Privacy and Cookie Policy

Introduction

AtaLoss.org ("We") is committed to protecting and respecting your privacy.

This policy (together with our terms of use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.  Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).

Definitions

Data controller - A controller determines the purposes and means of processing personal data.

Data processor - A processor is responsible for processing personal data on behalf of a controller.

Data subject – Natural person, a living individual

Categories of data: Personal data and special categories of personal data

Personal data - The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.

Special categories personal data - The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, and political opinions, religious or philosophical beliefs.

Processing -means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third party - means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Who are we?

AtaLoss is the data controller. This means we decide how your personal data is processed and for what purposes. Our contact details are:  AtaLoss, PO Box 824, Chichester, PO19 9WW. For all data matters contact our data protection officer on office@ataloss.org .

The purpose(s) of processing your personal data

We use your personal data for the following purposes:

  1. To keep you informed about the work of our charity:

  2. To enable you to benefit from the services and activities we provide:

  3. If you are a donor, to tell you how your funds have been spent and about further projects that you may wish to support or benefit from:

  4. If you work for another charity or business, to tell you about opportunities that you may wish to work with us on or benefit from:

  5. If you are working with us, we keep your data to enable us to provide proper employee support, whether you are a paid or an unpaid AtaLoss team member.

The categories of personal data concerned

With reference to the categories of personal data described in the definitions section, we process the following categories of your data:

1. Personal data

  • name;

  • address;

  • place of work;

  • telephone number;

  • a description (particularly relating to a specific project/area of interest);

  • job title and sphere of responsibility;

  • gender;

  • age;

  • cultural, or social identity of that person;

  • one or more factors specific to the physical, physiological, genetic, mental, economic (including: bank details) of an individual;

  • online identifiers (IP address, email address).

2. Special categories of data

Information about the religious beliefs, ethnicity, marital status, sexual orientation, disability status and gender of paid and unpaid staff is kept in the interests of equal opportunities monitoring.

What is our legal basis for processing your personal data?

  1. Personal data (article 6 of GDPR)

Our lawful basis for processing your general personal data:

x☐ Consent of the data subject;

Individual has provided their personal data to AtaLoss as an ‘employee or volunteer, as a donor or purchaser or because they are interested in or wish to benefit from the organisation.

x☐ Processing necessary for the performance of a contract with the data subject or to take steps to enter into a contract

x☐ Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

Employment, volunteer or provision of a service under a contract.

To develop the charity and increase the opportunities for raising its profile to benefit bereaved individuals

x☐ Processing necessary for the purposes of the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of the data subject

 We need to process your data to help further the legitimate interest of the charity. We have carefully considered the options and we have chosen the least intrusive way of processing your data and deliver services to our beneficiaries.

Our lawful basis for processing your special categories of data:

x☐ Explicit consent of the data subject

Supporters and donors have provided their details and asked to be kept informed. Purchasers have provided their data in order to secure a purchase from the website.

x☐ Processing necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement

We hold and process data about our paid and unpaid staff

x☐ Processing necessary for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes

Equal opportunities monitoring is collected anonymously to provide evidence that we are an equal opportunities employer.

Sharing your personal data (other than financial transactions)

Your personal data will be treated as strictly confidential, and will be shared only with authorised staff within the charity. 

Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply:

  1. Your data will be made available to our website provider

  2. The data that may be available to them may include any of the data we collect as described in this privacy policy.

  3. Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.

  4. They will store your data for a maximum of 7 years.

  5. This processing does not affect your rights as detailed in this privacy policy.

Financial Transactions and Personal Data

Financial transactions relating to our website and services may be handled by our payment services provider, Stripe. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at STRIPE

Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply:

  1. Your data will be made available to our website provider 

  2. The data that may be available to them include any of the data we collect as described in this policy.

  3. Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.

  4. They will store your data for a maximum of 7 years.

  5. This processing does not affect your rights as detailed in this privacy policy.

Breaches

We are required by law to report any security breaches involving personal data to the ICO and we will keep a record of those breaches.

How long do we keep your personal data?

Except where we are required to keep data records by law, we will keep your personal data for no longer than reasonably necessary and will annually review the data held and determine whether it should be retained or destroyed. Data subjects may request the removal or correction of their personal data at any time.

Providing us with your personal data

You are under no statutory or contractual requirement or obligation to provide us with your personal data. Failure to do so will mean we will be unable to communicate with you and keep you informed about the charity and its services.

If you are an employee (paid or unpaid) we require your personal data as it is a statutory requirement to enter into a contract. All the information you provide during the recruitment process will only be used for progressing your application, or to fulfil legal or regulatory requirements, and will not be shared with any third parties for marketing purposes or stored outside of the European Economic Area. The information you provide, whether electronic or physical, will be held securely by us.  We will only use the provided contact details to progress your application. We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than necessary.  The information we ask for is used to assess your suitability for employment. You do not have to supply it, but it might affect your application if you do not. Other information may be requested to enable us to monitor equal opportunities. You are not obliged to provide this information and withholding it will not affect your application. If you accept a final offer from us, some of your personnel records will be held on our internal HR records system.

Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  1. The right to request a copy of the personal data which we hold about you;

  2. The right to request that we correct any personal data if it is found to be inaccurate or out of date;

  3. The right to request your personal data is erased where it is no longer necessary to retain such data;

  4. The right to withdraw your consent to the processing at any time, where consent was your lawful basis for processing the data;

  5. The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means;

  6. The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

  7. The right to object to the processing of personal data where applicable, (i.e. where processing is based on legitimate interests, or the performance of a task in the public interest/exercise of official authority or direct marketing and processing for the purposes of scientific/historical research and statistics).

Under the GDPR, we are required to verify the identity of anyone requesting copies or changes to personal data. Once this is established we will provide the data requested within the timeframes stipulated under the regulations.

Transfer of Data Abroad

Whenever we transfer your personal data out of the EEA, we will comply with applicable data protection law. Some of the mechanisms we may choose to use when undertaking an international transfer are:

  • The transfer of your personal data is to a country that has officially been deemed to provide an adequate level of protection for personal data by the European Commission.

  • We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe (called the “EU Model Clauses”).

Where we use providers based in the US eg. Mailchimp, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. If the provider is not EU-US Privacy Shield certified, we may use the EU Model Clauses.

Automated Decision Making

We do not use any form of automated decision making in our charity.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Privacy Policy, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

Our Terms and Conditions

This privacy policy should be read in parallel with our Terms and Conditions with regard to your obligations to AtaLoss and the use of this website.

How to make a complaint

To exercise all relevant rights, queries or complaints please in the first instance contact our data protection officer on office@ataloss.org

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.

Last updated - 21 March 2025

This Cookie Policy explains how AtaLoss ("Charity," "we," "us," and "our") uses cookies and similar technologies to recognize you when you visit our website at https://www.ataloss.org ("Website"). It explains what these technologies are and why we use them, as well as your rights to control our use of them.

In some cases we may use cookies to collect personal information, or that becomes personal information if we combine it with other information.

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.

Cookies set by the website owner (in this case, AtaLoss) are called "first-party cookies." Cookies set by parties other than the website owner are called "third-party cookies." Third-party cookies enable third-party features or functionality to be provided on or through the website (e.g., advertising, interactive content, and analytics). The parties that set these third-party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.

Why do we use cookies?

We use first- and third-party cookies for several reasons. Some cookies are required for technical reasons in order for our Website to operate, and we refer to these as "essential" or "strictly necessary" cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Online Properties. Third parties serve cookies through our Website for advertising, analytics, and other purposes. This is described in more detail below.

How can I control cookies?

You have the right to decide whether to accept or reject cookies. You can exercise your cookie rights by setting your preferences in the Cookie Consent Manager. The Cookie Consent Manager allows you to select which categories of cookies you accept or reject. Essential cookies cannot be rejected as they are strictly necessary to provide you with services.

The Cookie Consent Manager can be found in the notification banner and on our Website. If you choose to reject cookies, you may still use our Website though your access to some functionality and areas of our Website may be restricted. You may also set or amend your web browser controls to accept or refuse cookies.

The specific types of first- and third-party cookies served through our Website and the purposes they perform are described in the table below (please note that the specific cookies served may vary depending on the specific Online Properties you visit):

Essential website cookies:

These cookies are strictly necessary to provide you with services available through our Website and to use some of its features, such as access to secure areas.

How can I control cookies on my browser?

As the means by which you can refuse cookies through your web browser controls vary from browser to browser, you should visit your browser's help menu for more information. The following is information about how to manage cookies on the most popular browsers:

In addition, most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit:

What about other tracking technologies, like web beacons?

Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are tiny graphics files that contain a unique identifier that enables us to recognize when someone has visited our Website or opened an email including them. This allows us, for example, to monitor the traffic patterns of users from one page within a website to another, to deliver or communicate with cookies, to understand whether you have come to the website from an online advertisement displayed on a third-party website, to improve site performance, and to measure the success of email marketing campaigns. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will impair their functioning.

Do you serve targeted advertising?

We do not do targeted advertising.

How often will you update this Cookie Policy?

We may update this Cookie Policy from time to time in order to reflect, for example, changes to the cookies we use or for other operational, legal, or regulatory reasons. Please therefore revisit this Cookie Policy regularly to stay informed about our use of cookies and related technologies.

The date at the top of this Cookie Policy indicates when it was last updated.

Where can I get further information?

If you have any questions about our use of cookies or other technologies, please email us at office@ataloss.org or by post to:

AtaLoss

PO Box 824

Chichester, West Sussex PO19 9WW

United Kingdom

Phone: 07976 646644

Last updated - 21 March 2025