Our privacy policy How we keep your personal information safe

Hello, we’re the National Society for the Prevention of Cruelty to Children, though you probably know us as the NSPCC. We're the leading children's charity fighting to end child abuse in the UK, Channel Islands and Isle of Man. We help children who have been abused to rebuild their lives, protect those at risk, and find the best ways of preventing abuse from ever happening.

Safety is at the heart of everything we do. Our mission is to keep children safe across the UK – it’s what drives all our work. But, as one of our valued supporters, that also extends to keeping your personal information safe. At the NSPCC we value our supporters and we’re committed to protecting your privacy so we make sure we protect any personal information you give us.

This page, together with our terms of use for this site and our cookies policy, will let you know exactly how we use and protect your personal information. And if you have any questions about it please just send us an email at dataprotectionofficer@nspcc.org.uk - we’d be delighted to help. Our postal address can be found in the “contact us” section of this page.

The NSPCC is registered under the Data Protection Act 1998 as a Data Controller under number Z6593104. Our registered charity numbers are 216401 in England and Wales and SC037717 in Scotland. The NSPCC Trading Company Ltd. (registered Company in England & Wales no. 890446) is a wholly owned subsidiary of ours which trades on our behalf.

Below we have answered a range of questions to help you better understand how we protect your personal information: 

Personal information is any information that can be used to identify you. So, for example, if you donate money, request services or products, or become involved in our campaigns, we may collect and process the personal information that you’ve provided. We may also collect information from you when you report a problem with our website or if you complete a survey which we use for research purposes.

This personal information may include your name, email address, postal address, telephone or mobile number and date of birth, financial details, UK Tax payer information (for Gift Aid), credit/debit card information and records of responses to campaigns, as well as how you came to find us or about our services or events. 

We may also collect details of your visits to our website, for example your location data, other sites you’ve visited and the resources that you access. We use this to provide you with the information, services or products that you’re interested in and are most relevant to you. 

To understand how we use information about the communications devices you use, such as IP address (the location of the computer on the internet) and cookies, please see our Cookies policy page.

To make sure we always have the most up-to-date information about how to contact you, we may also, from time to time, update your records to reflect any changes to your personal information.

This information may come directly from you, or it may come from a third party that we consider is legitimate and trustworthy and in circumstances where it is appropriate and where you will have had a clear expectation that your details would be passed on for this purpose.

We may also combine the information you provide us with information we collect from trusted third parties and partners such as business partners, sub-contractors, advertising networks, analytics providers, search information providers, credit reference agencies as well as publicly available sources. These third parties include, QBase, Post Office Address File and Experian Quick Address.

We use your cookies to give you a more personalised experience online. It helps us create a more effective website that reflects your needs. We may also collect and record information about how you use our site by collecting your IP address (in simple terms that just means a number that identifies a specific computer or other internet device).

By continuing to use our site, you agree to our use of cookies - but these cookie files and IP addresses will never identify you as an individual. For more information on cookie files and IP addresses read our cookies policy. This page also includes instructions on how to disable cookies if you don’t want them to be used.

There are broadly eight ways that we may use your personal information, all to help us provide the most relevant and personalised service for you:

1. To provide you with information (such as fundraising or campaigning activities), services or products you’ve requested or which we feel may interest you.

We may also permit selected third parties to provide you with information on our behalf. But all this will only happen when you’ve consented to us contacting you. For more information, please see “How we handle your information and other organisations” below.

2. To allow you to participate in interactive features on our website, when you choose to do so.

For example, we may help you auto-complete forms by inserting your contact details for you to edit.

3. To analyse and improve the services offered on our websites.
This means we can provide you with the most user-friendly navigation experience we can, which may involve providing your information to third parties.

4. To use your IP addresses to identify relevant information.

This may include information such as your approximate location. It also helps us to block disruptive use or establish information like the number of visits to the website from different countries.

5. To make our marketing campaigns more targeted and relevant to potential donors and customers.

6. To process personal information to help us with our work and activities

For the purposes of customer analysis and, where you have consented to us doing so, direct marketing. We may process your information to help us with our activities and to provide you with the most relevant information.

7. To process personal information and/or provide this to a third party for the purposes of profiling and understanding who visits our site.

This could be analysing demographics to inform our campaign and marketing strategies.

For example:

Age: Some campaigns would exclude supporters whose known age is not within the target audience.

Gender: Gender is also used for some email promotions, like the Glasgow Ladies Lunch email.

Previous interactions: A supporter’s previous interaction with the NSPCC is also used for targeting purposes. For example, a weekly lottery player would be prioritised for future lottery communications.

Targeting
We may also add information to supporters’ personal information to help us with our targeting. Such information would not be personally identifiable or specific to you, but rather would give an indication of the type of supporter you are. For example, if you live in an area that predominately consists of families with young children, this would provide an indication of this.

These activities may also involve ‘automated decision-making’. However, you have the right to object to the use of your personal information for profiling and automated decision-making processes. For information on how to exercise these rights, please see the section on ‘Your Rights’ below.

8. To match information collected from you through different means or at different times.

That could include using information collected online and offline, along with information obtained from other sources, including third parties and publicly available sources, to ensure that the information we hold about you is up to date and accurate. These include third parties such as BT OSIS, Post Office Address File and Experian Quick Address.

If you do not want us to use your data for direct marketing purposes please contact our Supporter Care team. Please see "How we will contact you" below.

We always have your best interests at heart and your personal information will not be retained by the NSPCC for longer than necessary in relation to the purposes for which it was originally collected, or for which it was further processed, subject to certain legal obligations mentioned below.

We will retain personal data in accordance with our data retention policy, set out below. We review our data retention periods for personal information on a regular basis.

We hold personal information relating to:

    • donations you’ve made to us
      for 7 years since the date of your last donation
    • legacy donations
      if you indicate that you’d like to leave us a legacy gift we will retain personal data until 7 years after the legacy is received
    • entering raffles and competitions
      for 5 years
    • campaigning on our behalf
      for 3 years since you last campaigned with us
    • purchasing services, like training or venue hire
      for 3 years
    • subscribing to a newsletter
      you can unsubscribe at any time
    • making an enquiry to the Knowledge and Information team
      for 2 years.

We are legally required to hold some personal information to fulfil statutory obligations, for example the collection of Gift Aid or to support certain financial transactions.

We will also hold information about your details so that we can respect your preferences for being contacted by us.

The law allows you to withdraw your consent to any particular usage of your data at any time without needing to specify a reason. You can withdraw your consent by emailing our Supporter Care team on supportercare@nspcc.org.uk or calling 020 7825 2505.

It’s only with your support that we can keep children safe. That’s why we love to keep you posted with news about our work, how your support can make a difference and the variety of exciting ways you can support us in the future.

However, of course, we will not contact you again if you ask us not to. This can relate to all communications with you from the NSPCC or to certain campaigns or channels of communication. You can contact us to change your contact preferences by emailing our Supporter Care team on supportercare@nspcc.org.uk or calling 020 7825 2505.

We will never contact you to send you information about how you can support the NSPCC by email or text unless you have given us your prior permission.

We will not rent or sell your personal information to other organisations for use by them in any way, including in their own direct marketing activities.

However, where you have given us permission to contact you, we may pass on your information to external service providers to contact you on our behalf. For example, we may pass on your personal information to telemarketing companies such as DTV Optimise or Mango to conduct campaigns on our behalf.

We may ask external service providers to carry out tracking and analysis on our behalf as described in the cookies policy. For instance, we may pass on hashed out digital data (such as IP addresses) to our media agency OMD to monitor how well our campaigns are performing.

Additionally the NSPCC may pass on your personal information to online advertising tools, including Facebook Custom audiences, Google Adwords Match and Google Analytics to carry out ‘remarketing activities’ – this if you’ve already visited our website we can direct back to it through ads shown on sites across the internet by third-party vendors, including Google and Facebook. These third party vendors may use cookies to serve these ads based on your past visits to our website. You can opt out of a third-party vendor's use of cookies by visiting the Network Advertising Initiative’s opt-out page.

We want to ensure that we provide you with information that is relevant to you. In order to do this, we may need to analyse the information we hold on you for supporter analysis and data quality purposes. This analysis includes modelling (e.g. how likely you are to respond to the invitation) and segmenting (looking at people who are similar to you), so that you receive targeted and relevant communication.

This ensures we can spend our charitable donations effectively to obtain the biggest impact for children. Additionally, as our data is captured from various different sources (e.g. donation or through our website, campaign data), for data quality purposes we will analyse your data to ensure we do not have multiple versions of information on the same person on our database.

In carrying out the above activities, we may from time to time use publicly available information or information gathered from specialist companies. These include Directory of Social Change, UKChanges and QBase; companies that collate and analyse information from public registers alongside statistical social economic data. These companies may have obtained this information directly from you and in circumstances where you legitimately expect that they will pass on your information to other entities.

We will only use data collected in this manner for purposes to which you have consented or, if this is not reasonably practical, where we believe it is reasonably necessary to process your personal information for the purposes for which it has been provided. Throughout all of this we will always ensure that the privacy of your personal information is protected.

Where we use an external service provider to act on our behalf, we will disclose only the personal information necessary to deliver the service and will have a contract in place that requires the provider to comply with NSPCC data protection and information security requirements.

We may disclose your personal information to third parties if we are legally obliged to; or in order to enforce or apply our terms of use for this website or other agreements; or to protect the rights, property or safety of the NSPCC, our donors or others. This includes exchanging information with other companies and organisations for the purposes of fraud detection and protection, or with local authorities or social services for the purposes of the provision of health, legal or social care or treatment.

The NSPCC will ensure that when collecting sensitive information over the Internet such as debit cards, credit cards or personal information that this done so securely. We and our partners use TLS (Transport Level Security) to encrypt data sent between the customer and us or our partners.

The NSPCC is PCI compliant and uses external Payment Card Industry (PCI) compliant providers to collect this data on our behalf. We do not store PCI data on our own systems.

To protect yourself when sending us sensitive information, please ensure that you use devices running supported operating systems that are regularly patched, and incorporate some form of malware protection. Only connect your devices to networks that you trust.

Securing your passwords
Where we have given you (or where you have chosen) a password which enables you to access certain parts our website, you are responsible for keeping the password confidential. You agree not to share that password with anyone else.

This website may include links to other websites, not owned or managed by the NSPCC. Whilst we try our best to only link to reputable websites we cannot be held responsible for the privacy of data collected by sites not managed by the NSPCC, nor can we accept responsibility or liability for those policies. For this reason you should consult the privacy policy on any external website you link to before you submit any data to those websites.

If you post or send any content that we believe to be inappropriate or content in breach of any laws, such as defamatory content, we may use your personal information to inform relevant third parties such as your internet provider or law enforcement agencies.

We have the right to disclose your identity to any third party claiming to own any content that you posted.

The personal information collected from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by individuals operating outside the EEA who work for us or working on our behalf. This includes staff engaged in, among other things, the processing of your payment details and the provision of support services.

By submitting your personal data, you agree to this transfer, storing and processing at a location outside the European Economic Area.

At the NSPCC we have taken all steps reasonably necessary to make sure that your data is treated securely and in accordance with this privacy policy. We have done our best to protect your personal data, and ensured that it will be held in compliance with European data protection regulations.

Unfortunately, the transmission of information via the Internet is never 100% secure and we cannot guarantee the security of your data transmitted to our website. This means any such transmission is at your own risk.

In cases when we use external websites provided by other organisations such as Twitter, YouTube or Facebook, then we would ask you to consult their privacy policies.

If you wish to exercise any of your rights, as listed below please write to us at dataprotectionofficer@nspcc.org.uk:

a. Access to your personal information;
b. Objection to processing of your personal information;
c. Objection to automated decision-making and profiling;
d. Restriction of processing of your personal information;
e. Your personal data portability;
f. Rectification of your personal information; and
g. Erasure of your personal information.

If you make a request relating to any of the rights listed above, we will consider each request in accordance with all applicable data protection laws and regulations. No administration fee will be charged for considering and/or complying with such a request unless the request is deemed to be excessive in nature.

Upon successful verification of your identity you are entitled to obtain the following information about your own personal information:

a. The purposes of the collection, processing, use and storage of your personal data.
The source(s) of the personal information, if it was not obtained from you.
b. The categories of personal data stored about you.
c. The recipients or categories of recipients to whom your personal data has been or may be transmitted, along with the location of those recipients.
d. The envisaged period of storage for your personal data or the rationale for determining the storage period.
e. The use of any automated decision-making and/or profiling.

You can make the above request by emailing dataprotectionofficer@nspcc.org.uk or by writing to:

Data Protection Officer
NSPCC
Weston House
42 Curtain Rd
London
EC2A 3NH

We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.

You can also find out more about what to expect if someone has made a report about you and how you can access your information on our report abuse page.

Read our guide to accessing your personal information (PDF, 303KB)

We reserve the right to make changes to this Privacy Policy. Each time you visit this site you should check this Privacy Policy to check that no changes have been made to any sections that are important to you. Where appropriate, any changes will be notified to you by email.

Complaints

If you have any questions or concerns about this privacy policy and our privacy practices or if you wish to file a complaint, please contact our Supporter Care team by emailing supportercare@nspcc.org.uk or calling 020 7825 2505.

You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you believe your data has been processed in a way that does not comply with the GDPR. You can do so by calling the ICO helpline on 0303 123 1113 or via their website.

Data Protection Officer

Contact the NSPCC’s Data Protection Officer by emailing dataprotectionofficer@nspcc.org.uk or by writing to:

Data Protection Officer
NSPCC
Weston House
42 Curtain Rd
London
EC2A 3NH