Without your support, we won’t be able to achieve our mission of creating a world where everyone is accepted without exception. Because of that, we want to make sure that you know you can trust us, and trust how we use the personal information you share with us. This policy explains in a clear and transparent way how we collect information, how we use it, and how we keep it safe.
In it, we’ll cover the following:
- Who we are
- The reasons why we need to collect information
- How we use this information
- The ways in which we collect information
- How we will not use your information
- How long we will keep your information for
- An explanation of our marketing, and your rights when it comes to us staying in touch, including any profiling and screening activity we carry out
- How we share information with suppliers and contractors working for us, and our policy on sharing information outside our organisation
- The security measures we have put in place to keep your information safe
- Your rights to opting out of our communications, asking to see what information we hold about you and amending or erasing your details
- How to get in touch
- Updates to this policy
I. Who we are
We are Stonewall Equality Limited, a registered charity in England and Wales (charity number 1101255) and Scotland (charity number SC039681). Our charity is registered with the ICO (Information Commissioner’s Office) as data controllers. Our registration number is Z8271579.
For the purposes of this policy, references to ‘we’, ‘us’ and ‘Stonewall’ mean Stonewall Equality Ltd.
II. Why we collect information
Speaking plainly, information (or data) is at the heart of what we do as an organisation. It means we can function as a charity and do things like collecting donations, claiming Gift Aid, running our lifechanging membership and empowerment programmes and keeping in touch with you so you can be part of our campaigns and activities. It allows us to keep track of how you personally prefer to be contacted (and what kinds of contact you definitely don’t want!) so we know how to communicate and how not to communicate with you. If you participate in any of our e-learning modules, we may collect information about you to register for these, to allow you to participate fully in the modules, to assist you if you have any technical issues, to analyse your progress in the modules, and to monitor the diversity of you and the other participants.
In relation to our e-learning modules, we will most commonly use your personal information where it is required for us to be able to perform the contract that we have with you or where it is necessary for legitimate interests that are pursued by us.
We may collect information from you to monitor the demographics of participants involved in our e-learning modules. The information helps us to avoid discriminatory practices, to inform decision-making, to develop our policies and to improve our services. We may rely on our legitimate interests where processing certain characteristics about you in relation to this diversity monitoring (not including “special categories” of personal data). We may also ask you for “special categories” of personal data, which require higher levels of protection, including information about your trans status, your sexual orientation, your race or your religion. We will only process these “special categories” of data with your explicit consent.
We may also rely on legitimate interests to carry out some marketing related to the promotion of our charitable aims in connection with your involvement in our e-learning modules. We will only rely on this legitimate interest in these communications with you where these are sent to you in your professional capacity. You are entitled to opt-out of these communications at any time by contacting us (see ‘Article XXI: How to get in touch with us’ below).
III. How we use information we collect from you
The main ways in which we use the information you provide to us is to complete and action or deliver a product or service to you that you have reasonably requested. This may include but is not limited to processing a donation (including claiming Gift Aid, where you have asked that we do this), delivering programmes and training (including delivery of our e-learning modules), running our memberships programmes and conduct research. We will also use your information to help provide you with goods and services that you’ve bought or requested from us.
We may use certain information that you provide to us to carry out monitoring and reporting of the demographics of participants involved in our programmes and training (where you have consented to us collecting this information and using it for this purpose). We will also use this information and the responses that you provide to us to analyse your (and other participants’) involvement in these programmes. Any reporting of these demographics will be anonymised.
We may ask for you to complete a survey relating to our programmes and training. If so, we may use these responses that you provide in order for us to better understand the impact of the programmes.
We may use the information that you provide to process payments that you make to us relating to your purchase of any e-learning modules or training in which you wish to participate.
We may also use the information you have provided to get in touch with you about our work, unless you have specifically told us not to. Please note that we will not send you emails or text messages about our work unless you have specifically asked us to.
IV. How we collect information
We collect information when you:
- Make a donation to us, either by post, online (either directly or by using a third party donation platform such as JustGiving, Virgin Money Giving or Everyday Hero), over the phone or via SMS/text donation. We also collect information about you when you make a donation to us through setting up a standing order or Direct Debit, or donating via payroll giving (Give As You Earn)
- Become a Stonewall Friend
- Become a Stonewall Ambassador
- Join our workplace inclusion programmes
- Respond to one of our postal mailings or emails
- Complete a campaign action online (signing a petition, for example)
- Sign up to our e-newsletter
- Make a purchase from our online shop
- Sign up to one of our inclusion events (conferences and empowerment programmes for example)
- Sign up to one of our fundraising events
- Register as a Community fundraiser or volunteer
- Create an account to use our Proud Employers website
- Submit an application to the Workplace Equality Index (WEI) or Global Workplace Equality Index (GWEI) (For more specific information on these please click the respective index)
- Agree to or enquire about leaving a legacy, an in-memory or a tribute donation
- Cookie information when you visit our website
- Sign up to work with us during a Pride event
- Interact with us over the phone, or on social media
- When you apply to work for Stonewall
- Register for, purchase and participate in e-learning modules through our website
- Contact Stonewall through our information service by phone or email
- Interact with us in some other way
Your employer or an organisation to which you are connected may provide us with your first name, last name and/or email address in order to register you for e-learning courses on our website.
V. How we will not use the information we collect from you
We will never sell your data, and we will never share it with other organisations for the purposes of their own marketing. We are not involved in any data swapping schemes.
VI. How long we keep information for
Our standard practice is to only hold your data for as long as it is required. This will vary depending on the activity for which the data is being used. However, we are wholly aware of our obligations under the Data Protection Act and the GDPR, and we make every effort to ensure that we only hold on to your data for as long as it is required.
In terms of physical records, by company law we are required to retain information related to donations (such as donation forms and correspondence) for seven years (six years from the end of the financial year it is collected), at which time it gets securely destroyed.
We also use a supporter database to keep a record of your interactions with us. This includes financial information such as donation history or non-financial information, like details of a telephone call to our supporter care team. This information is incredibly valuable to us for fundraising and reporting purposes, and for better understanding the variety of people who support Stonewall, so we can better plan and position our campaigns and appeals.
Because data is such a key part of helping us to achieve our goals, we have set out the following retention schedule:
Where you have made a financial contribution or commitment to our work, as a donation, legacy gift or otherwise, we will retain your information indefinitely (unless otherwise requested).
We have made this decision for two reasons – firstly because it helps us to identify the context surrounding legacy donations. Another reason is that in our experience, it is worthwhile investing in re-engaging supporters in these groups.
Where you do not fall into one of these groups (for instance, if you have only ever signed one of our petitions) we will retain your information for a period of time we feel proportionate to our business aims and your level of engagement.
It is, of course, your right to ask that your information is erased from our records whenever you wish, but please be aware that when we do, we will lose all of your preferences, including requests to opt out from certain types of communications. See information below about your rights.
VII. Marketing, profiling and screening
As a charity that invests responsibly in fundraising, we operate a number of programmes to raise money from individuals. This includes sending you letters and other sorts of mail, emails, calling you on the phone and sending you text messages. The law varies depending on the channel we use to get in touch with you, but in line with our obligations according to the Data Protection Act 1998, the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, we may contact you as follows:
Post: we send post to our supporters except where you’ve specifically told us you don’t want to receive post from us.
The mailings we send out include a number of postal appeals focused on different elements of our work. We also send out our supporter magazine, to give you a closer look at the work we’re doing. We could also get in touch with you about the different ways you can support us, such as through supporter fundraising, attending a programme or by leaving a legacy. You have the right to tell us what types of mailings you’d like to receive (for instance, if you’d prefer to receive just our postal appeals or if you’d rather not receive our supporter magazine). If you’d like to discuss your preferences, please get in touch.
If you want to stop receiving postal mailings from us, you can always let us know or you can opt out through the Fundraising Preference Service. We aim to act on your request within 3 working days of receipt, but it can take up to 28 days for you to stop receiving mailings from the time you send us your request.
Email: we send out a number of email alerts to keep you up to date with our work, and to let you know how you can help. If you have participated in one of our e-learning modules, we may contact you in order to assess the impact of our e-learning modules (for example, to ask you to participate in a survey).
You may be included on several mailing lists through your various connections to Stonewall. If you’d like to unsubscribe from one specific list, please click the 'unsubscribe' option at the bottom of your email. Alternatively, you can unsubscribe from all email communication by contacting email@example.com.
For more information about your data please see your rights.
Phone: we find telephone fundraising a really effective way to connect with our supporters, so we may occasionally call you to let you know about additional ways of supporting our work if you’ve provided us with your telephone number. Phone calls may be recorded for training and quality purposes.
At the moment, we call our supporters who have indicated they are happy to hear from us by phone, with some exceptions. These are where you have specifically told us that you wouldn’t like to receive phone calls from us, or where you’re signed up to the Telephone Preference Service. Please note, we will always check if you are registered with the Telephone Preference Service before calling you regarding any marketing activity from us unless you have explicitly opted to receive telephone calls from us.
You can opt out of receiving fundraising phone calls by letting us know, or you can opt out through the Fundraising Preference Service.
We try to action all opt-out requests as quickly as possible but we do produce telephone calling files in advance to save on costs. We will action requests to be removed from calling lists within 3 working days, but it can take up to 28 days from the time of your request for you to stop receiving calls.
SMS: where you’ve provided us with a mobile phone number, we may also send you text messages about our work, but only if you have specifically asked us to.
If you’d like to opt out, you can either reply to our messages with a request to opt out, let us know or opt out via the Fundraising Preference Service. Text requests to opt out are actioned instantly, otherwise we aim to act on opt-out requests within 3 days of receipt, but it can take up to 28 days from the time of your request for you to stop receiving texts.
In order to make our messages to you more relevant, we may use your personal information to create a profile of your interests and preferences. What this means is that we could use pieces of information you’ve either given us directly (such as your age or location) or your behaviour (your donation history, including the amount, frequency and method through which you give, or any campaign actions you’ve taken, including signing petitions) to create a profile. This not only gives us an idea of who our supporters are, but also helps to make sure that when we get in touch with you or ask you to take an action on our behalf, it is done in a way which is relevant and tailored to you.
This enables us to identify supporters who are likely to be able to help us either in a financial or non-financial capacity, and it’s also an effective way for us to maximise the use of our marketing budget, so we’re able to help further our cause with the resources we have available to us.
We consider this one of our legitimate interests and as such have considered our position carefully to ensure that any activity is implemented in a fair and balanced way, taking into account your rights as an individual. It is your right to opt out of your information being used for profiling, and there is information on how to do this at the end of this section.
Additionally, as part of our legitimate interests, we have considered that screening is an effective way for us to ensure that we are contacting you with appropriate and relevant messages. We operate a number of different programmes to nurture support and want to make sure that when we make a request of any of our supporters, it’s an appropriate one. As such, we do make use of third-party wealth screening companies who combine information we provide with publicly available information to help us determine which of our supporter programmes any particular supporter is best suited for. While this does form a crucial part of our strategy to secure voluntary income, it is your right to be able to opt out from your information being screened, and details of how to do this are at the end of this section.
X. Publically available information
As part of the work we do, we occasionally carry out research of our own to identify individuals in the public spotlight who may be interested in supporting Stonewall, and also to gain additional insight into current supporters of significant public standing. This practice, known as desk research, makes use of publicly available information through sources such as published rich lists, newspapers and corporate websites, and aids us in identifying opportunities for new major donors, event sponsorship, corporate partnerships, event speakers and media opportunities.
We may also carry out desk research in the following areas: prospective organisations in the public, private and third sectors who may be interested in joining our workplace programmes. From time to time we may contact prospective schools who may be interested in attending one of our programme delivery sessions and in turn joining our education programme.
XI. Your rights - opting out of screening or profiling
It is your right to opt out of your information being used for any sort of profiling and screening. If you would like to do this, please send a request either to firstname.lastname@example.org or call us on 020 7593 2291.
XII. Sharing information
So that we are able to provide you with the high level of service we pride ourselves on, and to make the most of the resources available to us, we work with a number of contracted suppliers who on our behalf help us carry out various important tasks. This could include sending out post or making phone calls, sending marketing emails, processing and banking donations and sending out thank you letters. As a result, when you deal with us, you can expect your information to be shared with our contracted suppliers in a safe and secure manner.
These suppliers have all entered into an agreement to handle information we supply them in a confidential and secure way in accordance with our instructions. They have all been through a vetting process and we make interim checks to ensure that their processes remain secure and robust. These organisations will never use your details for reasons beyond the scope of our interaction with them.
At the same time, we make use of cloud-based systems (hosted databases, email servers and service providers) to help us provide you with an optimal supporter experience. Although it is only Stonewall personnel who use and access these systems, the information within them is securely stored on and off-site.
In relation to our e-learning modules, we use:
- third-party payment processors to process payments made to register for these modules; and
- learning management system and e-learning software operators to help us to deliver these e-learning modules to you.
The suppliers and systems we use can be based in different countries, which sometimes fall outside the European Economic Area (EEA). Not all non-EEA countries have the same data protection laws as the UK and EEA. Where this is the case, we always ensure that adequate safeguards are in place to protect your rights by way of contractual agreements with these suppliers. If you would like further information please contact us (see ‘Article XXI: How to get in touch with us’ below).
When an e-learning Business User invites an Authorised User to the e-learning platform, they will be able to see individual Authorised Users course starts, course completions, time spent completing the course and the Authorised Users email address.
We have put extensive measures in place to protect your information, both on and offline. As an organisation, we are PCI-DSS compliant and have implemented strict policies and procedures to ensure that we handle, process, and store data in a secure way, both on and offline.
Where we have control system of transfer, all information transmitted to us electronically is transferred in a secure way, using industry-standard technologies. In addition to this, online card payments are handled securely by our partners, and all online payment information is stored securely by them. Our IT network is secured with a number of safeguards including firewalls and antivirus packages which are regularly updated and secured against malware and ransomware. Network passwords are regularly changed and all staff are trained in matters of data protection.
The security protocols of our contracted partners (referenced in the section above) are equally robust and are checked and monitored as part of our vetting process. More information about the security standards of our partners can be found in their privacy policies. For details of these, please get in touch.
XV. Your rights
As a charity, we have put this policy together to give you more control when it comes to your information and how we may use it. When considering the law in this area, you are afforded certain rights in terms of viewing the information we hold about you, correcting that information if necessary, and asking us to delete it should you like it to be erased.
In addition to this, you have the right to request that we do not use information we hold about you for the purposes of screening or profiling, and you also have the right to update marketing and fundraising communication preferences. You can do this by opting in or out.
To exercise any of your rights, please get in touch.
XVI. Accessing the information we have about you (Subject Access Requests)
You have the right to request a copy of the information we hold about you. This is known as a Subject Access Request.
To make a Subject Access Request, please make a request in writing, addressed to:
Data Protection Officer
Stonewall Equality Ltd
192 St John Street
We may ask you to fill in a form in order to help expedite your request, prove your identity or to provide more detail regarding your request.
We aim to complete your request within 30 days of our receipt. We may extend the period by a further two months where requests are complex or numerous. If this is the case, we will inform you within one month of the receipt of the request and explain why the extension is necessary.
XVII. Correcting the information we hold about you
It is also your right to correct the information we hold about you, for instance, if you have changed your address or phone number.
We aim to act on these sorts of requests within a week of our receipt.
XVIII. Deleting the information we hold about you
You have the right to ask us to delete the information we hold about you. Whilst we are duty bound to comply with your request, this is different from opting out and means that we will erase all history of our interaction with you, as far as our legal obligations allow. We will also lose all history of your preference requests, including opt-outs and unsubscribes. This means that if you re-engage with us in the future, we will have no record of your prior preferences and may end up contacting you according to the rules we have set out in this policy.
Please note that in line with our legal obligations, we are required to hold on to all information pertaining to donations for a period of seven years (six years from the end of the financial year it was collected). Should you wish for us to erase the information we hold about you, we will happily comply whilst retaining the bare minimum of information required for us to fulfil our statutory obligations.
XIX. Opting out of fundraising communications and profiling/screening
Even if you have given us your consent to receive marketing communications, it is your right to withdraw this consent (opt-out) at any time. We aim to act on requests of this kind within three working days of our receipt, although because we brief and prepare our communications in advance, it can take up to 28 days from the time of your request for contact to cease.
In the same way, you have the right to object to any processing we carry out as a result of our legitimate interests, including any profiling or screening activity we either carry out directly or through one of our partners.
XX. How to get in touch with us
You can get in touch with us in the following ways.
Supporter Care Team
Stonewall Equality Ltd
192 St John Street
By email: email@example.com
By phone: 020 7593 2291
XXI. Updates to this policy
We may update this policy from time to time. If we make any material changes to this policy we will let you know, should we have the sufficient permissions to do so. We will at this time also make it clear on our website that we have updated our terms.
This policy was last updated July 2020. Its version number is v1.1.
You can access our data retention policy here.