Policy Statement



This policy applies to individuals, groups, organisations and all individuals that come into contact with Heritage Charity London. This policy details rights and obligations in relation to your personal data and the personal data of third parties. Ensuring that all data is secure and properly dealt with is of paramount importance to Heritage Charity London, and we have this policy in place ensure we conform fully with General Data Protection Regulations (GDPR) and Data Protection.


Scope and definitions



Personal data means any information relating to an identified or identifiable natural person (a “data subject”).


Processing should be taken to mean any operation defined in law, i.e. collection, recording, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


“Special categories of personal data” means information about an individual’s racial or ethnic origin, political opinions, religious or political beliefs, trade union membership, health, sex life or sexual orientation and biometric data.


This Data Protection Policy applies to all Personal Data processed by Heritage Charity London.


Data protection principles


Heritage Charity London processes personal data in accordance with the following data protection principles:


  • Heritage Charity London processes personal data lawfully, fairly and in a transparent manner;
  • Heritage Charity London collects personal data only for specified, explicit and legitimate purposes;
  • Heritage Charity London processes personal data only where it is adequate, relevant and limited to what is necessary for the purposes of the processing;
  • Heritage Charity London keeps accurate personal data and takes all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay;
  • Heritage Charity London retains personal data only for the period necessary for the processing;
  • Heritage Charity London adopts appropriate measures to make sure that personal data is secure and is protected against unauthorised or unlawful processing and from accidental loss, destruction or damage.



Intention of the policy


The intention of this policy is to set out how Heritage Charity London collects, uses and protects personal data from any individual or organisations that interact directly with us.


The Policy prescribes the following:


  1. The rights and entitlements to your personal data
  2. Legislation empowering data protection
  3. Methods of Data Collection
  4. What Data is collected
  5. Browsing and Cookies
  6. Personal Sensitive Data
    1. Child Data
    2. Payment Data
    3. Personal sensitive Data
    4. Job application Data
  7. Data Analysis and use
  8. Disclosure of Data to third parties
  9. Access and changes to personal data
  10. Duration of Personal Data
  11. Accuracy of personal data
  12. Security of personal data
  13. Data Breaches
  14. other websites
  15. emails & terms of use



  • The rights and entitlements to your personal data


Your entitlements

Data protection legislation prescribes the way an organisation may collect, retain and handle personal data. Heritage Charity London will comply with all data protection legislation and requirements as we recognise the right that people have with regards to their personal data and we have a responsibility under law to uphold those rights.

Under UK data protection legislation, you have certain right over personal information that we hold about you. Your rights are summarised below and all enquiries with regards to your

personal data, how we handle use and collect data can be made by contacting our General

enquiries team at: info@heritagecharity.org. Please explain your request or concern and clearly specify the type and nature of the data concerned. In order to process your request we may need to request further information and/or request proof of identity.


Heritage Charity London will inform individuals of the reasons for processing their personal data, how it uses such data and the legal basis for processing it when we do so – we will not process personal data about individuals or organisations for other reasons.


Heritage Charity London will update personal data promptly if an individual advises that their information has changed or is inaccurate.


Different categories of data will be retained for different periods of time, depending on legal, operational and financial requirements. Any data which Heritage Charity London decides it does not need to hold for a particular period of time will be securely destroyed.


Your rights

Your rights in relation to our processing of your personal information , include:  – (please note that exceptions may apply to a number of these rights, and not all rights will be applicable in all circumstances)

  1. Right to object to the processing of your data – you have the right to object to our processing of your personal data in certain circumstances. If you object, please explain your objection and the reason for it. If you are objecting to the processing of your data for direct marketing purposes, you can tell us in any of the ways described in the section “Access and changes to personal data” above and we will stop processing your data for those purposes as soon as reasonably possible.
  2. Right to have inaccurate or incomplete personal information corrected or completed – if you believe our records of your personal information are inaccurate or incomplete, you have the right to ask us to correct or complete those records.
  3. Right to restrict processing – in certain circumstances, you have the right to ask us to stop making active use of the personal information that we retain in our records about you, if there is disagreement about its accuracy or legitimate usage.
  4. Right of erasure – in certain circumstances, you have the right to request that we delete your personal information from our records.
  5. Right of access – you can write to us to ask for confirmation of what information we hold relating to you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exceptions that apply.
  6. Right to receive your personal information in a portable format – in limited circumstances, where we are processing information you provided to us because you gave us your consent or because it is necessary for the performance of a contract and the processing is carried out by automated means, you may ask us to provide it to you in a portable format.

If you are not happy with how we have handled your request or complaint, you can contact the Office of the Information Commissioner, which oversees the protection of personal data in the UK.

Alternatively, you may choose to contact the Information Commissioner directly about your complaint, regardless of whether you have raised it with us first.


(b) Legislation empowering data protection


There are several laws that empower data protection and regulate its use – it allows us to process your data safely and effectively.


Our data policy takes into account several laws including:


  • The Data Protection act 2018


  • The Privacy and Electronic Communications (EC Directive) Regulations 2003


  • General Data protection Regulation (EU 2016/679)



Generally, our processing of your personal information as described in this policy is allowed

by these laws based on one or more lawful grounds, including:


  • Where you have provided your consent to us using your personal information in a certain way. For example, we only use your information to send you marketing communications by email or text with your consent. We also may ask for your explicit consent if you share sensitive personal information with us.
  • Where the processing is reasonably necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract.


  • Where the processing is reasonably necessary to comply with a legal obligation to which we are

subject. For example, we may rely on this basis where we are obliged to share your personal

information with a regulator or HMRC.



  • Where the processing is reasonably necessary for the purpose of a legitimate interest pursued by us or a third party and your privacy rights do not override the legitimate interest. Our “legitimate interests” include pursuing the aims and ideals of Heritage Charity London through advocating and campaigning for the welfare of children, supporting children and families through our work in the UK and globally, and fundraising through direct marketing campaigns, emergency appeals, special events and our retail shops. However, “legitimate interests” can also include your interests, such as when you have requested information from us, and those of third parties, such as our beneficiaries.


We rely on legitimate interests for activities such as marketing and communication by post or telephone unless you have expressed your desire not to be contacted in this method.


In any event, where we are relying on legitimate interests to process your personal information, we will consider any potential impact on you (positive or negative), your rights under data protection laws, and will not use your personal information for activities where the impact on you overrides the legitimate interests in the processing. Where we process sensitive personal data (as mentioned above), we will make sure that we only do so in accordance with one of the additional lawful grounds for processing that type of data, such as where we have your explicit consent or you have made that information manifestly public.

(c.) Methods of Data Collection



Any interactions with Heritage Charity London may result in Data collection, we may also receive information about you from third parties with whom we work (e.g. donations through a third party site that you have given permission to share information with us). We may supplement information that we know about you with information is that readily available to the public. In oder to ensure effective and efficient data collection we may supplement data from readily available public sources either directly or through a third party subscription service provider to provide the best data analysis collection.


We may collect aggregated or anonymous information when you visit our website or interact with our content. For example, we may collect information about the services you use and how you use them, like when you watch a video on YouTube, visit our website or view and interact with our ads and content. Please see our Cookies section for more detail.


We may also collect and process information about your interactions with us, including details about our contacts with you through email, SMS, post, on the phone or in person (i.e., the date, time, and method of contact), details about donations you make to us, events or activities that you register for or attend and any other support you provide to us. We may also collect and record any other relevant information you share with us about yourself, including your interests or your affiliations with other charities, community groups, your employer or a Heritage Charity London corporate partner. If you are a minor, we may collect the name and contact details of a parent or guardian and, where appropriate, the name and location of your school.

In order to ensure that our communication with you is relevant and tailored to your background and interests, we may supplement what we know about you with information that is available to the public. This allows us to better understand your interests, preferences, and level of potential engagement and/or donation, so that we can contact you in the most appropriate way and to ensure that we do not send you unwanted communications. The information we collect and process about you from publicly-available sources may include demographic information associated with your postcode or your address and an estimate of your age. We may collect this information ourselves or through third-party service providers.

Where we have identified that you may have the capacity or affinity to support Heritage Charity London at a higher level, we may use the information we hold about you to identify connections between you and our existing circle of key supporters. We may review other information about you that is available to the public through internet searches, social networks, such as LinkedIn, subscription services, news archives or public databases (e.g., Companies House, the electoral, political and property registers), such as information about corporate directorships, shareholdings, published biographic information, employment and earnings, philanthropic interests and networks, charitable giving history and motivations and relevant media coverage, so that we can engage with you in a more personalised way.

(d.) What Data is collected


The Data that we collect ranges and can be sourced either directly through channels at Heritage Charity London or through Third party subscription services we work with. The type of data may include the following:


  • name
  • address
  • Email
  • telephone number
  • contact preferences
  • bank account details for the purposes of direct debit set up
  • credit card details for the purposes of payments
  • employer details for the purposes of processing a payroll gift
  • tax payer status for claiming gift aid
  • date of birth or age to confirm individual is over 18
  • Gender (where appropriate for a specific event e.g. race )


(e.) Browsing and Cookies


We at Heritage Charity London do not use cookies to collect Data. All online financial transactions are encrypted by TLS (Transport Layer Security). However we may collect information detailing your interactions with our website.


(f.) Personal Sensitive Data


Data protection Legislation recognises certain categories of data as sensitive. This can include information about health, race, religion and political opinion. In the rare case that we are required to collect such sensitive data from you, we would only collect the sensitive data if there was a clear reason for doing so such as to ensure that we provide appropriate facilities or support to enable you to participate in a specific capacity e.g. in an athletic event like a marathon.


  • Child Data


When you register with us, you are stating that you are 18 years of age or over. You agree that any information you provide to us about yourself upon registration or at any time is true.

  • Payment Data


If you use your credit or debit card to donate to us, buy something or make a booking online, we pass your card details securely to our payment processing partner as part of the      payment process. We do this in accordance with the Payment Card Industry Security Standard and don’t store the details on our website or databases for payment.


  • Job application Data


Data relating to unsuccessful job applicants will only be retained for a period of one year and after consent has been obtained from the job applicant to process their personal data.



(g.) Data Analysis and use


We may use your information in a number of ways, including:

  • To provide you with information, products or services that you have requested from us or that we feel may be of interest to you;
  • To provide you with information about our work or our activities;
  • To invite you to participate in interactive features on our website;
  • To process donations we may receive from you;
  • To fundraise in accordance with our internal policies and procedures;
  • For administrative purposes (for example, we may contact you regarding an event for which                    you have registered, to provide information requested from us through Supporter Care or                            with a query regarding a donation you may have made to us);
  • For internal record keeping relating to any donations, feedback, or complaints;
  • To invite you to participate in voluntary surveys or research;
  • To contact you where you have been identified as a contact person for an organisation,                             such as a school (if we obtain your contact details in this way, we will only use them to                                     contact you in your capacity as a representative of that organisation unless you have                                  separately indicated that you are happy to be contacted as an individual supporter);
  • To analyse and improve the content and operation of our website;
  • To analyse and improve our internal business processes;
  • To analyse the personal information we collect about you and use publicly available                                 information to better understand your interests, preferences and level of potential donations              so that we can contact you in the most appropriate way and to ensure that we do not send                                   you unwanted communications;
  • To tailor advertising that is presented to you on the Internet according to your interests,                            preferences and other characteristics (as described below);
  • To direct advertisements and other communications to other people who may have similar                       interests or other characteristics to yours (as described below);
  • To assess your personal information for the purposes of credit risk                                                              reduction or fraud prevention; and
  • Where we are required by law to disclose or otherwise use your information.


We may contact you via the information that we have collected for marketing purposes by email or text message if you have agreed for this method of marketing communication. We may also send you email communication or text communication where you have placed an order for goods or services through our website. Providing a donation through our website is another example of where we would use data to communicate with you.


If you have provided your postal address or telephone number we may send you information about our work unless you have expressed your desire not to be contacted this way.



Data combination, analysis & use



We at Heritage Charity London, in our “supporters promise” committed ourselves to communicating with you using an approach that is right and ethical. This means that we manage the commutations we send to ensure that  we are selecting the most appropriate approach to contact you. We do this to also ensure that we do not send you unwanted communication. To facilitate this we may combine the information that we collect about you and cross analyse your interests, preferences and level of potential engagement or donation. We may use statistical analysis to organise the data to understand the likelihood that you will be interested or responsive to a particular message or campaign. We may use third party service providers to assist us in this process.


The process of data combination and analysis assists us to engage with the community in a more personalised way. You may opt out of your data being combined and analysed for marketing purposes at any time by contacting our General Enquires team on info@heritagecharity.org


In accordance with our legal and regulatory obligations and our internal policies and procedures, we may also use personal information to carry out due diligence on potential or actual donors. If you opt out of analysis of your data for due diligence purposes, we may not be able to accept donations from you.

(h.) Disclosure of Data to third parties



Heritage Charity London may provide your information to our service providers. Subject to your communication preferences and our internal policies and procedures, this would include providing your information to third parties that work with us to deliver on our charitable purposes, and other entities that act as fundraisers for Heritage Charity London, sell Heritage Charity London products or provide Heritage Charity London with marketing information and services.

Where you have agreed to receive email or SMS marketing communications from us, we may provide your email address or mobile phone number in an encrypted format to social media companies, such as Facebook, Instagram, Twitter or YouTube, or to digital advertising networks that are providing services to us by displaying our advertising to you on those social media platforms and other websites, as well as identifying audiences with interests similar to yours. You can opt out of your data being used to display advertising to you by contacting our General Enquiries team on info@heritagecharity.org

However, this will not prevent our advertisements being shown to you on a randomised basis or based on cookie data and may mean that you stop receiving marketing communications from us more generally.

We may enter into contracts with certain service providers that would require them to comply with data protection laws and to ensure that they have appropriate controls in place to protect the security of your information.

We will never sell your details. We will only share your details with third parties (who are service providers working at our direction) as indicated in this Policy or if you have consented or we have another legal basis to do so. We will not make cold telephone calls to members of the general public for individual support and, therefore, will not purchase your data in order to do so.

We may disclose your personal information if we are requested or required to do so by a regulator or law enforcement or in order to enforce or apply our rights (including in relation to our website or other applicable terms and conditions) or to protect Heritage Charity London, for example in cases of suspected fraud or defamation, or in order to comply with any other applicable legal obligation.

(i.) Access and changes to personal data



You have the right to make a subject access request. If you wish to access a copy of any personal data being held about you, you must make a written request for this to the General Enquiries team using the email address: info@heritagecharity.org


Note that Heritage Charity London will always check the identity by ID or passport before making the request and before processing it.


If you make such a request,


Heritage Charity London can identify:

  • whether or not your data is processed, analysed, combined and if so why; the categories of personal data concerned and the source of the data if it is not collected from you;
  • to whom your data may be disclosed, including any recipients located outside the European Economic Area (EEA) and the safeguards that apply to any such transfers;
  • for how long your personal data is stored or how that period is decided;
  • your rights to rectification or erasure of data, or to restrict or object to processing;
  • your right to complain to the Information Commissioner if you think Heritage Charity London has failed to comply with your data protection rights; and
  • whether or not Heritage Charity London carries out any automated decision-making and the logic involved in such decision making. Heritage Charity London will also provide you with a copy of the personal data undergoing processing. This will normally be in electronic form if you have made the request electronically, unless you request otherwise.




(j.) Duration of personal Data



We will keep and delete your information according to our internal policies and will keep it no longer than reasonably necessary for the purposes for which we hold it, taking into account relevant legal and regulatory retention requirements (e.g. tax or health and safety requirements) and operational considerations.



(k.) Accuracy of personal data




Heritage Charity London will encourage individuals to notify us of any inaccuracies by contacting the General Enquiries email: info@Heritagecharity.org . Heritage Charity London will respond to requests for rectification of data in a timely manner. Heritage Charity London will implement staff training to assist with implementation of this principle regularly.



(k.) Security of personal data



Heritage Charity London will ensure that personal data is not processed unlawfully, lost or damaged. Appropriate technical and organisational measures will be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, data. Personal data will not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection relation to the processing of personal data.



(l.) Data Breaches


Heritage Charity London will record all data breaches regardless of their effect. If we discover that there has been a breach personal data that poses a risk to the rights and freedoms of individuals, we will report it to the Information Commissioner within 72 hours of discovery. If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will tell affected individuals that there has been a breach and provide them with information about the likely consequences of the breach and the mitigation measures we have taken.


(m.) Other websites


We cannot be held responsible for the privacy of data collected by websites not owned or managed by Heritage Charity London, including those linked through our website.


(n.) Emails and terms of use


Emails are not a secure form of sending information. They may be intercepted, altered or changed to benefit others. Heritage Charity London does not accept liability for the loss or damage as a consequence altered emails.

The contents of emails reflect their author’s views and not necessarily those of Heritage Charity London as a whole. Please do not send Heritage Charity London any financial data through email.

The information in emails is confidential, so if you have received one by mistake, please delete it without copying, using, or telling anyone about its contents.



Policy Review


This policy was last reviewed and agreed by the board of trustees and seeks to be reviewed and updated annually. Any queries arising regarding this policy should be addressed to Mrs Fruzsina Marjan








January 2022