West Horsley Place Ltd and Mary Roxburghe Trust (the Charity) are committed to protecting and respecting your privacy.  This page sets out why we collect personal information about individuals and how we use that information. It explains the legal basis for this and the rights you have over the way your information is used. 
Our privacy statement covers the Charity and its trading company, West Horsley Place Ltd, in relation to the collection and use of the information you give us and the information that we may collect about you in order to fulfil our charitable aims and objectives.  Its content may change, so we advise web users to check back from time to time. If we make any changes that we feel are more significant, we will notify you by email to ensure that you are comfortable with them.   
If you have any questions or concerns about this policy or the privacy and security of your personal information, please contact the Operations Manager at [email protected] by post to West Horsley Place, Epsom Road, West Horsley, Leatherhead, Surrey KT24 6AN.
What types of personal information do we collect from you and about you?
·      We obtain personal information about you when you make an enquiry about our activities, register with us, make a donation, or otherwise provide us with your contact details.  This will usually include your name, email address, postal address and phone number.
·      If you are a supporter (for example, making a donation, volunteering, registering to fundraise, signing up to our newsletter, or for an event or activity) in addition to asking for your name and contact details we may also ask you for your reasons for supporting our work, and demographic information such as your preferences and interests.  We may also invite you to provide debit/credit card details, and a Gift Aid Declaration.
·      We do not collect categories of information that are “sensitive”, such as race, sexual orientation, religious beliefs, health information or political affiliation unless there is a legitimate reason.
·      If you are a supplier of services, in addition to your personal contact information, we may ask you for your bank details in order for us to process payment securely through BACS transfer.
·      If you are applying for a job or to volunteer with us, the information you are asked to provide will be set out in the application form as being necessary for us to process your request.
·      In promoting our work to prospective donors and grant-making bodies and in order to achieve the income we need to support our aims, we may collect any other personal information about you that might reasonably be expected.
How do we collect information about you?
We collect information about you whenever you have direct contact with us or have any involvement with us, for example, when you:
•     donate to us directly or online through our website
•     offer to fundraise for us
•     enquire about our facilities, activities or services
•     sign up directly or online to receive our newsletters
•     volunteer for us
•     attend a meeting with us
•     sign up for and attend our events
•     complete surveys that we organise
•     complete evaluation and feedback forms
•     contact us in any way including online, by post, email, phone, or SMS
We may also collect information from you when you give it to us indirectly, for example, from:
•     other organisations and individuals when you have given them your permission to share it
•     our website, where information about your browsing preferences may be recorded and stored using cookies/click-through information
•     social media sites, such as Facebook, Linked-In, Instagram or Twitter where permission to access information from those accounts is dependent on your settings or the privacy policy in force  
As we work towards achieving our charitable aims and objectives for MRT through an active fundraising and development programme, we may also collect information about you through research methods, using publicly accessible sources to learn more about you.
How do we use information about you?
We use your information to understand your needs and interests and to provide you with the best service we can.  We want your interactions and relationship with the Charity to be well-managed, productive and enjoyable.   In particular, we use your information to:
•     provide you with the services or information you have requested
•     provide further information about our work, services and activities
•     process payments, donations, and Gift Aid declarations we have received from you
•     further our charitable aims, including our fundraising activities
•     fulfil sales made online
•     invite voluntary participation in research or surveys to improve our work
•     register and administer your participation in events and activities
•     organise volunteering activity you have told us you want to be involved in
•     analyse and improve our work, services, activities or information (including your behaviour on our  website) to personalise the way information is presented to you
•     carry out your obligations, as necessary, under any contract with us
•     maintain our organisational records to ensure we know how you prefer to be contacted
•     process your application for a job or volunteer role with us
•     prevent fraud, credit risk, or otherwise as required by law or regulation
What is our legal basis for processing your information?  
•     Where you have provided your personal contact details so that you can receive information from us or so that we can carry out a service for you, we will proceed on the basis that you have given consent to us using the information for that purpose, based on the way that you provided the information to us.  We may also rely on the fact that it is necessary for your legitimate interests that we provide the information or service requested, and given that you have made the request, would believe there is no prejudice to you in our fulfilling your request.
•     If you receive our newsletter through an automated electronic communication, you can update your contact preferences to unsubscribe at any time. This will not affect our lawful processing of your information prior to your consent being withdrawn and actioned.
•     We will only contact you by email or SMS (text messaging) if you have given us explicit permission to do so.
•     We believe it is in our legitimate interests to contact you by post to stay in touch with you. If you have given us your telephone number, we may use the ‘phone to contact you too.
If you ever wish to stop hearing from us, or to change the communications you receive from the Charity, you can do so at any time, by telephoning us on 01483 282032 or emailing [email protected]
•     If we have entered into a contract with you, our processing is necessary for us to carry out our obligations, or to take steps you ask us to prior to entering into a contract.
•     Our processing may also be necessary to comply with our statutory and legal obligations relating, for example to safeguarding, financial record-keeping and reporting, including to HMRC.
How do we keep your information secure?
We understand the importance of keeping your personal information safe and are committed to taking all appropriate steps to prevent unauthorised access, loss or disclosure.  We will use suitable physical, electronic and operational management procedures to safeguard the information we collect from you on paper, in digital format, and online. 
Access to your information is restricted to staff, trusted partners – see below - and volunteers.  Everyone who has access is appropriately trained to manage and safeguard your information.
Who has access to your information?
We work with a number of trusted partners to manage your information and to do some of the processing work we could not undertake without specialist support.  These activities are controlled by contract and third party agreements with suppliers for data protection are put in place. Examples include:
•     Companies we have contracted to support our public relations work
•     Companies we have contracted to support events management, such as through the provision of catering services
•     Marketing automation platforms, such as Mailchimp, to facilitate our e-news bulletins
•     Companies we have contracted to support the management of our ICT systems and database
•     Analytics and search engine providers that help us to improve our website and its use
•     Printing companies to fulfil fundraising appeals which we might send to supporters by post
•     Data bureaux, such as Legacy Link, to help us maintain the quality of supporter information
•     Third parties if we run an event in conjunction with them. We will let you know how your data is used when you register for any event.
For financial or technical reasons the information you provide to us may be transferred to countries outside the European Economic Area (EEA), which are not subject to the same data protection regulations as apply in the UK, because it is stored on servers outside the EEA or the supplier is based outside the EEA.  Although this is the case with MailChimp, we are satisfied that an adequate level of protection is provided through the Privacy Shield framework under which MailChimp is certified compliant.
We may also disclose your personal information if we are legally obliged to do so and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest.
Other than this, we will not share your information with other organisations without your consent.
Keeping your information up to date
We really appreciate it if you let us know if your contact details change. You can do so by contacting us at [email protected] by post to West Horsley Place, Epsom Road, West Horsley, Leatherhead, Surrey KT24 6AN.
Our use of “cookies”
Like all websites, ours uses “Cookies” to help you in your interactions with the site. Most cookies are session cookies, lasting only for the duration of your visit and are deleted when you close your browser.  No personally identifiable data is collected.  Our website uses Google Analytics to allow us to track how popular our site is and to record visitor trends over time.  Google Analytics uses a cookie to help track which pages are accessed and uses your computer’s IP address to determine your location and to track your page visits within the site.  You can modify your browser setting to decline or delete cookies if you prefer, although this may prevent you from taking full advantage of the website.
Under 16s
We encourage supporters of all ages.   If you are under 16, do please let us know when you sign up for events and ensure that you have the consent of a parent or guardian before giving us your details.  We will ensure that your information is only used for the purposes it has been provided.

Our website provider

Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behavior of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply:

  • Your data will be made available to our website provider
  • The data that may be available to them include any of the data we collect as described in this privacy policy.
  • Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
  • They will store your data for a maximum of 7 years.
  • This processing does not affect your rights as detailed in this privacy policy.

Keeping your information
We will hold your personal information for as long as is necessary for the relevant activity and for compliance purposes (for example, we are required to keep details of donations made under the Gift Aid scheme for 6 years after the tax year in which they were made).  Where your information is no longer required, we will ensure it is disposed of in a secure manner.  Our Data Protection Policy (link)provides further information on our legal obligations and commitment to record retention and disposal.  Where we rely on your consent to contact you for direct marketing purposes, we will treat your consent as lasting only for as long as it is reasonable to do so. This will usually be for two years. We may periodically ask you to renew your consent.
If you ask us to stop contacting you with marketing or fundraising materials, we will keep a record of your contact details and limited information needed to ensure we comply with your request.
Your rights

You have the right to access your personal data, to ask us to correct any errors in the data that we hold, or require that we erase it.  In some circumstances, you can also restrict the way we process your personal data, object to its processing or request a copy of your personal data for the purposes of transmitting elsewhere.  You can also restrict decision making and profiling that is automated, including profiling for marketing purposes.  Where we have requested and obtained your consent to process particular information, you may withdraw that consent at any time. 
These rights are subject to certain safeguards and limits or exemptions, further details of which can be found in our Data Protection Policy (link).  To exercise any of these rights please contact:
The Director at [email protected] by post at West Horsley Place, Epsom Road, West Horsley, Leatherhead, Surrey KT24 6AN
If you are unhappy with the way in which we have processed or dealt with your information, you can complain to the Information Commissioner’s Office: https://ico.org.uk/concerns/ 
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Changes to this Privacy Policy
We may change the content of this Privacy Policy so we advise web users to check back from time to time.  If we make any changes that we feel are more significant, we will notify you by email to ensure that you are comfortable with them.  
Do please check this Policy each time you consider giving your personal information to us.
Who we are
Mary Roxburghe Trust is a Registered Charity (Number 1164840) and a Company Limited by Guarantee (Number:  9795744).  West Horsley Place Limited (Company Number:  10315041) is the commercial trading arm of the Charity, with objects to procure profits and gains for the purposes of paying them to the Charity.  Both the Charity and the Trading Company are data controllers under Data Protection Law.