GoodBox – Privacy Policy 

1. Introduction 

The Good Box Co Labs LTD (“GoodBox”, “us”, “we”), is a company registered in England and Wales with company number 10272838 and registered address Unit 3.06, Boat Shed, Exchange Quay, Salford, Manchester, M5 3EQ.  We are registered with the Financial Conduct Authority (Registration Number 772729). 

We are dedicated to helping charities and the wider non-profit sector drive efficiencies in fundraising by harnessing the latest technologies. We deliver simple, affordable and practical fundraising solutions, including hardware and software to facilitate digital donations both eComm and card present. 

Our website is located at www.goodbox.com (the “Website”). 

We are committed to protecting your privacy and will only use the information that we collect about you lawfully. This policy is intended to give you an understanding of how and why we use the information you provide to us both online and otherwise. 

2. What information do we collect about you? 

For charities that are to become our customer: 

We collect personal data about your staff, directors, beneficial owners or trustees and beneficiaries (whatever applicable) for a number of reasons, including communicating with you, responding to requests for information and for identification and verification purposes arising out of our legal obligations under anti-money laundering regulations as a financial institution, supervised by the UK Financial Conduct Authority.  

The personal data we collect can include:  

(a) your full name;
(b) contact details;
(c) records of your communication with us; 
(d) date of birth, gender, ID number and private address (if you need to be identified and verified); 

For donors that are donating money to our customers: 

We do not see, collect or store any personal data whatsoever when processing a contactless transaction. The data which is required to perform a card transaction will be captured, but all details encrypted at source, and therefore not visible to us.

For website visitors: 

We also collect information about the use of our website using cookies (see the Cookies Policy). 

The personal data we collect can include: 

(a) information you may enter onto the Website;
(b) technical metadata of the devices that connect to our systems:

  • IP and MAC addresses 
  • browser and operating system information 
  • referring websites 
  • website navigation metrics 

3. How will we use the information about you? 

For charities that are to become our customer: 

We will process your data for the following reasons: 

(a) to provide our services;
(b) to supply you with communications you have requested about our products, services or the fundraising sector and other customer support;
(c) to keep a record of your relationship with us;
(d) to manage your communication preferences;
(e) to monitor and mitigate fraudulent and illegal activities;
(f) to comply with applicable laws and regulations, and requests from statutory agencies. 

For donors that are donating money to our customers: 

We will process your data for the following reasons: 

(a) to ensure that the donation is received by the charity of your choice and to provide our services to our customers;
(b) to monitor and mitigate fraudulent and illegal activities. 

For website visitors 

We will process your data for the following reasons:

(a) to supply you with communications you have requested about our products, services or the fundraising sector;
(b) to manage your communication preferences and to contact you in case you filled in a contact form;
(c) to improve the user experience of the Website. 

Cookies Policy

Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. Further information about Google’s privacy policy may be obtained from: 

http://www.google.com/privacy.html 

1. Our legal basis for processing personal data 

We need a lawful basis to collect and use your personal data under data protection law. The law allows for six ways to process personal data (and additional ways for sensitive personal data). Four of these are relevant to the types of processing that GoodBox carries out. This includes information that is processed on the basis of: 

(a) A person’s consent (for example to send you direct marketing by e-mail and for our website visitors;
(b) Processing necessary for the performance of a contract with you (for our customers and donors);
(c) Processing that is necessary for compliance with a legal obligation (for example, reporting to the Financial Conduct Authority) (for our customers)
(d) Our legitimate interests (for our customers – please see below for more information).  

Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as that interest is not overridden by the privacy rights of the individual whose data is being used. For example, GoodBox’s legitimate interests include responding to solicited enquires, marketing our services to charities, providing information, research, events management, employment and recruitment requirements.  

If you would like to change our use of your personal data in this manner, please get in touch with us using the details in the “How to contact us” section below.  

2. Will we share this information with others? 

We do not share, sell or rent your information to third parties for marketing purposes. We will not otherwise disclose your personal information unless required to do so by a regulatory agency or law or unless we have consent from you.  

We may allow our staff, consultants and/or external providers acting on our behalf to access and use your information for the purposes for which you have provided to us (e.g. to deliver mailings, to analyse data and to process payments). We make sure your information is treated with the same level of care as if we were handling it directly. 

3. How do we protect the security of personal data? 

We aim to ensure that there are appropriate physical, technical and managerial controls in place to protect your personal details. All data transmission between you and the Website is done via HTTPS. 

We encourage you to review the privacy statements of websites you choose to link to from the Website so that you can understand how those sites collect, use and share your information. We are not responsible for the privacy statements or other content on sites outside of the Website. 

The information we collect from you may be transferred to and processed and/or stored at a destination outside the European Economic Area (“EEA”). If we send your personal data outside the EEA we will take reasonable steps to ensure that the respective processors implement appropriate measures to protect your information. 

4. How long do we keep your data for? 

We will keep your personal data for no longer than is necessary for the purposes for which it is processed, in accordance with our policies or applicable regulation. For instance, our legal obligation to maintain personal data of beneficiaries, trustees, directors etc of our customer is up until five years after termination of the relationship.  

Once the retention period has expired, the information will be deleted or archived. 

If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future. 

5. Your rights 

You have a number of rights under applicable data protection legislation. To exercise any of these rights please use the “How to contact us” section.  

(a) Right of access 

You have the right know what information we hold about you and to ask, in writing, to see your records. We will supply any information you ask for that we hold about you as soon as possible, but this may take up to 30 days. We will not charge you for this. 

(b) Right to be informed 

You have the right to be informed how your personal data will be used. This policy as well as any additional information or notice that is provided to you either at the time you provided your details, or otherwise, is intended to provide you with this information.  

(c) Right to object and to withdraw consent 

Where we process your data on the basis of your consent (for example, to send you regular direct marketing) you can withdraw that consent at any time. All regular communication we send to you will include details on how to unsubscribe from the respective communication.  

(d) Right of erasure 

In some cases, you have the right to be forgotten (i.e. to have your personal data deleted from our database). Where you have requested that we do not send you marketing materials we will need to keep some limited information in order to ensure that you are not contacted in the future.  

(e) Right of rectification 

If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated.  

If you are unhappy with the way we handled your personal data, please contact us using the details below. You are also entitled to make a complaint to the Information Commissioner’s Office at  https://ico.org.uk/  

6. How do we update our privacy policy? 

We may update this policy from time to time without notice. We therefore advise you to consult this policy frequently.  

The privacy policy was last updated in November 2018. 

7. How to contact us 

Please email us at: support@goodbox.com 

Version 1.0 (December 2018)