privacy policy

Special categories of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using the following types of personal information. The following categories are covered by these protections:

• Physical or mental health, including any details of a medical condition or disability;
• Nationality, race or ethnicity;
• Political opinions;
• Religious or philosophical beliefs;
• Trade union membership;
• Sexual orientation or sex life;
• Genetic information and biometric data; or
• Information relating to criminal convictions and offences.

We process this type of information where it is necessary to provide services to you in accordance with our agreement. Where you provide information to us voluntarily we only process such information with your consent. We process information:

• Relating to a health condition or disability in order to make reasonable adjustments in the provision of our services.
• Where it is needed to protect your vital interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
• About your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting. We make every effort to anonymise such information.
• Relating to criminal convictions where the law allows or requires us to do so. Except where this is necessary for safeguarding reasons in the course of providing services, we do not envisage that we will hold information about criminal convictions.

We may process particularly sensitive personal information without your consent if we are under a legal obligation to do so or for reasons of substantial public interest.

We do not process particularly sensitive personal information about supporters and donors as part of our usual course of business.

We may from time to time approach you for your written consent to allow us to process certain particularly sensitive information for other purposes. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

Commonly known as a “data subject access request”. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

This enables you to have any incomplete or inaccurate information we hold about you corrected.

You have the right to object to processing on the basis of our legitimate interests (or those of a third party) where your particular situation makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for marketing purposes.

This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

This is also known as the right to data portability,

In the limited circumstances where we process your information for a specific purpose on the basis of your consent, you have the right to withdraw consent for the collection, processing and transfer of your personal information for that purpose at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are required to continue to process your information in accordance with another lawful basis which has been notified to you.

All categories of personal data are routinely stored. Salesforce is an industry leader in data protection, and privacy policies and practices are available at https://trust.salesforce.com/en/. Our Salesforce instance is located on servers in Paris and Frankfurt (so subject to the EU’s GDPR rules).

Subscribers’ names, email addresses, marketing preferences and, in some cases, approximate geographic locations, are stored. Campaign Monitor guarantees compliance with GDPR. The Together Plan works together with Campaign Monitor to ensure the maximum possible protection for our data. Campaign Monitor uses servers located in the USA and outsourced services provided worldwide.

Google Cloud’s GSuite provides The Together Plan’s email systems, cloud storage and other internal communication and collaboration tools. Past email conversations and files containing all categories of personal data are stored.

These companies process details relating to payments to us. This usually includes the identity of the person or organisation who made the payment.

HMRC receives the personal details of our Gift Aid donors in order to verify the validity of their Gift Aid declarations and process.

Financial details are processed by these companies and not passed on to The Together Plan. Their respective privacy policies, which can be found on their websites, explain how they use data you provide to them. We also use JustGiving (https://www.justgiving.com/) for collecting donations.

We typically use Eventbrite to collect the names and email addresses of attendees and other information necessary for holding the event. Payment details are processed by Eventbrite and not passed on to The Together Plan.

These companies have access to data that could be used to identify individuals, such as IP addresses. The Together Plan does not use this data to identify individual visitors to its website as part of our usual course of business.