Redthread Privacy Notice

Please note that the privacy notice below relates only to information gathered via the website. Data processing relating to Redthread staff, HIVE users, hospital staff and other professionals or the beneficiaries of interventions and projects will be the subject of separate privacy policies.

Who Are We?

Redthread is the trading name of Redthread Youth Limited, registered in England and Wales with company number 03131121, registered charity 1051260. Our registered office is at 158 Buckingham Palace Road, London SW1W 9TR.

For any questions about how we use your data, or to exercise your rights over your data, you can contact us via:

Email: privacy@redthread.org.uk

Post: 158 Buckingham Palace Road, London SW1W 9TR

We have also appointed an independent Data Protection Officer (DPO) to handle queries and to provide us with assurance that we are compliant with Data Protection Law.

DPO Contacts Details:

Email: dpo.redthread@securys.co.uk

Post: Securys Limited, 161-165 Farringdon Road, London EC1R 3AL

If you do have questions, we’d ask you to read this policy first as we hope it’s clear and comprehensive.

What Data Do We Collect And Process About You, What Do We Do With It And Why?

We collect and use data through this website for four main purposes:

  • Adding you to our supporter database
  • Managing communications with you
  • Improving our website
  • Enabling you to donate to support our work

When you ask to join our Supporter Database

When you ask to join our Supporter Database, we will capture and store your contact details. We will use this information to send you our email newsletter. We will not share this information with third parties.

Your information will be stored in our email database, currently provided by Mailchimp who will hold this information in the USA. Mailchimp is registered with the EU-US Privacy Shield Framework, providing appropriate protection for your personal information. More details about Mailchimp can be found in their privacy policy at https://mailchimp.com/legal/privacy/.

Formally, we justify this processing on the basis of your consent when you provide your contact information. You may unsubscribe at any time using the link at the bottom of our newsletter email or by contacting us using the contact details above.

When You Contact Us

If you get in touch with us on an ad hoc basis – whether that’s by phone, email, post or in person – we’ll collect and store the personal information you provide. That information and anything else you tell us will be handled securely. Only what is needed to deal with your enquiry will be passed on internally. We do ask that you don’t include sensitive personal information in any communication unless it’s directly relevant, to make it easier for you and us jointly to protect you. We keep contact information for five years.

We will use the information you provide to deal with your enquiry and for no other purpose. Any offers to support the campaign will be handled as described above. We may also anonymise the nature of enquiries for statistical and business improvement purposes and share that anonymised information internally.

Formally, we justify this processing on the basis of your consent. When you use call us or visit us in person, we will ask you for that consent explicitly. If you write to us by post or email, our reply will include a privacy notification with the option to withdraw your consent if you wish.

When You Visit Our Website – site analytics

We use Google Analytics to help us understand your experience of our website and how to improve it.

Google Analytics relies on placing tracking cookies, small data files which do not allow us to identify you individually, on your device. You will have seen a cookie notice explaining this when first visiting the website and seeking your consent to the use of analytics. Google may be able to identify you from other information which they process, such as your google account identity if you have one. You can find details of Google’s privacy policy at https://policies.google.com/privacy. Google will collect your IP address, the website you came from, what kind of browser and device you’re using, and what you do on our website – which links you follow, how long you spend on each page and so on.

We only use temporary cookies for website analytics. Our website will work fine if you have “do not track” switched on or have third-party cookies completely disabled. You can learn about cookies and how to control them at www.aboutcookies.org.

When You Make A Donation

We provide a link to the Virgin Money Giving website from ours to enable you to make a donation to support our work. We do not collect any information directly, but Virgin Money Giving will pass us details of your donation where you have consented to this being shared with us by Virgin. Your details will then be stored in our donor management platform. Formally, we justify this processing on the basis of your consent.

Virgin Money’s privacy policy, which governs the use of their service, can be found at https://uk.virginmoneygiving.com/giving/terms/privacy-policy.jsp

Who Else Gets To See Your Data?

We won’t ever sell your data or provide access to it to any third parties for their own marketing purposes. We will share your data in the following ways:

With Our Subcontractors

Like many organisations we don’t do everything ourselves. When we have someone else help us handle an aspect of our operation, we will pass them some of your data so that they can do their work. We will only ever give them the minimum information that they need, and it will always remain under our control. This means that they can only do with your data what we tell them to, and they can’t keep it once they no longer need it nor can they pass it on to anyone else.

At the moment, we have data processing partners who provide mailing list processing (see above), our donor management platform, website analytics (see above), website hosting and email hosting.

If Legally Required

In some circumstances we may be legally required to pass on your data. For example, if there is a health and safety incident at our premises or at one of our events and you are involved, we will pass your data on to the relevant local authority. What they then do with your data is governed by the law. They may also contact you directly. We will always try to make sure that you know when your data is passed on in this way. In this specific circumstance we may collect health information about you where it is strictly relevant, and this may be done without your consent if you are not able to consent at the time. We will only do this in order to comply with the law and to protect your vital interests.

Law enforcement and other government agencies may also request your data. We will pass it to them once they show us proof that their request is legal. We may not be able or allowed to tell you if this happens.

If You Make A Complaint

If you make a complaint or if we think it’s necessary for any other reason, we may, depending on the issue pass your data on to our insurers. We will only pass them the data that they need; we have a clear agreement with them that they will only use the data to assess any claim that we may make in connection with the issue.

How We Look After Your Data

We take the security of your data and your right to privacy very seriously. We’ve invested in appropriate IT systems and staff training to make sure that your data stays safe. We have strict contracts with anyone we share it with to ensure that they do the same. Campaign support and contact information will be stored and processed inside the EEA, where the General Data Protection Regulation gives you strong legal protection for your data privacy rights. We will always obey both the letter and the spirit of the data protection laws that apply to us.

Where data is processed outside the EEA, we will ensure that the same protections apply by having appropriate contracts with the organisations processing data on our behalf. Our website hosting, provided in the US, is protected by Standard Contractual Clauses approved by the European Commission. Our analytics service, provided by a US based businesses, is protected by the EU/US Privacy Shield framework.

We keep clear records of what data we have and what we do with it, and make sure that we always consider what impact our processing will have on you. We also continually assess the risks to you from possible data breaches and do everything we can to prevent them.

Your Rights

You have the right to see a copy of all the data we hold about you.

You have the right to ask us to delete what we have or to stop processing it.

You have the right to ask us to correct your data – and if what we hold about you is wrong, we’d really appreciate it if you told us – but we will, in some circumstances, need to check that what you’re telling us is accurate, and may require proof, in order to protect you – and us – from fraud.

To exercise any of these rights, please contact us using the details at the top of this notice.

You also have the right to complain to the Information Commissioner’s Office – the government agency that handles data protection in the UK. You can reach them at their website: https://ico.org.uk/global/contact-us/

Policy Information

This policy was last updated on the 22nd July 2019. We may update it at any time in order to improve our customer experience or to comply with changes in the law.