Supporters privacy statement

For those who have donated to or raised funds for Frontline.

This policy describes how and why Frontline uses your personal information, how we protect your privacy when doing so, and your rights and choices regarding this information. We are committed to protecting your personal information and respecting your privacy. Whenever you share personal information with us, we aim to be clear with you about how we use your personal information, and to not do anything with your personal information that you wouldn’t reasonably expect.

This policy was last updated on 16 October 2023.

1.1  Who we are

In this Privacy Policy, “The Frontline Organisation”, “Frontline”, “we”, or “our” means The Frontline Organisation (registered charity in England and Wales (116394), a company limited by guarantee in England (09605966).

Frontline is a charity with a mission to create social change for children who do not have a safe or stable home, by developing excellent social work practice, leadership and innovation. We are working towards this through the Frontline and Pathways programmes, and by building a movement of leaders in social work and broader society as part of our Fellowship.

Our data protection officer can be contacted directly here:

dpo@thefrontline.org.uk

Frontline, Coram Campus, 41 Brunswick Square, London WC1N 1AZ

1.2 Collecting your personal information

Personal information means any information which could be used to identify an individual. It does not include information where the identity of the individual has been fully and effectively removed (anonymous data).

We will never sell your personal information to other organisations and will only ever share it in appropriate, legal or exceptional circumstances (See Section 1.6).

We may collect the following personal information about you:

• Identification information, such as your name;
• Contact information, such as your email address, telephone number and postal address;
• Demographic information, such as your gender, ethnicity or marital status.
• Financial information, such as payment card details and billing address;
• Any other information you provide to us when you tell us your story.

When we collect personal information, we will always explain clearly what information we are collecting, why we are collecting it and how we’ll use it, including – in some cases – with a separate Privacy Notice or Statement. There are a number of ways we could receive your personal information:

Directly

If you give us your information directly for any reason. For example, when you make a donation, fundraise for us or tell us your story to share with others.

Indirectly

If you give your information to a third-party to pass on to us. For example, by using fundraising sites like JustGiving, EasyFundraising, Donr, Benevity, Give As You Live, FreeWills, The Big Give or other such sites or independent event organisers such as Run for Charity. We may also work on marketing initiatives with third parties under which they may share your personal information. These independent third parties will only share your personal information with us if you’ve indicated that you’re happy for them to do so. You should check the Privacy Notices or Policies of these third parties when you provide your personal information to them, in order to understand fully how they will process your personal information.

Publicly available

Occasionally we obtain personal information from public sources to better understand our supporters. For example, we might collect information from Companies House, charity or corporate annual reviews, or information that has been published via social media channels (where your settings are public) or in online and offline articles and newspapers.

Website and applications

We also collect certain technical information from you when you interact with our website and other applications. This information includes, for example, your IP address, operating system, browser type, and the amount of time you spend on web pages you visit. We collect this information using Cookies and via third-party tools such as Google Analytics. For more information about this, please see our privacy policy for website users and newsletters. We sometimes use third-party applications on our website to provide a range of services. For a full list of third-party applications used on our website see our privacy policy for website users and newsletter subscribers

1.3 How we use your personal information

Frontline is a data controller under the General Data Protection Regulations (GDPR). The personal information we collect about supporters will be used for the following purposes:

• Provide you with information about us (where you have requested it) and to communicate with you in general
• Send you updates about Frontline and our activities, services and programmes
• Administer your donation or support your fundraising, including processing Gift Aid
• Administer and process legacies (including establishing entitlement and processing legacy payments)
• Invite you to attend or to organise events
• Collect your story about why you chose to support Frontline to use within our communications, for example on our website or on social media channels
• Report to third parties, such as statutory authorities or other funders, where we are contracted to provide a service on their behalf
• Advertise to you on third party websites, such as Facebook
• Create lookalike and remarketing audiences on Facebook and Google, including uploading your email address so we can advertise to people who are similar to you (see below)
• Keep a record of your contact and relationship with us
• Ensure we know how you prefer to be contacted.
• Cookies (see below).

We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purposes. If we need to use your personal information for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

We may combine the information you provide to us with information available from publicly available sources. This is so that in certain cases we can build a profile, better understand you and target our communications with the most relevant information. For example, we may wish to send you invitations to attend special events or to discuss specific fundraising projects. Where we use such profiles, it enables us to be more efficient and cost-effective with our resources, and also reduces the risk of someone receiving information that they might find irrelevant, intrusive or even distressing. For more information, please see Section 1.5 below.

1.4 How we store your data

Our information security policies and how we protect your data

The Frontline Organisation is certified to ISO27001 standard for managing its information security. The means we are externally audited to a recognised international standard to ensure we have in place appropriate technical and organisational measures to protect data from unauthorised access. In addition to a Data Protection Policy to which all staff must adhere to we have a number of policies to control how data is protected such as the use of encryption, security of data in transit, clear desk policy, mobile working policy, access control and password policy, information sensitivity policy, virus protection and network security.

International transfers of data

Data processors are third parties who provide elements of our services for us. We have contracts in place with our data processors some of whom are international companies. If the companies store your data within the EEA then this is deemed to provide adequate safeguards under EU law. If they do not and are not listed in an EU-approved third country list, then we follow GDPR guidance to ensure the individual processors in question have adequate safeguards to protect your data and this is formally agreed within the contract with hold with them. Below is a list or processors we use that involve international transfers and information relating to the safeguards.

1.5 Supporter profiling and research

We are grateful for every single donation we receive from our supporters which help us to achieve our wider mission to make social work better for children and families. We want to ensure that what we ask of our supporters is fair, reasonable, and relevant to them. For this reason, we may sometimes engage in what is called ‘profiling’.

Profiling is standard practice across the charity sector, it simply means that we look at your personal information and consider what’s appropriate to ask of you or send to you. Profiling is a form of processing of personal information to build up a picture of a person. We may use the information we hold about you based on your interactions with us to help us build our relationship with you and personalise what we offer.

We may do this manually, for example by looking at the information you have given us, or information that’s publicly available – for example on social media, Companies House, and online/offline articles or newspapers. We will only ever access third-party or public sources which we consider to be credible and accurate.

It means we can tailor communications so that they are relevant (perhaps in relation to one of our services in your area), timely, and respectful – only asking for donations that are within a supporter’s means, or that are appropriate for those who may be able/willing to give more than they already do.

It also enables us to identify those who might be in a position of being able to help us fund entire projects or services, and whether they would like to meet with us to develop a more personal relationship and/or discuss future opportunities to support our work helping children who need the support of a social worker.

We do not undertake automated decision-making, which would involve making significant decisions affecting you solely by automated means.

Opting out of supporter profiling

It is your right to opt-out of your information being used for any sort of profiling at any time – to do this please send a request to dpo@thefrontline.org.uk.

1.6 Our lawful basis for processing your personal data

The law on data protection sets out a number of reasons for which an organisation may collect and process your personal information.

For our supporters these include:

• Consent – If you’ve given your consent to the processing of your personal information for one or more specific purposes. For example, we rely on your consent to send you news and updates from us. You have the ability to stop receiving this information by using the ‘unsubscribe’ link in our newsletters.

• Legitimate interests – If we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our charity. If we process your personal information for this reason, we believe we have a legitimate reason and that this reason does not materially impact and/or is not overridden by your rights, freedom or interests. For example, we rely on Frontline’s legitimate interest to process general online enquiries and our responses to you and for the processing of donations made to us online. This decision is based on the following: we have identified a lawful business objective; processing is not likely to result in unwarranted harm or distress to you; the processing is in your interest; the processing would be expected by you. You can object to this processing at any time and Frontline will no longer process the personal data unless we can demonstrate compelling legitimate or legal grounds.

• Contractual – If the processing of your personal information is necessary for us to comply with our contractual obligations when entering into a contract or a contract we already have with you. This may include, for example, collecting your payment card details if you make a donation to us.

• Legal obligation – If the processing of your personal information is necessary for us to comply with a legal obligation. For example, in order to claim Giift Aid on a donation, Her Majesty’s Revenue and Customs (HMRC) requires us to retain your Gift Aid declaration which includes personal details such as your name, home address, and UK tax-payer status.

1.7 Who we share your data with

If you make a donation on our website the payment will be processed by Stripe and if you have opted-in to Gift Aid your address and donation details may be shared with HMRC.

If you opt-in for news and updates your email address will be stored and processed by an external email company called Campaign Monitor. Their system sends our news and updates to you on our behalf, records whether you have opened our email and if you have clicked on any web links within it. It may record your IP address. The purpose of this is to gauge the effectiveness of our news and information service and to analyse what topics interest you. This may be used to tailor future content in line with your interests. Campaign Monitor is an Australian company with data centres located in the US. Under GDPR we have checked there are safeguards to protect your data. These can be viewed on Campaign Monitor’s website.

1.8 How long we keep your personal data

We have a records retention policy which sets out how long we will keep your information for. In some cases the retention periods are governed by law, in other cases by best practice.

Most information will be kept for 3–10 years (usually 6 years), although information on legacy pledges will be kept for up to 75 years due to the long-term nature of legacy pledges, but the exact time frame will depend on the nature of the information. If you would like more details about how long we keep your personal information, please contact us at dpo@thefrontline.org.uk.

1.9 Your rights as a data subject

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

• Right of access – you have the right to request a copy of the information that we hold about you.
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
• Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
• Right of portability – you have the right to have the data we hold about you transferred to another organisation.
• Right to object – you have the right to object to certain types of processing such as direct marketing.
• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: in the event that The Frontline Organisation refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in Section 1.10 below.

Please send any data subject requests to dpo@thefrontline.org.uk.

1.10 Cookies

When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device; for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally. These pieces of information are used to improve services for you through, for example:

• enabling a service to recognise your device so you don’t have to give the same information several times during one task
• enabling a service to recognise your device so you don’t have to give the same information several times during one task
• measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure they are fast

The cookies do not contain any personal information about you and cannot be used to identify an individual user. If you choose not to accept the cookie, this will not affect your access to the majority of facilities available on our website.

How do third parties use cookies on the Frontline website?

Third party companies such as analytics companies and ad networks generally use cookies to collect user information on an anonymous basis. They may use that information to build a profile of your activities on the Frontline website and other websites that you’ve visited.

All computers have the ability to decline cookies. You can easily decline or remove cookies from your computer using the settings within the internet options section in your browser control panel.

1.11 Complaints

In the event that you wish to make a complaint about how your personal data is being processed by The Frontline Organisation (or third parties described above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and The Frontline Organisation’s data protection officer.

The details for each of these contacts are:

The Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113

The DPO
Frontline
Coram Campus
41 Brunswick Square
London
WC1N 1AZ
020 8629 5120
dpo@thefrontline.org.uk