Freedom from Torture is committed to safeguarding your privacy. The collection and use of personal data by us is in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) (the "GDPR").
Please read the following policy to understand how your personal data will be treated. This policy was last updated on 24 May 2018 and may change from time to time so please check back periodically.
Who do we collect data from?
Visitors to our website
We collect a limited amount of data automatically from our website users. This includes information such as demographic data, location data, device categories and settings, and browsing patterns. Once we collect this information, we use it in aggregate form such that it would not identify you.
Like most websites, we also use “cookies” for the above and to carry out targeted advertising to you on third party websites.
Job and volunteer applicants
If you volunteer for us or apply for a job with us, we collect information necessary for us to process these applications and assess your suitability (which may include things like employment status, previous experience depending on the context, as well as any unspent criminal convictions or pending court cases you may have); your age, nationality and ethnicity information for monitoring purposes; and any other personal information you provide to us.
The people we support
We collect certain personal information about the people we support. This data is limited to such data as we require in order to provide you with our services or where you have given us your consent to collecting data. All personal data is kept in line with our data protection and confidentiality policies. Alternatively, it is anonymised for research and policy purposes where consent is given. We don’t pass on your data to a third party unless it is in your best interests. For a copy of our policies, please contact QualityAssurance@freedomfromtorture.org
We generally collect your personal data directly from you, for example when you make a donation, sign up for email updates, purchase something from our shop, open or click our emails, sign up for an event, ask us about training or otherwise communicate with us. This information is likely to include your name and contact details (including postal address, telephone number, email address) as well as other information such as (but not limited to):
• your date of birth
• your gender
• your bank or credit card information where you provide these to make a payment
• the reason for donating
• information about events, activities and products which we consider to be of interest to you
• information relating to your health (solely for health and safety purposes, for example if you are taking part in or attending an event)
• Where you have left us a legacy, any information regarding next of kin which you may have provided us with to administer this
• Information as to whether you are a tax payer to enable us to claim Gift Aid
• Nationality and ethnicity (solely for monitoring purposes)
• Any other personal information you provide to us, including for the purposes outlined in the previous sections
Certain types of personal information are in a special category under data protection laws, as they are considered to be more sensitive. Examples of this would be information about health, race, ethnicity, religious beliefs, political views.
We only collect this type of information where there is a clear reason for us to do so, for example asking for health information if you are taking part in a sporting event, or where we ask for information for the purpose of providing appropriate facilities or support.
We also collect your information when you give it to us indirectly via third parties, for example (i) when you donate to us through other websites like Just Giving or Virgin Money giving, (ii) when you sign up to hear from us through other websites like Change.org, Care2 or Facebook, and/or (iii) when you sign up to Freedom from Torture competitions via third-party publishers. These independent third parties will only share your information with us when you give consent and we will use your personal information, including your address and telephone number, for the purpose of contacting you in the future. You are then free to change your contact preferences with Freedom from Torture at any time.
We, or our trusted service providers, may use existing data from Freedom from Torture's own database and combine this with information from publicly available sources such as charity websites and annual reviews, corporate websites, public social media accounts, the electoral register and Companies House in order to create a fuller understanding of your interests and support of Freedom from Torture. We only use reputable sources, where someone would expect their information may be read by the public. We avoid any data that we believe has not been lawfully or ethically obtained, and we do not use information sources which have not been broadcast or made public. For more information, please see our section "Building profiles of supporters" below so we can tailor our communications to you.
How does Freedom from Torture use your information?
We may use your information in a number of different ways. For information about the legal conditions which allow us to use your information, please see "What legal conditions do we rely on for processing your personal data?".
We may use your information to:
• provide you with the services, products or information you asked for
• keep you informed about upcoming training events
• respond to or fulfil any request, complaints or queries you make to us
• send you correspondence and communicate with you
• personalise our communications e.g. pre-filling forms on our website when you have already provided this at an earlier time, in order to improve your experience on our website
• help reporting and segmentation, to improve our fundraising and communications and for improving our website
• keep a record of your relationship with us
• manage our events
• further our charitable objectives
• conduct due diligence and ethical screening
• carry out fraud prevention and money laundering checks
• process your application for a job or a volunteering position
• audit and administer our accounts
• meet our legal obligations
• invite you to participate in surveys or research
Please note that regardless of communication preferences, we can still contact you for administration purposes. This could include updating your Gift Aid information or updating other personal data related to your donation(s). If you are an active Freedom from Torture supporter, we will send you postal mailings, for example to tell you about the difference you are making through regular updates and newsletters, or to give you the opportunity to take part in our appeals, campaigns and events.
Whether or not you are a Freedom from Torture supporter, if you have indicated that you are interested in receiving regular information about Freedom from Torture's work and activities, we will send you regular communications including fundraising, by email, post and / or phone, in accordance with your marketing preferences.
If you have opted to receive email communications from us, we will occasionally use your email address to identify you on the third party websites such as AdRoll, Google, Facebook and Twitter, which enables us to monitor public social media updates about us, target promoted posts to you and target new audiences based on aggregate profiling of our existing supporters.
If you no longer wish to receive marketing communications from us, you may:
• Contact us at firstname.lastname@example.org;
• Contact us via our Contact Us page;
• Call us at 0207 697 7788; or
• Click on the unsubscribe link on any digital marketing communication that you receive from us.
Building profiles of supporters so we can tailor our communications to you
At Freedom from Torture, our work is only made possible thanks to the generosity of our supporters, so it’s vital that our fundraising efforts are as effective as they can be. By developing a better understanding of our supporters through researching them using publicly available sources we can tailor and target our fundraising events and communications (including volunteering opportunities) to those most likely to be interested in them (see section above). This allows us to be more efficient and cost-effective with our resources, and also reduces the risk of someone receiving information that they might find irrelevant, intrusive or even distressing.
After taking a supporter’s preferences into account, we, or our trusted service providers, may use information we hold on such supporters to research their potential to be a significant donor to Freedom from Torture and collect additional details relating to their employment and any philanthropic activity. This might also include estimating their gift capacity, based on their visible assets, history of charitable giving and how connected they are to Freedom from Torture.
We’re committed to putting you in control of your data and you’re free at any time to opt out from this activity. To find out more, please contact 0207 697 7788 or email@example.com
Who do we share your information with?
We may disclose your information to third party service providers who require access to such information for the purpose of providing specific services to us, such as those already mentioned above, and for the purpose of processing data for reporting on or sending our own communications or fulfilment of orders. These third parties will generally only be able to access your information in order to provide us with their services and will not be able to use it for their own purposes.
We may disclose your information to professional advisors (such as legal advisors and accountants) or auditors for the purpose of providing professional services to us.
We enter into contracts with these service providers that require them to comply with Data Protection Laws and ensure that they have appropriate controls in place to secure your information.
We may disclose your information if required to do so by law (for example to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority); or in order to enforce our conditions of sale and other agreements.
How do we keep your data safe?
We will take all reasonable precautions necessary to protect your personal data from misuse, interference and loss; and unauthorised access, modification or disclosure. For example, all information that you share via our website is secured with SSL technology (secure server software).
Unfortunately, there is always risk involved in sending information through any channel over the internet. You send information over the internet entirely at your own risk. Although we will do our best to protect your information, we cannot guarantee the security of your data transmitted over the internet and we do not warrant the security of any information, including your information, which you transmit to us over the internet.
What are my rights?
You have various rights in relation to the data which we hold about you. We have described these below.
To get in touch with us about any of these rights, please contact us at firstname.lastname@example.org or call us at 0207 697 7788.
We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
The GDPR gives you the following rights in relation to your personal data:
Right to object
This right enables you to object to us processing your personal data where we do so for one of the following reasons:
• it is in our legitimate interests to do so (for further information please see "What legal conditions do we rely on for processing your personal data?" below);
• to enable us to perform a task in the public interest or exercise official authority;
• to send you direct marketing materials – see “How does Freedom from Torture use your information”; or
• for scientific, historical, research, or statistical purposes.
Right to withdraw consent
Where we have obtained your consent to process your personal data for certain activities (for example, for marketing), you may withdraw this consent at any time and we will cease to use your data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition.
Data Subject Access Requests
You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
Right to erasure
You have the right to request that we "erase" your personal data in certain circumstances. Normally, this right exists where:
• The data are no longer necessary;
• You have withdrawn your consent to us using your data, and there is no other valid reason for us to continue;
• The data has been processed unlawfully;
• It is necessary for the data to be erased in order for us to comply with our obligations under law; or
• You object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so.
When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.
Right to restrict processing
You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
Right to rectification
You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
Right of data portability
If you wish, you have the right to transfer your personal data between service providers. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the data for you.
Right to complain
If you are unhappy with any aspect of how we are using your personal data, we would like to hear about it. Your feedback enable us to learn and improve. To make a complaint to Freedom from Torture please contact us on email@example.com 0207 697 7788.
You have the right to lodge a complaint with our regulator, who is the Information Commissioner's Office in the UK. You can contact them in the following ways:
• Phone: 0303 123 1113
• Email: firstname.lastname@example.org
• Live chat
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Do we transfer your personal data overseas?
The data that we collect from you may be transferred to, and stored at, destinations both within and outside the European Economic Area (EEA), for example, where we use a service provider that is located outside the EEA.
We want to make sure that your personal data is stored and transferred in a way which is secure. We will therefore only transfer data outside of the EEA where it is compliant with the GDPR and the means of transfer provides adequate safeguards in relation to your data. For example, this could be:
• By way of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws. A copy of the standard contractual clauses is available here; or
• By transferring your data to an entity which has signed up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions; or
• By transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country's levels of data protection via its legislation; or
• Where you have explicitly consented to the data transfer.
How long will we keep your personal data?
We will not keep your personal data for longer than is necessary for the purposes for which we have collected it, unless we believe that the law or other regulation requires us to keep it or if we require it to enforce our agreements.
When it is no longer necessary to retain your personal data, we will delete the personal data that we hold about you from our systems. While we will endeavour to permanently erase your personal data once it reaches the end of its retention period, some of your personal data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.
What legal conditions do we rely on for processing your personal data?
There are a number of different ways that we are lawfully able to process your personal data. We have set these out below.
Where using your data is in our legitimate interests
We are allowed to use your personal data where it is in our interests to do so, and those interests aren't outweighed by any potential prejudice to you.
We believe that our use of your personal data is within a number of our legitimate interests, including but not limited to:
• keeping a record of people who are interested in our cause and may wish to donate in the future;
• protecting our business and physical and digital assets;
• developing and growing our supporter base;
• informing and developing our fundraising strategy;
• enabling us to communicate with you.
See also “How does Freedom from Torture use your information”
Where you give us your consent to use your personal data
We are allowed to use your data where you have specifically consented. In order for your consent to be valid:
• It has to be given freely, without us putting you under any type of pressure;
• You have to know what you are consenting to – so we'll make sure we give you enough information;
• You should only be asked to consent to one thing at a time – we therefore avoid "bundling" consents together so that you don't know exactly what you're agreeing to; and
• You need to take positive and affirmative action in giving us your consent – we're likely to provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.
As part of our relationship with you, we may ask you for specific consents to allow us to use your data in certain ways. If we require your consent, we will provide you with sufficient information so that you can decide whether or not you wish to consent.
For example we ask for your consent to email, phone or text you for communication and fundraising purposes.
You have the right to withdraw your consent at any time. We have set out details regarding how you can go about this in section "What are my rights?" above.
Where using your personal data is necessary for us to carry out our obligations under our contract with you
We are allowed to use your personal data when it is necessary to do so for the performance of our contract with you.
For example, we need to collect your contact details in order to be able to communicate with you and process your donations.
Where processing is necessary for us to carry out our legal obligations
As well as our obligations to you under any contract, we also have other legal obligations that we need to comply with and we are allowed to use your personal data when we need to in order to comply with those other legal obligations.