Thames21 is committed to protecting your privacy and security. This policy explains how and why we use your personal data, to ensure you remain informed and in control of your information.
From May 2018, anyone who engages with Thames21 will be asked to “opt-in” for marketing communications, in order to comply with the General Data Protection Regulation law changes of May 25th 2018.
This means you’ll have the choice as to whether you want to receive these messages and be able to select how you want to receive them (email, phone, SMS or post).
You can decide not to receive communications or change how we contact you at any time. If you wish to do so please email email@example.com (lines open 9am – 5pm, Monday – Friday) or write to Thames21 at 78-83 Upper Thames Street, London, EC4R 3TD.
We will never sell your personal data, and will only ever share it with organisations we work with where necessary and if its privacy and security are guaranteed, or where we are required to by law.
- ABOUT US
Your personal data (i.e. any information which identifies you, or which can be identified as relating to you personally) will be collected and used by Thames21.
- WHAT INFORMATION WE COLLECT
Personal data you provide
We collect data you provide to us. This includes information you give when volunteering, registering at one of our engagement events, or using one of our services . For example:
- personal details (name, date of birth, email, address, telephone, ethnicity, etc.) when you join as a volunteer;
- financial information (payment information such as credit/debit card or direct debit details, and whether donations are gift-aided.
Information created by your involvement with Thames21
Your activities and involvement with Thames21 will result in personal data being created. This could include details of how you’ve helped us by volunteering or being involved with our campaigns and activities.
If you decide to donate to us then we will keep records of when and how much you give to a particular cause.
Information we generate
We conduct research and analysis on the information we hold, which can in turn generate personal data. For example, by analysing your location and ethnicity and involvement with our work we may be able to fundraise further to extend the work of Thames21 in the region.
We sometimes receive personal data about individuals from third parties, or vice versa. For example, if we are partnering with another organisation (e.g. you provide your information to another organisation we’re collaborating with on a project). These partnerships and how we collect and use your details will be explained at the point we collect data and on the platform we collect that data, whether it be a registration form or electronically such as via Mailchimp or WordPress.
Collection of data for our work can also involve third party platforms, who collect and store personal data on our behalf. We only work with platforms which have data protection policies compliant with the General Data Protection Regulations, which became effective on May 25th, 2018.
We may also receive information about you from third parties. This can include information such as your name, postal address, email address, phone number, credit/debit card details and whether you are a tax payer so that we can claim Gift Aid.
As explained in Section 12 (Cookies and links to other sites), we may use third parties to help us conduct research and analysis on personal data (and this can result in new personal data being created).
We may collect information from social media where you have given us permission to do so, or if you post on one of our social media pages.
Sensitive personal data
We do not normally collect or store sensitive personal data (such as information relating to health, beliefs or political affiliation) about supporters and members. However there are some situations where this will occur (e.g. if you volunteer at an event with us and tell us about a pre-existing medical condition, or if required to do so by law). If this does occur, we’ll take extra care to ensure your privacy rights are protected.
Accidents or incidents
If an accident or near-miss incident occurs at one of our events or involving one of our staff (including volunteers) then we’ll keep a record, which may include personal data and sensitive personal data, for as long as we are required to do so by law.
If you are a volunteer or helping us to lead an event then we may collect extra information about you (e.g. references, criminal records checks, details of emergency contacts, medical conditions etc.). This information will be retained for legal reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.
4. HOW WE USE INFORMATION
We only ever use your personal data with your consent, or where it is necessary in order to:
- enter into, or perform, a contract with you;
- comply with a legal duty;
- protect your vital interests;
- for our own (or a third party’s) lawful interests, provided your rights don’t override these.
In any event, we’ll only use your information for the purpose or purposes it was collected for (or else for closely related purposes):
We use personal data to communicate with people, to promote Thames21 and to help with fundraising. This includes keeping you up to date with our news, updates, campaigns and fundraising information.
We use personal data for administrative purposes (i.e. to carry on our charity and conservation work). This includes:
- receiving donations (e.g. direct debits or gift-aid instructions);
- maintaining databases of our volunteers, members and supporters;
- performing our obligations under contracts;
- helping us respect your choices and preferences (e.g. if you ask not to receive marketing material, we’ll keep a record of this)
5. DISCLOSING AND SHARING DATA
We will never sell your personal data.
We may share personal data with partner organisations on specified projects. Occasionally, where we partner with other organisations, we may also share information with them (for example, if you register to attend an event being jointly organised by us and another organisation)
From May 2018, Thames21 will be asking anyone who engages with us to “opt-in” for most communications. This means you’ll have the choice as to whether you want to receive these messages and be able to select how you want to receive them (by post, phone, email, text).
You can decide not to receive communications, or change how we contact you at any time.
What does ‘marketing’ mean?
Marketing does not just mean offering things for sale, but also includes news and information about:
- our charity, campaigns and conservation work;
- volunteering opportunities and how you can help improve rivers;
- appeals and fundraising (including donations and also competitions, raffles etc.);
- our events, activities and local groups;
- leaving a legacy;
- taking part in projects
When you receive a communication, we may collect information about how you respond to or interact with that communication, and this may affect how we communicate with you in future.
Thames21 has an e-newsletter which keeps people informed about our activities and involvement in the wider environmental world. You can subscribe to this here or “opt in” via our volunteer and engagement forms. Several Thames21 projects also operate their own newsletters or mailing lists.
You can choose to unsubscribe from general marketing communications without giving up your subscription to one of our other mailing lists, and vice versa.
As a charity, we rely on donations and support from others to continue our work. From time to time, we may contact members and supporters with fundraising material and communications. This might be about an appeal, a competition we’re running, or to suggest ways you can raise funds, or include ways of making a donation.
As with other marketing communications, we’ll only contact you specifically about fundraising if you’ve opted in to receiving marketing from us (and you can unsubscribe at any time)
7. RESEARCH AND PROFILING
This section explains how and why we use personal data to build profiles which enable us to understand our supporters, improve our relationship with them, and provide a better supporter experience.
We may aggregate and anonymise personal data so that it can no longer be linked to any particular person. This information can be used for a variety of purposes, such as recruiting new supporters, or to identify trends or patterns within our existing supporter base. This information helps inform our actions and improve our campaigns, products/services and materials and when making funding applications.
8. YOUNG PEOPLE
Photographs, pictures, stories and competitions
We want young people to join in river-focused activities, and there are opportunities to be featured in our publications.
Parental permission: If your child is under 18 then we’ll need permission from you as their parent or guardian for us to share a picture, photo or story with us.
Information for parents
We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of children. If your child is under 18, we’ll only use his or her personal data with your consent.
Marketing and fundraising
We won’t send marketing emails, letters, calls or messages to under 18 year-olds. The exception to this would be if we ran youth programme where we might need to contact them directly, but parental consent will be gained in the first instance.
9. HOW WE PROTECT DATA
We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use or disclosure of your personal information.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.
Where we store information
Thames21’s operations are based in the UK and we store our data within the European Union. Some organisations which provide services to us may transfer personal data outside of the EEA, but we’ll only allow them to do if your data is adequately protected.
For example, some of our systems use Microsoft products. As a US company, it may be that using their products result in personal data being transferred to or accessible from the US. However, we’ll allow this as we are certain personal data will still be adequately protected (as Microsoft is certified under the USA’s Privacy Shield scheme).
How long we store information
We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored for depends on the information in question and its use. For example, if you ask us not to send you marketing emails, we will stop storing your emails for marketing purposes (though we’ll keep a record of your preference not to be emailed).
We continually review what information we hold and delete what is no longer required. We never store payment card information.
11. KEEPING YOU IN CONTROL
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
- the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as subject access request);
- the right to have your data erased (unless we have a requirement in law to do so);
- the right to have inaccurate data rectified;
- the right to object to your data being used for marketing or profiling; and
- where technically feasible, you have the right to personal data you have provided to us which we process automatically on the basis of your consent or the performance of a contract. This information will be provided in a common electronic format.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
If you would like further information on your rights or wish to exercise them, please write to us at the address at the top.
We can provide you with a template subject access form which includes guidance on how to make your request (and will help us respond more quickly). Please contact us for a copy of this.
You can complain to Thames21 directly by contacting our data protection point of contact, using the details set out above. If wish to make a complaint (including a complaint about fundraising activity) which does not directly relate to your data protection and privacy rights, you can do so in accordance with our charity’s complaint policy.
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk
12. COOKIES AND LINKS TO OTHER SITES
Our website uses local storage (such as cookies) to provide you with the best possible experience and to allow you to make use of certain functionality. Further information can be found in our Cookies Policy at www.thames21.org.uk/cookiespolicy.
Links to other sites
Our website contains hyperlinks to many other websites. We are not responsible for the content or functionality of any of those external websites (but please let us know if a link is not working by using the ‘Contact us’ link at the top of the page).
When purchasing goods or services from any of the businesses that our site links to, you will be entering into a contract with them (agreeing to their terms and conditions) and not with Thames21.