Redthread Privacy Notice

This notice has been designed to meet the requirements of the UK Data Protection Act 2018 (DPA), the General Data Protection Regulation (GDPR) and successive legislation. It relates to the collection and processing of information gathered via this website, and our use of emails for marketing purposes. Data processing relating to Redthread staff, HIVE users, hospital staff and other professionals or the beneficiaries of interventions and projects will be the subject of separate privacy policies.

Who Are We?

Redthread is the trading name of Redthread Youth Limited, registered in England and Wales with company number 03131121, registered charity 1051260. Our registered office is at 158 Buckingham Palace Road, London SW1W 9TR.

For any questions about how we use your data, or to exercise your rights over your data, you can contact us via:

Email: privacy@redthread.org.uk

Post: 158 Buckingham Palace Road, London SW1W 9TR

We have also appointed an independent Data Protection Officer (DPO) to handle queries and to provide us with assurance that we are compliant with Data Protection Law.

DPO Contacts Details:

Email: dpo.redthread@securys.co.uk

Post: Securys Limited, 161-165 Farringdon Road, London EC1R 3AL
Please note that Securys are not currently accepting post.

If you do have questions, we’d ask you to read this policy first as we hope it’s clear and comprehensive.

What Data Do We Collect And Why?

We collect a variety of data categories in order to plan, support and deliver our life-changing work. This includes both personal and non-personal data such as web pages accessed. This helps us to determine how many people use our website, what information is accessed, and how popular our pages are. This allows us to monitor and improve our service.

We collect personal data through this website, and this information to:

  • Fulfil your requests – for email updates on our work, donations, participation in campaigns, and provision of information
  • Process and verify donations and other payments
  • Record any contact we have with you on our supporter database
  • Communicate with our supporters, including marketing and promotion
  • Provide you with personalised communications, including marketing – for example this could include letting you know about new services being set up in your area, if you have provided us with your postcode and have asked to be kept informed about our work
  • Keep you informed about other opportunities to become involved in our work
  • Carry out analysis on the demographics, interests, behaviour, responses and feedback of our users and supporters to help us gain a better understanding, improve customer experience and enable us to engage more people who would like to support our work
  • Maintain a historical record of Redthread’s activities
  • Improve our website
  • Comply with charity law and other regulations

The following sub-headings supply more information about the specific data we collect and what we do with it, when you interact with different parts of the website.

When You Sign Up For Our E-Newsletter

When you use the e-newsletter sign-up form on our website, we will capture and store your email address, first name and last name. This will be passed onto our third part data processors: Mailchimp and Donorfy, for the purposes of managing and administering the mailing list.

You can unsubscribe, update your information, or change your preferences at any time, by clicking the unsubscribe link in any of our emails or by contacting us at the details above.

When You Make A Donation

We use two third party data processors to process donations and direct debit sign-ups from our supporters. If you donate to Redthread using our website we will collect your name, email address, postal address and payment details. If you make a one-off, singular donation these will be shared with Stripe, and if you sign up for a direct debit these will be shared with GoCardless. Stripe and GoCardless act as data processors on our behalf, and will only use your information to fulfil your donation.

Your name, email address and information about your donation will be stored in our supporter database, Donorfy. We use this information to comply with charity accounting law. If you have signed a gift aid declaration we will also store your postal address, as this is a legal requirement for us to collect gift aid. We never have access to your bank details or credit/debit card information. We will keep information about your donation to our work for seven years, as required by charity legislation. We will not use this information to send you marketing emails or post, unless you have explicitly given us permission to do so.

If you consent to receiving further marketing information from Redthread, we will store your preferences, and any other information you give us, in our supporter database. This enables us to tailor your experience and make sure you hear about what is important to you. You can change your preferences at any time, by contacting us on the details above.

Stripe’s privacy policy can be found here
GoCardless’ privacy policy can be found here
Donorfy’s privacy policy can be found here

If You Fundraise For Us

If you use either JustGiving or VirginMoneyGiving to set up an online fundraising page, you will provide your personal details to either of these platforms for the purposes of setting up and administering your page. Your personal contact details, and information about the fundraising event you are holding will be shared with Redthread, for the purposes of administering the event and associated income.

The information shared with us will be added to our supporter database, Donorfy, so that we can keep track of fundraising events held for us and comply with charity accounting law. Financial information will be kept for seven years to comply with legislation. We will not use your information for any other purpose, unless you have explicitly consented to receiving marketing information from us.

When You Contact Us

If you get in touch with us yourself – whether that’s by phone, email, post or in person – we’ll collect and store the personal information you provide. That information and anything else you tell us will be handled securely. Only what is needed to deal with your enquiry will be passed on internally. If you wish to support our work or receive updates, your details will be added to our supporter database, Donorfy, and – if you have consented – to our email mailing list. We’ll keep a record of our communications with you on our supporter database; this will be used to tailor your experience and ensure you hear about what is important to you.

When You Visit Our Website – Site Analytics

We use Google Analytics to help us understand your experience of our website and how to improve it. Google Analytics relies on placing tracking cookies, small data files which do not allow us to identify you individually, on your device. You will have seen a cookie notice explaining this when first visiting the website and seeking your consent to the use of analytics. Google may be able to identify you from other information which they process, such as your google account identity if you have one. You can find details of Google’s privacy policy at https://policies.google.com/privacy. Google will collect your IP address, the website you came from, what kind of browser and device you’re using, and what you do on our website – which links you follow, how long you spend on each page and so on.

We only use temporary cookies for website analytics. Our website will work fine if you have “do not track” switched on or have third-party cookies completely disabled. You can learn about cookies and how to control them at www.aboutcookies.org.

Who Else Gets To See Your Data?

We won’t ever sell your data or provide access to it to any third parties for their own marketing purposes. We will share your data in the following ways:

With appointed third-party data processors

As described above, we use the services of some carefully selected data processing partners to enable us to carry out our work. We have a data processing agreement with each of these, and only ever provide the minimum data required. You can find out more about our named data processors here:


If Legally Required

In some circumstances we may be legally required to pass on your data. For example, if there is a health and safety incident at our premises or at one of our events and you are involved, we will pass your data on to the relevant local authority. What they then do with your data is governed by the law. They may also contact you directly. We will always try to make sure that you know when your data is passed on in this way. In this specific circumstance we may collect health information about you where it is strictly relevant, and this may be done without your consent if you are not able to consent at the time. We will only do this in order to comply with the law and to protect your vital interests.

Law enforcement and other government agencies may also request your data. We will pass it to them once they show us proof that their request is legal. We may not be able or allowed to tell you if this happens.

If You Make A Complaint

If you make a complaint or if we think it’s necessary for any other reason, we may, depending on the issue pass your data on to our insurers. We will only pass them the data that they need; we have a clear agreement with them that they will only use the data to assess any claim that we may make in connection with the issue.

How We Look After Your Data

We take the security of your data and your right to privacy very seriously. We’ve invested in appropriate IT systems and staff training to make sure that your data stays safe. We have strict contracts with anyone we share it with to ensure that they do the same. Campaign support and contact information will be stored and processed inside the EEA, where the General Data Protection Regulation gives you strong legal protection for your data privacy rights. We will always obey both the letter and the spirit of the data protection laws that apply to us.

Where data is processed outside the EEA, we will ensure that the same protections apply by having appropriate contracts with the organisations processing data on our behalf. Our website hosting, provided in the US, is protected by Standard Contractual Clauses approved by the European Commission. Our analytics service, provided by a US based businesses, is protected by the EU/US Privacy Shield framework.

We keep clear records of what data we have and what we do with it, and make sure that we always consider what impact our processing will have on you. We also continually assess the risks to you from possible data breaches and do everything we can to prevent them.

Your Rights

You have the right to see a copy of all the data we hold about you.

You have the right to ask us to delete what we have or to stop processing it.

You have the right to ask us to correct your data – and if what we hold about you is wrong, we’d really appreciate it if you told us – but we will, in some circumstances, need to check that what you’re telling us is accurate, and may require proof, in order to protect you – and us – from fraud.

To exercise any of these rights, please contact us using the details at the top of this notice.

You also have the right to complain to the Information Commissioner’s Office – the government agency that handles data protection in the UK. You can reach them at their website: https://ico.org.uk/global/contact-us/

Policy Information

This policy was last updated on the 20th January 2020. We may update it at any time in order to improve our customer experience or to comply with changes in the law.

Join our mailing list