We care about your privacy and your personal data. We think it’s important that you know about what information we store, what we use it for and how we protect it.
If you would like to know more about the specific information we hold for you, please contact us. If you find any of this information to be incorrect or out-of-date, we will happily update or delete the information at your request. You can also update much of the information by logging in and editing your account.
We are registered with the Information Commissioner’s Office as a data processor (Registration number: ZA085648).
Terms and definitions.
We’ve tried our best to keep the language in this policy as simple and clear as possible, so we want to make sure we defined some terms used later on.
When we say “Us” or “We”, that means Measured Brilliance Ltd, which is the company that owns and runs Echoleft, the website and it’s services. Measured Brilliance is a UK Limited Company (number 8023472), registered to Saracen’s House, 25 St Margaret’s St, Ipswich IP4 2BN. That’s a very technical description, we’re also real people that you can read about here and contact here.
There are charities and companies (including community interest companies, limited companies and other company structures) that use Echoleft to provide services like selling, or providing for free, tickets and registrations for events and collecting donations or other fundraising activities. We refer to these as “organisations” in this policy and have tried, where possible, to specify where any certain type of organisation has a specific exception to the policy from the others (for example registered charities using data to process GiftAid.)
When we say “you”, we mean our users including individuals, members of organisations and any other consumers of our services.
When we say “website” we mean www.echoleft.com, including any subdomains.
When we say “services”, we mean any any facilities, tools, services or information that we make available through the website and online, either now or in the future.
How we collect your data.
When you visit our website or use our services, we collect personal data from you in several ways:
Information you provide to us directly:
When you visit our website or use our services, we may ask you to provide personal data to us. For example when you’re buying a ticket to an event, make a donation, create a memorial or contact us with questions or request support from us. If you don’t wish to provide this data, you don’t have to, but this may mean you’re not able to use some of our services.
Data we collect automatically:
When you visit our website or use our services, we may collect information about you automatically, for example the type of device that you’re using or your IP address. We may also collect information about which pages you visit and use this information to gain a better understanding of how you use our services so we can improve them for you.
How we use your data.
Our main purpose for collecting and storing your personal data is to provide our services to you including purchasing tickets or registering for events, donating to good causes and creating and managing memorials.
Creating and Managing Your Account
When you create an Echoleft account, we ask for personal information including your name, email address and ask you to choose a password.
We use that information to allow you to log in to your account. We use your email address to send you notifications about your activities in Echoleft, for example we send details of memorials you create, events that you would like to attend or donations that you make.
When appropriate, we encrypt the data that we store, for example your passwords are encrypted. We have no way of seeing your password.
When donating to a charity using Echoleft, you are asked for your personal information including name, address and payment card information.
Our donations are processed by Stripe, a leading payment provider. Stripe has been audited by a PCI-certified auditor, and has in turn been certified as a PCI Level 1 Service Provider, the most stringent level of certification available. You can confirm their certification in Visa’s registry of service providers.
We do not store your credit card details on our servers. We are sent a secure ‘token’ by Stripe, which we use to make the donation.
Your donation is sent to the charity, we never receive your donation, not even to hold or transfer it. The transaction is between you and the charity.
In some cases, Echoleft may receive a fee for processing the donation, this will be made clear to you during the donation. This fee is agreed with the charity and allows us to continue to provide a service for them, we strive to keep our fees as low as we can.
During a donation, you may be offered the choice to have your payment details stored to make donating easier in the future. Again, we do not store your card details, we store a ‘token’ provided by Stripe.
When registering a place, or buying a ticket for an event using Echoleft, you are asked for your personal data in order to process your purchase and enable the organisation to run the event.
Additional Consent Requests
During a donation, event registration or other activity on Echoleft, you may be offered the option to provide consent to a charity or organisation to use your personal details for a specific purpose outside of the scope of your activity on Echoleft. You will be always opted out by default, and Echoleft provides tools to revoke this consent at any time via your account.
Other uses of your data.
We may also use your data to:
We try and resolve any technical issues you may experience while using our website, and provide additional support for other services we provide.
Communicate with you
We may include providing you with information you’ve requested, ask ing you for feedback about a service you’ve used, operational communications including major changes to the services we provide or security updates and marketing communications in accordance with your preferences.
To make our services more useful for you.
We use anonymised analytics to help us gain a better understanding of how you use our services so we can improve them for you.
To detect and prevent fraud and malicious behaviour
We take our commitment to our user's online safety very seriously and may use data to help us create and use tools to prevent fraudulent or malicious activity, or behaviour that goes against our Terms & Conditions.
Grounds for processing your data.
Where we collect personal data, we’ll only process it:
- to perform a contract with you, or
- where we have legitimate interests to process the personal data and they’re not overridden by your rights, or
- in accordance with a legal obligation, or
- where we have your consent.
How and when we share your data.
There are times when we need to share your data with third-parties in order to perform our services. We will only disclose your personal data to:
We use a range of third-party service providers including database service providers, backup and disaster recovery service providers, email service providers and others.
Charities, causes, event organisers and fundraisers.
When you purchase tickets or register for an event, donate to an organisation, take part in a fundraising team or create a public memorial, we may pass your data on to the organisation running the event or related fundraising page.
In some instances, an organisation may appoint a third party, which may or may not be affiliated with the organisation, to assist them with running the event.
It is important that you review the applicable policies of the organisations, and if applicable and available, their appointed third-party, of an event before providing any personal data regarding an event or related fundraising page.
When you donate to a charity, cause or fundraising page, we may pass your data on to the charity unless you choose to remain anonymous.
We may provide additional tools to charities to allow you to opt in to receiving information from charities and good causes. In this case, we provide you a way to manage that consent through Echoleft, however we cannot always reflect changes made elsewhere, for example if you change your consent preferences directly with the charity or good cause, that change may not be reflected in Echoleft.
We may be obliged to provide your data to regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure
- Other people where we have your consent.
International Data Transfers
Your data may be transferred to, and processed in, countries other than the UK, for example it may be transferred to the United States where some of our technical service providers are based.
If you are a citizen of the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where this is the case, it will only be transferred to third-parties where we have identified that adequate protections are in place for your data, for example by ensuring the entity is Privacy Shield certified (for transfers to the United States).
The length of time that we retain your personal data depends on the type data and the service for which it was collected, and where we have an ongoing need to collect it for example legal, tax or accounting requirements.
We will retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, your data will be deleted or anonymised.