The Refugee Council is committed to protecting your privacy and being transparent about how we use your data. We will only use the information that we collect about you lawfully. This page tells you about how we collect, use and store your personal information.
This policy covers:
- Why we collect information
- Information we collect and how we collect it
- How we keep your information safe
- Our legal bases for processing your personal information
- How long we store your personal information
- Who we share information with
- Relevant legislation
- Your rights under current data protection law
- Changing your information contact preferences
- Finding out what information we hold about you
- How to make a complaint about our use if your information
1. Why do we collect information?
We need to collect some personal details so we can respond appropriately to your contact with us. For example, to make sure we can process your donation, thank you for your support or send you information you have requested. We also collect statistical information to see how our website, social media channels and emails are performing in order to improve our communications.
Occasionally, we take time to learn more about our supporters. We use profiling and screening techniques to ensure communications are relevant and timely, and to provide an improved experience for our supporters. It also allows us to target our resources effectively. We do this because it allows us to understand the background of the people who support us and helps us to make appropriate requests to supporters who may be able and willing to give more than they already do. Importantly, it enables us to raise more funds, sooner, and more cost-effectively, than we otherwise would.
2. What information do we collect and how do we collect it?
When you get in touch with us directly, we may ask you for personal information. For example, if you are setting up a regular payment by direct debit, we may ask for your name, address, email address, telephone number, and your bank account details. We only collect other information, such as relevant medical information, if it is necessary - for example, to ensure your safety when you register for a challenge event, or you are using one of our services. The information we collect and in which ways are set out below.
2.1 Website visit tracking
Like most websites, this site uses Google Analytics to track user interaction. We use this data to determine the number of people using our site, and better understand how they find and use our web pages.
Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
When you make a donation to us directly, whether it is a single or regular donation, directly collect information that is needed in order to process it: your name, address, and bank details. We’re required to store bank details in some circumstances, such as when they're used for direct debit payments. We also ask for your email address so that we can send you an acknowledgement of the transaction for your records. You can also provide your phone number at this stage. However, if you would rather not receive further contact from us, beyond that which is needed to complete the transaction, you can let us know via the online donation form, or by contacting us.
2.3 Email updates
We invite visitors to our website to sign up to receive regular email updates about our work. These are of vital importance to the success of our mission to champion refugee rights and transform their lives for the better. They include opportunities to support our campaigns, organise activities to raise funds for refugees, or make financial donations to enable us to continue providing our services. They also include newsletters about specific projects, such as our Advocacy Network and support for Refugee Community Organisations. We aim to give you control over what emails you do and do not receive, and you can update your preferences or unsubscribe from our email mailing lists at any time by clicking here.
2.4 Contact forms and email links
Should you choose to contact us using a contact form or an email link, none of the data that you supply will be stored by this website or passed to/processed by any of the third party data processors defined in section 4. Instead, the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted before being sent across the internet. The email content is then decrypted by our local computers and devices.
2.5 Blog comments
To encourage discussion about refugee issues, we enable visitors to leave comments on our blogs. Should you choose to add a comment to any posts that we have published on our blog, the name and email address you enter with your comment will be saved to our website’s database, along with the time and date that you submitted the comment. This information is only used to identify you as a contributor to the comment section of the respective blog post and is not passed on to any of the third party data processors detailed below. Only your name will be shown on the public-facing website.
Your comment and its associated personal data will remain on this site until we either remove your comment or the blog post. If you want to have the comment and its associated personal data deleted, please email us at email@example.com using the email address that you commented with.
If you are under 16 years of age you MUST obtain parental consent before posting a comment on our blog.
2.6 Supporter actions
We encourage our website visitors, social media followers and those who have signed up to our email updates to complete campaign actions, such as lobbying their MPs to support policy change that benefits refugees. To do this, we collect your name, address, email address and the subject of the email you send to your MP, as well as the date you sent it. If we collect your information in this way, we will only contact you further if you give your active consent for us to do so, and you can update you contact preferences or withdraw your consent at any time – see section 9 below for further details.
2.7 Applications for job and volunteer opportunities
To help keep job and volunteer applicants’ information secure, we ask that you create user accounts on our website in order to complete your applications. This enables you to save and return to your application prior to submission. Your account will be accessible to you for five months after you have submitted your application. If you haven’t applied for any other roles during this time, your account will automatically be deleted after five months have passed. We will also destroy or delete any electronic and hard-copy records we have of your application, including your personal details, after five months. We keep your information for this period in the event that you wish to dispute or challenge the outcome of your applications. Job applicants will only receive communications from us that are relevant to their applications. If you have any questions about your account or the applications process, contact us at firstname.lastname@example.org .
We also collect information when you agree to provide it to us via third parties. Further details can be found at section 6 below.
2.9 Social media
Depending on your settings or the privacy policies for social media and messaging services like Facebook or Twitter, you might give us permission to access information from those services such as Facebook and Twitter, for example when you publicly tag us in an event photo.
3. How do we keep your information safe?
We take all appropriate measures to ensure your personal information is kept secure. Personal information stored electronically is kept on secured servers with limited access from appropriate staff for as long as is necessary for the fulfilment of our legal obligations or our obligations to you as a visitor, supporter or service user. To ensure our staff understand and are able to keep your data secure, all Refugee Council staff receive data protection training when joining the organisation.
Please note that while we have taken every appropriate measure to secure your data, transmission of information over the Internet is never 100% secure so while we take all possible precautions, we can’t 100% guarantee the security of any information you submit to us via our website.
4. What are our legal bases for processing your personal information?
Under current data protection law, we must have an appropriate legal basis for collecting and processing your personal information. The relevant legal bases are set out in the General Data Protection Regulation (EU Regulation 2016/679) and in current UK data protection legislation.
Consent means you have actively given consent for us to use your information for a specific purpose. We use this legal basis to send you email updates about our campaigns, events and fundraising opportunities. Under this legal basis, you have the right to withdraw your consent for any future use of your information for this purpose at any time.
In some cases we must collect personal information in order to comply with one of our legal or regulatory obligations. For example, may need to share your information with our various regulators such as the Charity Commission, Fundraising Regulator or Information Commissioner, to use information we collect about you for due diligence or ethical screening purposes.
Performance of a contract / take steps at your request to prepare for entry into a contract
We must us your personal information where we are entering into a contract with you or performing our obligations under that contract. Examples of this would be if you are buying something from us (for instance, an event place), or applying to work/volunteer with us.
We must use your personal information where it is necessary for us to protect life or health. For instance if there were to be an emergency impacting individuals at one of our events, or a safeguarding issue which required us to contact people unexpectedly or share their information with emergency services.
The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests, as long as that processing is fair, balanced and does not unduly impact your rights. We consider our legitimate interests to include all of the day-to-day activities the Refugee Council carries out. For example, by:
- providing services to refugees and asylum seekers
- carrying out policy and research
- processing donations
- administering events
“Legitimate interests” can also include your interests, such as when you have requested information from us. We rely on legitimate interests where we consider that any potential impact on you (positive and negative), how intrusive it is from a privacy perspective and your rights under data protection laws do not override our interests in us using your information in this way.
When we use sensitive personal information we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route available to us at law for using this type of information (for example if you have made the information manifestly public, we need to process it for employment, social security or social protection law purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).
5. How long do we store your personal information?
We have specific criteria to determine how long we will retain your information, which vary according to legal bases under which we process it. For example, we are required to keep some personal information for tax or health and safety purposes, as well as keep a record of your interactions with us.
6. Is my information shared with anyone?
We will never sell or share your personal information with other organisations who can contact you except where we are required to by law. We work with suppliers or professional agents to process your data, for example in order to mail our newsletters. When we do this, we always put in place legal agreements with these third parties governing how your data will be used. These third parties have been carefully chosen. These may include (among others):
- business partners, suppliers and sub-contractors
- independent event organisers, for example fundraising sites like Just Giving
- advertisers and advertising networks
- analytics and search engine providers
- IT service providers
- other beneficiaries, executors and legal advisers, when administering a legacy
We reserve the right to disclose your personal information to third parties if we are under any legal or regulatory duty to do so.
7. What legislation does our data protection policy comply with?
Along with our business and internal computer systems, this website to complies with the General Data Protection Regulation (GDPR) (EU) 2016/679. This site’s compliance with the above legislation, which is stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with data protection and user privacy legislation in your country of residence, you should contact our data protection officer (details can be found in section 10) for clarification.
8. What are your rights under the current data protection laws?
Under UK data protection law, you have rights over personal information that we hold about you:
Right to access your personal information
You have a right to request access to the personal data that we hold about you. You also have the right to request a copy of the information we hold about you, and we will provide you with this unless legal exceptions apply.
If you want to access your information, send a description of the information you want to see by post to Data Protection Officer, c/o IT and Facilities, PO Box 68614, London E15 9DQ
Right to have your inaccurate personal information corrected
You have the right to have inaccurate or incomplete information we hold about you corrected. If you believe the information we hold about you is inaccurate or incomplete, please provide us with details and we will investigate and, where applicable, correct any inaccuracies.
Right to restrict use of your personal information
You have a right to ask us to restrict the processing of some or all of your personal information in the following situations: if some information we hold on you isn’t right; we’re not lawfully allowed to use it; you need us to retain your information in order for you to establish, exercise or defend a legal claim; or you believe your privacy rights outweigh our legitimate interests to use your information for a particular purpose and you have objected to us doing so.
Right to erasure of your personal information
You may ask us to delete some or all of your personal information and in certain cases, and subject to certain exceptions, you have the right for this to be done.
Right for your personal information to be portable
If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.
Right to object to the use of your personal information
If we are processing your personal information based on our legitimate interests or for scientific/historical research or statistics, you have a right to object to our use of your information.
If we are processing your personal information for direct marketing purposes, and you wish to object, we will stop processing your information for these purposes as soon as reasonably possible.
If you want to exercise any of the above rights, please contact us by post at Data Protection Officer, c/o IT and Facilities, PO Box 68614, London E15 9DQ
We may be required to ask for further information and/or evidence of identity. We will endeavour to respond fully to all requests within one month of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay.
Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office (ICO (link is external)).
9. How can you change your contact details and preferences with us?
If you are a Refugee Council supporter you can update your contact information and contact preferences by getting in touch with our Supporter Care Team:
PO Box 68614
London E15 9DQ
020 7346 1205
To stop receiving emails from us please contact the Supporter Care Team using the details above or you can unsubscribe from any email updates here.
Remember: if you make a donation, take part in a campaign activity or request information online you will receive a one-off transactional email about that activity for your records.
10. How to find out what personal information we hold about you
You can request details of the personal information we hold about you under the General Data Protection Regulation (GDPR) (EU) 2016/679. You have the right to access this information free of charge, but we have the right to ask you for a reasonable administrative fee if your request is excessive or repetitive. We will respond within one month as required by data protection legislation. If you would like a copy of the information we hold on you, in the first instance please write to:
Data Protection Officer
c/o IT and Facilities
PO Box 68614
11. What if you would like to make a complaint?
If you are unhappy with any aspect of how we are using your personal information we’d like to hear about it. We appreciate the opportunity this feedback gives us to learn and improve. To make a complaint, please contact the Data Protection Officer[TH1] , c/o IT and Facilities, PO Box 68614, London, E15 9DQ
You also have the right to lodge a complaint about any use of your information with the Information Commissioners Office (link is external), the UK data protection regulator.
- The last search term that you used within the site
- Your preference in terms of accessible viewing options
- A unique ID to track your session from page to page, which is vitally important should you sign in to the site
- Which page you have looked at within a multi-paged index of content, or search results.
Certain cookies are persistent, meaning that they last beyond your session, enabling an enhanced user-experience when you return to the site. Again, a non-exhaustive list of examples of the use of persistent cookies includes the option to “Remember my username” when signing-in to the site
This site uses Google Analytics to allow us to track how popular our site is and to record visitor trends over time. Google Analytics uses a cookie to help track which pages are accessed. The cookie contains no personally-identifiable information, but it does use your computer’s IP address to determine where in the world you are accessing the site from, and to track your page visits within the site. However, Google does not permit us to access this data.
13.1 Change log
- 24/05/18: policy updated
- 18/01/18: policy updated
- 24/05/17: policy updated
- 12/02/13: policy launched
© Refugee Council – May 2018