Social Bite Privacy Notice
Social Bite (‘SB’, ’the charity, ‘we’, ‘our’ or ‘us’) collects, uses and is responsible for certain personal information about you. This notice contains important information on who we are and how and why we collect, store, use and share your personal information. It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint.
This notice does not cover personal data we process about our staff or volunteers. The categories of data subjects whose personal data is covered by this privacy notice include; service users, donors, supporters, third party referrers, individuals who make enquiries via our website or over the phone or email.
1. Key terms
It would be helpful to start by explaining some key terms used in this policy:
We, us, our or ‘Social Bite’ | Social Bite Fund a SCIO (Charity number SC045232). registered at 1 Leith Walk, Edinburgh, EH6 8LN |
Our website(s) | Means https://staging.social-bite.co.uk (and each of its sub-domains including https://shop.social-bite.co.uk and https://festive.social-bite.co.uk) and https://www.breakthecycle.co.uk |
Personal information | Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
Special category personal information | Personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. |
2. Data Controller
The Social Bite Fund (SC045232) is a registered charity in Scotland which seeks to alleviate homelessness through innovative solutions from employment and support programmes, to temporary housing. We are the data controller and responsible for your personal data (ICO Registration Number ZA443858).
Social Bite Fund wholly owns two trading companies:
- Social Bite Limited which oversees a chain of retail stores and catering concessions.
- Social Bite Restaurants Limited which provides training and employment opportunities for homeless and vulnerable people together with Vesta Bar & Kitchen, as well as a Pay It Forward option. Vesta’s Privacy Notice can be found here: https://vestaedinburgh.co.uk/privacy-policy/.
Social Bite Fund also works in partnership with Cyrenians and Hillcrest Housing Association to provide the Social Bite Village which is our housing initiative that develops accommodation and provides employment and housing advice for homeless and vulnerable people. Cyrenians’ Privacy Notice can be found here: https://cyrenians.scot/privacy-policy and Hillcrest’s Privacy Notice can be found here: https://www.hillcrest.org.uk/information-services/privacy-policy/.
Where it is necessary to do so, we may share information between the above named entities. We would only share information between the entities where we have a legal basis to do and where we have appropriate agreements in place to share and safeguard that information.
We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your rights as a data subject, please contact the DPO at data@social-bite.co.uk.
3. Scope of this Privacy Notice
This Privacy Notice applies to your use of Our website(s). It does not extend to any websites that are linked to from Our website(s) (whether We provide those links or whether they are shared by other users). We have no control over how your data is collected, stored or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.
4. Personal information we collect about you
We may collect and use the following Personal information about you:
- your name and contact information, including email address and telephone number and company details;
- your gender and date of birth;
- family and spouse/partner details, relationships to other supporters;
- emergency contact details and relevant medical information (when registering for a physical event with us);
- your professional activities and employment details;
- gift aid status and records of donations;
- records of purchases, reservations and orders;
- your bank account, transaction and payment card information;
- information about the services we provide to you;
- details of any feedback you give us by phone, email, post or via social media;
- your preferences in receiving marketing from us and our third parties and your communication preferences
- information about how you use Our website(s), IT, communication and other systems as well as your IP address, browser type and version, operating system and referral source;
- photographs and videos which have been taken when you have attended a Social Bite event; and/or
- CCTV imagery of you may be captured while you are on a Social Bite premises, as CCTV is used by Social Bite and its trading companies for security purposes
We may collect and use the following Special category personal information:
- Medical health data (mental and physical) in the provision of our services such as housing and employment support
- Race or ethnic origin when you are referred to one of our support services
- Sexual health or orientation when you are referred to one of our support services
Children’s information
Some of our events such as ’Festival of Kindness’ or ‘Break the Cycle’ are open to children and we may collect and use the name, date of birth, emergency contact and where required the medical information of any child participating in our events. Any data collected relating to children under the age of 13 shall be provided by the adult accompanying the child to the event on a consent basis.
We will not use or share your child’s information without parental consent, except for the permissible purposes stated in this Privacy notice, and if required by law. Following the completion of the events the data held in relation to the children will be deleted.
We encourage you to contact us immediately if you have any concerns regarding the information collected on your child, wish to review information collected on your child, or have that information modified or deleted. Contact details can be located at paragraph 16 of this Privacy notice (‘How to contact us’).
For a child-friendly version of this Privacy Notice please contact data@social-bite.co.uk.
5. How your personal information is collected
Personal Data is collected in several different ways dependent on your interaction with the charity. The main way is by direct interaction with you in person, by telephone, text or email and/or via Our website(s), such as when you make a donation, fill in one of our online forms. However, we may also collect information:
- from publicly accessible sources, e.g. Companies House, social media websites or Office of the Scottish Charity Register;
- directly from a third party, e.g.:
- fundraising platform providers (such as Enthuse or Just Giving);
- ordering platform providers (such as Storekit, Just Eat, Deliveroo and WooCommerce);
- accounting and payment platform providers (such as Stripe);
- from a third party with your consent, e.g. a referral from another third sector organisation; marketing services
- from cookies on Our website(s) with your consent—for more information on our use of cookies, please see our cookies policy https://social-bite.co.uk/cookie-policy/; and
- via our IT systems, e.g.:
- automated monitoring of Our website(s) and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems;
6. How and why we use your personal information
Under data protection law, we can only use your personal information if we have a proper reason for doing so. In order to use your personal information, we rely on the following legal bases:
- to comply with our legal and regulatory obligations e.g. such as to assist with investigations carried out by the police, other authorities or any regulatory requirement to which the charity is subject;
- for the performance of a contract we have with you as a party or to take steps at your request before entering into a contract;
- for our legitimate interests or those of a third party;
- where you have given us clear consent for us to process your personal information for a specific purpose; or
- where processing is necessary to protect the vital interests of you or of another person.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. Legitimate interests might include:
- To keep in touch with you about an event you have registered for; or
- To inform you of the cause/charity work you have chosen to support.
If consent is the basis for our processing of your personal information, you have the right to withdraw your consent at any time. If you wish to do so, please contact us using the details listed at paragraph 16 of this Privacy notice (‘How to contact us’).
When we process special category personal data, and the legal bases for processing that we rely on are:
- where it is necessary for the purposes of the provision of health or social care or treatment or the management of health or social care systems and services and for ‘the provision of social care’ and ‘the management of social care systems or services’. under Schedule 1, Part 1(2)(2)(e) and (f) of the Data Protection Act 2018;
- in limited circumstances, your explicit written consent;
- where it is necessary to protect you or another person from harm;
- less commonly, we may process this type of information where it is needed in relation to legal claims, or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
Purpose |
Personal Data |
Where do we get it from? |
Legal Basis |
To create, verify and manage an account with us. | Name, Email address, any information you provide to us. | From you. | Performance of a contract with you Consent |
To respond to enquiries (online and otherwise) or indications of wishes to support the charity. | Name, Email address, any information you provide to us. | When you submit an enquiry on our website, use our online forms, email, text, telephone, post or when we meet you face to face. We may also receive personal data from independent event organisers e.g. fundraising sites (e.g. Just Giving) where you have given them this information and indicated you would like to support our charity. |
Legitimate Interest – it is in our legitimate interest to respond to enquiries, requests and information within feedback forms so that we can engage with individuals to the benefit of the charity.
|
To process and deliver a service to you including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us |
Name, Email address/Contact information, financial information, Marketing and Communications |
From you.
|
Performance of a contract with you Necessary for our legitimate interests (to recover debts due to us) |
To process donations | Name, Email address/Contact information, financial information, Marketing and Communications |
From you.
|
Performance of a contract with you Necessary for our legitimate interests (to recover debts due to us) |
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy notice (b) Asking you to leave a review or take a survey |
Name, Email address, and contact details. | From you. | Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) |
To enable SB to provide you with our direct marketing communications by email or text. | Name, Email address, and contact details. | From you. | Consent |
To enable SB to provide you with our direct marketing communications by telephone or post. | Name, Email address, and contact details. | From you. | Legitimate interest, which is to promote our charitable objectives and to increase fundraising. |
To enable third party partners to provide you with direct marketing about SB in electronic communication form such as targeted online (including on social media platforms). | Name, Email address, and contact details. | From you. | Consent |
To inform our marketing strategy by analysing and profiling our marketing database and to identify others that may be interested in hearing from us (called Lookalike audiences). This helps us to understand our donors better. | Name, address, email address, donation. | From you. | Our Legitimate Interest to inform and maximise our marketing strategy with a view to further supporting the charity. |
To set cookies on our website. | Data about your use of our website. | From you. | For essential cookies it is in our legitimate interest to use these to operate the website. For other cookies, we rely on your consent. Please our cookie policy for more information |
To publish case studies and testimonials | Name/picture/details you wish to share. | From you. | Consent. |
To enable SB to provide advice and support including employment and housing advice/support, and signposting advice/support. | Name, address, email address, health data, race or ethnic origin, sexual health or orientation data, biometric or genetic data, financial data, criminal data. | From you. From your organisations that you have given your consent for us to receive information as part of a referral. | Consent and explicit consent. In extreme situations, we can rely on vital interests we may share your personal details if we believe you or someone’s life is at risk. |
7. Who we share your personal information with
We routinely share personal information with:
- third party partners where we have agreed data sharing terms e.g. Cyrenians and Hillcrest Housing Association;
- partner third sector organisations where you have given consent for us to do so
- third parties we use to help deliver our services to you, e.g. payment service providers;
- fundraising platform providers e.g. Enthuse and Just Giving;
- CRM platforms such e.g. Beacon;
- other third parties we use to help us run our business, e.g. marketing agencies (but only when you have opted-in to receive marketing communications from us) or website hosts. We will never share your data with, or sell your data to, third parties for their own marketing purposes, and you won’t receive marketing communications from third parties as a result of giving your data to us;
- third parties approved by you, e.g. social media sites you choose to link your account to or third-party payment providers; and
- our banks.
We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers relating to ensure they can only use your personal information to provide services to us and to you.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
Break the Cycle live events
If you registered as a participant of our Break the Cycle live events (such as Break the Cycle 2022), we share your contact details and any health conditions you have shared with us with our event delivery partner, Pennine Events Ltd. We share this data for the purposes of;
- access to the event – When you register for the event, your details will be sent to Pennine Events so they can issue you a ‘bib number’ for participation in the event. Only people who have a ‘bib number’ will be able to ride on the event day;
- rider packs – All participants who register for the live event will be sent a ‘rider pack’ in the post from Pennine Events. We will send Pennine Events your delivery details to enable them to mail this pack to your specified postal address; and
- health and safety – It’s in your vital interest that we share any pre-existing health condition you declare when registering for the event. This is necessary so this information can be shared with first responders in the instance of a medical emergency during the cycle event.
Your data will be shared in a secure way and will remain within the UK. Pennine events Ltd will store your information on a secure system and delete it within 1 month of the event ending.
Our online event registration system is provided by Enthuse (Online Giving Ltd) who will act as joint Controller for the purposes of enabling your registration and creation of your fundraising page for the event.
8. How long your personal information will be kept
We will keep your personal information while you have an account with us or we are providing services to you. Thereafter, we will keep your personal information only for as long as is necessary:
- to respond to any questions, complaints or claims made by you or on your behalf;
- to show that we treated you fairly; or
- to keep records required by law.
We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information. Further details on this are available on request using the contact details set out below – see ‘How to contact us’.
9. Where your personal information is held
Information may be held at our offices, or at the offices or on the systems belonging to third party agencies, service providers, representatives and agents as described above (see above: ‘Who we share your personal information with’).
Some of these third parties who have access to your data may be based outside the UK or the European Economic Area. Where this is the case, this may occur under the protections of the European Commission’s standard contractual clauses, but will otherwise only take place where appropriate standards and safeguards are in place.
10. Cookies and similar technologies
A cookie is a small text file which is placed onto your device (eg computer, smartphone or other electronic device) when you use Our website(s). We use cookies on Our website(s). These help us recognise you and your device and store some information about your preferences or past actions.
For further information on our use of cookies, please see our https://social-bite.co.uk/cookie-policy/.
For further information on cookies generally visit www.aboutcookies.org or www.allaboutcookies.org.
You can find out how to decline targeting and behavioural advertising cookies by visiting:
- http://optout.networkadvertising.org/
- http://www.aboutads.info
- http://www.youronlinechoices.eu
11. Promotional communications
We would like to send you information about your involvement in current events, updates on future events and projects, fundraising activities and ways you can get involved, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone or text message (SMS).
We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes when you fill out an online form, sign up for an event or make a donation.
If you have previously agreed to being contacted in this way, you can unsubscribe at any time by:
—contacting us by emailing data@social-bite.co.uk or
—using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts.
For more information on your rights in relation to marketing, see ‘Your rights’ below.
12. Your rights
You have the following rights, which you can exercise free of charge:
Access | The right to be provided with a copy of your personal information (the right of access) |
Rectification | The right to require us to correct any mistakes in your personal information |
To be forgotten | The right to require us to delete your personal information—in certain situations |
Restriction of processing | The right to require us to restrict processing of your personal information—in certain circumstances, eg if you contest the accuracy of the data |
Data portability | The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations |
To object |
The right to object: —at any time to your personal information being processed for direct marketing (including profiling); —in certain other situations to our continued processing of your personal information, eg processing carried out for the purpose of our legitimate interests. |
Not to be subject to automated individual decision-making | The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you |
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- email, call or write to – see below: ‘How to contact us’; and
- let us have enough information to identify you (eg your full name, address and customer or matter reference number);
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- let us know what right you want to exercise and the information to which your request relates.
13. Automated Decision Making and Profiling
In the event that we use personal data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) on you, you have the right to challenge such decisions under data protection legislation, requesting human intervention, expressing your own point of view, and obtaining an explanation of the decision from us.
The right described in the preceding paragraph does not apply in the following circumstances:
- the decision is necessary for the entry into, or performance of, a contract between you and us;
- the decision is authorised by law; or
- you have given your explicit consent.
Where we use your Personal Data for profiling purposes, the following shall apply:
- clear information explaining the reasoning for profiling will be provided, including its significance and the likely consequences;
- appropriate mathematical or statistical procedures will be used such as formulas or algorithms; and
- technical and organisational measures necessary to minimise the risk of errors and to enable such errors to be easily corrected shall be implemented; and
- all Personal Data processed for profiling purposes shall be secured in order to prevent discriminatory effects arising out of profiling.
Cases where we may use your Personal Data for profiling purpose are:
- targeted advertising (including through Facebook and Google) where we may use your Personal Data to deliver advertising which we believe may be of interest to you. This approach enables us to avoid directing adverts to you if they are unlikely to be of interest. This will only be done if you have consented to the use of the required cookies and you can opt-out of this targeting by adjusting your cookie preferences on Our website(s).
14. Keeping your personal information secure
We have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We have put in place suitable physical, electronic and managerial procedures to safeguard and secure your personal data. Steps we take to secure and protect your personal data include:
- keeping a data processing activities log,
- securing all personal data in an online cloud based system with restricted access; and
- ensuring we use password protection on files if we ever exchange personal data via emails.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
15. How to complain
We hope that we can resolve any query or concern you may raise about our use of your information.
The UK General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, which in the UK is the Information Commissioner (also known as the ICO). The ICO may be contacted at https://ico.org.uk/concerns or by telephone: 0303 123 1113.
16. Changes to this privacy policy
This privacy notice was last updated on 04th July 2023.
We may change this privacy notice as we may deem necessary from time to time, or as may be required by law. Any changes will be immediately posted on Our website(s).
17. How to contact us
Please contact us by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.
Our contact details are shown below:
Social Bite
data@social-bite.co.uk
0131 353 0250