Privacy Policy

Rainbow Trust Children’s Charity provides support to seriously ill children and their families and is funded almost entirely by donations, including those made by members of the general public. We want to be completely transparent about why we need your personal details, requested when you support us and how we will use them.

We are fully committed to respecting and protecting your information, using it reasonably and in line with the General Data Protection Regulation (GDPR). When you choose to provide us with personal information, it will only be used to support your relationship with Rainbow Trust and in line with this policy.

Rainbow Trust is a registered charity in England and Wales (no. 1070532). We are listed on the Information Commissioner’s register of data controllers (registration reference Z579868X) and are a member of the Fundraising Regulator.

What is personal information?

Personal information is any information that you give us that enables you to be identified. This includes your name, your home address, your telephone number, your personal email address. It may also include photographs and case studies.

We process and hold personal information that we need to run the operations of the charity and for which there is a valid lawful basis. This includes information on families we support, employees, volunteers, donors and supporters.

How we process your information

Processing, in relation to personal information, means anything we may do with the information, such as obtaining, accessing, recording, disclosing, destroying or using the data in any way.

We process your personal information securely to ensure protection against unauthorised or unlawful processing and against accidental loss or destruction. Your information is processed only by authorised individuals who have received appropriate data protection training.

How we use your personal information

We use your information to enable us to operate the charity efficiently, provide effective support for families and to develop our understanding of donors and supporters, including ensuring that our communication with you is effective and in the manner you have chosen.

We will only use your information where we have a valid lawful basis to do so and will always respect your rights.

Where we use your information, it may be because you have given your consent or we have a legitimate interest to do so. Where we use legitimate interest to process your information, we will always ensure that this is done in a fair way that respects your rights. We also use your information where we have a legal obligation to do so, or because we have to fulfil contractual obligations.

Your rights

Under GDPR, you have a number of rights in relation to your personal data, which we recognise and will act upon accordingly. These are as follows:

  • The right to be informed of why, where and how we use your information

Under certain circumstances, by law, you have the right to:

  • request access to your personal information
  • have your personal information corrected if it is inaccurate or incomplete
  • have your personal information erased from our systems where there is no longer a need for us to continue holding it
  • restrict the use of your information, where you have previously provided us with your consent
  • ask us to transfer your personal information to another person or organisation
  • object to how your information is used.

Where you have provided consent to be contacted or to receive a service, you have the right to withdraw that consent at any time.
To withdraw your consent, or if you have any questions, please send these to [email protected], or contact us by telephone on 01372 363438.

Once we have received notification that you have withdrawn your consent, we will no longer process your personal information, except where legally required and, subject to our retention policy, we will dispose of your data securely.

For further information please refer to the Information Commissioner’s guidance.

If you are at any point unhappy with the way that we handled your personal data, you can make a complaint at any time to us, or to the Information Commissioner’s Office (ICO).

Website, email and social media

Our website uses cookies to ensure visitors get the best experience on our website as well as to provide information on how our site is being used, which enables us to enhance the online experience. For example, cookies may tell us whether you are visiting our site for the first time or returning. Some cookies are necessary to allow visitors to move around the website and use its features, such as shopping baskets, or some collect information about performance and others allow for functionality like remembering language choices and passwords and there are also cookies that allow targeting or advertising based on browsing habits.

You have the right to choose whether to accept these cookies and can indicate to do so by choosing your cookie preferences within your browser settings. The help menu in the toolbar will tell you how to manage these, including how to have your browser notify you when you receive a new cookie, and how to disable them all together.

You can read more about cookies here.

We might also obtain your personal data through your use of social media channels such as Facebook, Twitter, LinkedIn, Instagram, YouTube and others, depending on your settings or the privacy policies of these services. To change your settings on these services, please refer to their privacy notices, which will tell you how to do this.

We use a third-party email service provider, Mailchimp, to deliver our supporter emails. We collect statistics around email opening and clicks using industry standard technologies to help us monitor and improve our communications. For more information, Mailchimp’s privacy policy.

We may use your email address and phone number to match to your account on Facebook or other social media sites in order to show you Rainbow Trust content while you are using these services. We will only do this where you have opted in to our marketing emails or phone calls, and your personal data is kept secure at all times. We may also use your email address and phone number to link to Facebook or other social media sites in order to identify other users of these sites whom we believe would be interested in Rainbow Trust, and we may then show them our content.

You can also read about how Google uses information from sites or apps that use their services.

Information for other audiences

  • For employees, volunteers, interns and work placements

    For information on how Rainbow Trust processes the personal information of employees, volunteers, interns and work placements, please refer to the Fair Processing Notice which forms part of our policy manual.

  • Sharing experiences with Rainbow Trust

    Your personal information
    You may share information with us about your experience of the support you and your family receive, or have received, from Rainbow Trust, or the fundraising or volunteering activity you have carried out for us.

    What we collect

    Families and supporters kindly let us use images, video content and their case studies to help bring our fundraising and campaign activity to life. These could include details about the health of their child and of the experiences they have had.

    What we do with it

    We keep this information stored securely and will only use them with the subject’s permission. The safety of children is very important to us. If we display a child’s case study we do not display their personal or contact details unless we have permission to do so.

    Why we need it

    To promote Rainbow Trust, we use photos of children and families we support for our fundraising, charity literature and media purposes where consent has been discussed and agreed. By featuring photos and stories we can engage with people in a much more tangible and visual way. The photos and stories express what we do from the families who know us best and help us in our efforts to seek support for the charity.

    How long we keep it

    We keep this information for two years after consent has been given, unless specified otherwise, after which time it is archived or further permission is requested.

  • For supporters

    Your personal information

    You may give us your personal information directly, through making a donation, signing up to an event or when you communicate with us by post or telephone. Sometimes when you support us, your information is collected by an organisation working on our behalf, such as a professional fundraising agency. In these circumstances, they only process your personal information in line with our instructions and we are responsible for your information at all times.

    You may give us your personal information indirectly, through independent event organisers, such as the TCS London Marathon, or on fundraising websites such as Just Giving or Charities Aid Foundation. These independent third parties will only do so when you have indicated that you wish to support Rainbow Trust with your consent. You should check their Privacy Policy to understand how they will process your information. We will not contact you without explicit permission given by you on these sites.

    When we ask for your personal information, we give you the option to opt out of communications via post, telephone (which includes text message) and email.

    In some cases, we may use information in the public domain to support our fundraising purposes. It should be noted that GDPR does not apply to information already in the public domain such as Companies House data and that any information collected is done so in a manner that is adherent to data protection regulations.

    What we do with it

    We do not give or sell your personal information to any other organisations, except those that are employed directly by us to raise funds or manage fundraising events for us. If you make a donation to Rainbow Trust, sign up to an event or sign up to receive communications from us, we will normally collect your name and contact details. We will retain your bank account information if you are making a regular donation. We may also keep other information that you have given us, such as your date of birth, and combine it with information from other sources to enable us to build a better profile and understanding of our donors and help to identify potential new supporters. If you are taking part in a sporting or challenge event, we may also keep your emergency contact details for that purpose only and for the duration of the event.

    We may use personal data to carry out research on the demographics, interests and behaviour of our supporters; this helps us gain a better understanding of them and enables us to improve our work with families and children. This research may be carried out by Rainbow Trust employees or we may ask an external company to do this work for us. We may use techniques such as profiling and screening to ensure we target our resources effectively; these enable us to understand the background of supporters and also help us to make appropriate requests to existing donors and target new audiences and supporters who use or consume certain media (for example, magazines, newspapers and news sites) and social media platforms. Importantly, it enables us to raise much needed funds, sooner and more cost-effectively, than we otherwise would.

    Why we need it

    We use this information to thank you for supporting us and to provide you with further information about our activities according to your consent preferences and interests. We also use it to fulfil our legal responsibilities for financial and Gift Aid reporting, to administer our events and to enable us to process your donations.

    How long we keep it

    We will hold your information for only as long as is necessary to the end of your relationship with us and in accordance with our data retention policy.

  • For applicants

    Your personal information

    In the course of our activities and legal obligations as an employer, we will process personal data (which may be held on paper, electronically, or otherwise) about our applicants; and we recognise the need to treat it in an appropriate and lawful manner, in accordance with GDPR.

    We process the personal information you provide to us when you apply for a job or to volunteer with us. We may also receive personal data from third parties such as an independent recruitment agencies.

    Why we need it

    We use this information to assess your suitability for the role applied for and where applicable during the interview process.

    We only request information from you to that is required to satisfy legitimate recruitment information, to satisfy relevant health and safety requirements and to satisfy relevant equal opportunities legislation. It will also be used to obtain third party references or to meet statutory obligations.

    What we do with it

    Your personal information will only be held and processed for the purpose of the selection process and if successful with subsequent employment.

    All the personal information we hold about you will be processed in a secure environment and by authorised HR personnel and shared with relevant managers as part of the recruitment process.

    We will only share your personal data with independent third parties with your consent and when directly required as part of the recruitment process. In these circumstances, they will only process your personal information in line with our instructions and we are responsible for your information at all times.

    How long we keep it

    We will keep the personal information of unsuccessful candidates for a period of six months after the closing application date after which time it will be securely destroyed.

    We do not hold speculative CV’s sent to us for any reason.

  • For families

    Your personal information

    We process and hold personal information that is needed by us to run the operations of the charity and for which there is a valid lawful basis. If your family is receiving support from us, we may need to obtain up-to-date medical and social care information in order to provide a safe and effective service, in the best interest of the child or young person.

    We do not share information sensitive or confidential health information without your consent unless under legal obligation. We will only share information after families have signed a “consent to share” form at the start of delivery service, which details the circumstances in which we may share information.

    In certain circumstances, we receive and will share personal information with other professional organisations, such as hospitals, GPs, community nursing teams, Local Authorities and schools.

    How we collect your personal data

    We obtain personal information from you when a referral is made to us and when we undertake an initial assessment to agree a family plan with you. We may also obtain personal information about you from other professionals involved in your child’s care.

    How we process your personal information

    We may use your personal information for:

    • Providing you with services or information that you have requested
    • Keeping a record of our communications with you
    • Complying with our legal obligations, policies and procedures.

    The safety of children is very important to us and we will only display the name of a child or family and any associated information if we have consent from the family members involved, unless otherwise required to do so by our legal obligations.

    Data profiling and data appending

    We may use personal information for analysis and profiling to help us to understand family needs. On occasion we may also make use of publicly available demographic information. We will only use data collected in this manner for the purposes to which you have consented.

    Disclosure

    We will not sell or share personal details with any third party for the purposes of their own marketing.

    We may disclose your personal information to third parties if we are obliged to by law or the disclosure is necessary for the purposes of national security or criminal investigation or if we have your consent.

    How we protect your personal information

    We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal data stored on our database, systems or mobile devices including telephone numbers and photographs.

    Where we store your information

    All the information that you provide to us or which is shared with us is stored on our secure database and on mobile phones.

    How long we keep it

    We retain your personal information in line with guidance from the Local Authority and in line with guidance from the Care Quality Commission, our Regulatory Body.

Manage your cookie settings

Cookies in use on our website

Updates to this policy

We may update this policy from time to time to reflect changes in how we use your information. You may wish to check this policy each time you provide your information to Rainbow Trust. In certain circumstances and, if there are significant changes to the policy, we will notify you.