Privacy Policy

Who we are

Rainbow Trust Children’s Charity is a registered charity which provides services funded by donations, including those made by private individuals. That is why we want to be completely transparent about why we need the personal details we request when you support us and how we will use them. We are fully committed to respecting and protecting your privacy in line with General Data Protection Regulations (GDPR). Once you choose to provide us with personal data, it will only be used to support your relationship with Rainbow Trust.

Rainbow Trust is a member of the Fundraising Regulator. Our Registered Charity Number is 1070532.

What is Personal Data?

Personal data is recorded information we hold about you which can be identified, either directly (for example, by name) or indirectly (for example, by employee number). It may include contact details, other personal information, photographs, expressions of opinion about you, or indications as to our intentions about you. It may also include sensitive personal data, such as ethnic origin, health information or religious beliefs.

Processing, in relation to data, means anything we may do with the information, such as obtaining, accessing, recording, disclosing, destroying or using the data in any way.

How we store your information

We store your personal information securely and guard against data theft. Your information is accessed by staff and volunteers who have received data protection and compliance training. We undertake regular reviews of who has access to our database.

When we employ external service providers to undertake fundraising operations on our behalf, we do so only through encrypted data transfers. We ensure that all external service providers comply with the regulations and recommendations set out by the Fundraising Regulator and the Information Commissioners Office. We monitor their activities and ensure a contract protects your individual rights.

How we use your personal information

The information you give us will be used only in accordance with reasonable expectations. We use it to manage your donations, deliver services that you have asked for, build a profile of our supporters and keep a record of our relationship with you. This includes information on how you wish to be contacted. We will also contact you with our fundraising communications unless you have asked not to be contacted in this way.

Your rights

We will only collect the data that we need to carry out the purposes you have contacted us for or given us permission to use it for.

Under GDPR, you have a number of rights in relation to your personal data, which we recognise and will act upon accordingly. These are as follows:

  • The right to be informed of why, where and how we use your information
  • The right of access to your information
  • The right to rectification if your information is inaccurate or incomplete
  • The right to erase your information where there is no longer a need for us to continue processing it
  • The right to restrict the use of your information. This is only applicable where consent is relied upon as the grounds for data processing.
  • The right to data portability – to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information
  • The right to object to how your information is used (including objecting to direct marketing)
  • Rights in relation to automated decision making and profiling.

Where you have provided consent to be contacted or to receive a service, you will be entitled to withdraw that consent at any time.

If you are at any point unhappy with the way that we handled your personal data, you can make a complaint to the Information Commissioner’s Office.

If you would like full details of the personal data we hold on you, you are able to make a Subject Access Request. Please make your request by email to Bob Coyne.

To make changes to how we contact you or the information you receive, please contact or telephone 01372 220085.

  • For supporters

    Your personal information

    You may give us your personal information directly, through making a donation on our website, via telephone or in the post, attending an event or communicating directly with us.

    You may give us your personal information indirectly, through a donation on a fundraising site such as Just Giving, Virgin Money Giving or Charities Aid Foundation. These third parties will ask you whether you are happy to be contacted by us and we will not use your information to contact you without explicit permission given by you via these sites.

    When we ask for your personal information, we give you the option to opt out of communications via post, telephone (which includes text message) and email.

    What we do with it

    We do not give or sell your personal information to any other organisations, except those that are employed directly to raise funds or manage fundraising events for Rainbow Trust.If you make a donation to Rainbow Trust, sign up to an event or sign up to receive communications from us, we will normally collect your name and contact details. We will retain your bank account information if you are making a regular donation via Direct Debit. We may also keep other information such as your date of birth, to enable us to build a better profile of our donors to help us understand you better and identify potential new supporters who may like to hear about our work. If you are taking part in a sporting or challenge event, we may also keep your emergency contact details for that purpose only and for the duration of the event.

    Why we need it

    We use this information to thank you for supporting us and to provide you with further communications about our activities according to your preferences and interests. We also use it to fulfil our legal responsibilities for financial and Gift Aid reporting.

    How long we keep it

    We will keep your data only for as long as necessary. If you have kindly donated to us, we are required to keep this data for seven years. If you have not donated to us, we will only keep your data for three years.

  • For families

    What personal data we collect

    Personal data is any information that can be used to identify you. The personal information we collect could include:

    • Name
    • Address
    • Telephone Number
    • Email address
    • Your child’s diagnosis
    • Date of birth.

    If your family is receiving support from us, we may need to obtain up to date medical and social care information in order to provide a safe and effective service. We collect and share personal information from other professionals including, but not limited to, Local Authorities, hospitals, GP’s, community nursing teams and schools.

    How we collect your personal data

    We obtain personal data from you when a referral is made to us and when we undertake an initial assessment to agree the family plan. We may also obtain personal information about you from other professionals involved in your child’s care.

    How we process your personal data

    We may use your personal data for:

    • Providing you with services or information that you have requested
    • Keeping a record of our communications with you
    • Complying with our legal obligations, policies and procedures.

    The safety of children is very important to us and we will only display the name of a child or family and any associated information if we have consent from the family members involved, unless otherwise required to do so by our legal obligations.

    Data Profiling and data appending

    We may use personal information for analysis and profiling to help us to understand family needs. On occasion we may also make use of publicly available demographic information. We will only use data collected in this manner for the purposes to which you have consented.

    Marketing contact

    We would like to keep in touch with you about the work we do, our fundraising events and activities and our appeals and campaigns. We will only contact you by email, telephone or SMS with your consent. If we contact you by post, we will not contact you again if you ask us not to.

    You can change your preference at any time by contacting us on


    Rainbow Trust will not sell or share personal details with any third party for the purposes of their own marketing.

    We may disclose your personal information to third parties if we are obliged to by law or the disclosure is necessary for the purposes of national security or criminal investigation or if we have your consent.

    How we protect your personal information

    We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal data stored on our database or systems.

    Where we store your information

    All the information that you provide to us or which is shared with us is stored on our secure online database.

    How long we keep your information

  • For applicants

    In the course of our activities and legal obligations as an employer, we will process personal data (which may be held on paper, electronically, or otherwise) about our applicants; and we recognise the need to treat it in an appropriate and lawful manner, in accordance with the General Data Protection Regulations (GDPR) (2018).

    The personal data we receive is provided directly from you during the application process upon applying for a role with Rainbow Trust. We may also receive personal data from third parties such as via a recruitment agency.

    What is Personal Data?

    Personal data is recorded information we hold about you which can be identified, either directly (for example, by name) or indirectly (for example, by employee number). It may include contact details, other personal information, photographs, expressions of opinion about you, or indications as to our intentions about you. It may also include sensitive personal data, such as ethnic origin, health information or religious beliefs.

    Processing, in relation to data, means anything we may do with the information, such as obtaining, accessing, recording, disclosing, destroying or using the data in any way.

    Why we need it

    We will process personal data for legal, personnel, administrative and management purposes and to enable us to meet our legal obligations as an employer, for example to process job enquiries and expressions of interest, to arrange job interviews and to process the details of your contract of employment should you be successful at interview.

    We may process sensitive personal data as appropriate such as information about physical or mental health in order to make any specific adjustments required for the interview and take decisions as to fitness for work; racial, ethnic, religious or similar information in order to monitor compliance with equal opportunities legislation.

    The types of personal data we hold may include:

    • Personal demographics (including gender, age, race, ethnicity, sexual orientation, religion, photograph and ID documents)
    • Contact details such as names, address, email address, telephone numbers and emergency contact information
    • Employment records (including professional or trade union memberships, qualifications, references, proof of eligibility to work in the UK and security checks)
    • Vehicle registration or insurance details
    • Bank details
    • Pension details
    • Medical information including physical or mental health condition
    • Information relating to health and safety
    • Offences (including alleged offences), criminal proceedings, outcomes and sentences
    • Employment Tribunal applications, complaints, accidents, and incident details

    What we do with it

    We will only process your personal data for the specific purpose/s notified to you, or for any other purposes specifically permitted by GDPR; and processing will be adequate, relevant and non-excessive.

    We will keep the personal data we store about you accurate and up to date. If your personal details change or if you become aware of any inaccuracies in the personal data we hold about you, please notify HR.

    All the personal data we hold about you will be processed by relevant and appropriate personnel (e.g. HR, Line Managers/Directors) based in the United Kingdom, however, please note that your information may be stored on a cloud-based system whose servers are located within the European Union or other permitted countries.

    We will only provide your personal data to an authorised third party if they need to provide a specific service in relation to your application (such as, but not limited to, for pre-interview task completion such as the predictive index), and where we have a data processing agreement in place to ensure GDPR compliance.

    We take all reasonable steps to ensure that your data is processed securely and more information on how we do this can be found in our Data Privacy Policy.

    How long do we keep it

    We will generally keep the personal data of applicants for a period of 6 months after applying for a role with us, after which time it will be destroyed.

    We do not hold speculative CV’s sent to us for any reason, we will only hold an applicant’s details if they have applied for a specific role.

    If you consent to being contacted for marketing purposes, or to remain on our database during the recruitment process, any information we use for this purpose will be kept with us until you notify us that you no longer want to receive it. More information on our retention schedules can be found in our Data Privacy Policy.

  • Photographs and case studies

    What we collect Families, members and supporters kindly let us use images, video content and case studies of them to help bring our fundraising and campaign activity to life. These could include details about the health of their child.

    What we do with it

    We keep this information stored in a secure and will only use them with the subject’s permission. The safety of children is very important to us. If we display a child’s case study we do not display their personal or contact details.

    How long we keep it

    We keep this data for three years after we have been given them, unless you ask otherwise, after which time they are archived.

  • Website, email and social media

    Our website uses cookies to ensure visitors get the best experience on our website as well as to provide information on how our site is being used, which enables us to enhance the online experience. For example, cookies may tell us whether you are visiting our site for the first time or returning. Some cookies are necessary to allow visitors to move around the website and use its features, such as shopping baskets, or some collect information about performance and others allow for functionality like remembering language choices and passwords and there are also cookies that allow targeting or advertising based on browsing habits.

    You have the right to choose whether to accept these cookies and can indicate to do so by choosing your cookie preferences within your browser settings. The help menu in the toolbar will tell you how to manage these, including how to have your browser notify you when you receive a new cookie, and how to disable them all together.

    You can read more about cookies here.

    We might also obtain your personal data through your use of social media channels such as Facebook, Twitter, LinkedIn, YouTube and others, depending on your settings or the privacy policies of these services. To change your settings on these services, please refer to their privacy notices, which will tell you how to do this.

    We use a third-party provider, Mailchimp, to deliver our supporter emails. We collect statistics around email opening and clicks using industry standard technologies to help us monitor and improve our mailings. For more information, please see Mailchimp’s privacy policy.

    We may use your email address and phone number to match to your account on Facebook or other social media sites in order to show you Rainbow Trust content while you are using these services. We will only do this where you have opted in to our marketing emails or phone calls, and your personal data is kept secure at all times. We may also use your email address and phone number to link to Facebook or other social media sites in order to identify other users of these sites whom we believe would be interested in Rainbow Trust, and we may then show them our content.

Notification of change of Privacy Policy

We reserve the right to amend this privacy statement. You are advised to visit this website section periodically in order to keep up to date with the changes in our privacy policy.

If you have any questions regarding our privacy statement, please contact:

Robert Coyne, Director of Finance, Rainbow Trust Children’s Charity, 6 Cleeve Court, Cleeve Road, Leatherhead, Surrey KT22 7UD.