Privacy Notice

For those involved in Family Group Conferences, you can download a condensed version of this information.

This section explains what information Daybreak collects, keeps and stores about you and/or your family and wider network if you receive one of our services. You may also be given information by your service regarding the personal data they keep about you and what happens to it.

Daybreak holds personal data about you which may include:

• Your name, address and contact details, including email address and telephone number, as well as contact preferences;

• Date of birth, age;

• Gender, sex, sexual orientation, sexual identity, ethnicity, religion, nationality and languages spoken;

• Disabilities and access requirements

• Emergency contact information;

• School or organisation name;

• Marketing preferences with respect to contact and opportunities you’d like to hear about.

• Photographs that may be taken during your engagement with us

• Record of your contact with us, whether a query, compliment or complaint

• Dietary requirements

We will also record information about your capability to care for children (where appropriate), your support needs and the service provided to you, including case reporting, plans and reviews, as well as your contact preferences and consents, if relevant.

Some of the data we hold about you will be provided by partner organisations who may have referred you to one of our services.

Why do we collect your personal data?

We collect your personal data to provide services to you, to offer opportunities that may be of value and interest to you, to ensure the safety of our staff, volunteers and children we support, and to make sure our services meet your needs.

Under the General Data Protection Regulations (GDPR) we process your data in accordance with our legitimate interests in providing high quality, safe and efficient services. If we have a contract with you, we will also process your data to deliver our services under that contract. Where relevant, we also carry out processing to perform tasks that are in the public interest, and if required (and where appropriate) we may also obtain your consent to process your data. Where we rely on your consent for processing, you have the right to withdraw your consent at any time. This does not affect the lawfulness of our processing before such withdrawal.

Who do we share your personal data with?

We share your personal data with the organisation that pays for your service or with external agencies that inspect our work, and with third party service providers. We may be required to share your data with other agencies for legal reasons, a court order for example, or with other organisations if we believe that you are at risk of harm or may harm someone else.

There may be occasions when we will ask you for consent to use your data, for example to provide you with information and opportunities to have a voice or influence, to help us inform the public about our work, to help you access other services, or for the purpose of academic research. If this is the case, we will explain to you exactly what your data will be used for. You can withdraw your consent at any time, and, wherever possible, any of your data that has been used for publicity purposes will be deleted.

Sometimes Daybreak is required to transfer your data to the local authority that has commissioned us to provide your service, or to another organisation providing you with a service. The 'Your Data Your Rights' leaflet will give you more details about what will happen to your data.

We will never share your information with other organisations for marketing or publicity purposes.

How long do we keep your personal data?

Daybreak will keep your personal data for a specified period of time once we have finished working with you depending on the nature of the service and our legal obligations. The 'Your Data Your Rights' leaflet will tell you how long we keep your data and why.

This section explains what information Daybreak collects, keeps and stores about you if you inquire about our activities, make a donation to us, fundraise for us, support a campaign, take part in Daybreak raffles, express an interest in or inform us of your intention to leave a gift in your Will, ask a question about our services or participate in events.

What personal data do we collect?

The personal data we collect may include:

• Your name, address, email address, telephone numbers;

• Age, date of birth;

• Location;

• Gender;

• Your prior involvement with our fundraising campaigns;

• Contact preferences and consents;

• Gift aid status, fundraising status, reason for donating/fundraising/entering a raffle, information about events you’re taking part in and your fundraising activities, access to facilities;

• School or organisation name;

• Social media handles; and

• Details of executors and beneficiaries and your family relationships.

We do not store your credit or debit card details.

We may collect sensitive data, such as health information, religious beliefs and political opinions, about our supporters where there is a clear reason for doing so, such as participation in a run, walk or similar fundraising event, or where we need to ensure we provide the appropriate facilities or support to enable you to participate in an event.

We may obtain your personal data from third party data suppliers, but only if they provide appropriate evidence that you have agreed that your personal data may be shared with other organisations. We also gather general information about the use of our websites such as pages visited and areas that are of most interest to users. For further information please see section 2c Visitors to our website.

Occasionally we obtain publicly available information, such as contact information, or we research information to help us perform due diligence checks to ensure we are not being abused by fraudsters or criminals posing as genuine donors, or to ensure that there are no conflicts of interest from potential supporters or organisations prior to our engagement. We do these checks to help protect Daybreak from abuse.

Why do we collect your personal data?

We use your personal data in order to:

• Deal with your enquiries (including family history enquiries), requests and complaints;

• Process your donations and orders made online or through our shops;

• Administer raffles;

• Provide you with information about our work activities, events and services;

• Comply with our legal obligations, policies and procedures, for example claiming Gift Aid;

• Provide and personalise our services;

• Administer bequests in your Will;

• Conduct our campaigns, fundraise and send marketing;

• Tailor the advertising and marketing you see on social media and digital channels to share the most appropriate and relevant information with you;

• Measure the effectiveness of digital marketing and advertising; and

• Conduct market research.

We process your personal data for these purposes in accordance with our legitimate interests in conducting fundraising processing payments, promoting our charitable activities, customising our social media communications, and responding to you when you make an enquiry. We also process your data when required under law or with your consent, such as when you consent to receive marketing from us. We will never pass your personal data on to other organisations for them to use for their own marketing purposes.

We will only email or phone you where we have your consent to deliver marketing to you. You can indicate your marketing preferences if and when asked as part of your engagement with us, for example when you make a donation, submit a webform or enquire about our work. . If you no longer wish to receive marketing communications or appeals asking for a donation to help support our work, it’s quick and easy to let us know at the contact details provided at the bottom of this Privacy Notice. You may opt-out also of our marketing communications at any time by clicking the ‘unsubscribe’ link at the end of our marketing emails or sending us an "opt-out" text message following the instructions we provide you in our initial text. We will never pass your personal data on to other organisations for them to use for their own marketing purposes.

Daybreak has a legitimate interest in keeping lists of people who no longer wish to be contacted (known as a suppression list) to ensure that we do not unintentionally contact them in the future. The suppression list also collects emails that bounce, are blocked, or invalid. Daybreak also keeps suppression lists of supporters and prospects who have requested removal from our postal mailing or marketing lists for the same reason.

We are committed to protecting the privacy of the children and young people that engage with us through our website, digital services, fundraising events, marketing materials and communication lists. Where children and young people fundraise or take part in events for Daybreak, we will seek parental/guardian consent for their participation when they are under the age of 16. Where the child is under the age of 13, we will contact a parent/guardian to seek permission to communicate with the child prior to any engagement.

Personalisation and profiling

We carry out targeted fundraising and campaign activity to ensure that we are contacting you with the most appropriate and relevant communications, for example by providing timely news about our work, and letting you know the different ways you can support us and help us to raise funds. To do this, we may use profiling techniques and engage with insight companies to provide us with general information about you, about your lifestyle and purchasing habits.

We may also use your personal data to understand the likelihood of you responding to a fundraising communication from us, and potentially donating. For example, we use systems such as Mosaic to create supporter categories within our database based on postcodes and we will, where appropriate, store this information on your record. We will also use broad demographic information such as statistics and analysis from third parties to better understand how our own supporter base compares to the general population.

Who do we share your personal data with?

We may share your personal data with third parties who provide a service to us. This includes trusted partners that work with us in connection with our charitable purposes, and other entities that act as fundraisers for Daybreak or provide Daybreak information and marketing services. We also share your data when we need to perform due diligence checks to ensure we are not being abused by fraudsters or criminals posing as genuine donors.

How long do we keep your personal data?

We keep your personal data for as long as required to operate the service in accordance with legal requirements and tax and accounting rules. Where your information is no longer required, we will ensure it is destroyed in a secure manner. This will generally be within six years of your last interaction with Daybreak.

This section explains what information Daybreak collects, keeps and stores about you when you visit our website. Please see our Cookie Notice for more information on how we use cookies.

What personal data do we collect?

The personal data we collect may include:

• Name

• Address

• email address

• telephone numbers

• date of birth (optional)

• gift aid status

• contact preferences

• purchase history and

Why do we collect your personal data?

We collect your data to administer and enhance the websites and services. We conduct this processing in accordance with our legitimate interests in efficiently running and improving our websites.

If you use your credit or debit card to donate via our website, we will ensure this is done securely. We do not store your credit or debit card details following the completion of your transaction. All card details are securely destroyed once the payment or donation has been processed. Only authorised staff trained to process payments can see your card details. When card payments are processed via a third-party, e.g. JustGiving, card details are not shared with Daybreak.

We may use your contact details to send you marketing where we have your consent or are otherwise permitted to do so by applicable law. You can indicate your marketing preferences when you make a donation or submit a webform for fundraising or event booking. If you no longer wish to receive marketing communications, it’s quick and easy to let us know at the contact details provided at the end of this Privacy Notice.

You may opt-out also of our marketing communications at any time by clicking the ‘unsubscribe’ link at the end of our marketing emails. We will never pass your personal data on to other organisations for them to use for their own marketing purposes.

Who do we share your personal data with?

Your financial and/or personal data may be passed to third-party organisations to process your transactions with Daybreak, such as credit card companies and banks. We will also share your data with HMRC if you give us permission to claim Gift Aid on your donation.

How long do we keep your personal data?

We keep your personal data for up to six years, except financial data which we are required to retain for seven years. Where your information is no longer required, we will ensure it is destroyed in a secure manner.

You can download a condensed version of this information.

This section explains what information Daybreak collects, keeps and stores about you when you apply for a role with us.

What personal data do we collect?

We will collect a range of information about you, including:

• Your name, address and contact details, such as email address and telephone number;

• Your contact preferences;

• Date of birth, age, gender, nationality, residency status, criminal convictions, outstanding disciplinary proceedings and languages spoken;

• Referee information;

• Details of your qualifications, skills, experience, education and employment history;

• Information about your current salary;

• Whether or not you have a disability for which we need to make reasonable adjustments during the recruitment process;

• Information about your entitlement to work/volunteer in the UK; and

• Equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health, and religion or belief. We will only collect this sensitive information with your explicit consent, which can be withdrawn at any time.

We collect this data in a variety of ways. For example, you may have filled in an application form, submitted a CV or resume, provided your passport details or other identification documents, or we may have collected it through interviews or other forms of assessment, like online tests.

We may also collect information about you from third parties, such as references supplied by former employers. For job applicants, Daybreak will only seek information about you from third parties once we have made you an offer of employment. In all cases the application process will make clear at what point we will be contacting third parties. For volunteer applicants, Daybreak will seek information from third parties during the volunteer recruitment process.

Why do we collect your personal data?

We process your personal data to administer your job or volunteer application and to monitor recruitment statistics. In some cases, we need to process your data to ensure we are complying with our legal obligations, e.g. checking an individual’s right to work in the UK.

We have a legitimate interest in processing your personal data to manage our recruitment process, assess and confirm your suitability for the position and decide who to offer a role to. We may also need to process data from job and volunteer applicants in accordance with our legitimate interest in responding to, and defending against, legal claims.

We process health information if we need to make a reasonable adjustment to the recruitment process for applicants who have a disability. This is to carry out our obligations and exercise specific rights in relation to employment.

For some roles Daybreak is obliged to seek information about criminal convictions and offences. This is necessary to carry out our obligations and exercise specific rights in relation to employment and volunteering.

• when applicants are asked to confirm they have the right to work in the UK;

• when applicants confirm that they are not barred from undertaking roles working within regulated activity; and

• when confirming that the applicant has a clean and valid driving licence where driving is an essential requirement for the role.

If an applicant is unable to fulfil these requirements, they will not be able to progress any further with their application. Should an applicant wish to challenge any automated decision within the recruitment process they should contact Head Office via email at headoffice@daybreakfgc.org.uk.

Who do we share your personal data with?

As part of the recruitment process, we may need to share your data with third parties to conduct any necessary background checks and vetting processes, such as contacting previous employers/referees to obtain a reference, and/or the Disclosure and Barring Service to conduct criminal record checks. As part of the recruitment process, we will make clear to you which checks will be required and at what stage of the process.

How long do we keep your personal data?

Personal data about unsuccessful candidates will be held for six months after the recruitment exercise has been completed. Interview notes for all unsuccessful job applicants are destroyed after six months. Unsuccessful volunteer applicants are anonymised on Daybreak volunteer management system after one year. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

If your application is successful, personal data gathered during the recruitment process will be transferred to your personnel file and will be retained in accordance with our retention policy. If your volunteer application is successful, personal data gathered during the recruitment process will be held on your volunteer file.

This section explains how Daybreak collects and processes personal data relating to its staff and volunteers to manage the working relationship with you.

What personal data do we collect?

Daybreak collects and processes a range of information about you that is appropriate to the role you perform with us. This will vary depending on whether you are an employed member of staff, Independent Staff (Self-employed), volunteer, contractor, agency worker or student, and may include:

• Your name, address and contact details, including email address and telephone number, as well as contact preferences;

• Date of birth, age;

• Gender, sex, sexual orientation, ethnicity, religion, nationality, residency status, criminal convictions and languages spoken

• Location;

• Your image for identification purposes and for the website (permanent staff only)

• The terms and conditions relating to the work you are doing for Daybreak;

• Information about your self-employed status (Independent Coordinator only);

• Details of your qualifications, skills, experience and employment history, including start and end dates with previous employers and with us;

• Information about your salary, including entitlement to benefits such as pensions or death in service insurance cover;

• Details of your bank account and national insurance number;

• Information about your marital status, next of kin, dependents and emergency contacts;

• Information about your nationality and entitlement to work in the UK;

• Information about your criminal record;

• Relevant information if you drive your own vehicle for business purposes or if we hire a car for you;

• Relevant information about the insurances you hold (Independent Coordinator only);

• A record of your entry and exit to Daybreak premises and work locations where permits and sign-in procedures exist for security and health and safety reasons;

• Details of your schedule (days of work and working/volunteering hours) and attendance at work/volunteering;

• Details of periods of leave taken by you, including holiday, sickness absence, family leave and extended leave, and the reasons for the leave;

• Details of any staff disciplinary or grievance procedures, or volunteer problem solving procedures, in which you have been involved, including any warnings issued to you and related correspondence;

• Assessments of your performance, including appraisals, performance reviews, observations, contract meetings, training you have participated in, performance improvement plans and related correspondence;

• Information about medical or health conditions, including whether you have a disability for which the organisation needs to make reasonable adjustments; and

• Equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief.

We collect your information in a variety of ways. For example:

• From an application form, or CV or resume;

• From your passport or other identity documents;

• From forms completed at the start or during your employment or volunteering opportunities with us;

• From correspondence with you; or

• Through interviews, meetings or other assessments.

We may also collect information about you from third parties, such as recruitment agencies, references supplied by former employers, and information from criminal records checks as permitted by law.

Why do we collect your personal data?

Daybreak needs to process your data to enter into a working or volunteering relationship with you and to meet our contractual obligations under any agreement with you. For example, if you are an employee, we need to process your data to provide you with an employment contract, to pay you in accordance with that contract and to administer any benefits.

In some cases, Daybreak needs to process data to ensure that we are complying with our legal obligations. For example, it is required to check a worker’s right to work or volunteer in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled. For certain positions, it’s necessary to carry out criminal records checks to ensure that individuals are permitted to carry out the role in question.

In other cases, Daybreak has a legitimate interest in processing personal data before, during and after the end of the working relationship. Processing staff and volunteer data allows the organisation to:

• Run recruitment and talent management processes;

• Maintain accurate and up-to-date records and contact details (including details of who to contact in the event of an emergency), and records of contractual and statutory rights;

• Operate and keep a record of disciplinary, grievance or problem solving processes, to ensure acceptable conduct within the workplace;

• Operate and keep a record of performance and related processes and workforce management processes;

• Operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay and other benefits to which they are entitled;

• Obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law, and ensure that workers are receiving the sick pay or other benefits to which they are entitled;

• Operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that Daybreak complies with duties in relation to leave entitlement, and to ensure that workers are receiving pay or other benefits to which they are entitled;

• Ensure effective general HR, volunteering and business administration;

• Provide references on request for current or former employees and volunteers;

• Respond to and defend against legal claims; and

• Maintain and promote equality, diversity and inclusion in the workplace.

Some special categories of personal data, such as information about health or medical conditions, are processed to carry out employment law obligations (such as those in relation to employees with disabilities and for health and safety purposes).

Where we process other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done with your explicit consent or where it is in the public interest to do so, such as to ensure meaningful equal opportunity or diversity monitoring.

Who do we share your personal data with?

Daybreak shares your data with third parties to obtain pre-employment or volunteer references from other employers and, if applicable to your role, to obtain necessary criminal records checks from the Disclosure and Barring Service. Daybreak may also share your data with third parties in the context of TUPE transfers. In those circumstances the data will be subject to confidentiality arrangements. Commissioned service data may be shared with the commissioner.

Daybreak also shares your data with third parties that process data on our behalf, in connection with payroll, HR and Governance.

How long do we keep your personal data?

If you are an employee or volunteer, we will hold your personal data for six years after the end of your working relationship with us.

You can download a condensed version of this information.

What personal data do we collect?

We collect the following personal data from learners participating in our charity training courses:

• Contact Information: Name, address, email address, and phone number.

• Identification Details: Date of birth, national identification number, or any other form of identification, where required.

• Course-Related Information: Details about the courses you have enrolled in, attendance records, and any assessments or feedback provided.

• Payment Information: If applicable, payment details for course fees.

• Special Requirements: Information regarding any special needs or accommodations to ensure accessibility.

• Usage Data: Information about your interaction with our online platforms, including login times and pages visited.

Why do we collect your personal data?

We collect your personal data for the following purposes:

• Course Administration: To manage your enrollment, track your progress, and maintain accurate records of your participation.

• Communication: To provide you with information about course updates, schedules, and relevant resources.

• Compliance: To comply with legal and regulatory obligations, including safeguarding requirements and health and safety regulations.

• Support Services: To offer appropriate support, including special accommodations and any necessary follow-up assistance.

• Improvement of Services: To evaluate and improve the quality and effectiveness of our training courses based on feedback and usage data.

• Financial Transactions: To process payments for course fees and manage financial records.

Who do we share your personal data with?

We may share your personal data with the following entities:

• Internal Staff: Course administrators, trainers, and support staff who need the information to perform their roles.

• Partner Organisations: Other charities or organisations involved in delivering the training courses, but only to the extent necessary for their involvement.

• Service Providers: Third-party service providers who assist us with IT support, data storage, payment processing, and communication services.

• Regulatory Bodies: Government authorities or regulators, if required by law or to ensure compliance with legal obligations.

• Emergency Services: In case of emergencies where your health and safety may be at risk.

How long do we keep your personal data?

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including:

• Course Duration: For the duration of your participation in the course and any related follow-up activities.

• Legal Compliance: For the period required to comply with legal obligations, including record retention requirements.

• Support Services: For a reasonable period after course completion to provide any necessary support or respond to inquiries.

• Improvement of Services: For a period that allows us to analyze and improve our training programs based on collected data.

After these periods, your personal data will be securely deleted or anonymized to ensure your privacy.