- Explain how we collect, store, manage and protect your data
- Outline the kind of data that we process
- Explain how we use personal data to provide services to our audiences and our supporters
We will only send marketing communications to you if we have a legal basis to do so.
If you supply personally identifiable data to us, we become responsible for that data.
When you use our website
Our website, like most others, uses “cookies” to make it function. A cookie is a small text file, containing information about how you arrived at a website, the pages you may have visited or information about your device.
The purpose of cookies is threefold:
1. To manage your session on our website.
A cookie might indicate whether you are using a phone, a tablet, laptop or desktop computer, and what browser you are using. This information is used to make the website function properly on your device and ensure that the technical enhancements in which we invest will be as helpful as possible to the greatest number of people.
2. To help us detect bugs in our code.
3. To help us to understand how our website is being used.
We use analytics services provided by third parties to help us understand how people use our site, and to help us connect our marketing efforts to online sales. By doing this, we can save money on marketing and ensure that the enhancements we make to the site are worthwhile.
We adhere to the UK Data Protection Act 2018, and keep a close watch on changes in legislation. This ensures that the personal information we look after is processed (audited, stored, used, transferred, kept updated and destroyed) in accordance with applicable laws. When legislation is updated, revised or replaced, we review our data processing practices.
- Communicating with our supporters, event attendees and project participants
- Furthering the Foundation’s charitable mission, including fundraising
- Enabling the Foundation to achieve its strategic and operational goals
We may pursue these legitimate interests by contacting you by email.
Collected data and its use by The Richard Thomas Foundation
Concert ticket and donation administration
If you attend one of our concerts, or donate money to the Richard Thomas Foundation, we will usually collect some of this information:
- Name, title, contact details including postal address, email address, phone number.
Access to your personal data is limited to those at The Richard Thomas Foundation whose responsibilities require access to our customer relationship management systems.
We carry out a periodic information audit, which helps us to maintain controls on the personal information we store. We track the source of the information, its nature, our legal basis for processing it and the controls that are in place to ensure its accuracy, accessibility, security and timely removal.
Transferring and sharing data
In order to perform some of our day to day operations, personal data may sometimes be securely transferred to and subsequently processed by external companies. Where external companies process your personal data (e.g. postal and email addresses, to send out emails on our behalf), we ensure that the data is encrypted where appropriate and that proper controls are in place regarding how those companies manage the personal data they collect or have access to.
If one of these companies runs their operations outside the European Economic Area (EEA), although they may not be subject to same data protection laws as a company based in the UK, we take steps to make sure they provide an adequate level of protection in accordance with UK data protection law by requesting and checking their data policies and associated documents and specific legislation and checking for an adequacy decision between the EEA and that company’s country of origin.
For example, our marketing emails are dispatched by a company in the US. That company has provided documentation to prove that they are compliant with the data protection framework built to cover data sharing between the EU and the US (called the EU-US Privacy Shield). An adequacy decision is in place for the EU-US Privacy Shield, so that company is recognised by applicable legislation as providing adequate protection for your data.
Sharing with our partners
In order properly to manage the care of individuals participating in projects and events, it is sometimes necessary to share data classed as ‘Special Category’ under the UK Data Protection Act 2018 with professionals or organisations delivering the projects on behalf of or in partnership with The Richard Thomas Foundation. In these cases, we will always ensure that consent is in place before sharing.
Sharing is done using secure means, and we ensure that everyone with whom we share data for these purposes has signed a data sharing agreement, which sets out the method of sharing and the rules for retention, rectification and erasure of data and includes a blank copy of the consent agreement signed by the individuals.
We will only ever share your data in other circumstances if we have your explicit and informed consent.
You have a right to ask us to stop processing your personal data.
You have a right to ask for a copy of the information we hold about you and we will endeavour to provide this information within 40 days. If there are any discrepancies in the information we provide, please let us know and we will correct them.
If you want to access your information, send a description of the information you want to see and proof of your identity by post to The Richard Thomas Foundation, 32 The Pyrors, East Heath Road, London NW3 1BS UK. We do not accept these requests by email and we may contact you directly for confirmation of the request before providing any information. This extra confirmation is in place as a safeguard against identity fraud.
For further information see the Information Commissioner’s guidance.
Changes to this Policy
If you have any questions, comments or suggestions, please let us know by emailing [email protected]