What information do we collect?

We may collect information about you whenever you interact with us or with third parties with whom we work. This may include:

• Your name and contact details.
• The contact preferences and areas of interest you may have selected.
• Your involvement with us and interests, including donations and other payments, membership details, communications and correspondence, the reasons you have given for supporting us or using our services, details about which of our services you’ve used and how you’ve interacted with us, and conversations we’ve had with you (including by email, phone, SMS or post).
• Technical data such as how you interact with our emails e.g. what emails you open and have clicked on, your IP address and geo-location, timestamps showing when you completed our forms, etc.
• Financial data such as your bank account details for setting up a regular Direct Debit and your credit/debit card details for processing card payments. (All online financial transactions are encrypted for security and we do not store your credit/debit card details.)
• Your employer details for processing a payroll gift.
• Your Gift Aid status and information.
• Your gender and date of birth (e.g., where registering for an event or accomodation, or to confirm you are over 18.)
• Information collected in the course of administering legacies and legacy pledges or enquiries, such as the amount pledged, expected or received, other beneficiaries to the will, or its executors. This may be received from you, or from others such as the executors of your will, other beneficiaries named in the will, legacy notification services (Smee & Ford) or the probate service.
• Information provided via enquiries (including to our free Information Service) and/or complaints made by or about you.
• Information from surveys, focus groups and opinions you share with us, for example if you have completed a feedback form after attending one of our short courses. This may include demographic data and other information you provide such as your previous experience, opinions, age and gender and so on. Any detailed information you provide through surveys will usually be anonymised or pseudonomised in order to add an extra layer of protection for your personal data.
• Any other information you provide to us.

Where we have legitimate interest in doing so, we may collect other information about you where this is available to the public, including from third parties. This supplementary information will help us to ensure we are contacting you with the most relevant, timely and appropriate communications, to make better use of our resources and ultimately provide an improved experience for you.

For example:

• We may check, amend and/or complete your address details, or update these if you have moved house, to ensure post is delivered efficiently.
• We may collect information which identifies you as a contact person for an organisation, such as a school, or which will help us to identify or guess contact details (such as email addresses) for individuals in relevant roles acting on behalf of organisations who we feel would want to hear from us about getting involved and supporting us and our activities.
• We may look up your parliamentary constituency, estimates of your age and the size and composition of your household, and information about your interests such as hobbies, shopping preferences and subscriptions.
• We may collect information about your work and career (such as job titles), your previous charity support and organisations you have been connected with, your education, information that helps us identify any family ties, demographic information associated with your postcode, and financial information (including assessment of income and whether particular donations or funding appeals may be of interest).

This information may be compiled using publicly available data about you and/or information that you have already provided to us. Sources may include records, databases and documents made available by government bodies or organisations such as Royal Mail, archives from media outlets, archived press releases, and other reputable websites.

This information may be also used to help us identify individuals, trusts, foundations and companies who may be able to provide higher levels of support and engagement, such as major gifts, partnerships, introductions to networks and mutually beneficial relationships. Carrying out such analysis is sometimes referred to as profiling or wealth screening. We may do this directly and/or by using third party companies such as Factary or Prospecting for Gold. You can opt-out of allowing us to research and use background information about you from other sources for profiling purposes at any time by contacting us at fundraising@cat.org.uk / 01654 705988.

We may ask you to provide your personal data through surveys, quizzes, games, competitions, lotteries, raffles, signing up to receive communications from us, signing up to support our campaigns through petitions, statements of support or email-writing, donations and membership signups, webinars and short course registrations, event and conference bookings, visitor centre bookings, venue hire bookings, accommodation booking, school, university and group visits, graduate school enquirers, applicants, students and alumni, shop and café purchases, information service and other enquiries, and other methods not mentioned here.

You may be asked to provide your information to us indirectly, for example through third parties such as professional fundraisers, partners or subcontractors acting on our behalf, online form providers such as 123formbuilder or MailChimp, online quiz and survey providers such as Interact or SurveyMonkey, payment gateways such as Paypal or Worldpay, fundraising sites such as Justgiving or Virgin Money Giving or organisations which disburse payments on your behalf such as Charities Trust, CAF, Stewardship or Liverpool Charity and Voluntary Services. These organisations may have their own privacy policies and/or statements. Please do ensure you check these when providing your personal information to them.

When you have given other organisations permission to share your information with us, for example in order to sign up to a third party event, the information we receive will depend on your settings and the permissions and choices you have provided. We will always work to ensure it’s completely clear to you that your information will be shared with us.

When using social media and messaging services like Linkedin, Facebook and Twitter, depending on your settings and the permissions and choices you have provided you might give us permission to access information about you from those accounts or services.

When your personal information is available from public sources, such as from open social networks (e.g. LinkedIn and Twitter), company websites, political and property registers, the media, the Charity Commission or Companies House, we may collect this information.

We may collect/use sensitive personal information, but we will only do this where appropriate and necessary in relation to your relationship with us, where data protection law allows it, for an appropriate timeframe only and normally only where we have your explicit consent. For example, we may record information about your health or dietary requirements in order for us to ensure we are communicating with you in the appropriate way and providing you with an appropriate level of service, or we may ask you about your ethnicity in surveys to help us better understand how we can develop and inspire more people to support us in the future. This is allowed under condition (d) of Article 9 of the UK GDPR (‘Not-for-profit bodies’). We may anonymise this data and use it for business analysis purposes. We will only use this special category data for the purpose we have identified and will apply appropriate measures and safeguards to ensure the protection of this.

What do we use this information for?

We use your information to provide you with updates, information and marketing communications. We may contact you by phone, SMS, email or post about our services and how you can get involved and support us. You can always opt-out of these communications.

We use information we hold about you to tailor our communications further to what we think you would be most interested in hearing about. This might for instance include information and marketing relating to our Visitor Centre, events, the Zero Carbon Britain project, volunteering and job opportunities, learning with us through our graduate school, short courses, school and university groups or other learning opportunities, membership, fundraising, campaigning, accommodation, venue hire, café, shop and mail-order services.

We may send you Clean Slate magazine in the post. This may include advertisements and marketing for other organisations that we think you may be interested in. All members receive Clean Slate magazine and may receive other membership post, such as invitations to members’ events, details of special members’ discounts and other key benefits of your membership. As you have signed up to receive these as part of their membership subscription, we continue to send these to members who have opted-out of receiving other fundraising and marketing communications by post. This is explained on membership subscription and renewal forms. We may also contact you with membership renewal reminders by post, phone or email. You can opt-out of receiving Clean Slate and other membership post at any time by contacting our Fundraising and Membership team.

We may use your information for a range of other purposes including to process your payments, to communicate with you better, to comply with financial regulations, to administer legacies, to undertake research for marketing purposes such as by asking you to participate in a survey, to undertake business analysis such as to predict your likelihood to donate to certain appeals and the potential extent of your donations or to monitor and illustrate the level of support for our projects and campaigns, for debt recovery and for other administrative purposes.

The information you provide may be used in conjunction with other information we hold about you.

Lawful basis

We process your personal information according to one or more of the following legal grounds under the GDPR:

• Consent, for example to send marketing emails to individual supporters and users of our services. You can withdraw your consent at any time.
• Your vital interests, for example to ensure you get assistance for specific health needs when visiting CAT or attending an event.
• Contractual relationships.
• Legal obligations, for example providing tax and gift aid information to HMRC.
• Legitimate Interests, for example to contact you for marketing purposes by post or phone. We only use this where we are confident that the processing of your information is in our legitimate interests and does not override your own legitimate interests or rights and freedoms. Our legitimate interests include fulfilling our charitable purposes through income generation and publicity, such as marketing for our fundraising, membership, services and events, and analysis of the information you provide. They also include administration, such as Gift Aid, and financial management and control, such as processing donations.

Who will it be shared with and why?

We may share your details with third party suppliers who carry out services for us. We will always hold a supplier to our own high standards of data protection, to ensure that they treat your information with the same care as we do.

These are some examples of how we work with third parties:

• Using suppliers, external fundraising entities and platforms to deliver communications for us by email, SMS, post or phone and/or provide marketing or research services for us, as well as to analyse and supplement your data. Examples include Royal Mail, The Delivery Group, Admail Ltd, Loqate, Welshpool Printing Group, Apex Direct Mail, Shopsync, MailChimp, and Neo Creative Limited.
• Using suppliers who will help us ensure the information we hold on you is accurate and up to date and provide supplementary information about you, such as Post Office’s National Change of Address database, Factary or Prospecting for Gold. We may also check your details with the Mailing Preference Service and Telephone Preference Service.
• Using information services companies, such as Experian, to verify your identity, address and/or account details. This may be required or recommended as best practice by payment service providers such as BACS, which operates the Direct Debit scheme, in order to reduce fraud by ensuring that the details provided relate to the payer.
• Using payment and financial services providers, auditors, legacy notification services and personal or professional executors, government departments eg. to collect Gift Aid, and providers of online forms and other tools or platforms that collect and process information for us. Examples include HMRC, BACS, Paypal, Stripe, Worldpay, GoCardless, SAGEPay, Pay360 by Capita, 123formbuilder, Checkfront, Shopify, Interact, Justgiving, The Access Group, Google, MailChimp, SurveyMonkey and various WordPress applications that we use with our website, such as GiveWP.
• We work with statutory funders, trusts, foundations and others whose financial support make some of our projects possible, for example Powys County Council, who may require information about you and your involvement in a funded project which you have taken part in, in order to evaluate the success of these projects.
• We may occasionally use services that allow your personal information to be transferred, processed and stored outside of the European Economic Area (EEA). Where necessary we will always take steps to safeguard your information and ensure compliance with data protection laws. For more information please contact our Data Protection Officer.

We won’t sell or swap your information with other organisations for their own marketing purposes without your explicit, informed consent.

We may ask if you would like to add your personal information to directories which will be shared publicly or with selected recipients, such as other attendees at a conference you attend, in order to help you connect a community of people who wish to share their knowledge, skills and experience with each other to support action on the climate and biodiversity emergency. For some campaigns, we may share your contact details with the organisation to which the campaign is addressed, if we have explicitly stated this on the campaign page where you provided your details. For events and projects we co-organise with others, we may share your details with the co-organisers but only if this is made clear to you and all organisers have provided their privacy information to you when you registered or provided your details.

You are in control of how we use your information.

You can update your preferences at any time. If you would like to contact us about your marketing preferences, please contact us using the details at the top of this page. You can also unsubscribe from emails by clicking the link at the bottom of each email.

If you choose to unsubscribe from any of our Information & Marketing Communications, we will take you off our communication lists. We will retain your name, contact details and other relevant information and will record your preference not to be contacted. This allows us to comply with your request should you interact with us again in future. We may still send you administrative communications as needed. You can also contact us to change what kinds of communication you receive from us and how you receive these.

How long will we retain this information for?

In rare cases your information may be retained by us or third parties you have provided it to (including unsubscribed from emails status) indefinitely or until you request not only to unsubscribe but to have your data erased. However if you have not interacted with us for 8 years we will usually delete, anonymise or move your record to a separate secure storage location where it will only be accessed in specific circumstances, for instance if you have left us a legacy in your will and this information is required for the will to be executed.

Your rights

• Right to be informed – as implemented here
• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to object

Please read the “Your rights” section for more information.