Data Protection

Find out what information we might have on you, what we do with it, and what your rights are

Our Privacy Commitment

Openness, honesty and trust are the cornerstones of any community and key values here at The Together Plan.

Working in the former Soviet Union – where trust in institutions is understandably rock-bottom – reminds us daily how critical these values are in building real community. Recent world events demonstrate just how easily this trust is broken, and how damaging and destructive to society such an abuse of trust can be.

As a supporter of The Together Plan, you give the gift of community to our partners in Belarus, and we want to make sure that the same values define our relationship with you.

Data Protection Information Tool

You can use this tool to find out what personal data The Together Plan holds about you, why we hold this information, and how we use it. Select the options that apply to you below.

The information on this page is a summary of our privacy and transparency statement. You can also download the full document (PDF) or skip straight to the section on the law and your rights.

Your Personal Data Protection Report

Based on your selection, we may hold some or all of the following data about you. Click on each item for more details.

Your name and email address

…in order, having received your explicit consent, to send you regular email communications that you have chosen to receive. You will only receive subscription communications from us if you have given us explicit permission to send them (or have provided your personal details specifically for this purpose). You may withdraw consent at any time.

We currently send:

  • A regular newsletter containing news and information about our work (sent approximately weekly;
  • Invitations to upcoming events run by The Together Plan (usually sent once when booking opens and once shortly before the event).

You may choose to receive both the newsletter and event invitations, only one of these, or none, by clicking the “choose which emails you receive” link in the footer of any subscription email, or by email to office@thetogetherplan.com.

If you have chosen to receive marketing communications by post instead, we will hold your postal address.

Where you have given us specific consent, we occasionally use your approximate address to restrict the event invitations we send you to those for nearby events.

We collect your information…

…when you subscribe to communications. This might be using an online or paper sign-up form or by email, telephone or in person. If you consent orally, we will send you written confirmation of this before sending you any other communications.

You will be informed before signing up which communications your subscription is for. Automated sign-up processes including the sign-up forms displayed on our website apply to both the newsletter and events invitations.

We store your information…

…for the duration of your subscription. We will ask for your renewed consent every two years. We keep a record of unsubscriptions for the purpose of preventing you from being re-subscribed in error; however, you may request the deletion of this record if you wish.

The contents of any comments you publish on our website

…in order to display your comment on our website, as well as to respond to it where appropriate.

We share your information…

…with the general public. Your full name and website (if provided) are visible publicly. Email addresses provided when commenting are not published but are held by us.

We store your information…

…for as long as your comment is visible on our website. You can delete the comment at any time if you choose to do so by revisiting it on our website.

We use cookies…

…if you log in to or post comments on our website. They enable the website to identify you should you take further actions on our website, so that those actions can be correctly attributed to you.

These cookies are set by the WordPress platform. More information about them can be found on WordPress’ website. No personally identifiable data is stored in these cookies and their contents are made available only to thetogetherplan.com, not to WordPress.

Where taking an action on our website will set a cookie, this will be clearly indicated.

Your contact details, including email address, phone number and street address

A record of your engagement with The Together Plan, including past donations, event attendance, volunteer activities, etc.

Background information about you and your relationship with the charity, to inform and improve the service we provide to you

…in order to help us promote and grow the charity, improve our services, and fundraise for our charitable purposes. (This is a “legitimate interest” under GDPR.)

Because we have decided to use your data in this way, the law requires us to ensure that our approach protects your privacy as far as possible and leaves your own interests and legal rights unaffected. For more information or to find out what information we hold in your specific case, please contact us.

We collect your information…

…when you provide it to us directly over the course of our relationship with you. If you would like to know in more detail you have provided directly, please contact us.

We share your information…

…publicly on our website, in the case of certain fundraising and sponsored events. This is for the purposes of allowing participants to see their fundraising progress and encouraging further sponsorship in order to support The Together Plan’s fundraising activities. We will always clearly indicate where we intend to publish donations.

In this case, your name, donation amount, and any other optional information you provide (such as a message to participants) will be published. You may donate anonymously to such sponsored events by choosing the “anonymous donation” option.

If you donate anonymously, no personal data provided by the donor is included in the publicly available record of anonymous donations. However, other information you provide, such as a message to participants, may still be published, so be sure not to include any personally identifiable information in these fields if you wish your donation to be anonymous.

Sometimes, we may seek to publish information relating to individual major donations for the purposes of further fundraising or transparency. In these cases we will contact you so that you may consider whether you wish to consent.

If you would prefer to donate without leaving any public record (whether anonymous or not), then we encourage you to make your donation(s) here: https://thetogetherplan.com/donate.

We use cookies…

…when donations are published to our website. They enable the website to identify you should you take further actions on our website, so that those actions can be correctly attributed to you.

These cookies are set by the WordPress platform. More information about them can be found on WordPress’ website. No personally identifiable data is stored in these cookies and their contents are made available only to thetogetherplan.com, not to WordPress.

Where taking an action on our website will set a cookie, this will be clearly indicated.

Information relating to your family history

…including names of ancestors and the dates and places of their birth, death, marriage, emigration, naturalisation and other life events, in order to fulfil our contract with you by conducting genealogical research on your behalf. Withholding information will affect our ability to conduct this research.

We collect information…

…when you provide it to us directly over the course of our research on your behalf. If you would like to know in more detail you have provided directly, please contact us.

We share your information…

…with our archive researchers and associates, who are official representatives of The Together Plan and who are required to comply with these data protection rules and all UK, EU and local law. They may further share your information with staff at archives and museums where we intend to carry out genealogical research.

In all cases we will inform you of our intentions, so that you may consider whether to consent or object to this sharing of your data.

We store your information…

…for the duration of our research activities. After this, family history is deleted unless you give us permission to keep it (for example, if you intend to commission further research in the future).

Details required for booking travel, accommodation and visas

…including your date of birth, occupation, passport details and medical insurance details, in order to fulfil our contract with you by planning your trip to Belarus. Withholding information will affect our ability to conduct this research.

We collect information…

…when you provide it to us directly over the course of our research on your behalf. If you would like to know in more detail you have provided directly, please contact us.

It is a requirement when entering Belarus to provide evidence of medical insurance cover for your trip. Depending on your insurer, this documentation may contain sensitive information relating to your medical history (see the section on particularly sensitive information below). This information will also be seen by The Together Plan in order to check that your insurance policy meets all requirements before you apply for a visa or travel to enter Belarus.

We share your information…

…with airlines, hotels, transport companies, the Belarusian Embassy in the UK and/or your country of residence, and your inviting organisation (for visa purposes), when booking flights, accommodation and visas.

In all cases we will inform you of our intentions, so that you may consider whether to consent or object to this sharing of your data.

Where these organisations are based outside of the EU, less stringent data protection laws may apply. By instructing us to pass data to third parties outside the EU you acknowledge and take responsibility for the risks to your privacy that may be incurred.

We store your information…

…for no longer than the duration of your trip. Passport, visa and insurance details are deleted as soon as they are no longer needed.

Please allow two months for us to ensure the complete deletion of your data.

Background information about you and your relationship with the charity, to inform and improve the service we provide to you. This may include lifestyle information about you and your family.

Information relating to applications for funding made either to The Together Plan or to a third party with our support. This may include information about your family or other third-party beneficiaries.

Personal information contained in documents reviewed by us as part of any due diligence

…in order to fulfil our charitable objectives by providing services to you and informing the development of our services.In the case of partners and beneficiaries who are organisations, we also hold data for the organisation and its representatives, staff and volunteers.

We may also hold further data on individual members or service users of the organisation with the consent of those individuals.

We collect your information…

…when you or an organisation representing you provides it to us directly over the course of our relationship with you. If you would like to know in more detail you have provided directly, please contact us.

We store your information…

…for the duration of your relationship with us, unless we are required to hold this information longer for legal or regulatory reasons. In most cases, we consider this relationship to have ended once two years have passed since your last interaction with us.

Information related to any contracts between us

Financial information, including bank details for payment of fees or salaries

In the case of our employees, information necessary for our employment of you, such as tax information

…in order to fulfil these contracts between us.

We collect information…

…when you provide it to us directly over the course of our relationship with you. If you would like to know in more detail you have provided directly, please contact us.

We store information…

…for the duration of your relationship with us, unless we are required to hold this information longer for legal or regulatory reasons.

Feedback you provide on our events, campaigns and other services

…in order to help us promote and grow the charity and improve our services.

We collect information…

…when you provide it to us directly over the course of our relationship with you. If you would like to know in more detail you have provided directly, please contact us.

We store information…

…for the duration of your relationship with us, unless we are required to hold this information longer for legal or regulatory reasons.

We do not collect personal data from viewers of our website, but some third parties might

Google collects data on users of services provided by them on third-party sites. Therefore, if you play embedded YouTube videos or use the Google Maps features, your personal data may be used by Google for their purposes.The Together Plan uses third-party services provided by Google in order to provide functionality to our site, where we believe there is significant benefit to doing so and where the risks to our users’ privacy are low.

More details, and steps that you can take to limit the impact on your privacy of using Google’s services, can be found at https://policies.google.com/technologies/partner-sites.

Organisations that monitor your internet usage, such as your internet service provider or employer, may collect data on your use of our website independently of The Together Plan.

Wherever you provide us with personal information, we may also…

  • perform due diligence, in the form of credit checks and verification of your identity (including checking photographic identification and proof of address), in order to comply with our legal obligations.
  • monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies, to the extent permitted by law.
  • approach you from time to time to ask your consent to allow us to process your personal information for other purposes. We will provide you with details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent….

What the law says about data processing

Note: this section is intended as a summary. More details are given in our privacy notice.

Under UK and EU data protection law, there are six situations in which we are allowed to use your personal data:

  • With your prior explicit agreement;
  • Where necessary to fulfil The Together Plan’s objectives, as set out in this notice (known as “legitimate interest”). In these cases we need to prove our approach protects your privacy as far as possible and your legal rights and interests are unaffected;
  • In order to fulfil a contract between you and us;
  • In order to comply with our legal obligations;
  • Where we have an obligation to protect your vital interests (or someone else’s interests);
  • Where it is needed in the public interest in accordance with the law.

(We anticipate the last two uses will be extremely rare.)

We are only allowed to use your personal information for the purposes for which we collected it (or for closely related purposes we believe you would support).

If we need to use your personal information for an unrelated purpose we will contact you first, explaining why and how we plan to use your information and our legal basis for doing so.

Your data protection rights

By law, you have the right to:

Commonly known as a “data subject access request”. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

 This enables you to have any incomplete or inaccurate information we hold about you corrected.

This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

You have the right to object to processing on the basis of our legitimate interests (or those of a third party) where your particular situation makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for marketing purposes.

This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

This is also known as the right to data portability,

In the limited circumstances where we process your information for a specific purpose on the basis of your consent, you have the right to withdraw consent for the collection, processing and transfer of your personal information for that purpose at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are required to continue to process your information in accordance with another lawful basis which has been notified to you.

We will be happy to comply with any requests in connection with the above rights, free of charge wherever possible, at any time. Please contact the Data Privacy Manager, via The Together Plan office in the UK on +44 (0)203 375 0656 or at office@thetogetherplan.com or by writing to PO Box 70138, London, N12 2EY, with requests or for further information.

Special categories of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using the following types of personal information. The following categories are covered by these protections:

  • Physical or mental health, including any details of a medical condition or disability;
  • Nationality, race or ethnicity;
  • Political opinions;
  • Religious or philosophical beliefs;
  • Trade union membership;
  • Sexual orientation or sex life;
  • Genetic information and biometric data; or
  • Information relating to criminal convictions and offences.

We process this type of information where it is necessary to provide services to you in accordance with our agreement. Where you provide information to us voluntarily we only process such information with your consent. We process information:

  • Relating to a health condition or disability in order to make reasonable adjustments in the provision of our services.
  • Where it is needed to protect your vital interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
  • About your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting. We make every effort to anonymise such information.
  • Relating to criminal convictions where the law allows or requires us to do so. Except where this is necessary for safeguarding reasons in the course of providing services, we do not envisage that we will hold information about criminal convictions.

We may process particularly sensitive personal information without your consent if we are under a legal obligation to do so or for reasons of substantial public interest.

We do not process particularly sensitive personal information about supporters and donors as part of our usual course of business.  

We may from time to time approach you for your written consent to allow us to process certain particularly sensitive information for other purposes. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

Third parties who have access to your data

We share data with the following third parties who provide services to us:

All categories of personal data are routinely stored. Salesforce is an industry leader in data protection, and privacy policies and practices are available at https://trust.salesforce.com/en/. Our Salesforce instance is located on servers in Paris and Frankfurt (so subject to the EU’s new GDPR rules).

Subscribers’ names, email addresses, marketing preferences and, in some cases, approximate geographic locations, are stored. Campaign Monitor guarantee compliance with GDPR. The Together Plan works together with Campaign Monitor to ensure the maximum possible protection for our data. Campaign Monitor use servers located in the USA and outsourced services provided worldwide.

Microsoft Office 365 provides The Together Plan’s email systems, cloud storage and other internal communication and collaboration tools. Past email conversations and files containing all categories of personal data are stored.

These companies process details relating to payments to us. This usually includes the identity of the person or organisation who made the payment.

HMRC receives the personal details of our Gift Aid donors in order to verify the validity of their Gift Aid declarations and process

Financial details are processed by these companies and not passed on to The Together Plan. Their respective privacy policies, which can be found on their websites, explain how they use data you provide to them. We have also used BT MyDonate (https://mydonate.bt.com/) in the past for collecting donations.

We typically use Eventbrite to collect the names and email addresses of attendees and other information necessary for holding the event. Payment details are processed by Eventbrite and not passed on to The Together Plan.

These companies have access to data that could be used to identify individuals, such as IP addresses. The Together Plan does not use this data to identify individual visitors to its website as part of our usual course of business.

All of these organisations operate as “data processors”, meaning that they are authorised by us to use personal information only for purposes and in ways that we specify.

Some are also “data controllers”, meaning that they are able to use personal information provided to them by us for their own purposes. In these cases, legal responsibility lies with the third party for using your data appropriately and communicating to you how it will be used.

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.