This policy describes how we process personal information from individuals.
Who are we?
The Fundraising Regulator (FR) is the independent regulator of charitable fundraising. We were established following the cross-party review of fundraising self-regulation (2015) to strengthen the system of charity regulation and restore public trust in fundraising.
In this policy ‘FR’, ‘we’, ‘us’ or ‘our’ means the Fundraising Regulator, a Company Limited by Guarantee, registered in England, Number 10016446. Registered address is: Fundraising Regulator, CAN Mezzanine, 49-51 East Road, London, N1 6AH
How do we collect personal information from you?
We obtain information about you in the following ways:
Information you give us directly
For example, we may obtain personal information about you when you sign up for membership, take part in one of our events, supply goods and services, purchase products and services or contact us about campaigns or policies.
Information you give us indirectly
Your personal information may be shared with us by third parties, which might include subcontractors acting on our behalf who provide us with technical, payment or delivery services
When you visit this website
We, like many organisations, automatically collect the following information:
- Technical information, including the type of device you’re using, the IP address, browser and operating system being used to connect your computer to the internet. This information may be used to improve the services we offer.
- Information about your visit to this website, for example we collect information about pages you visit and how you navigate the website, i.e. length of visits to certain pages, products and services you viewed and searched for, referral sources (e.g. how you arrived at our website).
When you interact with us on social media platforms such as Facebook and Twitter we may obtain information about you (for example, when you publicly tag us in an event photo). The information we receive will depend on the privacy preferences you have set on those types of platforms.
We may source contacts for policy development and campaigns from information obtained from publicly available sources such as the Houses of Parliament, newspaper and publication websites, central and local government websites.
What type of personal information is collected from you?
The personal information we collect, store and use might include:
- Your name and contact details (including postal address, email address and telephone number);
- Information about your activities on our website and about the device used to access it, for instance your IP address and geographical location;
- Any other personal information shared with us.
Data protection laws recognise certain categories of personal information as sensitive and therefore requiring greater protection, for example information about your health, ethnicity and religion.
We do not usually collect sensitive data about you unless there is a clear and valid reason for doing so and data protection laws allow us to, for example, we may provide you with the opportunity to provide information on your ethnicity, sexual orientation, religion and any disability, so that we can monitor and ensure the effective delivery of our services.
Where appropriate, we will make clear why we are collecting this type of personal information and what it will be used for.
How and why is your personal information used?
We may use your information for a range of different purposes, which may include:
- to respond to or fulfil any requests, complaints or queries you make to us;
- to pass on or seek further information on any complaints or queries received by the Fundraising Regulator that your organisation may be subject to;
- to process payments and register you when you sign up to our registration scheme;
- to notify you of our voluntary levy and when payment is due, if your charity is identified as falling within the levy threshold published on our website;
- to inform our work on developing the Code of Fundraising Practice, policies and guidance by conducting consultations and analysing the results;
- to understand how we can improve our services or information by conducting analysis and market research;
- to keep a record of your relationship with us;
- to send you correspondence and communicate with you;
- to administer our websites and to troubleshoot, perform data analysis, research, generate statistics and surveys related to our technical systems;
- to test our technical systems to make sure they are working as expected;
- to contact you if you enter your details onto one of our online forms, and you don’t ‘send’ or ‘submit’ the form, to see if we can help with any problems you may be experiencing with the form or our websites;
- to display content to you in a way appropriate to the device you are using (for example if you are viewing content on a mobile device or a computer);
- to generate reports on our work;
- to safeguard our staff;
- to monitor website use to identify visitor location, guard against disruptive use, monitor website traffic and/or personalise information which is presented to you;
- to process your application for a job position;
- to conduct training and quality control;
- to audit and administer our accounts;
- to meet our legal obligations, for instance to perform contracts between you and us, or our obligations to regulators, government and/or law enforcement bodies;
- to carry out fraud prevention and money laundering checks;
- to undertake credit risk reduction activities; and/or
- to establish, defend or enforce legal claims.
How long is your personal information kept for?
We keep your information for no longer than is necessary for the purposes it was collected for. The length of time we retain your personal information for is determined by operational and legal considerations. For example, we are legally required to hold some types of information to fulfil our statutory and regulatory obligations (e.g. health/safety and tax/accounting purposes).
We review our retention periods on a regular basis.
Who has access to your information?
We do not sell or rent your information to third parties.
We do not share your information with third parties for marketing purposes.
However, we may disclose your information to third parties to achieve the other purposes set out in this policy. These third parties may include:
Third parties working on our behalf
We may pass your personal information to our third-party service providers, suppliers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to process payments and send you mailings). However, when we use these third parties, we disclose only the personal information that is necessary to deliver the services and we have a contract in place that requires them to keep your information secure and prevents them from using it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties for them to use for their own direct marketing purposes, unless we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
Data protection law requires us to rely on one or more lawful grounds to process your personal information. We consider the following grounds to be relevant:
Where you have provided specific consent to us using your personal information in a certain way, such as to send you email, text and/or telephone communications.
Performance of a contract
Where we are entering into a contract with you or performing our obligations under it, like when you sign up to our terms and conditions of registration.
Where necessary so that we can comply with a legal or regulatory obligation to which we are subject, for example where we are ordered by a court or regulatory authority like the Information Commissioner’s Office (ICO).
Where it is reasonably necessary to achieve our or others’ legitimate interests (if what the personal information is used for is fair and does not duly impact your rights).
We consider our legitimate interests to be running the Fundraising Regulator as a voluntary Regulatory organisation in pursuit of our aims and ideals. For example, to:
- Send communications which we think will be of interest to you;
- Conduct research to better understand the needs of the public and those we regulate;
- Enhance, modify, personalise or otherwise improve our services / communications for the benefit of those we regulate;
- Understand better how people interact with our website.
When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information where our interests are overridden by the impact on you, for example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
When we use sensitive personal information, we require an additional legal basis to do so under data protection laws, so will either do so based on your explicit consent or another route available to us at law (for example, if we need to process it for employment, social security or social protection purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).
We may use your contact details to provide you with information about the work we do on fundraising regulation, policy initiatives and events if we think it may be of interest to you.
We will only send you non-transactional communications by email, text and telephone if you have explicitly provided your prior consent, or (in the case of corporate subscribers) your organisational contact details. You may opt out of our marketing communications at any time by updating your preferences via the link in our emails.
We may send you marketing communications by post unless you have told us that you would prefer not to hear from us.
You have a choice about whether you wish to receive information from us. If you do not want to receive direct marketing communications from us about our work and registering with us then you can select your choices by updating your preferences.
We’re committed to putting you in control of your data so you’re free to change your marketing preferences (including to tell us that you don’t want to be contacted for marketing purposes) at any time by contacting us by email: email@example.com or by telephone: 0300 999 3407, or by post: Data Controller, Fundraising Regulator, CAN Mezzanine, 49-51 East Road, London, N1 6AH.
We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted and will retain your details on a suppression list to help ensure that we do not continue to contact you. However, we may still need to contact you for administrative purposes, such as where we are processing a payment or to fulfil our regulatory remit, such as to investigate a complaint.
We’re committed to putting you in control of your data so you’re free to opt out of your personal information being used in this way at any time by updating your preferences on our website or by contacting firstname.lastname@example.org
Under UK data protection law, you have certain rights over the personal information that we hold about you. Here is a summary of the rights that we think apply:
Right of access
You have a right to request access to the personal data that we hold about you. You also have the right to request a copy of the information we hold about you, and we will provide you with this unless legal exceptions apply.
If you want to access your information, please send a description of the information you want to see and proof of your identity by post to the address provided below.
Right to have your inaccurate personal information corrected
You have the right to have inaccurate or incomplete information we hold about you corrected. The accuracy of your information is important to us. If you change email address, or if you believe any of the other information we hold is inaccurate or out of date, please log into the website (members) or contact us via by email: email@example.com or by telephone: 0300 999 3407, or by post: Data Controller, Fundraising Regulator, CAN Mezzanine, 49-51 East Road, London, N1 6AH.
Right to restrict use
You have a right to ask us to restrict the processing of some or all your personal information if there is a disagreement about its accuracy or we’re not lawfully allowed to use it.
Right of erasure
You may ask us to delete some or all your personal information and in certain cases, and subject to certain exceptions; we will do so as far as we are required to. In many cases, we will anonymise that information, rather than delete it.
Right for your personal information to be portable
If we are processing your personal information (1) based on your consent, or to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.
Right to object
You have the right to object to processing where we use your personal information (1) based on legitimate interests, (2) for direct marketing or (3) for statistical/research purposes.
If you want to exercise any of the above rights, please email us at firstname.lastname@example.org or by telephone: 0300 999 3407, or by post: Data Controller, Fundraising Regulator, CAN Mezzanine, 49-51 East Road, London, N1 6AH.
We may be required to ask for further information and/or evidence of identity. We will endeavour to respond fully to all requests within 21 days of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay.
Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office, https://ico.org.uk/
Keeping your personal information safe
When you give us personal information, we take steps to ensure that appropriate technical and organisational controls are in place to protect it.
When registering with the Fundraising Regulator, we use Secure Sockets Layer (SSL) encryption on all web pages where personal information is required. To take advantage of these online services, you must use an SSL-enabled browser. Doing so protects the confidentiality of your personal and credit card information while it’s transmitted over the Internet.
When you are on a secure page, a lock icon will appear on web browsers such as Microsoft Internet Explorer.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Use of 'cookies'
What is a cookie?
Cookies may be used by the website to allow us to recognise you and your preferred settings e.g.to store your ID for future sessions. This saves you from re-entering information on return to the website and makes the experience smoother.
Consent for cookies
The first time you access the website, you will be asked if you consent to receiving cookies. If you agree, cookies will be retained on your browser for that visit and for each time you subsequently access the website.
You also have an option not to allow cookies, in which case any cookies you choose to disable will not be retained on your browser. If you want to opt out of using cookies in future then you can do so. It is important to note that if you change your settings and block cookies then our web site may not work so well. Further information on disabling cookies can be found in the table below.
Information provided by cookies can help us to understand the profile of our web visitors. This can help us to improve our services.
See our full list of cookies below for more information.
Links to other websites
Our website may contain links to other websites run by other organisations. This policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links from our website.
Changes to this policy
Any changes we may make to this policy in the future will be posted on this website so please check this page occasionally to ensure that you’re happy with any changes. If we make any significant changes, we’ll make this clear on this website.
We keep this policy under regular review. This policy was last updated in July 2018.
Cookies used by the Fundraising Regulator
Provider: Crazy Egg
Purpose: Crazy Egg collects anonymous, randomised web browsing recordings to help analyse website usage.
Name / Purpose:
- _crazyegg_session: Remembers information related to marketing page features.
- ce_login: remembers the last email address you used to login
- ce_signup_flow: remembers the signup flow you saw
- ce_signup_partner: remembers the signup partner you were referred from
- ce2ab: stores page variants assigned to visitors for A/B performance testing
- ceac: account ID number
- cean: user anonymous ID
- cehc: shares user information with CrazyEgg's help centre
- celi: logged-in status
- cean_assoc: associates anonymous ID with logged-in user
- expire_time: expiration time for signed URLs
- first_snapshot_url: stores website URL used to create first snapshot
- gdpr_consent: remembers if user gave consent
- referrer-tracked: flags to not track referrer more than once
- sharing_[item_code]: shared item code
- sid: identifies logged-in users
- ce_clock: stores the difference between the user local clock and the Crazy Egg server clock for more precise events time tracking, and the user IP for IP blocking purposes.
- ce_asset: Stores an index of assets urls (stylesheets, images, fonts) that where already collected for the current recording.
How do I disable it? review your browser settings. For help on how to do this, please see www.allaboutcookies.org/managecookies.
Provider: EU cookie compliance module
How do I disable it? There is no way to disable this cookie, but you can disable cookies from your browser. For help on how to do this, please see www.allaboutcookies.org/managecookies.
Purpose: We use the ‘visitor action pixels’ from Facebook on our website. This allows user behaviour to be tracked after they have been redirected to our website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy www.facebook.com/about/privacy. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting Facebook www.facebook.com/settings?tab=ads.
How do I disable it? Review your browser settings. For help on how to do this, please see www.allaboutcookies.org/managecookies.
Provider: FR Website
Purpose: These contain information about your general geographic location (used to remember your time zone, for example). These are known as session cookies and are deleted when you leave the site.
How do I disable it? You can disable cookies from your browser. For help on how to do this, please see www.allaboutcookies.org/managecookies.
Provider: Google Analytics
Name: _ga, _gat, _gid, IDE
Purpose: The _ga cookie is typically written to the browser upon the first visit. If the cookie has been deleted by the browser operator, and the browser subsequently visits our site, a new _ga cookie is written with a different unique ID. In most cases, this cookie is used to determine unique visitors to our site and it is updated with each page view. Additionally, the _gid cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure. The _gat cookie is set to allow us to track individual visitors and their use of the site. It is set when you first visit the site and updated on subsequent visits. We do not use Google Analytics to collect personal information, other than IP address, from our visitors. IDE is used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
Name: VISITOR_INFO1_LIVE, YSC, PREF, IDE, GPS
Purpose: When you watch a YouTube video embedded on our website, YouTube may add some cookies for storing user preferences and serve up related content or adverts within the video iframe.
How do I disable it? Review your browser settings. For help on how to do this, please see www.allaboutcookies.org/managecookies.