Privacy Policy

The Fawcett Society takes your personal data extremely seriously. This document will describe what we do with any personal data you provide to us, what your rights are in relation to them and how you can exercise those rights. You can contact us by visiting our Contact Us page.

Please see below for information on your rights, and how you can make use of them.

We process your data in the following situations:

We take extra care of personal data when we know that you are under 18.

We designed this document as a pick-and-mix reference guide, so hopefully you'll be able to just browse the sections that are relevant to you. Of course, you are also welcome to browse this document in its entirety.

The section on visiting our website will be relevant to anyone who is reading this online.

If you are interested in a list of all our contractors that handle personal data, you can visit the final heading of this document.

Data retention

In general we retain data for as long as is necessary to accomplish the task set out in each section. This means that we do not retain your personal data if we have no reason to do so. On the other hand, some of our goals require us to retain your data. For example, we will keep records of transactions for 7 years as is legally required of us. We will retain information from our legacies project for an indefinite amount of time as that is a fundamental requirement of us running the scheme. If you would like us to actiely delete your personal data even if it is still required for some of our stated aims, then you can make use of your right to erasure.

Back to top

Your rights

The General Data Protection Regulation enshrines the following rights for you in law:

  • Right to be informed — the right to know what is happening with your personal data. This document as well as notices along our services serve to fulfill that right for you.
  • The right to access your personal data — you can request a copy of the data we hold about you.
  • The right to rectification — you have the right to correct personal data that we hold about you. We will then inform our data processors of the rectification and expect them to update their records to.
  • The right to erasure — you have the right to request that we delete any personal data we hold about you. This is not an absolute right: we can retain data derived from your original data if it is no longer personal. We might also not be in a place where we can delete (all) of your data for, for instance, legal reasons.
  • The right to object — you have the right to object to our processing of your data as set out below. This right depends on the circumstances of the processing, but we will be responding to you as soon as possible to clarify the request.
  • The right to the restriction of processing — this right entitles you to request a pause on our processing of your data whilst you and Fawcett Society resolve a query relating to one of your other rights. We will apply this automatically if you request this whilst exercising one of your other rights.
  • The right to data portability — this right grants you the ability to request a portable version of your personal data, i.e. data in an electronic format that you can then use with other service providers. We do not fit the criteria for this right, as we do not carry out automatic processing.
  • You have rights related to automatic decision making — these rights relate to automated profiling, which we do not use.

In addition, where we rely on Consent as our legal basis, you have the right to unconditionally withdraw consent. At this point we will stop processing your data, and delete any personal data that we do not need to hold for other reasons. You can exercise this right by unsubscribing directly from communications, or by completing this form.

Finally you have the right to lodge a complaint with a supervisory body in Europe. You should normally do this in the country where you are habitually resident. In the UK this authority is the Information Commissioner. You can lodge a complaint at https://ico.org.uk/concerns/.

Of course if you are unhappy with the way we have handled your personal data, we would prefer to hear from you directly so we can work on a solution with you.

Back to top

Using our website, or contacting us by phone or email

When you use our website we use technologies that allow us to track your interaction with our website. These technologies are provided by Google Analytics. We do this improve your user experience and to gather usage statistics to make informed choices on further web development and design.

We also use other unobtrusive web technologies, such as session cookies to provide a functioning or pleasant website as a whole. These technologies as well as our web platform are provided by Raising IT.

Large parts of this analysis relies on anonymous data, but some data, through for instance your IP address, is personal.

The legal basis for this processing is our Legitimate Interest in being able to provide an engaging and welcoming online platform to support the mission of the Fawcett Society.

When you contact us by phone we will, depending on your query create or update some of your personal information in our contact relationship management system, which is hosted and developed by the Access Group.

When you contact us by email, your email address, as well as the contents of your email will be stored on our Office365 environment, provided by Microsoft. In addition we may create or update a record for you in our contact relationship management system.

The legal basis for both the above uses of your personal data is our Legitimate Interest in being able to provide a well-functioning office environment where we can serve enquiries from a diverse range of people.

Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

For further information visit https://www.aboutcookies.org or https://www.allaboutcookies.org.

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.

Signing up to our newsletter

We run a fairly active newsletter that aims to keep interested persons, campaigners, activists and feminists abreast of our work. The newsletter contains information relating to our campaigns, research and events that we run. It also contains commentary on topical issues and carries advertising for our shop. Finally we also use it to make supporters aware of fundraising initiatives we are running.

When you sign up to our newsletter, the personal data you provide will be passed on to Mailchimp, who provide mailing list infrastructure to us. Mailchimp uses some personal tracking technologies to allow us to carry out analysis on the success of our mailing list. Mailchimp is a US company, so the personal data you provide us with may leave the EU. Mailchimp operate under the EU-US Privacy Shield initiative to certify that they live up to EU standards of data protection.

We also synchronise personal data you provide when you sign up to our newsletter with our contacts relationship management system provided by the Access Group. We do this in order to keep track of your communication preferences.

The legal basis for our processing of your data in this way is Consent, which you can withdraw at any time by unsubscribing from the newsletter. Simply click the unsubscribe button on any of our mailings to do so.

Contractors we use:

Making a donation to us, or to a fundraising event

As a charity a large part of our funding comes from donations. In order to minimise the amount of personal data we store on our systems we have implemented several robust means of online giving.

When you make a donation we collect personal data to facilitate making the payment. We also use your personal data to claim Gift Aid on your donation if you have told us that you would like us to do so. When we do so we transfer your name and address to HMRC's systems.

Depending on which method of payment you use, the personal data you entered on our website, which is run by Raising IT, as well as additional payment details (such as your account number, or debit card number) will be provided to one of our payment providers: GoCardless for Direct Debits, or Paypal or Stripe for individual payments.

We also synchronise donation payment details with our contacts relationship management system provided by the Access Group.

The legal basis for our processing of your data is our Legitimate Interest to generate revenue, take payments, document transactions that might be audited at a later stage and to be able to handle enquiries from you about any moneys you have contributed to us.

Becoming a member of our organization or gifting a membership

Our membership schemes provide us with stable, independent funding. It lies at the core of how we are able to carry out our mission.

When you become a member the data you enter on our web platform, which is provided by Raising IT, is stored there. That data as well as your payment credentials are also used by the payment provider used depending on the type of payment you make: GoCardless for Direct Debits, or Paypal or Stripe for individual payments.

We also synchronise your data with our contacts relationship management system provided by the Access Group in order to manage your membership with us. This will include us communicating with you by post, email or telephone for administrative purposes.

The legal basis for the above forms of data processing is our Legitimate Interest to provide an effective service for our members.

We also provide our members with our magazine, Stop Gap!, generally by post. In order for us to post this to you we need to transfer your name and address to our printing contractors, CM Print.

The legal basis for the above mailing is Consent, which you can withdraw by contacting us.

If you told us that you would like to be kept in touch with, then we subscribe you to our members only newsletter, that we send out by email. Some of your personal details, namely your name and email address, will be transferred to Mailchimp, which provides us with a mailing list infrastructure. Mailchimp uses some personal tracking technologies to allow us to carry out analysis on the success of our mailing list. Mailchimp is a US company, so the personal data you provide us with may leave the EU. Mailchimp operate under the EU-US Privacy Shield initiative to certify that they live up to EU standards of data protection.

The legal basis for our newsletter is Consent, which you can withdraw at any time by unsubscribing from the newsletter. Simply click the unsubscribe button on any of our mailings to do so.

Gift Memberships

In addition to the terms above, when you offer a membership as a gift to someone else, you provide us with the details of the person that you wish to make the gift out to. We will contact them to let them know that we have obtained their information from you, and to let them know that they have been given this gift.

We will also, in that email, ask them whether they would like to be signed up to our newsletter.

Family Memberships

When you sign up for a family membership, the same terms apply as for ordinary memberships. We will be in contact with you in order to manage the group membership.

We will store the details of the individual persons in your group membership in the same way as we store your details.

Taking part in one of our research projects

We carry out research projects to strengthen our policy work, create public discussion to further our mission and to contribute to the body of knowledge around gender equality.

Each individual research project is governed by its own Privacy Policy, and will be provided with it, as well as contact persons for that project, at the time you sign up for it.

Retention Policy

The retention policy of research projects is governed by the Privacy Policy of each individual research project.

Back to top

Attending one of our events

We organise public as well as private events to further our cause. We manage events through our web platform provided by Raising IT. When you sign up to an event, data you provide will be stored on that platform.

In addition, if the event is chargeable, some of that data, as well as your payment details are provided to your payment provider of choice: GoCardless for Direct Debits, or Paypal or Stripe for individual payments.

We synchronise data about our event attendees with our contacts relationship management system provided by the Access Group. We do this in order facilitate event administration.

The legal basis for our event administration, including associated campaign communications is Consent, which you can withdraw at any time by informing us of your wish to withdraw from the event. You can do so by contacting us.

Hosting a sponsored event with us

You can organising a fundraising event for us, and we can provide the infrastructure for you! If you decide to do so, the data you provide will be stored on our web platform which is provided by Raising IT.

We synchronise data about our fundraisers with our contacts relationship management system provided by the Access Group in order to administer the fundraising process. You will be assigned a dedicated income source on our systems through which we track who donated to your cause, and how much they gave.

The legal basis for our processing of your data in this way is our Legitimate Interest in providing you with a pleasant and effective fundraising infrastructure. In addition we also process your data to allow us to maintain records that we can then use to claim Gift Aid, if appropriate, or report against the effectiveness of our fundraising campaigns.

Contractors we use:

Purchasing items from our shop

Our webshop is hosted by Shopify. When you purchase an item in our store you provide personal data which is stored in Shopify's systems. Shopify makes that data available to us so that we can fulfill and/or track your order. Shopify's European headquarters are located in Ireland and thus the EU. However, Shopify does transfer data out of the EU from Ireland. Shopify operate under the EU-US Privacy Shield initiative to certify that they live up to EU standards of data protection.

Some products are supplied by us from our offices, at which point your data simply stays in Shopify's system. Other products are supplied on demand by A.M. Custom Clothing. Some of your personal data necessary to fulfill the order will be transfered to their systems to that end.

Our legal basis for this processing is our Contractual obligation to you to supply you with goods purchased from us.

Campaigning with us

The legal basis for data processing below is our Legitimate Interest in providing that particular form of campaigning.

Blogging with us

If you decide to write blogs for us we will store your contact details in our contacts relationship management system provided to us by Access Group. Some personal data will also be stored on our web platform, upon which your articles are published. This is provided by Raising IT.

We will retain copies of communications about your volunteering in our email systems supplied by Microsoft Office365.

Volunteering with us

We work with volunteers to facilitate events, support our membership scheme and administer our shop, as well as many other specific campaigns.

To facilitate our work with volunteers we store their details in our contacts relationship management system provided to us by Access Group.

We will retain copies of communications about your volunteering in our email systems supplied by Microsoft Office365.

Becoming involved in our local groups

We work with a number of affiliated local groups and on occasion act as mediators for them. In general each local group is responsible for their own data management. If you express interest in getting involved in a local group to us we will pass those details on to the most appropriate group. We will also store your contact details in our contacts relationship management system provided to us by Access Group.

We will retain copies of communications about your volunteering in our email systems supplied by Microsoft Office365.

Signing up to an affiliate programme

Retention Policy

The retention policies for our individual affiliate programmes depend on the programmes themselves and the terms of those programmes. Please see the details of the particular programme you are signing up to.

  • Free Wills Network

    We work together with the Free Wills Network, managed by Capacity Marketing, to provide a legacies programme for us. As part of this programme we advertise the network's service to our members for whom we can provide a free standard will.

    If you decide to make use of this offer then you will be providing personal data directly to Capacity Marketing.

How we handle data of young people

The GDPR designates personal data of young people as particularly sensitive. In addition there are additional regulations in place around fundraising when it comes to young people and young adults.

For this reason, where we have identified user journeys where we might be collecting personal data of young people, we ask for a date of birth.

If you provide us with that date of birth, it will be stored on our web platform, which is provided by Raising IT. We will also store it on our contacts relationship management system, which is provided by Access Group.

The legal basis for this is Legal Obligation, as set out in the GDPR.

Back to top

Other websites

Our website contains links to other websites. This privacy policy only applies to this website so when you follow a link to other websites you should read their own privacy policies.

Contractors

List of Data Processors we work with

Access Group

Access Group provide us with secure storage for our customer relations management database. They also provide us with the software powering that database.

Access Group merely provide the infrastructure for our database, and as such do not access any data we store in it.

A.M. Custom Clothing

We use A.M. Custom Clothing to provide print-on-demand services for clothes sold on our webstore. We will transfer the minimum amount of data to satisfy your order to them. This includes your name & address, as well as order details. This data is only used for order fulfilment and is destroyed afterwards.

CM Print

We use CM Print to produce & post paper documents that are then sent to our members. To this end we securely transfer personal identification from our systems to CM Print, who only use it for postage & printing. The copy of the data they hold is destroyed after completion of the project.

Google Analytics

We use Google Analytics to carry out analysis of usage on our website so that we can improve it & the campaigning work we carry out. We only use Google Analytics aggregate reporting.

Google Analytics does transfer data out of the EU. To this end it is EU-US Privacy Shield certified.

You can find more information on Google's use of your data at https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008.

Mailchimp

We use Mailchimp to manage our newsletter as well as to organise mass-mailings related to campaigns, events and adminstration.

To this end, some personal detail, such as your name and email address, is stored on Mailchimp's servers. In addition, Mailchimp uses some personal tracking technologies to allow us to carry out analysis on the success of our emails. Mailchimp is a US company, so the personal data you provide us with may leave the EU. Mailchimp operate under the EU-US Privacy Shield initiative to certify that they live up to EU standards of data protection.

Microsoft Office365

We use the Microsoft Office365 infrastructure to provide our email, and data storage infrastructure. In the course of communicating with us by email, and in the course of our work to carry out our charitable goals we will store personal data in this infrastructure.

Microsoft complies operates under EU-US Privacy Shield certification and provides additional contractual commitments.

You can find out more about this at https://www.microsoft.com/en-us/trustcenter/Privacy/GDPR#General-FAQ.

Raising IT

Raising IT provide us with our website and its database. They host as well as develop the software. As a result, any data submitted through our website (such as registration data, or donor data), is stored on Raising IT's servers. Raising IT merely hold the data for us and we are in control of retention & manipulation.

Shopify

We provide a webstore through Shopify. We don't supply personal data directly to Shopify — you do when you place an order. Having said that, Shopify operates as a processor for us, and therefore only stores and processes that data to carry out its role as a webstore provider.

Data provided to Shopify is controlled by its Irish offices, from which it may then flow out of the EU.

You can find more information about Shopify's approach to the GDPR at https://help.shopify.com/manual/your-account/GDPR.

Smart Survey

We use Smart Survey as our preferred survey service provider. Smart Survey collects and stores data for us as supplied by participants to our surveys. They only store the data to fulfill their agreement with us as the account holder.

You can find out about Smart Survey's approach to privacy at https://www.smartsurvey.co.uk/privacy-policy.

List of Data Controllers we work with

Capacity Marketing

We work with Capacity Marketing as part of the Free Will's network. We provide some personal data, explicitly on the basis of your request, via secure data transfer, which is then only used by Capacity to help you enroll in the Free Wills scheme.

GoCardless

We use GoCardless as our Direct Debit payment provider. In the course of making a commitment to payments by Direct Debit to us, some data is transferred to GoCardless so they can present you with a form to collect your payment details. These details are stored on GoCardless' servers that are operated within the EU.

GoCardless acts as a data controller with regard to your data which means that they operate according to their own retention policies and data processing policies. Nonetheless, we are given access to your personal data so that we can carry out reporting & other administrative tasks.

For more information on how GoCardless treats personal data you can visit https://support.gocardless.com/hc/en-gb/articles/360000281005.

PayPal

We use PayPal to allow our supporters to make convenient online payments. PayPal acts as an independent data controller and we do not transfer personal data to them except in order to pre-populate one of their forms. PayPal makes some personal data available to us for reporting and administrative purposes.

PayPal's infrastructure is global and as such personal data will be transferred out of the EU.

You can read more about PayPal's privacy commitments at https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

Stripe

We use Stripe as a debit and credit card payment gateway. Stripe acts as an independent data controller and we do not transfer personal data to them except in order to pre-populate one of their forms. Stripe makes some personal data available to us for reporting and administrative purposes.

Stripe's infrastructure is global and as such personal data will be transferred out of the EU. You can find out more about the clauses Stripe use for these transfers by contacting them at [email protected]

You can read more about Stripe's privacy commitments at https://stripe.com/gb/privacy.

Back to top

Metadata

This Privacy Policy governs how The Fawcett Society (Registered charity no.1108769. Limited company registered in England and Wales no. 04600514) uses any personal data you may submit to it.

This policy is written in accordance with the General Data Protection Regulation (GDPR) 2018 and with the Data Protection Act 1998.

This policy applies to all public facing data processing Fawcett Society carries out.

Version: 1.0 Modified: 16/05/18

Back to top