The Runnymede Trust is committed to being transparent about how we collect and use data and to meeting our data protection obligations.
This policy describes the information we collect from you when you use our website or that you give us when you interact with us, and explains how we use that information and our legal basis for doing so. It also covers whether and how that information may be shared and your rights and choices regarding the information you provide to us.
We will regularly review and update this policy. It was last updated on 15.3.23. If we make substantial changes, we will bring these to your attention where reasonably possible. Otherwise, you can access the latest version of this notice on our website.
1. Who we are
2. The data we collect about you
3. How your personal data is collected
4. How we use your personal data
5. Purposes for which we use your personal data
6. Sharing of your personal data
7. Data security
8. Data retention
9. Your legal rights
- Who we are
The Runnymede Trust (or ‘we’) is the UK’s leading race equality think tank. We are a registered charity in England and Wales (charity no: 1063609) and our address is: 207 Brickfields Business Centre, 37 Cremer Street, London, E2 8HD.
If you have any questions about this notice or how we handle your personal information, please contact email@example.com
- Data we collect and receive from you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data: includes first name, last name, title, date of birth.
- Contact Data includes: billing address, mailing address, email address, social media handles, and telephone numbers.
- Financial Data includes: bank account and payment card details.
- Transaction Data includes: details about payments to and from you and other details of donations you have made, or products, services or tickets you have purchased from us.
- Accessibility Data includes: your accessibility requirements and dietary requirements and preferences for events.
- Technical Data includes: internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Usage Data includes: information about how you use our website, products and services.
- Marketing and Communications Data includes: your preferences in receiving marketing from us and your communication preferences.
- Recruitment Data: includes your CV or work history and other information submitted as part of the application process, including any interview notes.
Certain types of information are sensitive and need more protection (for example, information about race or ethnicity, and of health, as well as information about criminal convictions). We do not usually collect these types of information for a typical website visitor. But we may collect these types of information if you apply for a job with us, where it is appropriate and the law allows us to do so.
- How we collect personal information
We may collect personal information:
- Direct from you, for example when you send us an email, make a donation, fill in a survey or apply for a job.
- Indirectly, from another source, for example when we receive personal information in a dataset for a research project. When we recruit, we may receive information from recruitment agencies, former employers, or other background check agencies.
- When it is available publicly. We may use public sources of information (for example, the electoral roll, open social media, and other online databases) to collect information used in our research. If you have any questions about our use of public information, please contact us.
- How we use your personal information
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where you have asked us to provide you with a service such as our newsletter, asked us to include you in one of our programmes or campaigns, or registered for an event
- Where you have made a donation
- Where it is necessary for either yours or our legitimate interests, (our interests will never override your interests or fundamental rights).
- Where we need to comply with a legal or regulatory obligation.
Click here to find out more about the types of lawful basis that we will rely on to process your personal data.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email. You have the right to withdraw consent to marketing at any time by clicking the Unsubscribe button in marketing emails or by contacting us.
- Purposes for which we use your personal data
We have set out below a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below:
- Sharing your personal data
We sometimes share information with other organisations in order to provide services to you.
We will share your information with third parties where required by law or where we have another legitimate interest in doing so. We have carefully selected these third parties and taken steps to ensure that when we share your Personal Information with them, it is adequately protected. Details about how we process Personal Information in conjunction with key third parties is set out below:
- Donately & Stripe - we use Donately to store and process information when you donate to us through our website. We use Stripe to process donation payments to us. You can view how Donately processes Personal Information here and Stripe here.
We may also share your personal data with third parties in the following circumstances:
- We may need to use certain service providers to carry out work on our behalf such as, for example, event venues or programme partners. Where we enter into a relationship with an external party that would involve the processing of your personal data on our behalf, any such arrangements will be subject to a formal agreement between the Runnymede Trust and that organisation, aimed to protect the security of your data.
Where we share information with other ‘controllers’ (organisations who will use the information for their own purposes, rather than to provide services to us) they are responsible to you for their use of your information and compliance with the law. We share information with other controllers as follows: project sponsors; HMRC; Charity Commission; and professional advisers. We share the information in a secure way and take appropriate steps to ensure the recipient protects it.
We will never sell your data to any third party.
- Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees and third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- Data retention
We will retain your information as long as necessary to provide you with the services or as otherwise set forth in this Policy. We will also retain and use this information as necessary for the purposes set out in this Policy and to the extent necessary to comply with our legal obligations, resolve disputes, enforce our agreements and protect our legal rights.
We also collect and maintain aggregated, anonymised or pseudonymised information which we may retain indefinitely to protect the safety and security of our Site, improve our Services or comply with legal obligations.
- Your legal rights
Under certain circumstances, by law you have the right to:
- Ask for a copy of your personal information (commonly known as a "subject access request").
- Ask that we update or correct the personal information that we hold about you, if you believe it to be inaccurate.
- Ask that we erase your personal information that we hold, where there is no good reason for us continuing to hold it. We may not need to erase it, but we will need to show that we continue to have a good reason to hold it.
- Object to our use of your personal information if we are relying on a legitimate interest and there is something about your situation which makes you want to object. We may not need to stop, but we will need to show a good reason to keep using it. You can always ask us to stop using your personal information for direct marketing purposes.
- Ask that we restrict our use of your personal information so that we are simply storing it, for example if you want us to establish its accuracy or our reason for using it.
- Request the transfer of your personal information to you or another party. This only applies where you have provided us that information and we are processing it with your consent or to perform a contract with you. This is unlikely to apply in most cases.
- Change your mind and withdraw the consent you have given us.
To exercise any of the above rights, please contact firstname.lastname@example.org
These are legal rights, so they only apply in certain circumstances and are subject to exemptions.
If you have concerns about the way we are handling your personal information, you also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk/make-a-complaint.