Privacy Policy

We want to make sure that we are as clear as possible about our data practices and we’re currently checking to make sure that they’re compliant with the new data protection regulations which became law on 25th May 2018. 

If we need to make changes to this policy that will affect how we process your information, we will let you know about the changes by the most appropriate method (eg by email, by post if we don’t have an email address for you, or as an update on our website) as soon as we can. 

What does this policy cover? 

This privacy policy covers all of Viva!’s work, our websites and everyone we have contact with. 

50by25 is a campaign set up and managed by Viva!. 

About Viva! 

Viva! was founded in 1994 by Juliet Gellatley, our Founder and Director. We’re a UK registered charity. We fight to stop animal cruelty, to protect our planet and our health through our undercover investigations, campaigns, education and outreach. Viva! also runs events and Festivals and creates masses of practical information to help people become vegan and move in the direction of a kinder lifestyle. Viva! relies on donations from the public to run our campaigns and outreach. 

We take the security of your data very seriously and do our utmost to protect it. You have the right to know what information we hold about you, to correct it if it is wrong, to ask us to delete it and to object to what we do with your data (either to us or to our supervisory authority). 

If you would like to exercise any of these rights, discuss what we do with your data or request a paper copy of this policy, you can contact us here: 

  • Email 
  • Write to Viva!, 8 York Court, Wilder Street, Bristol BS2 8QH, UK 
  • Call us on 0117 944 1000 (Mon-Fri, 9-6). 

Viva! has appointed a Data Protection Officer to oversee our data practices and usage. The person appointed is Jeremy Ludlow and he can be contacted using the methods listed above. 

What does Viva! know about you? 

We only hold data about you that you have voluntarily given to us, except in very specific circumstances. This means that we collect the information you enter when you sign up to our mailing lists or websites, donate to us, sign a petition or otherwise contact us. We also collect information when you set up a fundraising page with one of our fundraising suppliers. 

In addition to the data we collect, we also generate some data about you. This means that we will know when you’ve opened an email from us or clicked on a link in an email. We will also store information about donations you make to us, purchases you make, consents that you have given to us and orders for resources such as leaflets. 

How long do we store this data for and where do we get it? 

When you have signed a petition: 

If your only contact with Viva! is where you have signed a petition and you did not consent to further contact from us, we will delete your details after we have submitted the petition to the relevant organisation. If you have consented to further contact from us, please see ‘When you have signed up to emails’. 

When you have signed up to emails: 

If you have signed up to receive email updates from us, we will continue to send you emails until you tell us not to. You can opt out of this service at any time by unsubscribing or changing your preferences, or by contacting us. If you don’t open any emails from us for more than a year, we may assume that you’re no longer interested and remove your contact details from the list. 

When you have ordered leaflets or resources: 

We will keep your data for three years following your last order (or other interaction with Viva!), unless you have also donated with Gift Aid. 

When you have given consent, or otherwise contacted us, on behalf of a child: 

We will keep details for both of you, and a record of your consent, until the child turns 18 years old (this is why we ask for a date of birth). If you are asked for consent, but do not provide it within a month, we will remove these details. Your details will not be used for any other purpose, unless you have other contact with Viva!. 

If you are a public contact: 

If you’ve given us contact details in order for us to make them publicly available, for example to publicise fundraising work, or as a professional to whom we can refer contacts, this information will only be released to the extent to which you’ve consented. We will also check with you periodically to make sure that you’re still happy for your details to be passed on in that way. 

When we receive your information from third parties: 

We may receive information about you from one of our fundraising partners (such as JustGiving or Facebook) when you set up a fundraising page on their site, or when you agree to allow them to share that information with us. If you have set up a fundraising page, we may be able to access your name and address, contact details and the amount of money you have raised. If we collect your information in this way, we will contact you within a reasonable period and give you the opportunity to opt out of us storing and using your information. We may use these details to contact you about your fundraising (ie to offer promotion or to say thank you!) store them, or include them in our review of supporters’ activity. We won’t use them for any other purpose, unless you have made other contact with us directly. 

If it’s clear that certain details we hold are incorrect, for instance an incomplete or invalid postcode, we may use publicly available tools (eg from Royal Mail) to correct them, in order to maintain the integrity of your data. We’ll never use such methods to collect additional information – if you’ve chosen not to supply your address, we won’t try to find it anywhere else. 

When we connect with you on social media: 

If you communicate with Viva! by social media, Viva! will not record or store any information about you outside of that social media platform unless you give it to us directly (ie by passing your email address or phone number to us via Facebook Messenger) or you give your consent. Information that you store or transfer on a social media platform is subject to each provider’s own privacy policy. 

When you ask us to publish a case study: 

Viva! offers members of the public the opportunity to share their experiences of increasing plant-based options on our website. If you share your story with us for this purpose, we will only make it public in the locations that we tell you about and with your personal information in a format you are happy with. If we wish to re-publish your story, we will contact you to ask you if you are happy for us to re-publish it in a different location. 

If you have a story published on our site, we will keep your contact information, for this purpose only, until you tell us not to or until you withdraw your consent for the story to be public. You also have the option to publish your story anonymously. If you choose to do this, we won’t request consent to use your story again, or elsewhere, and we will only keep your contact details if we have some other justification for doing so. 

What happens when we stop storing your data?

 When we remove your data from our systems, we will remove any details that identify you as an individual from the records that we keep. We may keep anonymous records of financial transactions and other interactions for accounting and analysis purposes, but you will no longer be identifiable. 

How do we use the data we hold about you

 We use the information we have about you to perform actions that you have requested of us (such as fulfilling an order or sending you emails), to keep track of how you interact with Viva! so that we can send you relevant communications, to record your consent to certain activities, and to review the effectiveness of our campaigning and our other charitable functions. 

This means that we will review the information that you give us, and the information that we generate, in order to work out how best to allocate our resources and to send you messages which are most relevant to you. We may use your donation history and location to send you specific communications or send you information about events in your area. If you don’t wish us to use your data this way, you can opt out at any time by contacting us. 

The data that we review or generate will only be used to promote the interests of Viva! directly. We will never share this information with other charitable organisations or pressure groups, or outside of our trusted service providers, without your explicit consent. 

How do we use children’s information?

 We sometimes collect children’s information as part of our activities. This may be where they have signed up to receive emails from us. In other situations, children may have ordered leaflets for ‘door-dropping’, ordered from our Shop or been given an animal adoption as a gift. 

Only children who are 11 or over can use our services. If you want to order materials or sign up to information for a child under 11, we advise that you sign up on their behalf and only pass on the information you believe is appropriate for them. 

We care about children and we want to ensure that what we do with their data is proportional and easy to understand. This means that we won’t send appeals asking for money to people who we know are children. If your child receives content which you do not think is appropriate for their age, please get in touch with us to let us know. We may not be aware that they are under 18. 

We do review children’s data alongside adults’ data. But this processing is only to help us work out how people are using our services and to ensure that we use our charity’s resources as efficiently as possible. No decisions will be made about the child as a result and the processing will not materially affect them. 

When a child reaches 18, we will contact them to ask if they consent to us continuing to contact them. If they no longer wish to be contacted, they have the option to have all of the information that we hold on them deleted (see Right to be Forgotten). 

If you wish to explain to a child how their data may be used by Viva!, please contact us for assistance. Our child-friendly privacy policy is available here

When will we send you post? 

We will send you post where we have promised to do so (ie where you have ordered campaign leaflets and materials). 

When will we send you emails?

 At Viva!, we make a distinction between ‘marketing emails’ and ‘transactional emails’.

Marketing emails are emails that we send to you and a large group of other people, or which are automated, from our mailing list. These emails may include our regular newsletters, fundraising emails and campaign updates (among other things). We will only send these if you have asked us to, and you can withdraw your consent at any time. 

Transactional emails are communications about specific actions you have taken or where we need to communicate something that is specific to you. Transactional emails are often required (like receipts), automatic (like delivery updates or order confirmations) or from individuals (such as a Viva! staff member) and are often sent to you by our service providers (such as payment processors) rather than directly from Viva!. In most cases, we have an obligation to send these communications – or a legitimate reason to believe you are happy to receive them. 

Occasionally, we may need to send an update about this policy to a large section of our contacts who have not specifically consented to be added to our emailing list. In these cases, we will ensure that their contact details are used for this purpose only. 

When will we phone you?

 Viva! never do telephone fundraising and we do not employ external fundraisers to do so on our behalf. If you give us your phone number, we will only use it to contact you about specific issues with donations or purchases, or to respond to queries where you have asked us to phone you. 

Do we share your information with anyone?

 We share the data that you give us with our trusted suppliers only where we need to in order to perform our work as a charity. This could include: 

  • Sharing your name and address with our mailing house and delivery services in order to send you post. This is never retained longer than necessary to carry out each particular task. 
  • Sharing your email address, name and postcode with our email provider, in addition to your mailing preferences, in order to send you emails 
  • Sending petition signatures/records of online petitions to the receiving organisation. 

Some of our suppliers, such as our email provider, help us to generate information about you. Like all payment processors, ours will perform checks on payments made to detect potential fraud and analysis on the usage of their services. 

We don’t share information with other organisations for their marketing or fundraising purposes and we will never do this without asking for your explicit consent first. 

What safeguards do we use for sharing your information? 

We only use suppliers who have a strong focus on data security and robust security practices. Some of our suppliers may transfer information about you to countries which are not within the European Union and are not designated ‘safe’ countries for EU data (ie ‘third countries’), but always with appropriate safeguards in place (such as the EU-U.S. Privacy Shield arrangement or Model Contract Clauses) which protect individuals’ data and rights to the legal standards required by the EU. 

All of our payment processors are compliant with the PCI DSS official standard for handling payment details. 

We are currently reviewing our third-party processors to ensure that they comply fully with the new data protection regulations, and will update these details once we have completed the review.  

Our websites

When you use our websites, certain information about how you use our site, your device and general location information will be stored and tracked by our third party supplier, Google Analytics. Like most organisations, we use Google Analytics to find out how our website is used so that we can make improvements and track the success of campaigns. Although we can view the activity of individual users on our websites, we have no way of identifying them personally. 

However, although Google is our supplier, we do not have control over the data that they collect and store about you for their own purposes. If you are concerned about the information that Google holds about you, you can view their privacy policy here or update your privacy settings via this page


We use cookies on our websites to help us perform actions that you have requested (such as an online purchase, saving items in your ‘cart’, making a donation or logging in), to make the site run more smoothly and to track how our sites are used. Social media websites like Facebook and Twitter also place cookies on your device when you visit our site. To find out more about cookies and to manage your preferences, visit

Lawful bases for processing 

Under general data protection regulations (GDPR), we must let you know what our ‘lawful basis’ is for each way that we process your data. ‘Processing’ includes storing, sharing or analysing your data, as well as using it to contact you. 
Viva! will justify processing your data using one of the following bases: 

  • Consent 
  • Legitimate Interest 
  • Fulfilment of Contract 
  • Legal Obligation 

In addition, some parts of our processes may involve dealing with ‘Special Category Data’, which is sensitive information about you. The justifications we will use for processing this information are: 

  • Consent 
  • For the Purpose of Employment 
  • As a Charitable Organisation 
  • Where information has been made public 


Lawful Basis 

Collecting information you give to us 


Storing information you give us 

Legitimate Interest 

Allowing payment processors to process payments 

Fulfilment of Contract or Legal Obligation 

Sharing information with other trusted service providers 

Legitimate Interest 

Sharing your contact details with our email provider (when you have asked us to email you) 

Fulfilment of Contract 

Sharing your contact details with our email provider (to send you updates about this policy) 

Legal Obligation 

Generating data about how you interact with us 

Legitimate Interest 

Analysing / reviewing how you interact with us 

Legitimate Interest 

Sharing your contact details with our mailing house 

Legitimate Interest 

Storing and using information about you supporting Viva! 

Legitimate Interest 

Storing and using information about your health 

Legitimate Interest, As a Charitable Organisation 

Contacting you about your data and how we use it 

Legal Obligation 

Google Analytics

Page views, source and time spent on website are part of the user website activities information we can see with this cookie. This information cannot be tracked back to any individuals as it is displayed as depersonalised numbers; this is in order to help protect your privacy whilst using our website. 

Using Google Analytics we can take account of which content is popular, helping us to provide you with reading and viewing materials which you will enjoy and find useful in the future. 

We also use Google Analytics Remarketing cookies to display adverts on third party websites to our past site users, based on their past visits. The data we collect will only be used in accordance with our own privacy policy and Google’s privacy policy. 

Should you not wish for your website visits to be recorded by Google Analytics, you are able to opt-out with the addition of a browser add-on: Google Analytics Opt-out Browser Add-on 

Google Analytics Advertiser

 We use Google Analytics Advertiser Features, which helps us to better understand site visitors, via anonymised data. This can include collecting information from: 

  • Google Display Network Impression Reporting 
  • DoubleClick Platform integrations 
  • Google Analytics Demographics and Interest Reporting 
  • Remarketing with Google Analytics 

This information is collected via Google advertising cookies and anonymous identifiers, in addition to data collected through the standard Google Analytics implementation. It allows us to understand what type of users visit the site, which then allows us to improve the website’s offerings for a better user experience. 

Google AdWords

 We use Google AdWords to see which pages led to our users submitting contact forms to us, which allows us to create a more effective marketing campaign, and make better use of our paid search budget. 


 We have integrated YouTube videos into our website, which are stored on and can be played directly from our website. These are all integrated in the “extended data protection mode”, i.e. no data about you as a user will be transmitted to YouTube, if you do not click on the videos to start playing them. Only when you play the videos the data referred to in the next paragraph will be transferred to YouTube. We have no influence on this data transfer. 

By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data specified in Section 2 of this privacy policy will be transmitted. This is independent of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. 

For more information on the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy. There you will also find further information about your rights and setting options to protect your privacy: Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR apply. More information on this topic is published here:

Google Ads Conversion 

We use the services of Google Ads to draw attention to our attractive offers with the help of advertising materials (so-called Google Ads) on external websites. We can determine in relation to the data of the advertising campaigns how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs. 

The advertising materials are delivered by Google via so-called “Ad Servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the insertion of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Ads stores a cookie on your device. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values. 

These cookies enable Google to recognize your Internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their device has not expired, Google and the customer can recognize that the user has clicked on the ad and has been redirected to this page. Each Ads customer is assigned a different cookie. Cookies cannot therefore be traced via the websites of Ads customers. We do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations we can recognize which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information. 

Due to the marketing tools used, your browser automatically starts a direct connection to the Google server. We have no influence on the extent and the further use of the data which are raised by the use of this tool by Google and inform you therefore according to our knowledge: By the integration of Ads conversion Google receives the information that you called the appropriate part of our Internet appearance or clicked an announcement of us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the providers may obtain and store your IP address. 

Google Tag Manager

This website uses the Google Tag Manager. This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and no personal data is stored. The Google Tag Manager triggers other tags, which in turn collect data if necessary. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains valid for all tracking tags if they are implemented with the Google Tag Manager. 

Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Transfer to third countries are possible. As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR. More information on this topic is published here:

Legal basis: 
Art. 6 (1) f GDPR (legitimate interest) 


This website uses in specific cases the Google reCAPTCHA v2 to avoid the usage of text fields by automated programs/bots. It helps to support the security of our website and to avoid SPAM for the users. This is also our legitimate interest and fulfills our legal obligation. 

The collected data are hardware and software information, such as device and application data and the result of integrity checks. These data will be sent to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The data will not be used by Google for personalized ads. 

Further information can be found in their privacy policy: Further documentation can be found here:

Cookies used: Type a. More information can be found in the “Cookies” section. 

Third party information: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Transfers to third countries are possible. As an appropriate safeguard standard contractual clauses pursuant to Art. 46 GDPR apply. More information on this topic is published here:

Cookie lifetime: up to 24 months (this applies only to cookies which have been set by this website). 

Legal basis: 
Art. 6 (1) c GDPR (when processing is necessary for compliance with a legal obligation) 
Art. 6 (1) f GDPR (when processing according to the legitimate interest described above) 

Google Maps

This website uses the mapping service Google Maps. When using the feature information is transferred to Google and analysed for their purposes. As a rule, this information includes your IP address and the possibility that it will be transferred to one of Google’s servers in the USA. We use Google Maps to make the locations disclosed on our website easy to find. This constitutes our legitimate interest pursuant to Art. 6 (1) f GDPR. 

We have entered into an agreement with Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland including the EU Standard Contractual Clauses, and in this way ensure that the level of data protection is adequate even if data is processed in the USA (Art. 46 GDPR). More information on this topic is published here: In addition, when activating the tool, you expressly declare your consent to the data transfer (Art. 49 (1) a GDPR). More information on the processing of your data by Google can be found here:

Legal basis: 
Art. 6 (1) f GDPR (legitimate interest) 

(Website) Facebook Custom Audiences / Conversion (“Facebook Pixel”) 


This website uses the so-called “Facebook Pixel” and the Conversions API of the social network “Facebook” for the following purposes: 

  • Facebook (website) Custom Audiences 

We use the Facebook pixel and the Conversions API for remarketing purposes to be able to contact you again within 180 days. This allows us to display interest-based advertisements (“Facebook Ads”) to users of the website when they visit the social network “Facebook” or other websites also using this tool. In this way, we pursue the interest in displaying advertisements that are of interest to you in order to make our website or offers more interesting for you. 

  • Facebook conversion 

We also use the Facebook Pixel and the Conversions API to ensure that our Facebook Ads match the potential interest of users and are not annoying. With the help of the Facebook Pixel, we can track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”). 

Due to the marketing tools used, (Facebook Pixel and Conversions API), your browser automatically establishes a direct connection with the Facebook server as soon as you have agreed to the use of cookies requiring your consent. Through the integration of the Facebook pixel and the usage of the Conversions API, Facebook receives the information that you have called up the corresponding website of our internet presence or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. 

The processing of this data by Facebook takes place within the framework of Facebook’s data policy. Special information and details about the Facebook pixel, the Conversions API and its functionality can also be found in the Facebook help area

Used Cookies: Type C. 

Joint Controller: 

We are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook) for the collection and transfer of data in this process. This applies to the following purposes: 

  • The creation of individualized or suitable ads, as well as for their optimization. 
  • Delivery of commercial and transaction-related messages (e.g. via Messenger). 

The following processes are therefore not covered by joint controllership: 

  • The process that takes place after the collection and transmission is within the sole responsibility of Facebook. 
  • The preparation of reports and analyses in aggregated and anonymized form is carried out as a Processor and is therefore within our responsibility. 

We have concluded a corresponding agreement with Facebook for joint controllership, which can be accessed here: This agreement defines the respective responsibilities for fulfilling the obligation under the GDPR with regard to joint controllership. 

The contact details of the Controller and the data protection officer of Facebook can be found here:

We have agreed with Facebook that Facebook can be used as a contact point for the exercise of data subject rights (see Section 1.3). Without prejudice to this, the jurisdiction of the Rights of Data Subjects is not limited. 

Further information on how Facebook processes personal data, including its legal basis and further information on the rights of data subjects can be found here: We transfer the data within the scope of joint controllership based on the legitimate interest pursuant to Art. 6 (1) f GDPR. 

Information on the data security conditions can be found here. and on processing on the basis of standard contractual clauses can be found here:

Further Recipients: 
We transfer also the collected data to the relevant internal departments for processing and to other affiliated companies within the Beiersdorf Group or to external service providers, contract processors (e.g. platform-, hosting, support and analysis service providers) in accordance with the required purposes (for the execution of ad display and analysis). Platform/hosting providers will have access to personal data from a third country (countries outside the European Economic Area). As an appropriate safeguard we have agreed on standard contractual clauses pursuant to Art. 46 GDPR with these providers. More information on this topic is published here:

The “Facebook Custom Audiences” function can be deactivated in the Cookie Settings and for logged in users at

Cookie lifetime: up to 180 days after last interaction (this applies only to cookies which have been set by this website). 

Legal basis: 
Art. 6 (1) a GDPR (consent) 

User Data for Meta Apps

For users of any of our Meta Virtual Reality application(s), service(s), or game(s), by default, we do not collect any additional personal and user data, unless otherwise specified on an app by app basis, other than data collected by Meta, outlined in their Privacy Policy, for statistical analysis use. 

Users of our Meta Virtual Reality application(s), service(s), or game(s) are subject to the privacy policy and terms set out by Meta which include sharing of statistical data with ourselves as the organization publishing the application(s), service(s) or game(s), and any of our third-party suppliers and developers that will use statistical data to help improve and develop our application(s), service(s) and game(s). For users requesting the deletion of their data, please refer to the Meta privacy policy for generic statistical data. 

For users requesting the deletion of their data specifically attached to one of our Meta Virtual Reality application(s), service(s), or game(s), please refer to specific information below. If none is shown, then we do not collect information outside of that provided by Meta. 

How do we protect your data? 

Viva! takes the care of your personal information seriously and ensures there are appropriate technical controls in place to protect them. These include providing training for staff and volunteers who are responsible for handling your data, using secure storage and servers, Transport Layer Security (TLS) and firewalls, and carefully selected external organisations. 

Viva! processes all card payments securely in accordance with Payment Card Industry (PCI) Security Standard legislation.

Your rights 

You have the right to withdraw your consent at any time, to correct or view any information that we hold about you, to ask us to delete the information that we hold on you or to object to how we use that information. 

Withdrawing Consent

You have the right to withdraw consent that you have previously given to us for communication, data processing or storing your data. You can do this by contacting us or, if you wish to update your preferences or unsubscribe from emails, clicking the relevant link in any email you receive from our mailing service. 

You can also enter your details on the Fundraising Preference Service (FPS) website. This service is run by the Fundraising Regulator and allows you to stop email, telephone, addressed post, and/or text messages from a selected charity or charities by using the online service at or by calling 0300 303 3517.  Once your request is raised with the FPS, we will ensure that your new preferences take effect within 28 days of your request. 

Please be aware that withdrawing consent to communication does not mean that we will also delete your contact details or other information that we hold about you. If you would like us to delete your information, see ‘right to erasure’. 

Right to be Informed

You have the right to be informed about how we use your data in a concise, transparent and easily-intelligible way. We will usually provide this information to you by providing privacy notices alongside this policy, where appropriate, when you give us your data. If you would like a copy of this policy, you can either download this page or contact us to request a paper copy. 

Right to Access and Correction

You have the right to access the data that we hold on you and to confirm that your data is being processed by us. You also have the right to have your information corrected if it is wrong. If you would like to request information from us or correct any data that we hold about you, please contact us. 

Right to Restrict Processing

If you are unhappy about how we are processing your data, you have the right to restrict how we process the information that we hold on you in certain circumstances. If you would like to restrict processing, please contact us. 

Right to Data Portability

 If you would like to transfer the information that we hold on you to another organisation, or to receive it in a standardised form (‘comma-separated’ or plain text) that can be read and imported by most data systems, contact us to request a copy of your data. 

Right to Erasure (or to ‘be forgotten’)

 You have the right to request that we delete all of the information that we hold on you, but there are some cases in which we will not be able to delete your information. This could include when you have previously given a consent for Gift Aid claims, for which our legal obligation to keep records has not expired. In these cases, we will comply with your request as far as possible, and make sure to let you know what we cannot delete. 

If you would like to exercise your right to erasure, please contact us. 

Right to Object

You have the right to object to any processing of your information which is based on legitimate interests, direct marketing or profiling (automated decision-making). You also have the right to object to your data being processed by us for the purposes of scientific, historical or statistical research. 

If you object to us using your information for the purposes of direct marketing (ie postal or email campaigns and appeals), we will ensure that we do not contact you further for those purposes. 

You can also object to processing for which we have legitimate interest. If you do object to our processing of your data for this purpose, we will do our best to comply with your wishes. However, in some circumstances, we may not be able to stop the processing entirely. 

If you wish to object to processing of any kind, you can contact us to let us know. 

If you have objected to how we use your data and are not satisfied with our response, you also have the right to lodge a complaint with our supervisory authority: the Information Commissioner’s Office. They can be contacted by phone on 0303 123 1113 or via their online service