Privacy, Cookies & Terms of Use
Privacy Notice
Last updated February 2022.
Contents
1. Introduction
2. The information we collect
3. How we use your information
4. Who we might share your information with
5. How we keep you updated on our lifesaving work and ways you can support us
6. Your rights over your information
7. How long we keep your information for
8. Your data and Social Networks
9. Security
10. Cookies used by this website
11. How to contact us
1. Introduction
In this policy ‘TAAS’, ‘We’, ‘Us’ or ‘Our’ refers to The Air Ambulance Service and The Air Ambulance Service Trading Ltd. The Air Ambulance Service operates Children’s Air Ambulance; Warwickshire & Northamptonshire Air Ambulance; and Derbyshire, Leicestershire and Rutland Air Ambulance.
The Air Ambulance Service Trading Ltd is a company ran by The Air Ambulance Service to run our charity shops and other services; all of the profits are passed to The Air Ambulance Service charity. This company is owned and controlled by The Air Ambulance Service; all the staff who work for the company – including all the company directors – are TAAS employees and the company shares all of The Air Ambulance Service’s ‘head office’ functions such as marketing and HR.
- The Air Ambulance Service, a charity registered in England and Wales (1098874).
- The Air Ambulance Service Trading Ltd is a company registered in England and Wales at Blue Skies House, Butlers Leap, Rugby, Warwickshire, England, CV21 3RQ; Reg. Co. number 06987161.
We are committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our supporters, staff and volunteers and users of our services that communicate inline or offline with us, in store, events, over the phone, through our websites and social media platforms.
If any of these provisions, that is to say, any of these terms or part/s of these terms, is deemed unlawful, void or for any reason unenforceable by reason of the laws of any territory in which these terms are effective then the provision/s concerned will be deemed severable from the remaining provisions and will not affect the validity and enforceability of the remaining provisions shall remain in full force and effect.
TAAS considers that, as a charity, it is reasonable for it to exclude liability and require an indemnity to the above extent. Both this notice and disclaimer and also these terms of use are governed by and construed in accordance with English Law. All claims or disputes arising out of or in connection with this site shall be subject to the exclusive jurisdiction of the courts of England and Wales.
Therefore, we have developed this privacy policy to inform you of the data we collect, what we do with your information, what we do to keep it secure as well as the rights and choices you have over your personal information.
2. The Information we collect
We only collect information that we know we will genuinely use and in accordance with the General Data Protection Regulation (GDPR). The type of information that we will collect on you, and you voluntarily provide to us includes (but is not limited to):
- Your full name
- Your address
- The name of your company (where relevant)
- Your telephone number(s)
- Your Email address
- If relevant, we may need to collect financial information to process a donation
- Your motivation for supporting us
- Your IP address at the time
- The time and date of when you submitted information
- The corresponding statement that you consented to
Additionally, we may ask for information relating to your health if it is relevant to the activity you are doing, for example participating in high-risk events.
We may, in further dealings with you, extend this information to include your purchases, services used, and subscriptions, records of conversations and agreements and payment transactions.
You may also give information to us indirectly. For example, the information you provide to independent event organisers (e.g. London Marathon) and fundraising sites (e.g. Just Giving) may be shared with us if you consented and you have indicated that you wish to support The Air Ambulance Service. We also work with trusted Marketing Service Providers who help us deliver relevant marketing communications. You should check their Privacy Policy when you provide your information to understand fully how they will process your data.
Job Applicants
We ask for personal information from job applicants to assist with our recruitment process, it will only be used for this purpose. This information will only be accessed by employees and agencies directly involved with the recruitment process. We will not disclose this information to anyone else outside The Air Ambulance Service without notifying you. If your application is successful, this information will be stored in your personnel record. If you are unsuccessful, we will erase the personal data submitted within a suitable time frame after the appointment has been made, unless you ask us to retain it for consideration for future job opportunities.
Sharing your story
Some of the people who have benefitted from the work of The Air Ambulance Service choose to share their experiences to help further our work. We will only share this information if we have obtained the explicit and informed consent of the individual involved, or their parent or guardian if they are under the age of 18. This information may be made public by us at events, in materials promoting our campaigning and fundraising work, or in documents such as our annual report.
- You are under no statutory or contractual requirement or obligation to provide us with your personal information; however we require at least the information above in order for us to deal with you as a patient or a supporter in an efficient and effective manner.
- The legal basis for processing your data is based on our legitimate interest that we will have requested at the point the information was initially provided, therefore we will not store, process or transfer your data outside the parties detailed above unless we have an appropriate lawful reason to do so.
Text to Donate
When using our text to donate number the following apply: Texts will be charged at a standard rate (your chosen amount plus your standard network rate). If you own a pay-as-you go phone then your donation credit will be deducted immediately, or, in the case of contract phones, your donation amount will be added to your next bill. You can donate by text message as many times as you like by simply texting in again. You will receive a confirmation message. We’d like to keep in touch with you about our work but if you’d rather not hear from us, please call us on 03003 045 999.
Contact Forms
The primary instance where our website will ask you for personally identifiable information is our series of contact forms. These forms are powered by a popular WordPress plugin called Contact Form 7. Upon completing your information, you will be asked to consent to our data processing policy which is outlined within this document.
Once submitted, your information will be processed and forwarded to us within a single email sent by the website application.
Hotjar
We use Hotjar in order to better understand our users’ needs and to optimise this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies (listed later in this policy) and other technologies to collect data on our users’ behaviour and their devices (in particular device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy.
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
3. How we use your information
With your consent we may process your data:
- To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about;
- Make available our products and services to you;
- Process your orders;
- Take a donation or payment from you or give you a refund, including processing Gift Aid;
Under the legitimate interests legal basis we may:
- Personalise your shopping experience, for example we may provide you with details of products that match a product, which you may have purchased or enquired about previously;
- For statistical analysis and to get feedback from you about our products, websites, and other services and activities. For example, occasionally we may invite you to review a product or service you’ve bought or used from us. If we do, it’s possible that we’ll use independent research and feedback providers to act on our behalf;
- To power our security measures and services so you can safely access our website and mobile apps;
- Help us understand more about you as a customer, the products and services you consume, so we can serve you better;
- Contact you to let you know what your support has helped us to achieve and to ask for financial and non-financial support;
- Provide you with online advertising and promotions; and
- TAAS may analyse or profile the data it holds to find out what is relevant to our supporters and likely to be of most interest. We might split the data into groups, called segments, so we can target communications to different groups.
Any analysis or profiling will be carried out internally or with trusted suppliers under contract. We may also undertake general enhancements to the data to improve how we can use it.
If you don’t want to be included in any analysis or profiling activities, or if you would like to know more about what is involved, then please contact us.
If you are a patient, generally we will be acting in your vital interests when we process personal data about you in relation to your care.
4. Who we might share your information with
We do not share or sell donor details with charities or other third parties for the purposes of marketing. However if you are participating in an event run by another named organisation your details may need to be shared; in these instances we will inform you before your information is shared.
We may share your personal data with other organisations in the following circumstances:
- If the law or a public authority says we must share the personal data;
- If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk);
- We only disclose data to the suppliers we engage to process data on our behalf; in such cases, information is only shared for the purpose of providing services on our behalf relating to communications, or agreements between yourself and The Air Ambulance Service. We are responsible for your data at all times; or
- From time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the website. However, all the information we share will be collected and anonymised, so neither you nor any of your devices can be identified from it.
5. How we keep you updated on our work and how you can support us
Direct Mail
We use direct mail to make contact with ongoing supporters and potential supporters as many people are happy to hear from us in this way. However, should you not wish to be contacted by us, of course, you only have to let us know and we can ensure you are not contacted again with campaign mailings and information about our cause.
If you have supported us in the past, either through donations or offering other support – such as volunteering and taking part in events – we may contact you again from time to time as we believe you have an interest in our service and the work of the charity. Again, if you no longer wish to hear from us, please just let us know.
Email Marketing
From time to time we may send you relevant news about our work and services by email, but only if you have chosen to provide us with your email address and consented to receive these marketing communications.
When interacting with our website, you may be asked if you’d like to sign-up to receive our email marketing communications and will you be asked explicitly to opt-in to receiving these.
You can change your Email Marketing subscription anytime by editing your preferences or unsubscribing altogether via the link at the bottom of any of our email marketing communications or by contacting us via the details at the end of this policy.
6. Your rights over your information
Right to be informed
You have the right to be told how we will use your personal information. This policy and other policies and statements used on this website and in our communications provide you with a clear and transparent description of how we may use your personal information.
Right to Access Your Personal Information
You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 30 days from when your identity has been confirmed.
We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
Right to Correction of Your Personal Data
If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.
Right to Stop or Limit Our Processing of Your Data
You have the right to object to us processing your personal information if we are not entitled to use it any more, to have your information deleted or have its processing restricted in certain circumstances.
Right to restrict processing
You have the right to ask us to restrict the processing of your personal information if there is disagreement about its accuracy or legitimate usage.
Right to object
You have the right to object to processing where we are:
- processing your personal information on the grounds of legitimate interest.
- using your personal information for direct marketing.
- using your personal information for statistical purposes.
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time.
For more information about your privacy rights
The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly.
You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.
If you would like to exercise any of the above rights, please contact us via the details listed at the very end of this policy.
7. How long we keep your information for
We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the data protection regulation and never retain your information for longer than is necessary. Unless otherwise required by law or industry best practice, your data will generally be stored for a period of 4 years after our last contact with you, at which point it will be permanently deleted and therefore unretrievable.
In some circumstances, this general data retention period may be overridden where additional legal or other requirements take precedence (for example, basic Gift Aid data for tax purposes).
8. Your data and Social Networks
When using this website, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our Services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them.
9. Security
Data security is of great importance to TAAS and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.
We take security measures to protect your information including:
Physical & Managerial Security Procedures
- Limiting access to our buildings to those that we believe are entitled to be there (by use of passes, key card access and other related technologies);
- Implementing access controls to our information technology
- We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, offices and stores.
- Never asking you to disclose your own passwords,
- Advising you never to enter your account number or password into an email or after following a link from an email.
Website Application and Hosting Security Procedures
- HTTPS – This website is secured via Hyper Text Transfer Protocol Secure (HTTPS). It means all communications between your browser and this website are securely encrypted. This means that even if somebody managed to intercept the connection, they would not be able to decrypt any of the data which passes between you and the website.
- Secure One-off Payments via PayPal and Stripe – One-time donations and transactions are taken and processed on this website are handled separately by PayPal and Stripe respectively.
- Secure Update Process – Inline with the security processes of our website development partner agency, this website application’s code-base is administered and updated via a password and FTP free process. All code-changes are deployed via a secure process that does not rely on the storage and visible access of passwords.
- Two Factor Authentication – Where possible, the administration interface to this website application and any personally identifiable information herein, is secured behind a two factor authentication login to all staff who have access to it. Additionally, our website development agency can only access the same interface via their secure Google GSuite accounts and hold no password records for accessing the platform at super-admin level.
- Web Application Maintenance – Our organisation, working in collaboration with our website development agency, regularly monitor the security of this website and consistently update the core CMS platform and supporting extensions and plugins.
PCI-DSS Compliant Server – Our website application is hosted and operations on a PCI-DSS compliant server independently certified by Security Metrics. The Payment Card Industry Data Security Standard (PCI DSS) applies to companies of any size that accept credit card payments.
10. Cookies used by this website
What are Cookies?
Cookies are small pieces of data, stored in text files that are stored on your computer or other device when a website is loaded within your chosen browser. They are widely used to ‘remember’ you and your preferences, either for a single visit (through a ’session cookie’) or for multiple repeat visits (using a ‘persistent cookie’). They ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in. Cookies may be set by the site that you are visiting (known as ‘first party cookies’), or by other websites who serve up content on that site (‘third party cookies’).
What are ‘Strictly Necessary Cookies’?
These are the cookies that are essential for this website to perform its basic functions. These include those required to allow registered users to authenticate and perform account related functions, as well as to save the contents of virtual ‘carts’ on sites that have an e-commerce functionality.
Strictly Necessary Cookies are highlighted with a double asterisk (**) in the tables below:
Cookies set by WordPress
Cookie Name | Description | Duration |
wordpress_<hash> ** | On login, wordpress uses the wordpress_[hash] cookie to store your authentication details. Its use is limited to the admin console area, /wp-admin/ | 2 years |
wordpress_logged_in_<hash> ** | After login, wordpress sets the wordpress_logged_in_<hash> cookie, which indicates when you’re logged in, and who you are, for most interface use. | Session |
wp-settings-<time>-<UID> ** | WordPress also sets a few wp-settings-<time>-<UID> cookies. The number on the end is your individual user ID from the users’ database table. This is used to customize your view of admin interface, and possibly also the main site interface. | Session |
WordPress_google_apps_login ** | This cookie is set by the plugin ‘Google Apps Login for WordPress’ and may be present for users who login to WordPress via their Google or GSuite account. | Session |
wordpress_test_cookie | Used to check whether your web browser is set to allow, or reject cookies. | Session |
wpe-auth |
Cookies set by Google Analytics
Cookie Name | Description | Duration |
_ga | Used to distinguish users. | 2 years |
_gid | Used to distinguish users. | 24 hours |
_gat | Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>. | 1 minute |
AMP_TOKEN | Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service. | 30 seconds to 1 year |
_gac_<property-id> | Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out. Learn more. | 90 days |
_gaexp | Optimize 360 – Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in. | 90 days |
Cookies set by CloudFlare
Cookie Name | Description | Duration |
__cfduid ** | The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. | 1 years |
Cookies set by Hotjar
Cookie Name | Description | Duration |
_hjClosedSurveyInvites | Hotjar cookie. This cookie is set once a visitor interacts with a Survey invitation modal popup. It is used to ensure that the same invite does not reappear if it has already been shown. | 365 days |
_hjDonePolls | Hotjar cookie. This cookie is set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not reappear if it has already been filled in. | 365 days |
_hjMinimizedPolls | Hotjar cookie. This cookie is set once a visitor minimizes a Feedback Poll widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site. | 365 days |
_hjDoneTestersWidgets | Hotjar cookie. This cookie is set once a visitor submits their information in the Recruit User Testers widget. It is used to ensure that the same form does not re-appear if it has already been filled in. | 365 days |
_hjMinimizedTestersWidgets | Hotjar cookie. This cookie is set once a visitor minimizes a Recruit User Testers widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site. | 365 days |
_hjIncludedInSample | Hotjar cookie. This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels. | 365 days |
_hjShownFeedbackMessage | This cookie is set when a visitor minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if they navigate to another page where it is set to show. | 365 days |
_hjid | Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. | 365 days |
Miscellaneous Cookies
Cookie Name | Description | Duration |
charity_tmp | This cookie is set to store your preference for either Local Air Ambulance or the Children’s Air Ambulance Service respectively based on your behaviour on the website. | 24 hrs |
How to change your Cookie preferences
The most popular web browsers typically provide additional tools to users for controlling or restricting cookies on their device. To find out more about cookies, including how to see what cookies have been set, you can visit www.aboutcookies.org.
Find out how to manage cookies on popular browsers:
To find information relating to other browsers, visit the browser developer’s website.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
11. How to contact us
If you would like to exercise one of your rights as set out earlier in this policy, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:
The Data Protection Officer
Blue Skies House,
Butlers Leap,
Rugby,
Warwickshire,
CV21 3RQ
Thank you for taking the time to read our Privacy Policy.
The Air Ambulance Service
This Policy was last updated in February 2022.