Redthread Privacy Notice
Please note that the privacy notice below relates only to information gathered via the website. Data processing relating to Redthread staff, HIVE users, hospital staff and other professionals or the beneficiaries of interventions and projects will be the subject of separate privacy policies.
Who Are We?
Redthread is the trading name of Redthread Youth Limited, registered in England and Wales with company number 03131121, registered charity 1051260. Our registered office is at 158 Buckingham Palace Road, London SW1W 9TR.
For any questions about how we use your data, or to exercise your rights over your data, you can contact us via:
Post: 158 Buckingham Palace Road, London SW1W 9TR
If you do have questions, we’d ask you to read this policy first as we hope it’s clear and comprehensive.
What Data Do We Collect And Process About You, What Do We Do With It And Why?
We collect and use data through this website for four main purposes:
- Adding you to our supporter database
- Managing communications with you
- Improving our website
- Enabling you to donate to support our work
When you ask to join our Supporter Database
When you ask to join our Supporter Database, we will capture and store your contact details. We will use this information to send you our email newsletter. We will not share this information with third parties.
Formally, we justify this processing on the basis of your consent when you provide your contact information. You may unsubscribe at any time using the link at the bottom of our newsletter email or by contacting us using the contact details above.
When You Contact Us
If you get in touch with us on an ad hoc basis – whether that’s by phone, email, post or in person – we’ll collect and store the personal information you provide. That information and anything else you tell us will be handled securely. Only what is needed to deal with your enquiry will be passed on internally. We do ask that you don’t include sensitive personal information in any communication unless it’s directly relevant, to make it easier for you and us jointly to protect you. We keep contact information for five years.
We will use the information you provide to deal with your enquiry and for no other purpose. Any offers to support the campaign will be handled as described above. We may also anonymise the nature of enquiries for statistical and business improvement purposes and share that anonymised information internally.
Formally, we justify this processing on the basis of your consent. When you use call us or visit us in person, we will ask you for that consent explicitly. If you write to us by post or email, our reply will include a privacy notification with the option to withdraw your consent if you wish.
When You Visit Our Website – site analytics
We use Google Analytics to help us understand your experience of our website and how to improve it.
We only use temporary cookies for website analytics. Our website will work fine if you have “do not track” switched on or have third-party cookies completely disabled. You can learn about cookies and how to control them at www.aboutcookies.org.
When You Make A Donation
We provide a link to the Virgin Money Giving website from ours to enable you to make a donation to support our work. We do not collect any information directly, but Virgin Money Giving will pass us details of your donation where you have consented to this being shared with us by Virgin. Your details will then be stored in our donor management platform. Formally, we justify this processing on the basis of your consent.
Who Else Gets To See Your Data?
We won’t ever sell your data or provide access to it to any third parties for their own marketing purposes. We will share your data in the following ways:
With Our Subcontractors
Like many organisations we don’t do everything ourselves. When we have someone else help us handle an aspect of our operation, we will pass them some of your data so that they can do their work. We will only ever give them the minimum information that they need, and it will always remain under our control. This means that they can only do with your data what we tell them to, and they can’t keep it once they no longer need it nor can they pass it on to anyone else.
At the moment, we have data processing partners who provide mailing list processing (see above), our donor management platform, website analytics (see above), website hosting and email hosting.
If Legally Required
In some circumstances we may be legally required to pass on your data. For example, if there is a health and safety incident at our premises or at one of our events and you are involved, we will pass your data on to the relevant local authority. What they then do with your data is governed by the law. They may also contact you directly. We will always try to make sure that you know when your data is passed on in this way. In this specific circumstance we may collect health information about you where it is strictly relevant, and this may be done without your consent if you are not able to consent at the time. We will only do this in order to comply with the law and to protect your vital interests.
Law enforcement and other government agencies may also request your data. We will pass it to them once they show us proof that their request is legal. We may not be able or allowed to tell you if this happens.
If You Make A Complaint
If you make a complaint or if we think it’s necessary for any other reason, we may, depending on the issue pass your data on to our insurers. We will only pass them the data that they need; we have a clear agreement with them that they will only use the data to assess any claim that we may make in connection with the issue.
How We Look After Your Data
We take the security of your data and your right to privacy very seriously. We’ve invested in appropriate IT systems and staff training to make sure that your data stays safe. We have strict contracts with anyone we share it with to ensure that they do the same. Campaign support and contact information will be stored and processed inside the EEA, where the General Data Protection Regulation gives you strong legal protection for your data privacy rights. We will always obey both the letter and the spirit of the data protection laws that apply to us.
Where data is processed outside the EEA, we will ensure that the same protections apply by having appropriate contracts with the organisations processing data on our behalf. Our website hosting, provided in the US, is protected by Standard Contractual Clauses approved by the European Commission. Our analytics service, provided by a US based businesses, is protected by the EU/US Privacy Shield framework.
We keep clear records of what data we have and what we do with it, and make sure that we always consider what impact our processing will have on you. We also continually assess the risks to you from possible data breaches and do everything we can to prevent them.
You have the right to see a copy of all the data we hold about you.
You have the right to ask us to delete what we have or to stop processing it.
You have the right to ask us to correct your data – and if what we hold about you is wrong, we’d really appreciate it if you told us – but we will, in some circumstances, need to check that what you’re telling us is accurate, and may require proof, in order to protect you – and us – from fraud.
To exercise any of these rights, please contact us using the details at the top of this notice.
You also have the right to complain to the Information Commissioner’s Office – the government agency that handles data protection in the UK. You can reach them at their website: https://ico.org.uk/global/contact-us/
This policy was last updated on the 22nd July 2019. We may update it at any time in order to improve our customer experience or to comply with changes in the law.