These data analysis or research activities below cover a wide range of different actions that may or may not involve the use of individual personal data or automatic processing of such data. For example, segmenting supporter data by group or combining data relating to specific supporters with other data available from external sources to build up an individual profile of them.
The following is intended to give a detailed overview of why we do this type of work: You are free at any time to tell us that you no longer wish to have your personal data used in connection with any of the following activities by contacting us at firstname.lastname@example.org or on 020 7346 1205.
2. Why do we research?
We may conduct research to support a number of our activities as a charity. Primarily:
(a) to ensure that our campaigns, events and other fundraising communications are targeted in the most effective way possible and to the people who are most likely to be interested in them;
(b) to allow us to analyse and review the effectiveness of certain campaigns and to see what may be of most interest to our supporters in the future;
(c) to determine whether or not certain potentially donors may be interested in supporting us and therefore may be interested in being approached as a donor;
(d) to ensure that we conduct campaigns responsibly and in compliance with law and industry codes of practice (for example, around safeguarding of vulnerable individuals); and/or
(e) to ensure that we have reasonable knowledge of who supporters or prospective donors may be and, in compliance with ethical and regulatory responsibilities, minimise the risk of our charity suffering unnecessary harm or reputational damage.
Please note that any research that we mention below does not affect the other legal duties that we owe to individuals in respect of the collection, holding and processing of their personal data under the Data Protection Act 1998 (DPA) (and also under the EU General Data Protection Regulation from May 2018 (GDPR)).
3. What types of research?
We may conduct the following research, using existing supporter data and/or data from publically available sources:
(a) Segmentation of Supporter Groups
We may conduct analysis of supporters by group, post code or particular area where supporters may be based to ensure that any campaigns or mailings are sent to those who will be most interested or likely to respond. This helps us to target our fundraising and spend our campaign funds more effectively.
Please note that this type of activity where supporters are segmented by demographic, area or region, is not targeted at specifically identifiable individuals.
(b) Major Donors and Prospects
On occasion we may carry out research to determine whether an individual may be a potential major donor. In doing this we may use additional information from third party sources such as Google and other internet search engines, Companies House; biographies published on a corporate website and publicly available LinkedIn profiles.
The type of information we collect includes career overview, estimated gift capacity, history of giving to our charity and how the individual is connected with the Refugee Council, public information on any philanthropic activities, a top-line check on any ethical concerns and a check to see whether an individual is registered with the telephone preference service (TPS) or fundraising preference service (FPS) or is otherwise on a ‘do not contact’ list
We may also research public records of an individual’s trusteeships and previous gifts or donations made by an individual to charity or whether a company that the individual manages or is a director of has a corporate social responsibility (CSR) programme. Occasionally we may also research any key networks that the individual is publically known to be a member of such as on the board of a not for profit or philanthropic body which may have relevance to our activities.
Use of External Information: We endeavour to make sure that such research and data collection that we do is only conducted using freely available public sources where an individual would in our view have reasonable expectation that their information may be read by the public or has freely made information available in respect of their business and/or philanthropic interests.
Please note that in all of the above, we do not seek to gather information where it is reasonable to conclude that an individual has made an effort to keep that information confidential or that they would reasonably expect such information about them to be kept private, such as information regarding family life on social networks or revealing personal relationships that exist outside the business world.
We always seek to ensure that any research or profiling is done in a way that does not unreasonably or unexpectedly intrude on an individual’s privacy.
We also endeavour to make sure that in accordance with fair and lawful processing requirements under the DPA and GDPR, individuals are made aware of the purposes for which we may collect and process their personal data at the earliest reasonable opportunity.
(c) High Value Events
We may also use Profiling to produce short biographies of particular individuals where they are due to meet with one of our staff or attend an event that we may be hosting.
This is to enable relevant senior staff members who are also attending the meeting or event to understand who those individuals are and what their interests or connection to the British Red Cross may be.
(d) Ethical Screening & Minimising Risk
As a responsible charity, we are subject to a number of regulatory obligations and standards.
In particular Charity Commission guidance urges charities to be vigilant, carry out due diligence of donors, check donations and implement robust financial controls to help protect the charity from abuse, fraud and/or money laundering.
With this in mind, we carry out background checks and due diligence on potential donors and anyone making a significant donation or gift before we accept them.
We may also ethically screen donors or supporters to minimise risk of creating any association with a particular individual or group that is likely to bring the charity’s reputation into disrepute.
4. How secure is this information?
In compliance with legal obligations under the DPA and/or GDPR, we ensure that any data collected about an individual is accurate and maintained for no longer than is strictly necessary for the purpose it was gathered.
We also use appropriate technical and organisational methods to ensure that such Profile information is secure against unauthorised access or disclosure.
5. Do we share information?
We only use data internally for the purposes of our own fundraising and only share with agencies/suppliers working on our behalf and under our control (e.g. data hosting providers or identity verification services for the purposes of fraud checking).
Unless required by law, we do not share or communicate any Profiling data that we collect with any other charity or commercial organisations to use for their own purposes.
6. If you want to know more
If you have any questions or concerns regarding the above activities then please contact email@example.com
7. Changes to this policy