Data Protection Policy

Policy version 1.2 - 25/3/21


Contents

1. Overview

2. How we process users’ Personal Data
3. How we share users’ Personal Data with others
4. Who can use Serendipity
5. How long we store data
6. Information security
7. Further information
8. Definitions



1. Overview

This policy sets out Serendipity’s obligations around the collection, processing, transfer, storage, and disposal of Personal Data. Serendipity Smart Giving Technologies Ltd (a company registered in England and Wales, no. 13080338, at 71-75 Shelton Street, London, WC2H 9JQ) - “Serendipity” - is the data controller. 


2. How we process users’ Personal Data

We process usersPersonal Data to operate the Serendipity platform, which includes collecting donations through our payment processor, reporting recommendations of Recipient Charities to our Partner Charity, and claiming Gift Aid; we also use it to provide users with customer service and reports and receipts of your donations, to ensure legal compliance, to prevent fraud and manage risk, and to keep users updated on the development of Serendipity.


3. How we share users’ Personal Data with others

UsersPersonal Data is disclosed to HMRC when Gift Aid is claimed (but only if they have completed a valid Gift Aid Declaration). It is also available to our Partner Charity for the sole purpose of managing or auditing Gift Aid claims. We will only disclose Personal Data in any other circumstances if required by law.


4. Who can use Serendipity

Serendipity is not intended to be used by anyone under the age of 18, and we do not intend to collect any Personal Data from children. If we find that we have collected Personal Data from a child we will delete it unless legally obliged to retain it. Anyone over the age of 18 is permitted to use the App subject to the terms of use.


5. How long we store data

When a user closes their Serendipity account, personal data is held as long as is required to comply with our legal obligations - in practice, for donations on which Gift Aid has been claimed, that means six years after the end of the accounting year to which they relate, or three years for non-Gift Aid donations.


6. Information security

Serendipity handles your Personal Data with great care. Physical and technological security policies are in place, both in Serendipity and our system providers, to ensure that access to data is limited to those who need it for legitimate purposes to fulfil their roles. Data is held on UK-located servers by leading global providers of cloud computing services.


7. Further information

The person responsible for data management is Serendipity’s Chief Operating Officer. If you have any questions about this Privacy Policy or would like to raise a concern about how we handle your Personal Data, please contact us on privacy.officer@srnd.pt. Alternatively you can write to us at our registered address: 71-75 Shelton Street, London, WC2H 9JQ. If you still have concerns after hearing from us, you have the right to lodge a complaint with the data protection authority in your country. In the UK this is the Information Commissioner’s Office at https://ico.org.uk

8. Definitions

User: someone with an account created with Serendipity to use our app

Partner Charity: Chapel & York UK Foundation (registered charity number 1172653 in England and Wales)

Recipient Charity: a charity which receives a grant from our Partner Charity made up of donations given by Serendipity Users

App: the Serendipity mobile app or, in the future, websites or other channels used to process and allocate donations made by Users

Personal Data: any information that relates to an identified or identifiable individual