This policy (together with any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
https://policyexchange.org.uk/ is a site operated by Policy Exchange Limited (Policy Exchange). We are a registered charity and our registration number is 1096300. Our registered office is 8 – 10 Great George Street, Westminster, London SW1P 3AE.
Policy Exchange takes a proactive approach to user privacy and ensures the necessary steps are taken to protect the privacy of its users throughout their visiting experience. We are responsible for protecting your personal information as a “data controller” under applicable data protection legislation. If you have any queries about this Policy or how we use your personal information, please contact us using the details on our Contact Us page or by emailing firstname.lastname@example.org Personal information
Policy Exchange collects personal data as defined by applicable data protection legislation about employees, service users, beneficiaries, donors, supporters, trustees, service providers and contractors.
What information do we collect?
We obtain personal information from you when you use our website, enquire about our activities, register with us, send or receive an email, ask a question or otherwise provide us with personal information. This may include your name, address, email and account details. Wherever possible we use aggregated or anonymous information which does not identify individual visitors to our website.
We may collect special categories of personal information, including personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership.
If you are an employee or provide services to us, we will collect information in line with your contract of employment or contract for services.
If you have made a financial donation to or otherwise supported us, we will collect information about your donation history.
We may collect information that is available in the public domain, for example: newspaper or online media items, publicly available posts on social media or Companies House listings.
We record your requests for information and any feedback we receive from you.
We will ensure that all personal information supplied is held securely in accordance with the applicable data protection legislation.
Information collection and use
Why do we collect this information?
We collect this information for the purpose of conducting and managing our work to achieve our charitable purpose. This includes managing our staff and business functions, our relationships with donors, and our fundraising activities. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- To perform our obligations under a contract to which you are a party.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. ‘Legitimate interest’ means the interest of our charity in conducting and managing our work to achieve our charitable purpose as effectively as possible. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
- Where we need to process your data in order to comply with our legal obligations.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct fundraising communications to you via email. You have the right to withdraw your consent to marketing at any time.
How do we collect information?
Policy Exchange collects information in two possible ways:
- When you directly give it to us (“Directly Provided Data”)
When you sign up for our site, purchase our products or communicate with us, you may choose to voluntarily give us certain information – for example, by filling in text boxes or completing registration forms. All this information requires a direct action by you at that time in order for us to receive it.
- When you give us permission to obtain from other accounts (“User Authorised Data”)
Depending on your settings or the privacy policies for other online services, you may give us permission to obtain information from your account with those other services. For example, this can be via social media or by choosing to send us your location data when accessing our website from your smartphone.
How do we use this information?
We will use your personal information:
- to promote the charitable aims of Policy Exchange;
- to provide you with information you have requested;
- to provide you with information about future events and projects we are involved in that we think may be of interest to you;
- to make suggestions and recommendations to you about projects that may interest you; and
- to notify you about changes to our services; as part of our efforts to keep our site safe and secure; and to ensure that content from our site is presented in the most effective manner for you and for your computer.
We will only use your personal information for marketing purposes if we are allowed to do this by law or if we have your consent. If you agree to us providing you with marketing information, you can always opt out at a later date. If you would rather not receive marketing material from us, please let us know at any time using the details at Contact Us or by updating Your Preferences.
Do we share your data with anyone else?
We share your personal information with tax authorities, regulators and other authorities acting as data controllers who require us to provide information in certain circumstances.
We may share your personal information with other organisations such as registered charities which share our aims, but we will always obtain your consent before doing so.
We may need to provide your information to our contractors and suppliers who provide services on our behalf, to the extent necessary to enable you to receive those services.
We may share your information with the service providers or other associated organisations as identified in this policy to use the information for their own purposes as described above.
We may also need to disclose your information if required to do so by law or as expressly permitted under applicable data protection legislation.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
How long do we keep your data for?
Policy Exchange will not retain your personal information longer than necessary. We will hold onto the information you provide either while your account is in existence, or as needed to be able to provide the Services to you, or (in the case of any contact you may have with our Customer Care team) for as long as is necessary to provide support-related reporting and trend analysis only.
If legally required or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our Terms and Conditions, we may also retain some of your information for a limited period of time as required, even after you have closed your account or it is no longer needed to provide the Services to you.
How do we protect personal information?
We take appropriate technical and organisational measures to ensure that the information disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. We protect your information in accordance with our data protection policy and our IT Security Policy.
We use a secure service when you make a donation through our website, via a virtual gateway operated by JustGiving. Our online payment system is Payment Card Industry Data Security Standard compliant.
You should be aware that the use of the internet is not entirely secure and although we will do our best to protect your personal data we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features such as encryption to try to prevent unauthorised access.
Policy Exchange will not sell or rent your personal information, gathered as a result of filling out the site registration form, to anyone.
Choosing how we use your data
We understand that you trust us with your personal information and we are committed to ensuring you can manage the privacy and security of your personal information yourself.
With respect to the information relating to you that ends up in our possession, and recognising that it is your choice to provide us with your personally identifiable information, we commit to giving you the ability to do all of the following:
- You have the right to ask us to confirm whether we are processing information about you, and to request access to this information (‘right of access’). You can verify the details you have submitted to Policy Exchange by emailing email@example.com. Our security procedures mean that we may request proof of identity before we reveal information, including your email address and possibly your address.
- You can also contact us by the same method to change, correct, or delete your personal information controlled by Policy Exchange regarding your profile at any time (‘right to rectification’). Please note though that, if you have shared any information with others through social media channels, that information may remain visible, even if your account is deleted.
- You have a right to obtain your personal data from us and reuse it for your own purposes, perhaps for another service, without hindering the usability of the data (‘right of portability’). You can request a readable copy of the personal data we hold on you at any time. To do this, please contact us via firstname.lastname@example.org. This right does not apply where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
- You have a right to seek the erasure of your data (often referred to as the ‘right to be forgotten’). You are also free to close your account through our account settings. If you do so, your account will be deactivated. However, we may retain archived copies of your information as required by law or for legitimate business purposes (including to help address fraud and spam).
- You have a right to ask us to restrict our processing of your information (‘right to restriction’) if:
- you contest its accuracy and we need to verify whether it is accurate.
- the processing is unlawful and you ask us to restrict use of it instead of erasing it.
- we no longer need the information for the purpose of processing, but you need it to establish or defend legal claims.
- you have objected to processing of your information being necessary for the performance of a task carried out in the public interest, or for the purposes of our legitimate interests. The restriction would apply while we carry out a balancing act between your rights and our legitimate interests.
- you exercise your right to restrict processing, we would still need to process your information for the purpose of exercising or defending legal claims, protecting the rights of another person or for public interest reasons.
- You have a right to prevent us from processing your data for the purposes of marketing and can unsubscribe from receiving marketing emails from us by clicking the “unsubscribe” link at the bottom of any email. Once you do this, you will no longer receive any emails from us.
- If you would like to exercise any of your rights above, please let us know using the details on our Contact Us page or by emailing email@example.com. We will act in accordance with your instructions as soon as reasonably possible and there will be no charge.
- You have a right to report any of your concerns about our use of your data to the Information Commissioner’s Office. You may do so by calling their helpline at 0303 123 1113.
What are cookies?
Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
We use anonymous session cookies (short-term cookies that disappear when you close your browser) to help you navigate the website and make the most of the features. If you log into the website, application or a course as a registered user, your session cookie will also contain your user ID so that we can check which services you are allowed to access.
Should users wish to deny the use and saving of cookies from this website onto their computer’s hard drive, they should take necessary steps within their web browser’s security settings to block all cookies from this website and its external serving vendors.
Changes to this policy