1. Introduction
The Nest Project is a Charity Incorporated Organisation and registered in England & Wales number CE037387, charity number 1209839.
ICO registration number CSN2574483
The Nest Project respects your privacy and are determined to protect your personal data. The purpose of this privacy notice is to inform you how we look after your personal data when you visit our website (regardless of where you visit it from).
Our Site is owned and operated by The Nest Project whose registered address is:
Unit 12d, Church Farm Offices
Corston
BA2 9AP
The Trustees of the Nest Project are data controllers, and the CEO is responsible for general data protection matters and complaints arising concerning day-to-day matters (collectively referred to as "We", "Us" or "Our" in this privacy notice). Queries related to Data Protection should be directed to the CEO (see the section "How to Contact Us")
1.1 Purpose Of This Privacy Notice
This privacy notice aims to give you information on how We collect and process your personal data which either you have provided to Us or We obtain. This notice applies to the personal information We collect about you directly or that We collect from third parties. It sets out:
- what personal data We collect;
- how We use your data;
- Lawful basis;
- how long We keep your information;
- how your information is protected;
- who We share your information with;
- International transfers;
- your rights in relation to the information We hold about you.
This website is not intended for children, and we do not knowingly collect data relating to children.
1.2 Third-party links outside of our control
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
2. The Personal Data We Collect
Personal data, or personal information, means any information about an individual from which that person can be identified. You can find out more about personal data from the Information Commissioner's Office.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped follows:
- Identity Data includes first name, surname, username, title, date of birth, gender.
- Contact Data includes telephone number/s, email address, billing address, delivery address.
- Financial Data includes bank account number, sort code.
- Making a donation to Us including Gift aid status and records of donations.
- Transaction Data includes details about payments to and from you, details of products and services you have purchased from us.
- Technical Data includes IP address, your login data, browser type and version, location, operating system, other technology on the devices you use to access this website.
- Profile Data includes username and password, purchases or orders made by you.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties, your communication preferences.
- Entry into any of Our competitions, promotions or surveys
- Request a call back through Our websites
- Media including photos
- Otherwise interact with Us or provide information to a third party to be referred to Us
Where We request information from you, this will be explained in the relevant forms or pages, or over the telephone. You may choose to provide additional information when you interact with Us or to a third party who refers you to Us. We store customer feedback and information on our customer databases.
We will collect data you give us when applying for a job or volunteering with Us, this may include:
- your bank account details and tax and residency status
- references from previous employers or educational institutions
- contact details for you, and any next of kin
- qualifications
- information concerning your health and medical conditions
- information about your race, ethnicity, and sexual orientation
- details of unspent criminal convictions.
A full privacy statement for job applicants is included in the recruitment pack.
2.1 Special category data
Where data processing relates to Special Categories of Data the following processing conditions apply:
- Explicit Consent has been given by the data subject.
- Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement.
2.2 Social Media Users
We use social media channels (including Facebook, WhatsApp and Instagram, the "Social Media Companies") to publish information about Us. If you follow or otherwise engage with our social media channels, We will collect Usage Data to analyse how users interact with those channels. If you use social media to send us messages or posts, we may use your Profile Data to communicate with you. When you interact with our channels, the Social Media Companies will also process your personal data for the purposes set out above. For more information, We would encourage you to review the privacy notices published by the Social Media Companies.
3. How Can You Control Your Data?
When you submit information via Our Site, you may be given the ability to opt-out of receiving marketing emails from Us which you may do by unsubscribing using the links provided in Our emails or by emailing us.
You may access certain areas of Our Site without providing any data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.
You may withdraw your consent for Us to use your personal data at any time by contacting Us and We will delete Your data from Our systems. However, you acknowledge this may limit Our ability to provide services to you (see the section on How to Contact Us).
Please tell us as soon as any of your contact details change so that we can keep our records up to date.
You can change the way we contact you, or the kind of material we send you, at any time by contacting Us by post, or by email using the contact details below.
4. How We Use Your Data
We use your data to provide services and information to you. This includes:
- Providing and managing your access to Our Site.
- Personalising and tailoring your experience on Our Site.
- Supplying Our services to you.
- Responding to communications from you.
- Analysing your use of Our Site and gathering feedback to improve your experience.
- Processing your donations
In some cases, data collection may be a statutory or contractual requirement. We may be limited in providing services without your consent.
4.1 Third Parties or Publicly Available Sources
We may receive personal data about you from third parties and public sources including:
- Analytics providers such as Google
- Technical, payment and delivery service providers
- Social Media sites such as Facebook
4.2 Direct Marketing
We may send email or postal newsletters you have subscribed to. You can opt-out at any time.
We may contact you with information, news and offers via email, phone or text. We will not send unsolicited marketing or spam and will protect your rights in line with GDPR and the Privacy and Electronic Communications Regulations 2003.
5. Lawful Basis
Under GDPR, we will ensure that your personal data is processed lawfully, fairly, and transparently. We will process your personal data only if one of the following applies:
- Consent for one or more specific purposes, e.g., special category data
- Contractual necessity, e.g., employment or volunteering
- Legal obligation, e.g., processing donations or DBS checks
- Vital interests, e.g., protecting someone's life
- Legitimate interests, e.g., improving services, understanding user needs
6. Data Storage and Retention
We only keep personal data as long as necessary for the purposes outlined in this notice, unless a longer retention period is required by law. You can request deletion at any time.
We reserve the right to retain personal data if needed for legal, tax or regulatory obligations.
For specific retention periods, see our detailed Retention Schedule.
6.1 Data Security
We have implemented physical, electronic and managerial procedures to safeguard your data.
All data is stored electronically in a secure database or locked cabinet. Access is limited to authorised personnel. All system users are trained in GDPR.
Third parties acting on our behalf are required to follow our data security policies.
7. Who We Share Your Personal Data With
We do not sell your data. We only share it if necessary to provide you with support or services.
We may share data with contracted third parties including:
| Third party name: | Used to: | Privacy notice: |
|---|---|---|
| Churchsuite | Referral bookings | Privacy Notice |
| Sage | Accounts | Privacy Notice |
| Qtac | Payroll | Privacy Policy |
| Care Check | DBS | Privacy Policy |
| Good Hub | On- line Donation | Privacy Policy |
| MS365 | Documentation creation and storage | Privacy Statement |
| Google Workspace | Document Storage | Privacy Statement |
We also share data with advisers, regulators, and other authorities as legally required.
7.1 International Transfers
If we transfer your data outside the UK, we ensure appropriate safeguards such as the ICO's International Data Transfer Agreement (IDTA). Contact us for further details.
7.2 Cookies and Automatic Collection
We collect website usage data via cookies. Cookies store preferences and help tailor content.
Non-essential cookies require consent. You can change your preferences from any page.
We also collect aggregate info like anonymised IP addresses, browser type, ISP, clicks and errors.
View our cookies policy at thenestproject.co.uk
8. Summary of Your Rights
You have rights regarding your personal data:
- Access, correct, delete, or restrict your data
- Receive a copy of data you have provided
- Object to processing where we rely on legitimate interests
- Withdraw consent at any time
We may verify your identity before acting on your request and aim to respond within one month.
9. How to Contact Us
Email: vix@thenestproject.co.uk
Address:
Data Protection,
The Nest Project,
Unit 12d, Church Farm Offices,
Corston,
BA2 9AP
10. How to Complain
If you're unhappy with our data handling, contact us.
If unresolved, contact the Information Commissioner's Office (ICO):
Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Tel: 0303 123 1113
Website: ico.org.uk/concerns
11. Changes to Our Privacy Notice
We may update this Privacy Notice. Any changes will be posted on Our Site.
Last updated: January 2025