us, we may also profile information that you have provided to us during your engagement, including information such as occupation, title, details of any correspondence had with us, DOB, fundraising appeals responses, event participations with us, details of your reasons to engage with us.
This information also allows us to understand how likely it is that you would be interested in supporting us so that we can better tailor our communications such as telling you about the things you are likely to be interested in, letting you know of ways to fundraise with us which are relevant to you and making sure that we only talk to you about a financial level of giving that is appropriate to you.
We rely on our legitimate interest in order to profile and screening your information. If you would rather we did not do this, please just let us know and we will, of course, respect your wishes. Otherwise, following our initial profiling and screening, we will contact you either via phone or via e-communication if consent has been provided. During our conversation, we inform you of our processing and of your rights as data subject (which include right to object, to restrict our processing and to have your data deleted). If you are happy to engage with us, we’ll proceed with establishing our relationship with you, which will include further engagement and profiling.
Additionally, we sometimes ask existing supporters, trustees and volunteers whether they would be prepared to open their networks up to us. An existing supporter may tell us about an individual previously unknown to us and facilitate an introduction. In this scenario we would check that the person in question is registered on the TPS or FPS and exclude them if their details have been registered on either of these registries. We would then advise our Trustee or existing supporter about our data responsibilities and ask them to ensure that the person they would like to introduce to us is happy for an introduction to take place. Following the introduction, we would direct the individual to this privacy notice and confirm their marketing consent preferences before communicating with them further. We will also share a link to our privacy notice in the footer of all of our email communications.
We keep your data as long as necessary. If you’ve made a donation, showed interest in supporting us or participated in our events we may keep your data for 6 years. If you are a regular donor, we may keep your data for 12 months once you’ve stopped engaging with us.
Data is destroyed or deleted in a secure manner as soon as the retention date has passed.
If you wish to know more about our data retention, please contact us using the details above.
Rest assured that we will never sell your details to any third party.
In addition, if we ever need to send data to a third party for processing for the purposes of legitimate interests (for example checking against the Telephone Preference Service, updating our records and prospect researching from publicly available sources such as the electoral roll) we will make sure the company we use has signed a data processing agreement with us or other contractual obligations, so that they are bound to take care of your data in the same way we do. We may also share personal information with external auditors, e.g. the Charities Commission or for the audit of our accounts.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
If you have made a Gift Aid declaration, we may disclose the information you have provided as part of the declaration to HMRC for the purpose of reclaiming gift aid on your donation(s). We may share or disclose your personal information if we are required to do so by any law, regulation or court order.
For more information about our website cookies, please refer to our Cookies Policy online.
When you interact with us on social media platforms such as Facebook, Twitter, Instagram, we may obtain information about you (for example, when you publicly tag us in an event photo). The information we receive will depend on the privacy preferences you have set on those types of platforms. Please review the privacy notice of those platforms, in addition to this one.
Our website may contain links to other websites of interest. Once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution and look at the privacy policy applicable to the website in question.
Hatch Enterprise
53-63 East Street, SE17 2DJ
+44 20 7993 0074
hello@hatchenterprise.org
Hatch Enterprise, 53-63 East Street, London, SE17 2DJ.
020 7993 0074
hello@hatchenterprise.org
Registered charity (No. 1161801)
© 2018 – 2023 Hatch Enterprise
Privacy policy | Site map | Accessibility | Complaints
Hosted by krystal.uk
