Skip to main content

9.0 Digital media

Note: MUST* and MUST NOT* (with asterisk) denotes legal requirement

MUST and MUST NOT (without asterisk) denotes requirement of the Code of Fundraising Practice

9.0 Legal references in this section:

The following Legal Appendices MUST be read in conjunction with this section of the Code of Fundraising Practice

9.1 Accessibility and Usability

Being accessible means using the latest web technologies to accommodate the needs of as many users as possible.

a) All digital platforms MUST* comply with the Equality Act 2010 and organisations MUST* make “reasonable adjustments” to accommodate the needs of all users.

Information about accessibility can be found from the Royal National Institute of Blind People’s (RNIB) web access centre or the World Wide Web Consortium, the W3C.

9.2 Organisations’ Own Websites

9.2.1 Information to be Provided

As well as their main websites, fundraising organisations may have other related websites or micro sites created for specific campaigns or events. This section covers all websites created by organisations.

a) Organisations MUST* have specified information on their website about their status. For further detail please see L12 References in Documents L12.2 and L12.3.

b) Organisations MUST ensure that a contact number and/or an email address are easy to locate.

9.2.2 Data

a) The Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended in 2011), contains rules about the use of cookies (text files storing an individual’s information) on websites. Organisations MUST*ensure they abide by the Regulations and wider data protection requirements.

b) Organisations MUST* notify website users about the website’s use of cookies, and in particular MUST* do so in a suitably prominent and understandable manner to ensure that the user’s consent to the use of cookies is informed.

c) Requests to unsubscribe MUST be addressed in a timely fashion. The Information Commissioner’s Office has guidance on time limits which can be found on their website.

d) Organisations MUST clearly explain data capture and use, for example through a privacy policy or statement.

e) All information about data capture and use MUST be easily accessible from the website homepage and any page which collects personal data.

Section 5: Personal information and Fundraising includes further information on requirements relating to data protection

9.2.3 Content

a) Organisations MUST* have the necessary intellectual property permissions to use or share digital content, such as images, audio, video etc.

9.3 E-commerce, Online Donations and Fundraising Platforms

9.3.1 Electronic Payments

There are a number of standards that apply to electronic payments, such as the Payment Card Industry-Data Security Standard (PCI- DSS) for processing card transactions, and the Direct Debit Guarantee for processing Direct Debits.

9.3.2 Online Raffles and Lotteries

a) Organisations MUST* comply with the Gambling Act 2005 or, in Northern Ireland, the Betting, Gaming, Lotteries and Amusements (NI) Order 1985.

For more information on the different types of lotteries and the rules that apply to each type, please see L13 Raffles and Lotteries and/or speak to the Gambling Commission, who regulate this area.

For Northern Ireland, please consult the Department for Communities and its Policy Unit’s Information Leaflet – The Law on Lotteries in Northern Ireland.

9.3.3 Online Trading, Trading Subsidiaries and e-commerce

a) Organisations MUST* only trade if their governing documents allow it.

b) Organisations MUST* comply with all relevant consumer law and digital commerce legislation including the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013.

c) If merchandise sales or fundraising events (such as challenge events) are carried out through a trading subsidiary, fundraising organisations MUST* make this clear on relevant communications or web pages.

d) Organisations MUST* ensure that descriptions and images of goods are sufficiently accurate that donors are not misled about what they are buying.

e) Organisations MUST* have the necessary intellectual property permissions to use or share digital content, such as images, audio, video etc.

f) Organisations MUST* comply with legal requirements as to delivery, cancellation, refunds and returns and MUST have policies that set out processes and timings for potential customers.

For more information, please see the guidance on this.

9.3.4 Online Fundraising Platforms

This section of the Code should be read in conjunction with the Fundraising Regulator’s Guidance for Fundraising Platforms and Online Fundraising advice and guidance for the public.

For the purpose of this Code, online fundraising platforms are websites or applications operated by commercial companies, not-for-profit organisations, by charities themselves, or by individuals, which facilitate charitable fundraising campaigns and/or crowdfunding by individuals or organisations for charitable purposes. They enable donors to give to charitable causes using their computers, smartphones and other electronic devices, and via their credit cards, debit cards or digital wallets (devices that allow an individual to make electronic transactions, such as Paypal).

For the purpose of this Code, crowdfunding refers to the raising of funds by an individual, a group of individuals, or a commercial organisation for charitable purposes, but not linked directly to a charity’s bank account. This may mean that money is passed to the crowdfunder to then distribute to a charity, or to spend on a personal cause, for example, assisting a friend or relative with medical expenses.

Donation pages hosted on a charity’s own website (i.e. where the donor is not directed away from the charity’s own domain name to a third party) are not considered within the scope of this Code section where no fees are levied on individual donations. Where fees (including payment transaction fees) are levied on a donation-by-donation basis by a third party, charities should ensure levels of transparency fall in line with this section of the Code.

Monies raised through online fundraising platforms may go: directly to a registered charity; to a fundraiser or fundraisers to pass on to a registered charity; or to a beneficiary who is not a registered charity.

The Fundraising Regulator encourages online fundraising platforms to register with us to publically demonstrate a commitment to responsible fundraising. Register with us. 

Alongside the rules below, Fundraising Platforms should particularly refer to the following sections of the Code:

Section 2: Working with Volunteers for considerations relating to the relationship between charities and those carrying out fundraising activities through online fundraising platforms.

Section 4: Third parties for considerations relating to agencies providing fundraising services.

Section 5: Personal Information and Fundraising for considerations relating to data protection.

Section 12: Corporate Partners for considerations relating to Commercial Participator relationships and providing hosting services to fundraising organisations.

Section 20: Handling Donations for considerations relating to card transactions.

Remuneration for hosting a fundraising campaign

For the purpose of this section of the Code, ‘remuneration’ relates to any fees levied on a charity, a donation, or associated GiftAid by a fundraising platform. These could include but are not limited to: platform fees; payment transaction fees; administrative fees; or monthly/annual subscription fees payable by a charity or fundraiser.

9.3.4.1 Where a Fundraising Platform receives a proportion of the donation or gift aid as remuneration for hosting a fundraising campaign, they MUST ensure that the following details are clearly visible to individuals donating through their site and displayed before the point at which financial details are requested:

a) how their remuneration will be calculated (for example as a percentage of the gift aid, a charge levied on a donation or X pounds/pence of each donation); and

b) the amount of remuneration they will receive, if this is known at the point of donation, and if not, an example that demonstrates the sum the organisation would receive on a hypothetical donation.

Other Responsibilities of Fundraising Platforms

9.3.4.2 Fundraising platforms MUST publish good practice guidance for those setting up a fundraising page on their website to ensure that prospective donors are adequately informed about appeals in advance of donating and that funds raised are administered appropriately.

9.3.4.3 Fundraising platforms MUST link to the Fundraising Regulator’s good practice guidance for those setting up a fundraising page on their website to ensure that they and prospective donors are adequately informed about appeals in advance of donating and that funds raised are administered appropriately.

9.3.4.4 The guidance MUST be easily accessible for those setting up a fundraising page on the site and MUST be available before the point at which donation pages become active.

9.3.4.5 The guidance MUST highlight the following considerations for fundraisers in how they plan their appeal to prospective donors. This MUST include the implications of raising money for a cause where no charity is identified as the beneficiary, including:

a) the possibility that a personal crowdfunding appeal may itself need to be registered as a charity with the relevant regulatory body; and

b) if the fundraising platform is itself a charity, that the appeal will need to satisfy the legal requirements for public benefit.

For further information regarding this, please see the Charity Commission’s Public Benefit Rules for Charities.

9.3.4.6 The guidance MUST highlight the following considerations for fundraisers in how they publicise their appeal to prospective donors through their fundraising page on the site:

a) who is organising the appeal

b) whether the money raised is for a specific purpose or for the recipient to use as they see fit. Where money is raised for a charity for a specific purpose, fundraisers MUST contact the charity to ensure they are aware and happy to receive the funds for this stated purpose. See also Code rule 6.5 on money given for a restricted purpose;

c) where applicable, what the target of the appeal will be – this might be a time target or a financial target;

d) whether the fundraiser is raising money on behalf of or for a registered charity and, where applicable, the name of the charity;

e) how donations can be made, including, where relevant, alternative ways of donating to the appeal and ways to maximise donations via Gift Aid;

f) what deductions will be made for expenses; and

g) what the fundraiser will do with the money if:

  • they do not raise enough to meet their stated target;
  • they raise an amount in excess of their stated target; or
  • the original purpose for which they are seeking donations becomes invalid for any reason.

9.3.4.7 The platform MUST require those setting up a fundraising page on the site to provide a clear affirmative action before the donation page is published (through an active opt-in method such as an unticked opt-in box) signifying that they have read and understood the guidance.

9.3.4.8 The platform MUST take reasonable measures to avoid fraudulent activity and money laundering through their site in the guise of fundraising. Where funds raised are not going directly to a charity bank account, the platform MUST make it clear that donors give at their own risk prior to the donation being made.

9.3.4.9 Online fundraising platforms MUST require their users to comply with those sections of the Code of Fundraising Practice that apply to their fundraising as a condition of using the site and to provide for the platform to terminate or suspend use of the site if necessary.

Data Protection and Privacy

9.3.4.10 Fundraising platforms MUST* comply with all relevant data protection legislation. Personal details of donors and fundraisers MUST* only be passed on to charities where a clear affirmative action has been provided to indicate that consent has been given.

Payment Services

9.3.4.11 Where applicable, fundraising and crowdfunding platforms MUST:

a) comply with all legal requirements relating to the Payment Services Regulations 2017 (if the organisation falls within scope of this, this is a MUST*); and

b) comply with all relevant Financial Conduct Authority regulations.

9.4 Working with Third Parties

a) Professional fundraisers (L8) and commercial participators (L9) working on digital media projects MUST* have written agreements in place with the charity and MUST* make the appropriate statements (L10).

b) When not legally required to have written agreements, organisations MUST still have contracts or agreements in place.

c) Organisations MUST undertake due diligence on both the financial and reputational dealings of potential partners before agreements are put in place. This is especially important when working with non-UK based third parties who are not bound by UK law.

d) If placing fundraising content on a third party’s platform, fundraising organisations MUST apply the same due diligence as if it was on their own website.For more information on selecting and using online giving platforms, the Institute of Fundraising’s ‘Making the Most of Digital Donations’ guidance.

9.5 Social Media

a) Organisations MUST ensure that usernames and passwords for their social media accounts are only available to trusted individuals.

9.6 Mobile Devices and Platforms

9.6.1 Definitions

Mobile may consist of separate platforms/channels or simply using a mobile device to access a version of an organisation’s website. Mobile devices may include but are not limited to smartphones, tablets, Personal Digital Assistant (PDA), and gaming consoles.

9.6.2 SMS and MMS

a) Organisations using premium SMS or other forms of phone-paid service MUST* register with the Phone-paid Services Authority (PSA) and comply with its Code of Practice and relevant special conditions notices.

b) Organisations MUST*only send marketing messages to individuals’ mobile phones where those individuals have previously notified the organisations that they consent to receiving such communications.

c) Organisations MUST*make the registration process for messaging clear on all forms of relevant documentation including websites and MUST*include procedures for unsubscribing on all marketing messages.

d) Organisations MUST* make the cost of premium rate messages clear to donors and MUST explain to donors how and when they will be billed.

e) Organisations MUST*follow data protection rules and rules set out in the Privacy and Electronic Communications Regulations 2003 when parental/bill payers’ consent is required.

f) Reply by SMS MUST be an option for opting-out and be clear in all marketing

g) Organisations MUSTuse a simple opt-out message.

h) Users MUST* be able to exercise their opt-out choice from any marketing message, free of charge (except for the costs of the transmission of the refusal).

Section 5: Personal information and Fundraising includes further information on requirements relating to data protection.

i) For competitions and prize draws, organisations MUST provide a clear and simple method of accessing any terms and conditions and MUST publish the identity of the promoter.

9.6.3 Charity Short Codes

a) When receiving donations by SMS, organisations MUST use Charity Short Codes (approved 5 number codes that can be rented by fundraising organisations to identify donations and pass on the VAT content to the organisation).

9.7 Email

9.7.1 Data Protection

a) Fundraising organisations MUST* comply with the requirements of data protection law and MUST NOT*disclose information obtained in situations where a legal duty to keep information confidential arises.

b) Organisations MUST* provide a valid address for opt-out requests.

Section 5: Personal information and Fundraising includes further information on requirements relating to data protection.

9.7.2 Content

a) Emails MUST carry a statement confirming the status of an organisation, and MUST* do so in certain circumstances (L10).

b) Organisations MUST NOT send bulk emails from named individual’s email accounts.

c) Organisations MUST use a simple opt-out message.

Section 5: Personal information and Fundraising includes further information on requirements relating to data protection.