Privacy Policy

Introduction

At Tearfund we are committed to keeping your data safe. Your privacy and peace of mind are important to us.

We only collect data from people for specific purposes. Once that purpose has finished, we won’t hold on to the data.

This document tells you how, when and why we collect data from people and what we use it for. We also have website Terms and Conditions, which you should read as well.

We’d love to hear from you if you have any feedback or questions on any of this. You can call us on 020 3906 3906 or email info@tearfund.org.

Who we are

Tearfund is a Christian relief and development charity called to follow Jesus where the need is greatest. We are a charity registered in England and Wales (number 265464) and Scotland (SCO 37624). Our company number is 994339 and our registered office is 100 Church Road, Teddington, TW11 8QE.

For the purposes of this policy, ‘us’, ‘we’ and ‘our’ refer to Tearfund. References to Tearfund include Tearfund Trading Limited, our trading company.

When and how we collect information

Directly with us

Firstly, and most obviously, when you give us your personal information, we save it and use it to communicate with you. Personal information means things like your name, contact details or your church role for example.

You give us this information when you make a donation, request materials or information, sign up for an event, provide comments or complete surveys.

Where you open an email from us and click through to our website, we may record this to help us improve our future contacts with you.

When you visit our website

We may collect personal data about people who visit our website. That means things like cookies and IP addresses (which tell us, for example, the places where people are logging on), which pages people visit and which files they download. Using this data helps us find out if our website is working well and helps us to improve it. The cookies collect information in a way that does not directly identify you. For more information on how these cookies work, please see the section on cookies below.

Information you put online

Sometimes we gather information that people make available on places like Twitter, Facebook or LinkedIn. You can check these organisations’ privacy policies to make sure you’re happy with how they handle your data.

For organisations such as churches, trusts or schools, we may additionally gather information from your public website.

Indirectly from third parties

If you give them your consent, we collect information from third parties such as event organisers (for example, a marathon organiser) or sites like Just Giving when you fundraise for Tearfund. You can check their privacy policies to see how they handle your data.

Publicly available data

Sometimes we also collect publicly available information from Companies House, the Charity Commission and from articles, newspapers or blogs.

Sensitive data

If you give us sensitive information about yourself, for example about your religious beliefs or your physical or mental health, please be aware that we may keep this information. When we do so, we will seek your consent. We will only keep this information where it is relevant to your interaction with us and only for as long as it is necessary. We promise to keep it secure.

Our basis for processing

Our basis for processing

We are required by data protection law to have an appropriate legal basis for the processing of your personal data. When processing your personal data we rely upon:

where you’ve given us your consent to contact you or hold your information
for the performance of a contract or legal agreement with you
where there is a legal obligation placed upon us – for example if you allow us to claim gift aid
where it is in your vital interest, such as a medical emergency
where it is in our legitimate interests to do so
Where we rely upon our legitimate interest to process your data (including contacting you), we only do so after having carefully considered how it might affect the impact upon you and your rights and having weighed this up against our need and potential benefits from contacting you.

Where you provide us with sensitive personal data, such as where you worship or any medical information about you, we will process this using one of the following permitted criteria; with your explicit consent (ie you make clear to us that you are happy for us to hold this information); where you manifestly make this information publicly available – such as on a church website; or where you have been in regular contact with us. We will hold your data securely and only those who need to, will be able to see or use this information.

For organisations such as churches, trusts or schools, we may contact you where we have a legitimate interest – ie we believe it is reasonable to do so. Again we will only do so having carefully considered how it might affect you and the potential benefits from contacting your organisation.

Where we contact you, by calling or emailing you, in a professional capacity rather than a personal one, about your church or to do with your role as a trustee for a grant awarding body for example, we will usually consider you to be a ‘corporate subscriber’ under Data Protection Regulations or Law.

As a ‘corporate subscriber’ we are permitted to contact you unless you tell us that you would like no further contact from us. We may also mail you unless you tell us that you don’t want us to do so. However, we will not make contact by calling you if you have subscribed to the Telephone or Corporate Telephone Preference Service. Further information on this (what is generally called a ‘business to business’ approach)can be obtained at the ICO website and on the Telephone Preference Service website.

We want you to receive the right level of communications in the right way for you, so you can change your preferences at any time. Please see the section ‘Your choices and telling us when things change’ below.

Partnerships and major donors

If you show us that you might be in a position to partner with our work in a greater capacity, we will collect further information based on our legitimate interest. There are more details in the next section, ‘What do we do with it?’. This helps us recommend initial discussions with a relationship manager to supporters that might value it and ensure we use our supporters’ money in the most effective ways.

Religious beliefs

As a Christian charity, we may process personal data relating to where you worship, or what role you play in a church. We will only do this where you tell us you are happy for us to use this information, or where you choose to make this public (eg. on your church website). We will never disclose this information about you outside Tearfund without your consent.

What do we do with it?

Processing requests and donations

We may use your personal data to:

  • keep you up-to-date on news and stories about our work
  • ask for financial support and non-financial support such as volunteering or prayer
  • process donations you give us, or support your fundraising for us, including Gift Aid
  • provide information or packs, for example church packs you’ve asked for
  • provide a personalised service, such as customised website content or personalised emails
  • improve your browsing experience and use of the website
  • keep records of your relationship with us, for example questions you’ve asked, surveys completed or complaints you’ve made

Personalised marketing

We might use your data to:

  • let you know about campaigning opportunities, such as writing to your MP
  • send you fundraising and emergency appeals
  • tell you about our work, and opportunities such as volunteering, praying and community fundraising
  • deliver digital advertising about our work to you on social media such as Google and Facebook. See ‘Social media marketing’ section below
  • help guide our marketing. For example, we will look at location and interests so we can invite you to a local event or tell you about an emerging need in an area you’re interested in
  • engage with your church (if you have given us information about it), for example by providing speakers or offering church packs
  • understand whether you might want and be able to support us with a larger gift. This may involve looking at personal information about you, through in house desk research or by using third parties
  • approach you in your professional capacity, for example as a Trustee or church leader, to talk about supporting our work track the success of our communications by recording whether or not you open or respond to our email or other electronic communications
  • carry out market research

Social media marketing

Where you have provided your email address with consent for us to market to you, we may reach out to you by using Facebook advertising.

We may also reach out to people who have similar interests to you through Facebook. For example, we might use Facebook’s Custom Audience Programme.

In both instances, we do this by providing Facebook with your email address. If you don’t have a Facebook account, Facebook just deletes the information. Any Facebook advertising you might end up seeing from us through this process, will have been processed in accordance with the terms and conditions you agreed to for Facebook and the privacy settings you set within Facebook.

When we use Facebook’s Custom Audience Programme, Facebook will use your activity on Facebook, such as the things you like and events you attend, to find others who have similar interests and therefore may wish to support Tearfund. This matching is carried out by Facebook on our behalf and is not at any time seen by Tearfund.

This social media marketing provides us with a cost effective way of reaching both you and new supporters. There are more details on Custom Audiences at Facebook Business, and you can read Facebook’s Privacy policy here. Facebook also allows you to have a say in the ads you recieve. You can find out more here.

Please contact us if you have any questions on how we use social media, or would prefer us to exclude you from social media marketing activities.

Call us on: 020 3906 3906

Email us at: info@tearfund.org

Write to us at:
Supporter Care
Tearfund
100 Church Road
Teddington
TW11 8QE

Partnerships and major donors

If you make a major gift to our work, we’ll offer you a relationship manager. They will discuss and agree with you how you want us to contact you. We will do this at the earliest convenient opportunity. If you don’t want to have a partnership relationship with us, we will destroy any additional, publicly sourced, personal data about you that we have collected for this purpose.

How and where we store your information

How long?

We keep your personal information only for as long as we need it for each activity. What we have to do by law, accounting and tax all come into play. We also have a separate data retention policy to guide us.

If you tell us you’re happy for us to send you marketing materials, we’ll keep contacting you for up to five years, unless you tell us not to. We decided on this length of time by asking our supporters what they thought. We will anonymise your data after a further 10 years of no contact.

For surveys, pledges or petitions, we will keep your responses for a short period of time, typically under 6 months, for analysis purposes. Thereafter we keep the results anonymised at an overall level and a record that we approached you and whether you responded. Each survey will make it clear what we intend to do, so you are informed before you choose to respond.

If you have questions on any of this, or want to see the data retention policy, just get in touch.

Write to us at:
Data Protection Officer
Tearfund
100 Church Road
Teddington
TW11 8QE

Or email us at:
dpo@tearfund.org

Security

We do all we can to protect your personal data, and this includes having the right technology. For example, online forms are encrypted and our network is protected and regularly monitored.

The only people who can access personal data are those Tearfund staff members or volunteers who can’t do their jobs without it. These people are all trained in data protection.

Occasionally we also use external companies to help us with personal data tasks. We do checks on these companies, have them sign contracts, and keep checking them regularly. When we do use external companies, we are still the ones responsible for keeping your data safe.

But please remember, despite all of this, the internet is never 100 per cent secure. When you submit data there is always a risk.

Credit / debit card security

If you use your debit or credit card to donate, purchase something or pay for a trip, whether online, over the phone or by mail, we’ll process your information securely in accordance with the Payment Card Industry Data Security Standard (PCIDSS). You can find out more about the standard here.

We never store your debit or credit card details once your transaction is complete – they are all securely destroyed.

We do keep bank account details so we can collect direct debits in accordance with direct debit mandate rules. You can find out more by reading about the Direct Debit Guarantee.

Where we store your personal information

We use cloud-based systems to process data – that means data may be processed outside of the European Economic Area (EEA). We only let this happen when we believe your data will be kept safe. We do everything we can to make sure your data is looked after as described in this policy.

By giving us your personal data you’re agreeing to us using the cloud-based systems to process it.

If you travel overseas with us, we may share personal information with partners in overseas locations. This may include sensitive personal data – things like medical information. When we do this we’ll let you know what we’re sharing and check you’re happy.

When we share your information

We want you to know that we don’t share or swap your information with any other charities for them to send you marketing. That decision is informed by our values and beliefs and by how important your privacy is to us.

When we have to share information by law

We may need to pass on information if required by law or if a regulatory body, like HMRC, or the police ask us to.

We may also share your information where required to do so under a contract with a Governmental or grant making body, such as to qualify for aid match from the Department of International Development. In these cases, we will only share the minimum data necessary to fulfil the obligations.

Our service providers and third parties

Sometimes we use agents to help us with tasks such as fulfilling orders or processing donations. They are bound by contract to protect your data and we are still the ones responsible for keeping your data safe.

Sometimes we give external companies information about the people using our website, to help us make sure the website is working well and to find out how we can improve it. But this information is both anonymous and delivered in bulk. We’ll only use IP address information to identify someone if we feel they may cause safety/security issues, or if we have to give this information by law.

Cookies

What are cookies?

Every time you visit our website, it sends us a cookie. Warm, crumbly and delicious? Sadly not. This is a text file that tells us about your visit. And when the data comes to us, it’s bulked together with information from all the other visitors to our site. Cookies tell us, for example, about traffic data, location data, device information, the date and time people visit and the pages they visit.

Most major websites use cookies. You can find out more at http://www.allaboutcookies.org/ or https://www.aboutcookies.org/.

How we use cookies on our website

To make the most of our website you should leave cookies turned on, otherwise you might not be able to see all of our lovely site.

Cookies help us:

  • customise what you see when you visit our site, and help us understand what would interest you
  • process any requests, applications or transactions
  • do our internal administration and analysis

Managing cookies

You can turn off cookies on most browsers. To find out how, use the Help function.

Third party cookies

There are a few external companies that Tearfund works with, who set cookies on our website. These cookies are mainly used for reporting and advertising so we can improve the way we communicate. We use websites like Youtube and Vimeo to embed videos, and they may send you cookies too. We don’t control the setting of these cookies, so check those websites for more information.

Tearfund also uses companies like Facebook, HotJar and Google Analytics, which may use cookies. They may also use tracking pixels, which tell us how effective our adverts are.

You can opt out of Google’s tracking cookies any time you want. Google uses cookies to match adverts with your preferences so they’re more relevant to you. If you don’t want to see adverts from us based on that information, you can use Google’s Ad Personalisation Tool.

All information we get through Google’s cookies is anonymous, it just helps us understand how people use our website and which pages are more popular. If you don’t want Google to include you in this information, you can install the Google Analytics Opt Out Tool.

You can also visit the Digital Advertising Alliance website to personalise your advertising preferences.

As some of these services may be based outside of the UK and the European Union, they might not fall under the jurisdiction of UK courts. If you’re worried about that, you can change your cookie settings (see above). Or for more information, visit https://ico.org.uk/.

You can see a detailed list of the cookies we use on our website.

Your choices and telling us when things change

Preferences

If you want to change what we send you, or how we contact you, just let us know – eg you can tell us that you no longer want fundraising materials, or you can ask us to contact you by email rather than post.

Call us on: 020 3906 3906

Email us at: info@tearfund.org

Write to us at:
Supporter Care
Tearfund
100 Church Road
Teddington
TW11 8QE

Updating your details

It’s really helpful if you keep your details with us up-to-date. Just get in touch and let us know if things change, using the same details (above).

Sometimes we use a Post Office address search or postcode lists etc to check data you send us. This could be when, for example, we are unsure of what address you’ve written on a form.

We won’t use these sources to gather information you haven’t given us, for example if you’ve left a telephone number blank. Nor will we automatically update changes of address – we will normally only update your address when you tell us it’s changed. But if you are a regular giver, and items such as Tear Times are returned to us, we may use external sources to update your address details. This is so we can let you know how your money has been spent through our news and stories.

Your rights

At any time you can:

  • ask us to delete your personal data
  • limit how we keep and use your personal data
  • disagree with our reasons for keeping and using your personal data, eg where we have said we have a legitimate reason for processing it
  • disagree with automated decision making in online job applications and personalised marketing, where we build up a profile of you (see the section on ‘What do we do with it?’ above). If you don’t want us to use profiling we might not be able to send you the information you’d find most interesting or useful.
  • ask us to give you an electronic copy of the information we have about you so you can send it to another organisation (data portability)
  • ask to see what information we have about you. We’ll respond within one month

If you do want to do any of the above, just get in touch and let us know.

Write to us at:
Data Protection Officer
Tearfund
100 Church Road
Teddington
TW11 8QE

Email us at: info@tearfund.org

Call us on: 020 3906 3906

For more information about your rights under the General Data Protection Regulation, visit the Information Commissioner’s Office website at https://ico.org.uk.

Changes to Tearfund’s privacy and security policy

Changes to this policy

We last updated this policy in November 2019. We’ll amend this policy if there are any changes to how we do things or changes to data protection or other legislation. If we make any significant changes,we’ll show you clearly on our website, in our publications or by writing to you.

Whenever you engage with us through our websites, social media, email or telephone, or send us your personal information in any other way, we’ll process your information as explained in this policy. When you provide your information, you’re agreeing to this policy. If you don’t agree, please don’t give us your data.

Feedback

We’d love to hear from you with any feedback or questions.

Call us on: 020 3906 3906

Email us at: info@tearfund.org

Write to us at:
Data Protection Officer
Tearfund
100 Church Road
Teddington
TW11 8QE

Complaints

You can also contact us if you’re worried about anything in this policy or if you want to make a complaint.

Call us on: 020 3906 3906

Email us at: info@tearfund.org

Write to us at:
Data Protection Officer
Tearfund
100 Church Road
Teddington
TW11 8QE

You can also make a complaint about the use of your personal data with the Information Commissioners Office (ICO), the UK data protection regulator. You can do this by calling the ICO helpline or through the ICO website. For details, visit https://ico.org.uk/concerns/.