Your website Our website is developing in exciting ways. It now has video-blogging, photographs, interactive tools, online donation facilities and a sophisticated design. How do we ensure we are not breaching others’ IP rights and how do we protect our own IP on the website? What should we look for in agreements with website suppliers?
IP and your websites• Layers of IP in back office and content ◦ Source code; text; design; look and feel; photos; videos; trade marks• Approaching third party IP use ◦ Ensure clearance for online use (beware of territories) ◦ Use standard consent forms ◦ Obtain assurances and indemnities from contributors ◦ Credit the creators (where you have agreed to do so) ◦ Copyright and trade mark statements, where necessary ◦ Remove material immediately if complaint of infringement (and you are unsure of rights’ status)
IP and your websites• Protecting organisation’s own IP ◦ Ensure you own it – agreement with developer ◦ Security measures ◦ Credit your IP/trade marks ◦ Deal with it in terms and conditions and specific statements on site ◦ Infringement action
Terms and conditions with developers Don’t be put off by ‘standard’ small-print Ts and Cs – always room for negotiation Balance negotiation against value of the website Protect your IP. Developer may own IP in the coding but should release code if new developer appointed Agreed procedure if disruption – outside business hours
Terms and conditions with developers Clear termination right for unsatisfactory service (as judged reasonably by your organisation!) Obligation to release coding to new developer without disruption to service and co-operate for a smooth handover Deal with hidden costs – upgrades, maintenance, transfer to new developer Detailed “SMART” specification
Third parties with access to supporter data Text donation service providers, fulfilment houses, website hosts and providers Data controller (charity) remains liable Should ensure written data processor agreement in place
Privacy & Cookies My organisation will be collecting personal information about visitors through the website and will be using cookies - so that users are recognised when they come back to the site and to process payments and donations. What are the legal risks?
Privacy Data Protection Act 1998• Personal data – information relating to a living individual who can be identified by that ◦ information (or when the information is combined with other information in your organisation’s possession) If you collect personal data, the Data Protection Principles apply including: ◦ Personal data shall be processed fairly and lawfully ◦ Personal data shall be obtained for lawful purposes ◦ Personal data shall be adequate, relevant and not excessive in relation to the purpose ◦ Personal data shall be accurate and, where necessary, kept up to date ◦ Personal data shall not be kept for longer than is necessary for the purpose ◦ Appropriate measures shall be taken to protect against unlawful processing and to protect against accidental loss/destruction ◦
Privacy – practical tips for data protection◦ Explain how you are using and storing personal data – there is not a general requirement for consent but you must have provided the information◦ Use personal data in a reasonable, transparent and proportionate manner◦ Be clear about any sharing of personal data with third parties◦ Obtain consent for email marketing from users (e.g. from the form collecting the contact information)◦ Consider security measures for users (e.g. passwords, encryption, security checks, destruction of information once not relevant) and discuss with web developer
Social NetworkingOur digital fundraising strategy is developing and we intend to offer social networking services where website users can donate online, express views, chat, contact each other, upload content such as videos and photographs. What are the legal risks?
Social Networking◦ Clear and accessible “House Rules” which may include: ◦ Rules about IP infringement with indemnity ◦ Rules about obscene/offensive materials ◦ Information about your moderation ◦ Rules prohibiting spam emails to other users or marketing of commercial services ◦ Clear right to suspend access or require content to be edited
Social Networking ◦ Clear complaints procedure ◦ Provision allowing your organisation to use the information for its purposes ◦ General rules about how you wish individuals to use the website Consider posting statement on website about level of moderation and clarifying that views posted are not those of the organisation.
What does the law require? In addition to DPA 1998, Compliance with Privacy and Electronic Communications Regulations 2003 Applies to direct marketing messages to email, text messages, picture or video messages What is direct marketing? Not just offer for sale of goods or services Includes promotion of charity’s aims and ideals Includes fundraising appeal electronic marketing (to individual or corporate) should Give identity of sender Valid address for opt-out request Any other information necessary to enable processing of data to be fair
Electronic marketing – key points no unsolicited e-marketing to “individual subscribers” without consent “Solicited” message = actively invited e.g “I would like to receive marketing from…” consent must be given to the sender (i.e. no bought-in lists unless marketing is solicited) exception: prior consent not necessary for existing relationship in connection with sale of similar goods/services – NOT charity donations!
Online version XYZ Organisation Data Protection Act 1998 I would like to receive information from you [and your subsidiary companies] relating to your activities (including fundraising) I am happy for you to pass my details to other organisations [with similar objects] so that they can contact me about their activities Please untick the relevant box(es) if you do not wish us to do this [Note: ICO good practice differs]
How does this apply to text donations? Provide information before you collect mobile no./received text e.g. on website/in literature “Please donate by texting [ ] to [ ]. We will use your details to update you on our events and activities” Tell supporter who you are and what you are using their data for
Applying to text donations – Consent tounsolicited marketing Include opt-in statement on link from text e.g. on gift aid form (see example below) Gift aid wording: I am happy for [X] charity to keep in touch and tell me about their events and activities My email address is [ ]
Gift aid and text donations Gift aid rules apply to text donations Minimum information needed from donor Can be completed via mobile
Advertising Standards Authority - CAP Code CAP Code applies to charities’ website relating to donations, fundraising and selling of products/services, third party sites under its control, social networking pages of the charity Obligations include: Not misrepresenting the body, activities or the benefits of donated funds or the scale/nature of the cause it is supporting Addressing fund-raising messages to children
Sale of goods and services – compliance with the Distance Selling Regulations – conditions to be met: Before consumer buys from you Once consumer has decided to buy Cancellation Phonepayplus guidance – applicable where premium rate lines are used Payment Card Industry Data Security Standards Corporate fundraising – commercial participators
Contact Augustus Della-Porta Associate Bates Wells & Braithwaite 2-6 Cannon Street London EC4M 6YH email@example.com Tel: 020 7551 7607