Privacy and personal data protection statement
This statement explains how the Institute of Fundraising (IoF) uses the personal information we collect about you. For the purposes of this document the term IoF includes its National and Regional Groups, Special Interest Groups and Remember a Charity unless expressly differentiated. In all cases, the IoF is the Controller.
- Member references and referees
- Data shared with third parties for processing member services
- Campaign Supporters
- If you email us
- If you contact us via social media
- People who nominate individuals for our Fundraising Awards
- Visitors to our website
- Other websites
- Search engine
- Security and performance
- Website hosts
- Events and conferences organised by IoF Head Office
- Events and conferences organised by IoF Groups
- Events and conferences organised by RAC
- Academy training and learning programmes
- Academy qualifications
- Online learning via the Academy
- Equality, Diversity and Inclusion monitoring
- Service providers reporting a breach
- Where we keep your data
- Data stored outside of EEA
- Data Retention
- Recruitment agencies
- What we will do with the information you provide us
- What information do we ask for and why?
- Conditional offer
- Recruitment using recruitment agencies/job vacancy boards
- How long is this information retained?
- How we make decisions about recruitment
- Staff records
- Benefits providers
We collect information about you when you become a member, register with us or place an order for our products or services. We also collect information when you voluntarily complete surveys and provide feedback. Website usage is collected with your consent by using cookies.
We also collect information about you if you become an employee or are seconded to work with us or are a volunteer (see Job applicants, current and former IoF employees for more information).
We use the information we collect about you to process your membership application, orders for our products and services, to manage your account and, if you agree, to email you about other products and services which we think may be of interest to you. However we will only use your information to provide the product or service which you have requested and for other closely related purposes. For example, we might use information about people who have attended an event to carry out a survey to find out if they are happy with the level of service they received or we may send members emails about events or information which we think they would be interested in.
If you subscribe to any of our communications, you can opt out at any time and are given an easy way to do this.
We use your information collected from the website to provide the services you have requested and to keep your contact information and preferences up to date.
We will not share your information with any third parties for marketing purposes without your prior consent.
If you are an IoF Member we will share some of your information with third parties in order to provide your Member Benefits.
As an IoF member you will receive certain benefits dependent on the type of membership you have.
In order to provide you with these services we require certain information from you. If you don’t provide the requested information or don’t keep it up to date, we may not be able to provide some or all of the member benefits.
Member references and referees
When you apply to become a member of the IoF, we will ask you to nominate a referee. References form part of the membership application process. We retain the reference and the referee’s contact information for 3 months to allow completion of the application process.
Data shared with third parties for processing member services
If you are an Individual Member we will share the following information with third parties:
Your membership number only with CharityJob solely for the purpose of confirming that those seeking the IoF membership discount on advertising job vacancies in the IoF Job Shop are current members.
Your membership number, full name, organisation name, postal address and email address to Civil Society to receive the monthly copy of Fundraising magazine and full online access to the Civil Society website. You can unsubscribe from the magazine and website at any time.
We use a third party, Electoral Reform Services (ERS), to manage elections of Trustees to the IoF’s Board. We share your membership number, name and primary email address or where you have requested contact by mail, your postal address to enable ERS to send you voting and governance information. This information is kept by ERS for no longer than 14 days after the AGM has taken place.
IoF groups are run by a committee of volunteers all of whom are IoF members.
The IoF also prescribe which third party service providers the groups may use to facilitate their work including Eventbrite for group events, MailChimp or Communicator for emails and SurveyMonkey for collecting feedback. The IoF is the data controller for all IoF groups.
Committees work to Terms of Reference supplied by the IoF and individual volunteers are bound by IoF policies and individual confidentiality agreements. All volunteers are required to undertake the IoF’s data protection training.
Remember A Charity is part of the Institute of Fundraising (the Controller) and subject to the Institute’s policies and procedures.
As a Remember A Charity member you will receive certain benefits. In order to provide you with these services we require certain information from you. If you don’t provide the requested information, we may not be able to provide some or all of the member benefits.
When you apply to join Remember A Charity, we will ask you to nominate a primary contact. We use your details to update you about our events, news, campaigns and how to get involved with Remember A Charity Week.
We will also ask you to nominate any additional contacts within your organisation who wish to be kept informed of our work.
We use a third party provider, MailChimp, to deliver our newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e newsletters. For more information please see MailChimp’s privacy notice
If you register for an event organised by Remember A Charity, your information will be used to administer your attendance.
If you express interest for a particular member benefit - such as advertising, marketing, website or PR opportunities – we will share your contact details with our partner agencies so that they can contact you direct.
As a Campaign Supporter of Remember A Charity, you will also receive certain benefits as part of our legal sector network.
In order to provide you with these services we require certain information from you. If you don’t provide the requested information, we may not be able to provide some or all of the member benefits.
When you sign up as a Campaign Supporter, we will ask you to nominate a primary contact. We use your details to update you about our campaigns, news and how to get involved with Remember A Charity Week.
We use a third party provider, MailChimp, to deliver our newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e newsletters.
Individuals from IoF organisational members and fundraising agencies who opt-in to using the IoF public fundraising compliance service will have their contact details stored on a secure Microsoft Access database with restricted access. The purpose of this data being held is so that staff within the IoF Compliance Directorate can communicate with these individuals about the specific compliance services being provided to them.
A key service is the IoF Mystery Shopping Programme. The IoF utilises a third party agency to mystery shop public fundraising activities being undertaken by members. Information about fundraisers may be shared by the IoF with the fundraiser’s employer and can be used as evidence of a breach of a fundraising Code which may lead to disciplinary action or to help resolve a complaint. Members are required to notify fundraisers that their information including photos and descriptions may be used in this way.
We would like to send you information about our products and services which may be of interest to you. If you have consented to receive marketing, you may opt out at a later date by changing your preferences through the MyIoF/Registration page on our website.
You have the right at any time to stop us from contacting you for marketing purposes.
We use third party providers, Communicator and MailChimp, to deliver our newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e newsletters. For more information please see Communicator’s privacy notice and MailChimp’s privacy notice.
If you email us
You should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
If you contact us via social media
We use a third party supplier, Lightful Ltd to manage our social media interactions.
If you send us a private or direct message via social media the message will be stored by Lightful Ltd for 2 years. It will not be shared with any other organisations.
People who nominate individuals for our fundraising awards
When individuals complete a nomination for one of our fundraising awards, they submit their information and that of the nominee. Any personal information that is provided, is only used for the purpose of reviewing the nomination. The information about the nominations and the winners will be published on our Awards website.
Visitors to our websites
When someone visits one of our websites we use a third party Google Analytics to collect standard internet log information and details of visitors’ behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make and do not allow Google Analytics to make any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through the website we will up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Cookies are text files placed on your computer to collect standard internet log in information and visitor behaviour information. This information is used to track visitor use of the website and compile statistical reports on website activity.
Our websites’ search and decision notice search are powered by:
IoF Convention and Awards
Remember A Charity
Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by the IoF.
Security and performance
The IoF uses third party services to help maintain the security and performance of the IoF websites. To deliver this service the third party processes the IP addresses of visitors to the website. We use the following to provide this service:
IoF Convention and Awards
Remember A Charity
We use the following third parties to host our websites:
IoF Convention and Awards
Remember A Charity
Events and conferences organised by IoF Head Office
If you register for an event organised by IoF Head Office, your information will be used to administer your attendance. In some instances this may include collecting special category information, for instance, to provide the appropriate access facilities and for dietary requirements. This information will be accessible under the ‘need to know’ principle and will not be retained post event. We will share anonymised information with venues and caterers in order to ensure the requirements are facilitated.
Events and conferences organised by IoF Groups
If you register for an event organised by a Group, your information will be stored in Eventbrite and used to administer your attendance. Eventbrite handle the payments for events on behalf of the IoF Groups and will keep information required for financial legal reasons, to manage refunds and disputes for 7 years. In this respect they are a data controller. For all other data, the IoF is the data controller.
In some instances we may need to collect special category information, for instance, to provide the appropriate access facilities and for dietary requirements. This information will be accessible under the ‘need to know’ principle and will not be retained post event. We will share anonymised information with venues and caterers in order to ensure the requirements are facilitated.
Only permitted Group Committee Members and IoF Head Office staff will have access to the personal and special category information you provide.
Academy training and learning programmes
If you register for an IoF Academy training course, professional qualification or other learning programme (for example the Future Leader’s Programme) organised by IoF Head Office, your information will be stored in our CRM used to administer your attendance whether the course is delivered in a face to face format, online format or blended format (face to face and online). All course bookings are made online via the IoF website.
In some instances we may need to collect information which could be classed as special category for instance, to provide the appropriate access facilities, and/or appropriate academic support and for dietary requirements. This information will be accessible under the ‘need to know’ principle and will not be retained post training course, qualification course or any other learning programme. We will share anonymised information with venues and caterers in order to ensure the requirements are facilitated. For security and registration purposes, we may need to share names with venues. This information is passed back to us once the learning/education programme has finished.
We will also share your name, job title and organisation with the trainer(s)/tutor(s) delivering the programme so that they can deliver at the appropriate level and can provide relevant examples tailored to the participants.
In addition to the information required to register you for your course to successfully administer your qualification, we will retain information on IoF qualifications you achieve. Where we partner with third parties to enable a course to take place, we may share this data with the third party to enable administration. We will always tell you if this is the case. We also share your data with relevant third parties (like the exam board) for quality assurance purposes.
Your data is retained in accordance with the IoF’s retention policy and some parts may be kept indefinitely to confirm your qualification awards.
Your learning information is kept on a secure learning management system (LMS) with access limited to Academy staff and qualification tutors.
Online learning via the Academy
When you sign up to an IoF online course, we use some of the information you provide to enable access to the online course platform which is run by a third party provider. Where an online course is available to you for a restricted time, the information you provide will be archived at the end of this period to maintain a record of proof of qualification/course undertaking Otherwise the third party provider will hold your access information for as long as the online course is available or until you ask us to withdraw your access.
When you sign up to an IoF webinar, we use some of the information you provide to enable access to the webinar platform which is run by Workcast. Where a webinar is available to you for a restricted time, the information will be deleted from Workcast at the end of this period. Otherwise Workcast will hold your access information for as long as the webinar is available or until you ask us to withdraw your access.
The IoF uses an LMS provided by Sponge UK to provide e-learning facilities such as vulnerability training and the call levelling programme. Sponge retain information to allow you to access the e-learning and to demonstrate completion of the modules. This information is held for as long as the module is available to you and to keep a record of the training you have undertaken.
We use a third party provider, SurveyMonkey for processing our surveys. This company is a data processor for the Institute of Fundraising and only processes information in line with our instructions. For more information please see SurveyMonkey’s privacy notice.
Equality, Diversity and Inclusion Monitoring
We use SurveyMonkey to process our equality, diversity and inclusion monitoring via a link from joining instruction emails. As this survey collects special category data, we have ensured all tracking facilities are switched off in order to preserve the anonymity of respondents. The data we collect in this survey will be used for statistical reporting and analysis, the results of which will be published.
IoF does not store credit/debit card details. However, it may (in appropriate circumstances) use certain other companies to provide services to you, such as a credit card processing company or a Direct Debit service. These companies do not retain, share, store or use personal information for any purposes other than to provide this service to IoF.
IT services are outsourced to a third party under contract with the IoF. The third party ensures the security of the IoF network through the following (this list is not exhaustive):
- Installation of real-time malware and virus scanning
- Restricted access to IoF’s servers and shared folders
- Monitoring access
- Back-up of main server (information held for 30 days)
- Back-up to cloud (in Jersey) held for 10 days
- Asset management
- Restoration of data should this be required
- Secure disposal of hardware
Service providers reporting a breach
Where we keep your data
Your data is held on a server in a secure server room at the IoF offices and additionally backed up to a cloud (in Jersey).
Data stored outside of EEA
Where we use third party providers for some facilities (e.g. Eventbrite, SurveyMonkey, MailChimp) your data may be held outside of the EEA and usually in the USA. We make sure that we use reputable third parties and that they are part of the US privacy shield scheme where data is held in the USA. In all instances their terms confirm compliance with GDPR.
IoF offices in London have a manned security desk and visitors are required to sign in and out. When the security desk is not manned, entry to the building is via a fob issued to staff.
All staff and volunteers are trained in data protection including information security and subject to confidentiality agreements.
Hard copy files are kept on site in locked filing cabinets.
Archived hard copy files are managed by a third party and kept in a secure location.
Access to IoF networks is maintained by our IT provider and staff are required to change passwords every 3 months.
Where data is stored by third parties to enable processing of information, this is always subject to contract and confidentiality agreements.
Our systems are backed up both internally and encrypted in the cloud. Internal back-ups are overwritten every 30 days and cloud back-ups every 10 days.
If you are a member of the IoF, we will keep your data for as long as you are a member and for periods after that depending on the type of information we hold (e.g. we may keep information about qualifications you have obtained through us indefinitely).
Financial information is kept for 7 years.
If you are a member of staff, we will keep your information for as long as you are employed by the IoF and some of the information for 6 years once your employment has ended.
Under the GDPR, you have rights as an individual which you can exercise in relation to the processing of your data. In all instances and unless otherwise stated, we will aim to fulfil your request without undue delay. We will let you know in writing if we are unable to fulfil your request or cannot do this within the timeframe permitted by law and give you the reasons why.
Please see Contact Details for ways you can reach us.
- The right to be informed – we will provide you with a privacy notice which explains how we will be processing your data.
- The right of access – the IoF tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ either in writing or verbally. If we do hold information about you we will:
- give you a description of it
- tell you why we are holding it and the conditions of processing we are relying upon
- tell you who it could be disclosed to
- let you know if we withhold any information and why
- let you have a copy of the information in an intelligible form
To help us provide you with the information you require, please make sure you give us as much detail as possible and especially your name and contact details so that we can respond to your request.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
- The right to rectification – if any of the information we hold about you is incorrect or incomplete, you have the right to ask for this to be amended. You can do this in writing or verbally.
- The right to erasure – in certain circumstances you have the right to have your data erased, for instance if the data is no longer needed for the purpose we originally collected it for or you object to certain types of processing such as marketing.
- The right to restrict processing – in some circumstances you may restrict processing of your data, for instance while we are verifying the accuracy of your data. Restricting processing normally only lasts for a period of time.
- The right to data portability – we will provide you (or the organisation you tell us you want to receive the data) with the information you gave us in a .csv format once we have received your request in writing or verbally.
- The right to object – you have the right to object to processing of your data where the processing was based on legitimate interests, for direct marketing or for historical research and statistics. On receipt of your objection, we will stop processing your information in this way. To stop marketing, you may wish to update your preferences or use the unsubscribe facility on email communications to fulfil this right. You can also write to us or make a verbal request.
- The IoF does not carry out any solely automated individual decision-making or profiling.
The IoF is the data controller for the information you provide during the process unless otherwise stated. If you have any queries about the process or how we handle your information please contact us at email@example.com.
What we will do with the information you provide us
All of the information you provide us during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
What information do we ask for and why?
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t.
We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information.
You will also be asked to provide equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. This information will not be made available to any staff outside of our recruitment team, including hiring managers, in a way which can identify you. Any information you do provide, will be used only to produce and monitor equal opportunities statistics.
Our hiring managers shortlist applications for interview. They will not be provided with your equal opportunities information if you have provided it.
We might ask you to participate in assessment days, complete tests and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by the IoF.
If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our HR files for a period of six months. If you say yes, we would proactively contact you should any further suitable vacancies arise.
If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.
You will therefore be required to provide:
- Proof of your identity – you will be asked to attend our office with original documents, we will take copies.
- You will be asked to complete a criminal records declaration to declare any unspent convictions.
- We will contact your referees, using the details you provide in your application, directly to obtain references
Subject to the requirements of the job, you may also be required to provide proof of your qualifications – you will be asked to attend our offices with original documents, we will take copies.
If we make a final offer, we will also ask you for the following:
- Bank details and national insurance number – to process salary payments
- Emergency contact details – so we know who to contact in case you have an emergency at work
- Date of birth – to process your pension
Recruitment using recruitment agencies/job vacancy boards
In some cases, we will collect data about you from third parties, such as employment agencies, or job vacancy boards. Where we recruit using these methods we will ensure contracts are in place.
Current providers of this service include- Charity job, The guardian, TPP, Morgan Law, charity talent – however providers will be regularly reviewed.
The data collected is as outlined for all job applicants above and held as outlined below.
How long is the information retained for?
If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment. This includes your criminal records declaration, records of any security checks and references.
If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from the closure of the campaign.
Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the campaign.
Equal opportunities information is retained for 6 months following the closure of the campaign whether you are successful or not.
How we make decisions about recruitment
Final recruitment decisions are made by hiring managers and members of our HR team. All of the information gathered during the application process is taken into account.
You are able to ask about decisions made about your application by emailing firstname.lastname@example.org.
We also offer opportunities for people to come and work with us on a secondment or volunteer basis. We accept applications from individuals or from organisations who think they could benefit from their staff working with us.
Applications are sent directly to the IoF. Once we have considered your application, if we are interested in speaking to you further, we’ll contact you using the details you provided.
We might ask you to provide more information about your skills and experience or invite you to an interview.
If we do not have any suitable work or opportunities at the time, we’ll let you know but we might ask you if you would like us to retain your application so that we can proactively contact you about possible opportunities in the future. If you say yes, we will keep your application for 6 months.
If you are seconded to or volunteer for the IoF, you will be expected to adhere to a confidentiality agreement and code of conduct; if you are seconded, these terms will also be agreed with your organisation.
We might also ask you to complete our pre-employment checks which are described in this Notice above. Whether you need to do this will depend on the type of work or volunteering you will be doing for us.
We ask for this information so that we fulfil our obligations to avoid conflicts of interest and to protect the information we hold.
It will be retained for the duration of your secondment or volunteering plus 6 years following the end of your time with us.
Staff records including personal contact details, holiday, sickness, TOIL, appraisals, training, etc.
All employees of the IoF are provided with a secure personal dashboard to manage their everyday HR processes such as personal contact details, holiday, sickness, TOIL, appraisals, training, change of address, next of kin, etc. The IoF use a system called BreatheHR to manage this process.
Line Managers have access to the dashboards of their staff to facilitate administration.
HR staff have access to all dashboards to enable administration.
To enable us to administer the benefits outlined in your terms and conditions of employment we may share your data with benefits suppliers as follows:
Pensions advisor service – currently Secondsight - if you request a meeting with our pensions adviser we provide them with the following data: name, gender, date of birth, NI number, address, start date, annual salary and existing employee and employer contribution rates.
Pension Provider – currently AEGON – As a part of our pension auto-enrolment requirements, in order for your pension contributions to be passed to the pension provider we provide them with the following data: name, gender, date of birth, NI number, address, start date, annual salary, existing employee and employer rates and monthly employee and employer contributions.
Childcare Vouchers Provider - Computershare Voucher Services – for those employees who have elected to participate in our childcare voucher scheme, we will provide them with the following data: name, gender, date of birth, NI number, address, start date, annual salary and tax rate status.
Occupational health provider – currently Companies Health - data shared here is of a sensitive nature and separate consent will be sought from you as and when this support is required.
The IoF tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If we receive a complaint we will make up a file containing details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and check on the level of service we provide.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable in some instances, for example where the complaint is about an action an individual has taken. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in our complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to ‘the need to know’ principle.
If you want to make a complaint about the way we have processed your personal information, you can contact us at email@example.com.
You also have the right to make a complaint to the supervisory body: Information Commissioner’s Office (www.ico.org.uk)
We keep our privacy notice under review and we will place any updates on this web page. This privacy notice was last updated on 25 May 2018.
Please contact us if you have any questions about our privacy notice or information we hold about you:
Institute of Fundraising
13-15 Carteret Street
London SW1H 9DJ
Subject Access Requests and complaints about data usage: firstname.lastname@example.org
For marketing objections: email@example.com
All other enquiries: firstname.lastname@example.org
Call us on 020 7840 1017
The information on this page was last updated on Tuesday, 2 October 2018.