OUR PRIVACY NOTICE

This purpose of this Privacy Notice is to let you know how we handle and look after your personal information. This includes what you tell us about yourself, what we learn by having you as a customer or contact, and the choices you give us about what marketing you want us to send you. This Notice explains how we do this and tells you about your privacy rights and how the law protects you.

We promise that we will:

  • only use your personal information for the purposes for which you have trusted it to us;
  • only retain your personal information for as long as we are required; and
  • always ensure appropriate safeguards are in place to protect your personal information and privacy.

We promise that we will never:

  • sell your personal information;
  • share it with other organisations without a clear legitimate reason; and
  • be involved in any data swapping schemes.

CHANGES TO OUR PRIVACY NOTICE

Any changes to this Notice in the future will be posted to the website and, where appropriate, through email notification. Unless otherwise specified, all such changes will take effect immediately upon posting to the website.

Privacy Notice last updated – 25 May 2018

Back to the top ^

WE ARE CAF

At CAF, we exist to make giving go further, so together we can transform more lives and communities around the world.

We’re a charity, bank and a champion for better giving, and for over 90 years we’ve been helping donors, companies and charities make a bigger impact. Our independence, expertise and reach mean we’re uniquely placed to do this.

We make it easier to give when and how you want, in complete confidence. Our independent insight and advice helps your money go further.

We make it possible for you to give, and keep on giving, to make a bigger impact to the causes that matter to you.

We provide the financial support, advice, insight and expertise so you can get more help to where it’s needed.

We are Charities Aid Foundation and a registered charity (number 268369)

This Notice covers all personal information that is processed by CAF and the entities that form the CAF Group.

Please be assured, your personal information will not be shared with any outside organisation except as part of providing a product/service or when legally obliged to do so.

Back to the top ^

DATA PROTECTION OFFICER

We have a dedicated Data Protection Officer at CAF who you can contact on any of the channels below:

By post: The Data Protection Officer, 25 Kings Hill Avenue, West Malling, Kent ME19 4TA

By email: dpo@cafonline.org

By phone: 03000 123 000 (calls to this number may be recorded for training and monitoring purposes)

Back to the top ^

YOUR RIGHTS UNDER THE GDPR

Accessing the personal information we hold about you

You have certain rights under data protection legislation. Find out more information on what these are by visiting the Information commissioners Office (ICO) website.

You can request access to the personal information we hold by completing a Subject Access Request (SAR) form. You can also contact us:

By post: The Data Protection Officer, 25 Kings Hill Avenue, West Malling, Kent ME19 4TA

By email: dpo@cafonline.org 

By phone: 03000 123 000 (calls to this number may be recorded for training and monitoring purposes)

Letting us know if your personal information is incorrect

We will always endeavour to ensure that your personal data remains accurate, however if you think this information is incorrect or incomplete you have the right to have your information rectified.

To request your data be rectified, please contact us to let us know and we will take reasonable steps to check its accuracy and correct it for you.

If you want us to stop using your personal information

Under data protection legislation you have the right to:

  • Erasure (known as the right to be forgotten) – you have the right to have your personal information erased where we do not have a legal basis to process it including where we are holding it for longer than required;
  • Restrict Processing – there are occasions where you can ask us to restrict or block the processing of your personal information such as where you have requested we rectify your information, you might want us to restrict further processing whilst we verify and rectify it; and
  • Object – where we are using consent or legitimate interest to process your personal information eg for marketing purposes or for research purposes, then you can ask us to stop this at any time.

To request any of the above, please contact us.

HOW TO COMPLAIN

Please let us know if you are unhappy with how we have used your personal information. You can contact us by any of these means.

If you have a concern about our data protection practices then you also have the right to complain to the Information Commissioner’s Office (ICO). Find out on their website how to report a concern.

Back to the top ^

WHAT PERSONAL DATA WE COLLECT - AND HOW WE COLLECT IT

The table below highlights what personal data we collect and ways that we do that. Please note you will be made aware of this at the time of collection of your information.

Personal information we collect about you Ways we collect personal information
    - First name, surname, preferred name
    - Email address
    - Home address
    - Previous home address(es)
    - Telephone Number(s)
    - Date of birth
    - Gender
    - National Insurance number
    - Payroll number
    - Financial details - how you plan to fund the account you hold with us
    - Your financial position, status and history
    - Donations you make to charitable organisations
    - Gift Aid Declaration
    - Information about you such as:
    • confirmation of your identity
    • the source of funds being paid to CAF
    • adverse media
    • whether you are an individual who has political exposure
    • sanctions or restrictions associated with you
    - Additional signatory name, address, date of birth, telephone number(s), email address (as instructed by you)
    - IP address
    - CV
    - Demographic data
    - Successor details (as instructed by you)
    - Usage data
    - Organisation data which will include information on directors, trustees and those with controlling functions
    - Any additional information that you choose to share with us eg preferences, if you have any special requirements or requests such as having statements in large font or Braille
From you
- Application forms
- Payment requests that you make
- When you contact us by telephone, email, letter, in person, via our websites or any of our social media networks eg Twitter, Facebook, Linkedin
- When you pay into your account(s)
- When you apply for a role at CAF
- Cookies and online tracking
- During the course of business where you are a supplier of services to CAF
- When you sign up to our newsletters or events
- Surveys and research questionnaires
- If you attend an event or webinar provided by us

From other sources
- Publicly-available resources such as Companies House, Charity Commission, online web searches, social media networks
- Government sanctions listings
- Subscription resources such as MINT
- When you are introduced to CAF eg from a financial adviser or a partner we work with
- If your organisation uses CAF Give As You Earn in your workplace and you have signed up to give via your payroll, we may receive your information from your employer or from an agent that your organisation works with to provide payroll giving to you
- Agents we work with
- Government and law enforcement agencies










Back to the top ^

WHY WE PROCESS PERSONAL DATA - OUR LEGAL BASIS

Under data protection legislation we must have a reason or a ‘legal basis’ for processing personal information. In this section, you can see the reasons why we process personal information and what processing activities we undertake.

Our legal reasons for processing your personal information
What we will use your personal information for
- To fulfil our contract with you/your organisation
- We have a legal or regulatory requirement
- We have a legitimate interest – you have additional rights where we use our legitimate interest for processing. You can find out more about legitimate interest here
- You have given us your consent -  you have additional rights where we use consent for processing.










- To provide you with the product or service that you have signed up for
- To amend the website features we show you, if required, by using your IP address. This includes Live Chat. 
- To process donations and grants to charities
- To communicate with you about your product or service or when you sign up to our newsletters or events
- To claim Gift Aid on your donations (as requested)
- To confirm your identity and carry out our legal and regulatory requirements such as anti money laundering, anti terrorist financing checks
- To consider you as an applicant for a role at CAF
- To develop new way to meet the needs of our customers and supporters
- To support meeting CAF’s mission and objectives
- To develop our products and services
- To better understand giving to charitable organisations 
- To keep in touch with you about our campaigns, events and other related products and services
- To allow our organisation to run efficiently and appropriately for such things as financial planning, business capability, governance and audit.

Back to the top ^

IF YOU DO NOT PROVIDE US WITH YOUR PERSONAL INFORMATION

Where your personal information is needed either:

  • to provide you with your product or service under your contract with us; or
  • to meet our legal and regulatory obligations.

If you do not provide us with the personal information that we request then it may delay or prevent us from providing you with the product or service you have requested. Where this happens it could result in us having to cancel the product or service that you have with us.

Back to the top ^

HOW WE USE INFORMATION ABOUT YOU

There are some occasions where we will use legitimate interest to process your information. We will only do this where the activity supports our mission to motivate society to give ever more effectively and we will always consider the impacts to your privacy and ensure that there are appropriate safeguards in place to protect it.

You can tell us you do not want us to use your information for our legitimate interest at any time by getting in touch with us.

Sharing donor information with recipient charities

Sharing this information with charities plays a huge part in how we support our mission to motivate society to give, it allows:

  • CAF to connect donors to the charities they support;
  • charities the chance to reach out to their donors;
  • donors the opportunity to be involved with charities that they support;
  • the charitable sector to continue to work together with donors to strengthen the relationships and work that they do.

When you make a donation your name, email and address (contact information) will be shared with the charity you have sent a donation request to. Each time you make a donation you will always be given the opportunity to make your donation anonymous so you have full control over what information the recipient charity receives. This should be clear to you at the time of donation.

If making regular payments to a charity eg from your CAF Charity Account by Standing Order and you now want to stop the charity receiving your personal data then you can cancel the Standing Order and set up a new one as anonymous so the charity will not receive your personal data going forward.

You can also contact the charity you are donating to, who is also subject to the same data protection legislation, to stop contacting you.

Telephone Recording

When you telephone us we may record the call for training or monitoring purposes.

Wherever possible we'll let you know that calls are recorded.

Profiles of your preferences

In order to give you the best possible service we may use your personal data to create a profile of your interests and preferences. What that means is we could use information you have given us, like your age or your location or your donation history, to get a better idea of who our customers are and how we can help.

That helps us make sure we send you information which is relevant to you and helps us develop our services so they work best for our customers now and in the future. We may occasionally commission insight companies or use industry standard profiling products offered by third parties to help us do this.

We believe this is one of our legitimate interests and have considered this carefully to ensure we work in a fair and balanced way, taking your rights into account.

It’s your right to opt out of your information being used for any profiling. To opt out of profiling you can let us know by contacting us.

Screening

As part of our legitimate interests, we have considered that screening can be an effective way to ensure we are contacting your with relevant messages and to develop our services so they are as relevant as possible to the people we serve. To help us do that, we may occasionally make use of third party wealth screening companies who combine information we provide with publicly available information to help us determine which of our services may be most relevant to you.

It is your right to opt out from your information being screened. To opt out of screening you can let us know by contacting us.

Publicly available information

We occasionally carry out research of our own to identify individuals who may be interested in supporting CAF or receiving information about our policy and research work, and gain insight into people of public standing. This makes use of publicly available information, such as newspaper reports, published lists and corporate websites.

Research

Because our mission is to encourage people to give ever more effectively, we analyse trends in the donations made through CAF both to improve our service and to draw wider lessons and insight for the charity sector as a whole. We do occasionally make anonymised data from our operations available to carefully-selected academic researchers to allow them to conduct research into broader trends in giving, for the benefit of charities. We do ensure that any data which might identify individuals is removed.

It is your right to opt out from your information being used for research purposes. To opt out of research you can let us know by contacting us.

Marketing

From time to time we will send out communications about our work, our products and services, events and other related information. This is ‘marketing’.

We normally send out our marketing communications by email. We will only send these where you have agreed to receiving them.

It is your right to opt out from your information being used for direct marketing. To opt out of receiving marketing from us you can let us know by contacting us or you can click the unsubscribe link at the bottom of every email we send.

The most effective way to opt out of receiving marketing is by clicking the unsubscribe link at the bottom of each message, as this is actioned instantly. When you use another method to opt out of receiving marketing (such as by calling us), this may take a little longer to action, although we aim to honour all opt-out requests as soon as we receive them.

If you decide to opt out of receiving marketing emails you will still receive service communications about your product or service eg changes to Terms and Conditions.

We do not share your data with any other third party for them to market to you.

Back to the top ^

The Prevention of Fraud and Money Laundering

Checking identity

We are required by law to check the identity of our new customers and our existing customers from time to time. This makes it more difficult for criminals to use financial systems, or to use false names and addresses, or to steal the identities of innocent people. Checking identity is an important way of fighting money laundering and other criminal activities.

To enable us to meet this obligation we will access databases including those held by credit reference agencies and the electoral roll in order to validate your name and address. This process involves checking the details you provide against those databases to confirm your identity. If we are unable to validate your name and address details in this way, we may ask you to provide certain documents to confirm your name and address.

In addition to this, as part of our ongoing requirement to verify the identity of existing customers, you may be asked to provide certain documents to confirm your name and/or address even though you may not be applying for new products or services.

Prevention of financial crime

We carry out checks to prevent and detect financial crime including faud, money laundering, bribery and corruption, tax evasion and terrorist financing. We do this to comply with our legal obligations, because it’s in our legitimate interest or because it is in the public interest.

These checks include carrying out customer due diligence, customer risk identification, name screening, transaction screening and monitoring.

That could include (among other things):

  • screening your name to identify higher risks and to confirm sanctions do not apply;
  • screening, intercepting and investigating any payments, instructions or communications you send or receive, including application and instruction forms;
  • investigating who you’re paying or who’s paying you, e.g. checks on payments into and out of your account and other parties related to those payments;
  • passing information to relevant agencies if we think you’ve given us false or inaccurate information, or we suspect criminal activity;
  • investigating the source of your wealth or origin of funds being paid to us;
  • Use of publicly available information to verify information we collect about you;
  • combining the information we have about you with information from other parts of the CAF Group to help us better understand any potential risk;
  • checking whether the people or organisations you’re paying or receiving payments from are who they say they are, and aren’t subject to any sanctions.

We may carry out checks using fraud prevention databases. If false or inaccurate information is provided, and fraud is identified, details will be passed to fraud prevention agencies. Law enforcement agencies and government agencies may access and use this information. We and other organisations may also access and use this information to prevent fraud and money laundering.

We may share your information with relevant agencies, law enforcement and other third parties where the law allows us to for the purpose of preventing or detecting crime. We may be required to use your information to do this, even if you’ve asked us to stop using your information.

Agencies and external databases

Details of the financial crime prevention databases that we use are listed below:

  • Equifax Europe Ltd
  • CIFAS - This is a data sharing scheme used for fraud prevention and detection
  • Dow Jones - Provides watch lists for name screening for sanctions, politically exposed persons and other persons or entities of significant interest – these lists are publically available by government agencies across the world, Dow Jones bring them together.

Back to the top ^

WHO WE MIGHT SHARE YOUR INFORMATION WITH AND WHY

CAF will only share your personal information with trusted suppliers of services where it is appropriate to do so.

We may share your personal information with other members of the CAF Group which will only be done where there is a legitimate reason for doing so.

When we decide to work with suppliers and third parties we always make sure that:

  • they have appropriate standards and processes in place to protect and are suitable to look after your personal information;
  • they only retain your personal information for as long as is required;
  • they only use your personal information for the purposes that we have trusted it to them;
  • there is a written contract or agreement in place between us and them to protect personal data; and
  • we regularly review and monitor to ensure they remain appropriate and suitable.


Who we might share your data with - and reasons why
Examples include
 Relevant Authorities for legal or regulatory purposes e.g. to claim Gift Aid - HM Revenue and Customs
- Law enforcement and fraud prevention agencies
- Charity Commission
- FCA
- PRA

 Agents, suppliers, sub-contractors and advisers for provision of a service. There is always a contract in place to protect privacy with any third party we work with. - Mailing house
- Email management system providers
- Payment processors
- Auditors
 Someone linked to your / your organisations product or service - Authorised signatories
- Fellow company director
- Fellow partner
- Fellow trustee
- Joint account holder (where applicable)
 Organisations you permit us / ask us to share your information with - Charities that you donate to
- You might ask us to send information to your accountant / auditor
- Independent Financial Advisor
- Product / Service providers

Back to the top ^

SENDING PERSONAL INFORMATION OUTSIDE THE EEA (EUROPEAN ECONOMIC AREA)

We will only send your personal information outside the EEA when:

  • you ask us to do so;
  • we have to comply with a legal duty; or
  • we are working with our trusted partners and agents to provide you with your product or service.

Wherever possible we will always make sure it is always protected in the same way as if it were in the EEA by using one of these safeguards:

  • transfer to a non-EEA country or jurisdiction with the same standard of data protection and privacy laws as the UK;
  • put in place a contract with the recipient that means they must protect it to the same standards as if it were in the EEA; or
  • if going to the USA, ensure that the organisation is part of the Privacy Shield.

Back to the top ^

HOW LONG WE KEEP YOUR PERSONAL INFORMATION

CAF will only keep your personal information for as long as we believe necessary. Our retention periods incorporate our legal and regulatory requirements that we have.

Where we cannot delete personal data for legal, regulatory or technical reasons we will always only retain it whilst making sure that your privacy is protected and will only use it for those purposes.

We have two categories with regards to how long personal data is retained, these are:

Customer relationship

Where you have taken out a product or a service ie signed up to terms and conditions, we will retain your information all the while the product or service is active and for seven years after the end of the relationship ie when you request we close your account

Prospect/non-customer Relationship

Where you have not taken out a product or service eg you make enquiries into a service or you begin the process to open an account but decide not to go ahead, we will retain your information for no longer than three years.

Back to the top ^

HOW WE KEEP YOUR INFORMATION SECURE

We take the security of your information extremely seriously. We use appropriate security arrangements to prevent the personal data that we hold from being accidentally or deliberately compromised. This is both in the security of our IT networks and information systems (cybersecurity) and also our physical and organisational security such as access to physical data and ensuring relevant controls around our buildings is always appropriate.

With regards to security standards and certificates that we align to or hold, we:

  • align our processes to comply with industry standards such as ISO27001;
  • are compliant with the PCI Data Security Standards; and
  • we hold the Cyber Essentials Certificate which is a government backed initiative for organisations to implement appropriate controls to protect itself and the data it looks after from common cyber attacks. You can find out more about Cyber Essentials here.

You can access our security centre for information about keeping safe online.

Back to the top ^

CAF BANK

Fraud Prevention and Detection

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Find out how your information will be used by us and these fraud prevention agencies, and your data protection rights.

CAF Bank Lending

Automated decision-making - Approving Credit

We use a system to decide whether to lend money to you or to your organisation, when you apply for credit such as a loan or an overdraft. This is called credit scoring. It uses past data to asses how you’re likely to act while paying back any money that you borrow. This includes data about similar accounts that you may have had before.

Credit scoring uses data from three sources:

  • Your application form
  • Credit Reference Agencies
  • Data we may already hold

It gives an overall assessment based on this. Banks and other lenders use this to help make responsible lending decisions that are fair and informed.

Your rights

As an individual you have rights over automated decisions. You can:

  • Ask that we do not make our decision based on the automated score alone
  • Object to an automated decision, and ask that a person reviews it.

Credit Reference Agencies

We carry out credit and identity checks when you apply for a CAF Bank lending product or service for you or for your organisation. We may use Credit Reference Agencies (CRAs) to help us with this

If you use our services, from time to time we may also search information that the Agencies have, to help us, manage those accounts.

We will share your personal information with CRAs and they will give us information about you. The data we exchange can include:

  • Name, address, date of birth
  • Credit application
  • Details of any shared credit
  • Financial situation and history
  • Public information, from sources such as the electoral register and Companies House.

We will use this data to:

  • Assess whether you or your organisation is able to afford to make repayments
  • Make sure what you’ve told us is true and correct
  • Help detect and prevent financial crime
  • Manage accounts with us
  • Trace and recover debts.

We will go on sharing your personal information with CRAs for as long as you are a customer. This will include details about your settled accounts and any debts not fully repaid on time. It will also include details of funds going into the account and the account balance.

IF you borrow, it will include details of your repayments and whether you repay in full and on time. The CRAs may give this information to other organisations that want to check credit status. We will also tell the CRAs when you settle your accounts with us.

When we ask CRAs about you or your organisation, they will note it on your credit file. This is called a credit search. Other lenders may see this and we may see credit searches from other lenders.

You can find more about CRAs on their websites, in the Credit Reference Agency Information Notice. This includes details about:

  • Who they are
  • Their role as fraud prevention agencies
  • The data they hold and how they use it
  • How they share personal information
  • How long they can keep data
  • Your data protection rights.

The three main CRAs are:

The Information Commissioner’s Office also publishes advice and information for consumers in its 'Credit Explained' leaflet.

Back to the top ^

CAF FINANCIAL SOLUTIONS LIMITED (CFSL)

In providing your charity with access to savings and investment products your personal data will be processed by CFSL and/or by one of our trusted providers.

We always ensure that the personal information of the applicable individuals in your charity (normally trustees, contacts and authorised signatories) is looked after suitably with appropriate standards and processes in place to protect and safeguard it. 

The summary below specifies for each product who the Data Controller is so that you can see how your information is handled for the products that you hold.

For CFSL, the CAF Privacy Notice applies to all entities in the Group.


 Product Provider
Who is/are the Data Controller(s) for the product?
Link to provider's privacy notice 
CAF 60 Day Notice Account Shawbrook Bank Shawbrook Bank www.shawbrook.co.uk/privacy-notice/
CAF 12 Month Fixed Rate Saver Shawbrook Bank Shawbrook Bank www.shawbrook.co.uk/privacy-notice/
CAF 12 Month Bond Principality Building Society Principality Building Society www.principality.co.uk/privacypolicy
CAF Investment Account Winterflood Business Services CFSL and Winterflood Securities Limited www.winterfloodbusinessservices.com/privacy-notice/index.html
Socially Responsible Fund Bank of Montreal Bank of Montreal www.bmogam.com/corporate/privacy 
FP CAF Fund Fund Partners Fund Partners and CFSL http://fundmanagers.co.uk.gridhosted.co.uk/about/privacy/
Equitrack Fund Legal & General Legal & General and CFSL https://www.legalandgeneral.com/privacy-policy/
Managed Portfolio Service  Octopus Investments CFSL and Octopus Investments https://octopusinvestments.com/investor/privacy-policy/

Back to the top ^

RECRUITMENT

Charities Aid Foundation is the data controller for the information you provide during the process unless otherwise stated. If you have any queries about the process or how we handle your information please contact us at humanresources@cafonline.org.

What will we do with the information you provide to us?

All of the information you provide during the process will only be used for the purpose of progressing your application to assess your suitability for the role you have applied for, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or paper format.

We will use the contact details you provide to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. 

What information do we ask for, and why?

We do not collect any more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t. 

Application stage

We ask you for your personal details including name and contact details. We will also ask you about your previous employment, experience, and education.

Shortlisting

All our recruiting managers are trained in recruitment at CAF, or will be working with a trained recruiting manager.  Our recruiting manager’s shortlist applications against the role profile for interview using the information you provide.

Assessments

We might ask you to participate in assessment days; complete online or work based tests or occupational personality profile questionnaires; and all roles will require you  to attend an interview.  It is most likely that we will ask you to participate in a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held securely by CAF. Our HR Team and the recruiting manager(s) will have access to all of this information.

If you are shortlisted for an interview you will also be asked to provide anonymous equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. This information is used to monitor the demographics of each recruitment campaign and will not be made available to any staff outside of the HR Team, including recruiting managers. Any information you do provide will be used only to produce and monitor equal opportunities statistics.  Your will also be asked at this stage to bring along your proof of eligibility to work in the UK so we can verify and take a copy of your original document.

Conditional offer

If we make a conditional offer of employment we will ask you for information so that we can carry out relevant pre-employment checks which must be satisfactory to CAF in order to progress to employment. We are required to confirm the identity of our employees, their right to work in the United Kingdom and seek assurance as to their suitability to work for CAF in the role that has been offered.

You will therefore be required to provide the information below: 

  • Your full name and any previous names
  • Your DOB
  • Your NI number and passport number (if you have one)
  • Your full contact details including your address, for the past 5 years  email address and  telephone number
  • roof of your identity address
  • Proof of your qualifications or training

You will be asked to complete a standard (enhanced for certain roles) DBS check which will verify your declaration of unspent convictions. CAF will refund any cost associated with this. A personal details form which covers all the required information to enable us to verify your identity, CV and obtain the required data for pre-employment checks, this includes sharing with us your:

  • Bank details – to process salary payments
  • Emergency contact details – so we know who to contact in case you have an emergency at work
  • Your referee details – so we can request references using the details you provide
  • Whether you have a disability or any special requirements so we can consider reasonable adjustments in the workplace
  • Whether you have any unspent criminal convictions or charges pending

We will also ask you to complete a medical questionnaire about your health. This is to establish your fitness to work. This is done through our third party PHC who will keep your information confidential and will simply let us know of your fitness for the role you have been offered.

Who we might share your information with and why 

CAF will only share your personal information with trusted suppliers of services where it is appropriate to do so.

When we decide to work with suppliers and third parties we always make sure that:

  • they have appropriate standards and processes in place to protect and are suitable to look after your personal information;
  • they only retain your personal information for as long as is required;
  • they only use your personal information for the purposes that we have trusted it to them;
  • there is a written contract or agreement in place between us and them to protect personal data; and
  • we regularly review and monitor to ensure they remain appropriate and suitable.

Who we might share your data with and reasons why
Examples include
- Agents, suppliers, sub-contractors and advisers for provision of a service.

There is always a contract in place to protect privacy with any third party we work with.
- Healthcare provider
- Pension provider
- Psychometric testing provider(s)
- Payment processors
- Auditors
- Relevant authorities for legal/regulatory purposes - HMRC
- Organisations you permit us / ask us to share your information with - Accountant
- Childcare voucher provider
- Occupational health provider

How we make decisions about recruitment?

Final recruitment decisions are made primarily by recruiting managers and where required with the input of HR. All of the information gathered during the application process is taken into account.

Psychometric testing results for ability are generated automatically. Occupational Personality Questionnaires are not results driven and the data gathered from such questionnaires are self generated and will be used to assess an individuals work style preferences against the requirements of the role they have applied for.

You are able to ask about decisions made about your application by speaking to your contact within our HR Team or by emailing us at humanresources@cafonline.org.

How long is your information retained for?

  • If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus seven years following the end of your employment.

    This includes your criminal records declaration, fitness to work, records of any security checks and references.

  • If you are unsuccessful at any stage of the recruitment process, the information you provide until that point will be retained by us for 12 months from the closure of the recruitment campaign.

Information collected by us through the assessment process, for example interview notes, is retained by us for 12 months following the closure of the campaign.

Equal opportunities information is retained for 12 months following the closure of the recruitment campaign.

Back to the top ^

GIVINGTUESDAY AND OTHER CAMPAIGNS

As a partner of #givingtuesday and other campaigns, we will send you information related to the campaign via email that we believe will be of interest to you. This is how we communicate updates on events, toolkits and other information related to being a partner of the campaign.

You can opt out of receiving these email communications at any time by clicking the unsubscribe link from any email that we send to you, or by contacting us.

Back to the top ^

ONLINE ACTIVITIES - COOKIES, WEB BEACONS AND OTHER TECHNOLOGIES

Our website uses cookies and web beacon technology to identify who has visited our website and how they’ve interacted with it.

What is a cookie?

A cookie is a small data file that’s placed on your device when you visit a website. A session cookie expires when you end your session (ie you close your browser). A persistent cookie stores information so that, when you end your session, and return to the website at a later date – the cookie is still valid.

How do I disable cookies?

You may be able to configure your browser to restrict or block all cookies. However, if you disable cookies, you may find this affects your ability to use certain parts of our website. To find out more about deleting cookies, visit allaboutcookies.org.

Cookies we use

Strictly necessary cookies

These are cookies which are needed for our website to function properly, for example allowing you to log into your account or in order to remember your charity favourites.

CAF website

Name: sf_trckngckie, fwCookie, ASP.NET_SessionId

Investment Explorer (provided by Financial Express)

Name: .AspxAuth, ASP.NET_SessionId, digital-live. This data is stored for 2 hours from the time the cookie is set/updated.

Name: caf_XXXXXXXX_userPortfolios, caf_portfolio, caf_portfolioComparison, RetainFilterData_1. This data is stored until you close your browser.

You can find out how to block these cookies for your particular browser by visiting allaboutcookies.org.

Cloudflare

Name: __cfduid

This cookie is strictly necessary for Cloudflare's security features and cannot be turned off. Investment Explorer uses Cloudflare to deliver content faster and more safely. It does not correspond to any user id in the web application, and does not store any personally identifiable information. The cookie lasts for a year from the time it is set/updated.

Analytical/performance cookies

Google Analytics

Name: _utm, __utma, __utmb, __utmc, __utmt_UA, __utmz, _ga, _gid, _gat, _gac

We use Google Analytics to give us insight into our website traffic and the effectiveness of our marketing. It helps us to provide you with content that’s relevant to you and the products and services you have with CAF.

Google Analytics uses a mixture of session and persistent cookies to allow us to do this. These cookies may contain information about the device and operating system you’re using, the date and time of your visit, your IP address, which pages you visit and links you click, and which website or email you’re visiting from. This data is stored indefinitely, unless you delete the cookies manually.

You can opt-out of Google’s use of cookies by visiting Google’s Ad Settings page.

Functional cookies

Live chat - Click4Assistance

Name: _C4AP, _C4AS, _C4ATestP, _C4ATestS

We use Click4Assistance on the website to have Live Chat conversations with users. We use Live Chat to proactively offer users assistance in navigating around the website and helping with general enquiries about what we do.

Click4Assistance uses both session and persistent cookies to allow us to do this.

 
•    Session cookies expire when you end your session (ie you close your browser).

Session cookies are used to hold information about the Click4Assistance tools used on our website and the rules we use for proactively starting Live Chat conversations.

You can opt out of the use of session cookies by setting your browser preferences. Turning these cookies off will result in a loss of functionality when using the Click4Assistance services.

•    Persistent cookies store information so that, when you end your session, and return to the website at a later date – the cookie is still valid.

The persistent cookies are used to identify if you’re a new or returning visitor and if we’ve had a Live Chat conversation with you before. These cookies also contain information about the device and operating system you’re using, the date and time of your visit, and your IP address.  

You can opt out of the use of persistent cookies by setting your browser preferences. Turning these cookies off will not result in a loss of functionality when using the Click4Assistance services, but we won’t be able to identify if you’ve previously had a Live Chat conversation with us.

Cookie data as detailed above is stored indefinitely, unless you delete the cookies manually. Data is stored, in an encrypted state, within Click4Assistance databases in a UK data centre. Click4Assistance is the data processor and CAF is the data controller.

Device and browser information including cookies are used to determine whether the Click4Assistance service is available during your browser session, allowing CAF to engage proactively with you. Device, browser and cookie information can also be used to determine if a visitor has browsed the website before, and allows data analysis together with detailed and summarised reporting to be collated. Using publically available location data, the Click4Assistance solution will attempt to determine your geographical location based on IP address.

Data is anonymised to provide CAF with useful metrics regarding Live Chat. Click4Assistance will also use this summarised information to provide quality of service, ensure server and bandwidth capacity is maintained and security measures are adhered to.

Optimizely

Name: optimizelyEndUserId, optimizelyBuckets, optimizelySegments, optimizelyRedirect, optimizelyPendingLogEvents

We use Optimizely on the website to run A/B tests which show different versions of pages to certain users. We use the results of these tests to improve your on-site experience.

Optimizely uses cookies to do this. These cookies may contain information about the device and operating system you’re using, your IP address, the date and time of your visit, the version of the pages you visited and where on the page you clicked, the campaign you were included in, and which website you were visiting from. This data is stored for up to ten years, unless you delete the cookies manually.

Find out how to opt out of Optimizely’s cookies.

Web beacons

Act-on Beacon Tracker

Name:wp11000

We use the Act-on Beacon tracker to track your behaviour on our website, or how you’ve used the website if you’ve clicked on an email from us. You can accept cookies by clicking 'OK' or decline them by clicking 'Cancel' via the pop-up in your browser.

These cookies may contain information about the device and operating system you’re using, your IP address, the date and time of your visit, how you use the website, which email you’re visiting our website from and your email address. Your email address is only saved in a cookie if you’ve consented to us using it.

You can decline the cookie by clicking 'Cancel' the first time it appears, or delete or block Act-on cookies after that using the settings on your browser, To find out more, visit allaboutcookies.org.

Advertising cookies

We use cookie-based services from third parties such as Google, Facebook, Twitter and LinkedIn to deliver advertising. The cookie collects anonymised data about products that are relevant to you, your interests or your search terms and shows you adverts from CAF based on your viewing history.

Google (including AdWords Remarketing)

When you show interest in one of our products, for example by visiting a page or partially completing an application form, a cookie will be stored on your device. You may then see our adverts in search results pages (using Google Adwords), on YouTube, in banner adverts on Gmail and on the Google Display Network.

You can opt out of Google’s use of cookies by visiting Google’s Ad Settings page.

Facebook Pixel

We use Facebook Inc.’s “Facebook Pixel” to track your behaviour after you’ve seen or clicked on a Facebook ad. This allows us to evaluate the impact of Facebook ads and to show you advertising that’s more relevant to you. We can’t see your data, but Facebook may save and process it. The pixel will track which pages you visit – and when.

Find out how to opt-out of tracking by Facebook Pixel.

Facebook Custom Audiences

We may also use Facebook’s “Custom Audiences” to find our customers who are already users of Facebook, so that we can provide you with content that is more relevant to you.

Find out more about opting out of Facebook Custom Audiences.

Twitter

We also use Twitter Conversion and Remarketing tracking. This allows us to track those visitors who have been referred to our website from a Twitter advertisement. We may also use Twitter’s Tailored Audiences to find our customers who are already Twitter users, so that we can provide you with content that is more relevant to you.

Find out how to opt out of Twitter’s personalised ads and Audiences.

LinkedIn

We also use LinkedIn Conversion and Remarketing tracking. This allows us to track those visitors who have been referred to our website from a LinkedIn advertisement. We may also use LinkedIn’s Matched Audiences, to find our customers who are already users on LinkedIn, so we can provide you with content that is more relevant to you.

To opt out of LinkedIn’s remarketing and Matched Audiences, visit your settings page.

Social media cookies

Facebook

Name: datr, locale, _e_oPLf_0

These let you log into your Facebook account and promote (‘Like’) or share our posts and web pages with your followers. These cookies collect information about the websites you visited, the date and time you visited, your browsing behaviour and your interests.

You can find out how to block these cookies for your particular browser by visiting allaboutcookies.org.

Twitter

Name: k, guest_id, pid

These let you log into your Twitter account and promote (‘Like’) or share our posts and web pages with your followers. These cookies collect information about the websites you visited, the date and time you visited, your browsing behaviour and your interests.

You can find out how to block these cookies for your particular browser by visiting allaboutcookies.org.

YouTube

Name: demographics, VISITOR_INFO1_LIVE, dkv, use_hitbox, ACTIVITY, recently_watched_video_id_list, PREF

These cookies allow you to watch YouTube videos which we have embedded on our website. These cookies collect information about the websites you visited, the date and time you visited, your browsing behaviour and your interests.

You can find out how to block these cookies for your particular browser by visiting allaboutcookies.org.

LinkedIn

Name: notice-npass-shown, notice-pass-shown, _leo_profile

These let you log into your LinkedIn account and promote (‘Like’) or share our posts and web pages with your connections. These cookies collect information about the websites you visited, the date and time you visited, your browsing behaviour and your interests.

You can find out how to block these cookies for your particular browser by visiting allaboutcookies.org.

Back to the top ^