More To Life Foundation (MTLF) and its regions keep data on you relating to who you are, where you live, email addresses and telephone numbers that you have provided; contact numbers, DDMM of birth (for administrative purposes), courses registered and completed, value spent and donations given, essential health details, type of payment method used (no payment card details are retained), any comments and comments reasonably made by those involved in processing registration.
More To Life Foundation (MTLF) and associate charities hold data in the cloud secured in approved data centres within the European Union and other internationally located mirrored cloud servers. Information is stored in a protected repository where data is collected from all sectors of the organization and processed in line with the MTLF policies whilst working within current data laws. (Where data is mirrored using Binding Corporate Rules, Model Clauses are used where applicable to USA.)
Data Reported On
MTLF uses data on you that is used for applying searches and algorithms in order to identify future course enrolment opportunities and contact information, under certain circumstances linking that data to data held elsewhere in the organization and processed by others within or bound by contracts.
Data is also used to report on the performance of the organization including: statistical information, audits and outcomes. Examples include percentage target achievements, fundraising, payments and more specific data collections, where possible processes and services do not include personal data. This reduces the requirements communicated by the new data regulations. With regards to marketing activities, the organization is working to ensure communications meet with this new data law with the required option of consent-related opt-in and opt-out provisions.
There are times when there is a legal obligation to collate and process data provided to us which overrides any individual wishes such as for tax and law enforcement requirements.
Definition of “personal data” – The law defines “personal data” as any information that can identify a living individual.
1) Data Controller
Bill Thatcher |Managing Director More To Life Foundation | firstname.lastname@example.org
2) Data Protection Officer
3) Purpose of the processing
Computerised searches of some or all of our records to identify past and potential participation in courses, follow-ups where appropriate and other events; sponsorship and fundraising records are also among those searched. This is known as “risk stratification” and sometimes carried out by linking our records with other records. The results of these searches are produced using approved and agreed methodologies to provide the most appropriate advice, investigation opportunities and marketing communications.
4) Lawful basis for processing
The legal basis for this processing is via evidenced consent and/or legitimate interest.
In the UK, the organization recognises your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality”.
5) Recipient or categories of recipients of the shared data
Appropriate data will be shared for processing only with those who have a legitimate reason. Those accessing your personal identifiable information are limited to essential data only to fulfil their task or role.
6) Rights to object
You have the right to object to the processing where it might result in a decision being made about you. That right is based on implied consent under the Common Law of Confidentiality, Article 22 of GDPR (automated individual decision-making, including profiling).
You have the right to object to some or all of the information being shared under certain circumstances but the organization has the overriding responsibility to comply with the law.
You should be aware that this is a right to raise an objection, which is not the same as having an absolute right to have your wishes granted in every circumstance.
7) Right to access and correct
You have the right to know the data that we have in our database, what is being shared , and to have any inaccuracies corrected. The subject access request should be in writing (i.e. written word or email) and once the appropriate due diligence identification checks have been verified with the Data Protection Officer, collation of the information requested will be performed, redacted where appropriate and forwarded in a format agreed with the requestor in accordance with data law requirements.
8) Retention period
The data will be retained for active use during the processing and thereafter according to the organization’s retention policy and data laws.
9) Right to Complain
Should you have a complaint relating to the handling of your personal identifiable data, please forward your concerns to:
More To Life Administrative Centre
2107 North Decatur Road, Suite 452
Decatur GA 30033-5305, USA
Via the contact forms on our website at:
Thereafter if you believe the organization has not addressed your complaint relating to the management of your personally identifiable data, you have the right to complain to the respective Information Commissioner’s Office or supervisory authorities in other EU countries.
UK helpline + 44 303 123 1113 (local rate) or 01625 545 745 (national rate)
There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website)/
More To Life Foundation
Date: 24 May 2018