1 Privacy Policy

The Fawcett Society takes your personal data extremely seriously. This document will describe what we do with any personal data you provide to us, what your rights are in relation to them and how you can exercise those rights. You can contact us by visiting our Contact Us page.

Please see below for information on your rights, and how you can make use of them.

We process your data in the following situations:

We take extra care of personal data when we know that you are under 18.

We designed this document as a pick-and-mix reference guide, so hopefully you'll be able to just browse the sections that are relevant to you. Of course, you are also welcome to browse this document in its entirety.

The section on visiting our website will be relevant to anyone who is reading this online.

If you are interested in a list of all our contractors that handle personal data, you can visit the final heading of this document.

1.1 Data retention

In general we retain data for as long as is necessary to accomplish the task set out in each section. This means that we do not retain your personal data if we have no reason to do so. On the other hand, some of our goals require us to retain your data. For example, we will keep records of transactions for 7 years as is legally required of us. We will retain information from our legacies project for an indefinite amount of time as that is a fundamental requirement of us running the scheme. If you would like us to actively delete your personal data even if it is still required for some of our stated aims, then you can make use of your right to erasure.

Back to top

1.2 Your rights

The General Data Protection Regulation enshrines the following rights for you in law:

  • Right to be informed — the right to know what is happening with your personal data. This document as well as notices along our services serve to fulfill that right for you.
  • The right to access your personal data — you can request a copy of the data we hold about you.
  • The right to rectification — you have the right to correct personal data that we hold about you. We will then inform our data processors of the rectification and expect them to update their records too.
  • The right to erasure — you have the right to request that we delete any personal data we hold about you. This is not an absolute right: we can retain data derived from your original data if it is no longer personal. We might also not be in a place where we can delete (all) of your data for, for instance, legal reasons.
  • The right to object — you have the right to object to our processing of your data as set in the rest of this document. This right allows you to request that we stop processing your data temporarily, whilst we work to follow up on one of your other rights.
  • The right to the restriction of processing — this right entitles you to request a pause on our processing of your data whilst you and Fawcett Society resolve a query relating to one of your other rights. We will apply this automatically if you request this whilst exercising one of your other rights.
  • The right to data portability — this right grants you the ability to request a portable version of your personal data, i.e. data in an electronic format that you can then use with other service providers. We do not fit the criteria for this right, as we do not carry out automatic processing.
  • You have rights related to automatic decision making — these rights relate to automated profiling, which we do not use.

In addition, where we rely on Consent as our legal basis, you have the right to unconditionally withdraw consent. At this point we will stop processing your data, and delete any personal data that we do not need to hold for other reasons. You can exercise this right by unsubscribing directly from communications, or by completing this form.

Finally you have the right to lodge a complaint with a supervisory body in Europe. You should normally do this in the country where you are habitually resident. In the UK this authority is the Information Commissioner. You can lodge a complaint at https://ico.org.uk/concerns/.

Of course if you are unhappy with the way we have handled your personal data, we would prefer to hear from you directly so we can work on a solution with you.

Back to top

1.3 Using our website, or contacting us by phone or email

When you use our website we use technologies that allow us to track your interaction with our website. These technologies are provided by Google Analytics. We do this improve your user experience and to gather usage statistics to make informed choices on further web development and design.

We also use other unobtrusive web technologies, such as session cookies to provide a functioning or pleasant website as a whole. These technologies as well as our web platform are provided by Raising IT.

Large parts of this analysis relies on anonymous data, but some data, through for instance your IP address, is personal.

The legal basis for this processing is our Legitimate Interest in being able to provide an engaging and welcoming online platform to support the mission of the Fawcett Society.

When you contact us by phone we will, depending on your query create or update some of your personal information in our contact relationship management system, which is hosted and developed by the Access Group.

When you contact us by email, your email address, as well as the contents of your email will be stored on our Office365 environment, provided by Microsoft. In addition we may create or update a record for you in our contact relationship management system.

The legal basis for both the above uses of your personal data is our Legitimate Interest in being able to provide a well-functioning office environment where we can serve enquiries from a diverse range of people.

1.3.1 Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

For further information visit https://www.aboutcookies.org or https://www.allaboutcookies.org.

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.

1.4 Signing up to our newsletter

We publish a newsletter that aims to keep interested persons, campaigners and activists informed about & engaged with our work. The newsletter contains information relating to our campaigns, research and events that we run. It also contains commentary on topical issues and carries advertising for our shop. Finally we also use it to make supporters aware of fundraising initiatives we are running.

When you sign up to our newsletter, the personal data you provide will be passed on to Mailchimp, who provide mailing list infrastructure to us. Mailchimp uses some personal tracking technologies to allow us to carry out analysis on the success of our mailing list. Mailchimp is a US company, so the personal data you provide us with may leave the EU. Mailchimp operate under the EU-US Privacy Shield initiative to certify that they live up to EU standards of data protection.

We also synchronise personal data you provide when you sign up to our newsletter with our contacts relationship management system provided by the Access Group. We do this in order to keep track of your communication preferences.

The legal basis for our processing of your data in this way is Consent, which you can withdraw at any time by unsubscribing from the newsletter. Simply click the unsubscribe button on any of our mailings to do so.

1.4.1 Contractors we use:

1.5 Making a donation to us, or to a fundraising event

As a charity a large part of our funding comes from donations. In order to minimise the amount of personal data we store on our systems we have implemented several robust means of online giving.

When you make a donation we collect personal data to facilitate making the payment. We also use your personal data to claim Gift Aid on your donation if you have told us that you would like us to do so. When we do so we transfer your name and address to HMRC's systems.

Depending on which method of payment you use, the personal data you entered on our website, which is run by Raising IT, as well as additional payment details (such as your account number, or debit card number) will be provided to one of our payment providers: GoCardless for Direct Debits, or Paypal or Stripe for individual payments.

We also synchronise donation payment details with our contacts relationship management system provided by the Access Group.

The legal basis for our processing of your data is our Legitimate Interest to generate revenue, take payments, document transactions that might be audited at a later stage and to be able to handle enquiries from you about any moneys you have contributed to us.

1.6 Becoming a member of our organization or gifting a membership

Our membership schemes provide us with stable, independent funding. It lies at the core of how we are able to carry out our mission.

When you become a member the data you enter on our web platform, which is provided by Raising IT, is stored there. That data as well as your payment credentials are also used by the payment provider used depending on the type of payment you make: GoCardless for Direct Debits, or Paypal or Stripe for individual payments.

We also synchronise your data with our contacts relationship management system provided by the Access Group in order to manage your membership with us. This will include us communicating with you by post, email or telephone for administrative purposes.

The legal basis for the above forms of data processing is our Legitimate Interest to provide an effective service for our members.

We also provide our members with our magazine, Stop Gap!, generally by post. In order for us to post this to you we need to transfer your name and address to our printing contractors, CM Print.

The legal basis for the above mailing is Consent, which you can withdraw by contacting us.

If you told us that you would like to be kept in touch with, then we subscribe you to our members only newsletter, that we send out by email. Some of your personal details, namely your name and email address, will be transferred to Mailchimp, which provides us with a mailing list infrastructure. Mailchimp uses some personal tracking technologies to allow us to carry out analysis on the success of our mailing list. Mailchimp is a US company, so the personal data you provide us with may leave the EU. Mailchimp operate under the EU-US Privacy Shield initiative to certify that they live up to EU standards of data protection.

The legal basis for our newsletter is Consent, which you can withdraw at any time by unsubscribing from the newsletter. Simply click the unsubscribe button on any of our mailings to do so.

1.6.1 Gift Memberships

In addition to the terms above, when you offer a membership as a gift to someone else, you provide us with the details of the person that you wish to make the gift out to. We will contact them to let them know that we have obtained their information from you, and to let them know that they have been given this gift.

We will also, in that email, ask them whether they would like to be signed up to our newsletter.

1.6.2 Family Memberships

When you sign up for a family membership, the same terms apply as for ordinary memberships. We will be in contact with you in order to manage the family membership.

We will store the details of the individual persons in your family membership in the same way as we store your details.

1.6.3 Our Affiliate Membership Program

We offer an affiliate membership program to organizations on the basis of mutual agreement. We will collect and process your data in a very similar way to our normal membership programs. One of the primary differences will be our communications to you.

Your organization will designate a specific individual for us to communicate with, and we will do so on the assumption that this is part of their role within your organization. That individual will normally receive our newsletters and campaigning information, but we may also on occasion communicate content specifically tailored to our affiliate members.

1.7 Taking part in one of our research projects

We carry out research projects to strengthen our policy work, create public discussion to further our mission and to contribute to the body of knowledge around gender equality.

Each individual research project is governed by its own Privacy Policy, and will be provided with it, as well as contact persons for that project, at the time you sign up for it.

1.7.1 Retention Policy

The retention policy of research projects is governed by the Privacy Policy of each individual research project.

Back to top

1.8 Attending one of our events

We organise public as well as private events to further our cause. We manage events through our web platform provided by Raising IT. When you sign up to an event, data you provide will be stored on that platform.

In addition, if the event is chargeable, some of that data, as well as your payment details are provided to your payment provider of choice: GoCardless for Direct Debits, or Paypal or Stripe for individual payments.

We synchronise data about our event attendees with our contacts relationship management system provided by the Access Group. We do this in order facilitate event administration.

The legal basis for our event administration, including associated campaign communications is Consent, which you can withdraw at any time by informing us of your wish to withdraw from the event. You can do so by contacting us.

1.9 Hosting a sponsored event with us

You can organise a fundraising event for us, and we can provide the infrastructure for you! If you decide to do so, the data you provide will be stored on our web platform which is provided by Raising IT.

We synchronise data about our fundraisers with our contacts relationship management system provided by the Access Group in order to administer the fundraising process. You will be assigned a dedicated income source on our systems through which we track who donated to your cause, and how much they gave.

The legal basis for our processing of your data in this way is our Legitimate Interest in providing you with a pleasant and effective fundraising infrastructure. In addition we also process your data to allow us to maintain records that we can then use to claim Gift Aid, if appropriate, or report against the effectiveness of our fundraising campaigns.

1.9.1 Contractors we use:

1.10 Purchasing items from our shop

Our webshop is hosted by Shopify. When you purchase an item in our store you provide personal data which is stored in Shopify's systems. Shopify makes that data available to us so that we can fulfill and/or track your order. Shopify's European headquarters are located in Ireland and thus the EU. However, Shopify does transfer data out of the EU from Ireland. Shopify operate under the EU-US Privacy Shield initiative to certify that they live up to EU standards of data protection.

Some products are supplied by us from our offices, at which point your data simply stays in Shopify's system. Other products are supplied on demand by A.M. Custom Clothing. Some of your personal data necessary to fulfill the order will be transfered to their systems to that end.

Our legal basis for this processing is our Contractual obligation to you to supply you with goods purchased from us.

1.10.1 Contractors we use:

1.11 Campaigning with us

The legal basis for data processing below is our Legitimate Interest in providing that particular form of campaigning.

1.11.1 Blogging with us

If you decide to write blogs for us we will store your contact details in our contacts relationship management system provided to us by Access Group. Some personal data will also be stored on our web platform, upon which your articles are published. This is provided by Raising IT.

We will retain copies of communications about your volunteering in our email systems supplied by Microsoft Office365.

  1. Contractors we use:

1.11.2 Volunteering with us

We work with volunteers to facilitate events, support our membership scheme and administer our shop, as well as many other specific campaigns.

To facilitate our work with volunteers we store their details in our contacts relationship management system provided to us by Access Group.

We will retain copies of communications about your volunteering in our email systems supplied by Microsoft Office365.

  1. Contractors we use:

1.11.3 Becoming involved in our local groups

We work with a number of affiliated local groups and on occasion act as mediators for them. In general each local group is responsible for their own data management. If you express interest in getting involved in a local group to us we will pass those details on to the most appropriate group. We will also store your contact details in our contacts relationship management system provided to us by Access Group.

We will retain copies of communications about your volunteering in our email systems supplied by Microsoft Office365.

  1. Contractors we use:

1.12 Signing up to an affiliate programme

1.12.1 Retention Policy

The retention policies for our individual affiliate programmes depend on the programmes themselves and the terms of those programmes. Please see the details of the particular programme you are signing up to.

  1. Free Wills Network

    We work together with the Free Wills Network, managed by Capacity Marketing, to provide a legacies programme for us. As part of this programme we advertise the network's service to our members for whom we can provide a free standard will.

    If you decide to make use of this offer then you will be providing the personal data you submit on our webform directly to Capacity Marketing. We will also hold that data you submit in our own contact relationship management system hosted by the Access Group, so that we can keep track of who has expressed an interest in our legacies programme.

    We will retain your data in the context of this programme for as long as you are part of it, and the legal basis for this is your consent which you can withdraw at any time.

    1. Data Controllers we work with:

1.13 Joining one of our grass-roots pilot projects

We will occasionally start new initiatives to organise people around issues around gender equality. We will never assume that you would like to join such a network by default.

On the other hand, sometimes people that are part of such networks are interested in organising a local Fawcett Group. To this end we will occasionally inform you about local groups through the network's communication channels.

We are currently running a pilot for:

  • people who are interested in women's representation and participation locally.

If you sign up for such a pilot, we would record at least your name and email address. In addition, we join this data with any membership or donation data we may already hold for you.

If you sign up through the website, your data will be stored by our website provider, RaisingIT. In any case, we will securely transfer your data to our contacts relationship management system, which is hosted by the Access Group.

We use MailChimp to facilitate our mailing lists. Mailchimp uses some personal tracking technologies to allow us to carry out analysis on the success of our mailing list. Mailchimp is a US company, so the personal data you provide us with may leave the EU. Mailchimp operate under the EU-US Privacy Shield initiative to certify that they live up to EU standards of data protection.

In addition we may securely and temporarily pass your data to CM Print, who we use for printed communications with you.

The legal basis for this data processing is your consent, which you can withdraw at any time.

1.14 Applying for a position with us

When you apply to work with us you will inevitably submit personal data to us, in the form of your application. We process this data for the purpose of filling the post you applied for. But on occasion we may well wish to hold on to your details, and even your application, for some time afterwards even if your application was not successful. This is on order for us to get back to you if we feel another job opening might suit you. We would only do this after we explicitly asked for your permission.

We would retain this data for up to a year after your application to the post. If we decide no to hold on to your data then we will securely destroy it after the vacancy has been filled.

If your application is successful then the context in which we hold your personal data changes. It is now governed by our internal HR procedures, which you would be free to consult at that point.

In either of the above cases, your personal contact details will be added to our contact relationship management system, hosted by the Access Group. Your application itself would be stored in our Office365 environment.

We also will ask you to complete an anonymous diversity survey, hosted on Smart Survey. This is optional, and contains no direct questions that serve to identify you.

The legal basis for our processing of your data in the context of recruitment is consent, which you can withdraw at any time.

1.15 How we handle data of young people

The GDPR designates personal data of young people as particularly sensitive. In addition there are additional regulations in place around fundraising when it comes to young people and young adults.

For this reason, where we have identified user journeys where we might be collecting personal data of young people, we ask for a date of birth.

If you provide us with that date of birth, it will be stored on our web platform, which is provided by Raising IT. We will also store it on our contacts relationship management system, which is provided by Access Group.

The legal basis for this is Legal Obligation, as set out in the GDPR.

Back to top

1.16 Our use of your data when you are a person of public interest, such as a politician, campaigner or journalist

We are, amongst other things, a campaigning organization. A part of the work we do involves talking to, networking and building alliances with politicians and other persons of public interest.

To this end, if you are such a person, we may hold information about you, your voting history, your campaigning and/or professional work in our contact relationship management system, hosted by the Access Group. We may use this information for influencing and campaigning work with you, or in the process of generating reports or research.

The legal basis for our use of your data in this context is our legitimate interest to further our charitable goals.

Back to top

2 Other websites

Our website contains links to other websites. This privacy policy only applies to this website so when you follow a link to other websites you should read their own privacy policies.

3 Contractors

3.1 List of Data Processors we work with

3.1.1 Access Group

Access Group provide us with secure storage for our customer relations management database. They also provide us with the software powering that database.

Access Group merely provide the infrastructure for our database, and as such do not access any data we store in it.

3.1.2 A.M. Custom Clothing

We use A.M. Custom Clothing to provide print-on-demand services for clothes sold on our webstore. We will transfer the minimum amount of data to satisfy your order to them. This includes your name & address, as well as order details. This data is only used for order fulfilment and is destroyed afterwards.

3.1.3 CM Print

We use CM Print to produce & post paper documents that are then sent to our members. To this end we securely transfer personal identification from our systems to CM Print, who only use it for postage & printing. The copy of the data they hold is destroyed after completion of the project.

3.1.4 Google Analytics

We use Google Analytics to carry out analysis of usage on our website so that we can improve it & the campaigning work we carry out. We only use Google Analytics aggregate reporting.

Google Analytics does transfer data out of the EU. To this end it is EU-US Privacy Shield certified.

You can find more information on Google's use of your data at here.

3.1.5 Mailchimp

We use Mailchimp to manage our newsletter as well as to organise mass-mailings related to campaigns, events and adminstration.

To this end, some personal detail, such as your name and email address, is stored on Mailchimp's servers. In addition, Mailchimp uses some personal tracking technologies to allow us to carry out analysis on the success of our emails. Mailchimp is a US company, so the personal data you provide us with may leave the EU. Mailchimp operate under the EU-US Privacy Shield initiative to certify that they live up to EU standards of data protection.

3.1.6 Microsoft Office365

We use the Microsoft Office365 infrastructure to provide our email, and data storage infrastructure. In the course of communicating with us by email, and in the course of our work to carry out our charitable goals we will store personal data in this infrastructure.

Microsoft complies operates under EU-US Privacy Shield certification and provides additional contractual commitments.

You can find out more about this at here.

3.1.7 Raising IT

Raising IT provide us with our website and its database. They host as well as develop the software. As a result, any data submitted through our website (such as registration data, or donor data), is stored on Raising IT's servers. Raising IT merely hold the data for us and we are in control of retention & manipulation. As such they act as Data Processors in our service. You can read their Privacy Policy for more details.

3.1.8 Shopify

We provide a webstore through Shopify. We don't supply personal data directly to Shopify — you do when you place an order. Having said that, Shopify operates as a processor for us, and therefore only stores and processes that data to carry out its role as a webstore provider.

Data provided to Shopify is controlled by its Irish offices, from which it may then flow out of the EU.

You can find more information about Shopify's approach to the GDPR at here.

3.1.9 Smart Survey

We use Smart Survey as our preferred survey service provider. Smart Survey collects and stores data for us as supplied by participants to our surveys. They only store the data to fulfill their agreement with us as the account holder.

You can find out about Smart Survey's approach to privacy at here.

3.2 List of Data Controllers we work with

3.2.1 Capacity Marketing

We work with Capacity Marketing as part of the Free Will's network. We provide some personal data, explicitly on the basis of your request, via secure data transfer, which is then only used by Capacity to help you enroll in the Free Wills scheme.

3.2.2 GoCardless

We use GoCardless as our Direct Debit payment provider. In the course of making a commitment to payments by Direct Debit to us, some data is transferred to GoCardless so they can present you with a form to collect your payment details. These details are stored on GoCardless' servers that are operated within the EU.

GoCardless acts as a data controller with regard to your data which means that they operate according to their own retention policies and data processing policies. Nonetheless, we are given access to your personal data so that we can carry out reporting & other administrative tasks.

For more information on how GoCardless treats personal data you can browse these resources. You can also read their Privacy Documents.

3.2.3 PayPal

We use PayPal to allow our supporters to make convenient online payments. PayPal acts as an independent data controller and we do not transfer personal data to them except in order to pre-populate one of their forms. PayPal makes some personal data available to us for reporting and administrative purposes.

PayPal's infrastructure is global and as such personal data will be transferred out of the EU.

You can read more about PayPal's privacy commitments at here.

3.2.4 Stripe

We use Stripe as a debit and credit card payment gateway. Stripe acts as an independent data controller and we do not transfer personal data to them except in order to pre-populate one of their forms. Stripe makes some personal data available to us for reporting and administrative purposes.

Stripe's infrastructure is global and as such personal data will be transferred out of the EU. You can find out more about the clauses Stripe use for these transfers by contacting them at [email protected]

You can read more about Stripe's privacy commitments here.

Back to top

4 Metadata

This Privacy Policy governs how The Fawcett Society (Registered charity no.1108769. Limited company registered in England and Wales no. 04600514) uses any personal data you may submit to it.

This policy is written in accordance with the General Data Protection Regulation (GDPR) 2018 and with the Data Protection Act 1998.

This policy applies to all public facing data processing Fawcett Society carries out.

Version: 1.2 Modified: 09/08/18

Back to top