Privacy Policy

(last updated 07.07.25)

  1. WHAT ARE THESE TERMS

1.1   What these terms cover: We are committed to protecting your personal information and complying with the General Data Protection Regulations (GDPR). This policy describes how we collect, use, process, store and disclose your personal information.

1.2 Why you should read them: This policy applies to any personal information provided by you to Billy’s Battalion through  our website www.billysbattalion.org (“our Site”) or through your interactions with Billy’s Battalion via phone or in person.  Please read this policy carefully (and any other privacy policy we may provide on specific occasion from time to time when we are collecting or processing personal data) so that you are fully aware of how and why we are using your personal information.

1.3   Print or Save:  You should print a copy of this policy or save it to your device for future reference.

  1. ABOUT US

2.1 Who we are.  Billy’s Battalion is a charity registered in England and Wales with charity number 1213415 whose registered office is at 32 Mill Close, Great Bookham, Surrey KT23 3JX which is a charity relating to children’s health and is the data controller in respect of personal data processed under this policy and references to ‘we’, ‘us’ and ‘our’ is to us.

2.2 How to contact us: We can be contacted as follows in connection with any questions, queries or complaints you may have relating to our handling of your personal data or in connection with this privacy policy:

Contact details:

Email: billysbattalion@gmail.com
Postal address:  Billy’s Battalion, the Gateway, 85-101 Sankey Street, Warrington, Cheshire, WA1 1SR

  1. CHANGES TO THIS POLICY

This policy may be amended at any time.  Please check this page from time to time to take notice of any changes that have been made.  Historic versions can be obtained by contacting us.

  1. WHY DO WE COLLECT PERSONAL INFORMATION ABOUT YOU?

We collect personal information about you to inform you about our work, to deal with any enquiries you may have, to administer your donations, to manage volunteer and employment applications, to improve and develop the site for the future and to comply with legal obligations.

  1. WHAT PERSONAL INFORMATION DO WE COLLECT?

5.1 Personal Data: Personal data, or personal information, means any information about an individual from which that person can be identified.  It does not include data where the identity has been removed (anonymous data).

5.2 Information collected from you: We may collect the following types of personal information about you:

  • Identity Data – Forename and surname, Company name (if relevant), gender, date of birth
  • Contact Data – E-mail address, Telephone number, Address
  • Financial Data – includes payment card details and bank account details for transfers and direct debits and gift aid status
  • Transaction Data – Details of donations and information about whether payment has been made,
  • Marketing and Communications Data – such as your preferences in receiving marketing from us and your communication preferences
  • Special Categories of personal data – We may collect health information about you (which is a Special Category of Personal Data) with your consent

5.3 Information obtained from third parties: Depending on your settings or the privacy policies for other online services, you may give us permission to obtain information from your account with those other services.  For example, if you’re using the site on your mobile, you may choose to provide us with location data.  The information we obtain from those services does depend on your settings for that service or their privacy policies.  So you should always regularly check what those are.

5.4 Information collected from the website: We may automatically collect the following information about each of your visits to our Site:

  • Technical Data – including the Internet protocol (IP) address used to connect the computer to the Internet, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • Usage Data – information about your visit to our Site, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page;
  • Aggregated Data – which includes statistical or demographic data, for example we may aggregate your usage data to calculate the percentage of users using a specific Site feature. Aggregate data is not considered personal data in law as this will not directly or indirectly reveal your identify, however if we combine aggregate date with personal data so that it can directly or indirectly identify you then we then treat it as personal data.

5.5 Failure to provide personal data: Where we need to collect personal data by law, or under the terms of a contract with you, and you fail to provide that data when requested, we may not be able to perform the relationship we have or are trying to enter into with you.

  1. HOW DO WE RECEIVE PERSONAL INFORMATION ABOUT YOU?

6.1 Direct interactions: We receive the personal information about you when you contact us directly in person or via post, email or telephone or social media or through your visits to our Site to make a donation, to make a general enquiry, to provide us with feedback or to request update information or to subscribe to our newsletters, or when you participate in our events or campaigns or make a donation or fundraise for us.

6.2 Automated technologies or interactions: As you interact with our Site, we will automatically collect Technical Data about your equipment, browsing actions and patterns.  We collect this personal data by using cookies and other similar technologies.  We may also receive Technical Data about you if you visit other websites employing our cookies.  Please see the Cookie Policy for further details.

6.3 Your interactions with third parties: We may receive personal information about you from various third parties:

  • Technical Data – we may receive Technical Data from analytics providers such as Google, advertising networks, search information providers
  • Contact, Financial and Transaction Data – from providers of technical, payment and delivery services and debt collection agencies
  • Identity and Contact Data – from publicly available sources such as Companies House and the Electoral Register.
  1. HOW DO WE USE PERSONAL INFORMATION ABOUT YOU?

7.1 Principles of processing: We will only use your personal data when the law allows us to : (a) where we need to perform a contract with you, (b) where necessary for our legitimate interests where those are not overridden by your interests and rights (‘Legitimate Interests’ means the interests of our charity in conducting and managing our business. It can and does also apply to processing which is in your interests too) (c) for legal compliance and (d) where none of those apply, with your consent.

7.2 Use of Information: In summary we use your personal information to:

  • identify who you are when you contact us
  • process donations or purchases and claim Gift Aid
  • to ensure payment for donations or event tickets and to prevent or detect fraud
  • to contact you regarding our work, events and campaigns
  • to contact you to answer your general enquiries
  • to carry out customer surveys
  • to resolve complaints or issues you may have
  • to manage our relationship with you
  • to send you information about our work or general news that you may be interested
  • to invite you to events you may be interested in
  • to improve our customer relationship with you
  • to administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
  • to improve our Site to ensure that content is presented in the most effective manner for you and for your computer
  • as part of our efforts to keep our Site and premises safe and secure
  • to prevent crime, prosecute offenders or defend against legal action
  • to manage volunteer and employment applications

7.3 Marketing: You will receive newsletters and marketing communications (including postal, email and/or SMS) from us if you have requested this or if you have made a donation and have not opted out of receiving updates in that method at the time of the transaction.  We strive to provide you with choices regarding personal data choices around marketing and advertising.

7.4 Change of purpose: We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.  If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.  Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

  1. HOW WILL WE CONTACT YOU?

We and our service providers (e.g., order fulfilment and booking system providers, payment processors, marketing fulfilment agencies and customer service agencies and legal and insurance providers) may contact you by post, telephone, email and/or text message depending on the reason for correspondence, unless you have told us not to or have registered with the telephone or post preference services.

  1. WHO DO WE PROVIDE THIS PERSONAL INFORMATION TO?

9.1 External Parties: We will provide your personal information to:

  • Our service providers who perform services on our behalf, such as our IT service providers who manage the site and its performance, email platform providers, marketing fulfilment agencies or professional advisers who provide legal, consultancy, insurance or accounting services or event service providers;
  • HM Revenue & Customs, regulators, financial or fraud investigation and other authorities who require reporting of processing activities in certain circumstances
  • Police and Law enforcement where we are required to do so to comply with legal obligations such as formal requests for data that can be used to assist law enforcement agencies with their investigations or be used as evidence of a crime or if we are pursuing prosecution of offenders
  • Other organisations we are legally obliged to share personal information with
  • Emergency services (where necessary)
  • Analytics and search engine providers that assist us in the improvement and optimisation of the site
  • Payment facilitators to process payment and to undertake fraud prevention checks and debt collection agencies

9.2 Limited other party use: We require all other parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions or in accordance with law.

  1. HOW YOUR INFORMATION IS SECURED

10.1 Storage by us: All personal information we have about you which you provide to us directly or through the Site is stored on secure servers operated by us or our IT service providers. We have put or ensure that there are in place appropriate security measures and policies to prevent your personal data from being lost, used or accessed in an unauthorised way, altered or disclosed.  In addition, we limit access to your personal data to those employees, agents, contractors and other parties who have a legitimate business need to know.  They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

10.2 Contracted Party storage: Where information has been passed to our service providers it will be stored on their secure servers. These service providers have access to your personal information needed to perform their functions, but may not use it for other purposes. We ensure that these service providers will only process your personal data in accordance with this policy and applicable Data Protection legislation.

10.3 Breaches: We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  1. DATA TRANSFERS

Your personal information may be processed by our service providers operating outside the EEA in accordance with this privacy policy. We ensure appropriate safeguards are used to ensure that your personal data is given a similar degree of protection and is treated securely and in accordance the Data Protection legislation in connection to such transfers or processing of your personal data outside the EEA.  This could be through ensuring that your personal data is only transferred to countries that have been deemed to provide an adequate level of protection for personal data or through using specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

  1. DATA RETENTION

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.  To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.  We will carry out periodic data cleanses of this information to ensure that it is up to date and accurate and it is still reasonably necessary for us to retain it to fulfil the purposes we collected it for. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

  1. YOUR RIGHTS

13.1 Available rights: You have the following rights in connection with your personal information processed by us:

  • Informed – you have the right to be informed when your personal data is being collected and how it will be used. This privacy notice is available to all individuals via our website.
  • Access – you have the right to request copies of your personal information from us where we act as the data controller and we allow individuals to submit Subject Access Request (SAR) to obtain this information. Please note, where we are not the data controller we will pass your request to the data controller to be fulfilled.
  • Object – you have the right to object to the processing of your personal information by us. We will then either restrict the processing (i.e. for direct marketing purposes or where the processing isn’t necessary for the purposes of the contract between us) or we will demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Rectification – you can request rectification of any incomplete or incorrect personal data held about you. It is important that the personal data that we hold about you is accurate and current.  Please keep us informed if your personal data changes during your relationship with us.
  • Erasure – you can request that we stop processing your personal data and for the information to be erased where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Restriction – This enables you to ask us to suspend the processing of your personal data if you want us to establish the data’s accuracy, where our use of the data is unlawful but you do not want us to erase it, where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Transfer – We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

13.2 How to exercise the rights: You can also exercise any of these rights at any time by contacting us using the contact details provided above.

13.3 Withdrawal of marketing consent: You may withdraw consent to receiving marketing and/or to amend the delivery method we use at any time by either following the ‘opt-out’ instructions within in our marketing communications or by contacting us through enquiry forms or at the details stated in this policy.  Where you opt out of marketing, we may nonetheless retain your information in connection with previous transactions or correspondence for so long as is reasonably necessary in connection with the same.

13.4 Cookies: You can set your brower to refuse all or some browser cookies, or to alert you when websites set or access cookies.  If you disable or refuse cookies, please note that some parts of our Site may become inaccessible or not function properly.  For more information about the cookies we use, please the Cookie Policy on our Site.

13.5 Further information: Please note when you seek to enforce any of your rights, we may need to request specific information from you to help us verify your identity as a security measure.  We may also contact you to ask you for further information in relation to your request to speed up our response.

13.6 Fees: You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

13.7 Timing: We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

13.8 Concerns: If you are concerned or have questions about how we handle your personal data please contact us and we will do our best to assist you.

13.9 Complaints: Please note that you have the right to lodge a complaint with the UK Information Commissioner’s Office, the UK regulator for data protection issues, which may be accessed through the following link https://ico.org.uk/concerns/.  We would, however, appreciate the chance to deal with your concerns before you approach the ICO to please contact us in the first instance.