Privacy policy

We update this policy periodically. Last updated: October 2023

2. Our commitment to your privacy 

We are committed to protecting your privacy and security.

This policy explains how and why we use your personal data, to ensure you remain informed and in control of your information.

We apply this policy to anyone that the we come into contact with, including members, volunteers, the general public, professional contacts.

Any references to Norfolk Wildlife Trust, the Trust, or to ‘we’ or ‘us’ refer to:
  • Norfolk Wildlife Trust. We are a registered charity in England and Wales, and our registered charity number is 208734.
  • Norfolk Wildlife Enterprises Limited, our charitable trading company; registered company number 6472165. The company is a wholly owned subsidiary of Norfolk Wildlife Trust, which Gift Aids it’s profits to the Trust.
  • Norfolk Wildlife Services Limited, our charitable consultancy, registered company number 3957785. The company is a wholly owned subsidiary of Norfolk Wildlife Trust, which Gift Aids it’s profits to the Trust.
  • NWT local members’ groups, and the NWT 250 Club, which are affiliated with Norfolk Wildlife Trust. They are part of the Trust legally and comply with our policies.
We use three key definitions to describe people mentioned in this policy. These are definitions used by the Information Commissioner’s Office (ICO), the UK’s independent body set up to uphold information rights (www.ico.org.uk)
  • ‘Data subject’: this is you, the individual whose data we may hold and we respect your right to control your data.
  • ‘Data controller’: this is us, Norfolk Wildlife Trust. With your permission, we determine why and how your personal data is used (as outlined in this policy).
  • ‘Data processor’: this is a person, or organisation, who processes your data on our behalf. For example, this might be a mailing house who sends your membership magazine to you for us or the shredding company which destroys unwanted paperwork when required. In all cases such data transfers are via secure means and with a Data Processor Agreement in place where applicable.
The third parties such as those above that we work with at no point ‘own’ your data, so you will never hear from them independently and they will always delete your data from their systems when they have completed the task in hand.

We will never sell your personal data.

When we would share personal data with third parties:
Data may be shared between parts of the Norfolk Wildlife Trust group. Data Sharing Agreements between the Trust and its subsidiaries are in place which set out the specific details of when and how this can happen, and how we ensure that data is kept secure at all times and kept confidential within the group.

We use other providers to help us deliver some services. For example:
  • Membership or donation card payments online are handled by Worldpay
  • Joining by Direct Debit is hosted by Formstack
  • Event and car park bookings are handled by Eventbrite
  • Your regular Tern membership mailing is packed and posted by a mailing house on our behalf
In all such cases a Data Processing Agreement is either initiated by NWT with the provider or set out by the provider within the terms and conditions of us using their service.

Data may only be shared with any other third party:
  •  In order for the Trust to comply with a legal duty. In such cases we will notify you of our actions wherever possible.
  • With your consent. This may be the case in collaborative projects such as collecting biodiversity records for the use of the Trust and the Norfolk Biodiversity Information Service; or collecting data for a project funder. The data sharing will always be clearly and transparently communicated to anyone participating in the project so that consent may be freely given.
Back to top

3. Why do we collect your personal data?

We use your personal data to provide our services and keep in touch with you.

We will only ever collect, store and use your personal data when we have an identified reason to do so. The ICO refers to this as a ‘lawful basis’ such as
  • Contractual: making sure you get your membership benefits is an example of such a “contract.”
  • To comply with a legal duty;
  • To protect your vital interests;
  • For our own (or a legitimate third party’s) lawful interests, provided your rights don’t override these.
In any event, we’ll only use your information for the purpose or purposes it was collected for.
 

a) Members:

We collect your personal data to administer your membership, which may involve:
  • Sending you your membership welcome pack when you first join us
  • Processing your Direct Debit subscription payments, if you have arranged this with us
  • Sending you your membership renewal letter
  • Getting in touch should there ever be any issues processing your subscription payment
i)  Joint or multiple adult membership
If you are a ‘joint’ or a ‘multiple adults’ member of our Wildlife Trust, we will address communications to the two primary adults listed on the membership. If you wish to update this at any point, please let us know.
ii)  Gift membership
If your Wildlife Trust membership was purchased as a gift, we will use the address provided by the purchaser to send you information about our work in the post. Unless the purchaser asked up to contact them regarding renewal, this will include a ‘renewal letter’, which we will send you when your membership is due to expire, to see if you would like to continue supporting us.  
iii)  When your membership has ended
Unless we hear from you directly, after your expiry date we may continue to send you our usual regular information about our work for up to 2 months after your membership has ended. This is to give you and us time to process your renewal in case it is delayed for any reason, or in case your support was cancelled accidentally.

This membership administration has the lawful basis of being ‘contractual.’

See also section (d) below.
 

b) People purchasing services, items or bookings for events and parking:

We collect your personal data to send or provide you:
  • items you have purchased e.g. retail
  • services you have purchased e.g. ecological surveys
  • events you have booked e.g. Walks and talks
  • Car parking services you have booked
Online event and car parking bookings are handled by Eventbrite. To read Eventbrite's Privacy Policy please visit: Eventbrite Privacy Policy | Eventbrite Help Centre

This has the lawful basis of being ‘contractual.’
 

c) 250 Club ticket holders:

We collect your personal data to administer your subscription, which may involve sending you:
  • your application pack when you first apply
  • your 250 club lottery ticket
  • an annual confirmation letter of prize draws
  • prizes if you win
  • Processing your Standing Order subscription payments, if you have set this payment process up with us
  • Getting in touch should there ever be any issues processing your subscription payment
This has the lawful basis of being ‘contractual.’
 

d) Members & other financial supporters:

We also collect your personal data so that we can send you information about our work that we feel will be of interest to you.

Members will receive our seasonal postal Tern magazine mailing containing information about events & other activities. You can opt out of the postal Tern mailings if you prefer not to receive them.

We would also like to communicate with members and supporters about all the things we do to save wildlife, and how you can help. This may include information about:
  • our charity, campaigns and conservation work;
  • our role in educating the public in conservation of the natural environment;
  • volunteering opportunities and how you can help protect wildlife;
  • appeals and fundraising;
  • our events, activities and local groups;
  • products, services and offers (our own, and those of third parties which may interest you);
  • leaving a legacy;
  • petitions and campaigns;
  • taking part in projects
This information is in addition to sections a-c above and is defined as ‘direct marketing’ by the ICO.

We use two different lawful bases for processing your data for ‘direct marketing’ purposes:

i)  Legitimate interest
This is where we have identified a legitimate reason for contacting you, which still does not override your rights or interests. It applies to:

All Members: We will send information about how to support our work such as appeals and campaigns by post, unless you have requested not to receive postal mailings other than your membership magazine. This includes stand-alone communication about events, appeals, and campaigns such as volunteer recruitment or petitions.

Long-standing members and donors, who first supported us using ‘opt-out’ style consent forms: We will continue to send you any postal stand-alone marketing items, such as fundraising appeals, from which you have not opted-out so that you continue to receive the same service as you have always done.

ii)  Opt-in consent
This is where you have given us express permission to contact you by particular communication channels.

You will have been given the opportunity to actively opt-in to additional mailings that you wish to receive. This includes our monthly e-newsletter and additional stand-alone communication about events, appeals, and campaigns such as volunteer recruitment or petitions.

We use opt-in consent to send you the information listed above by email and/or phone as per your preferences.

Segmentation
For some fundraising appeal campaigns, events invitations and volunteer campaigns, we will only distribute mailings to those members and supporters who have:
  • donated to fundraising appeals in the past, or
  • live in a particular geographical location, or
  • are known to have interests in a particular area of our work (for example land acquisitions, environmental education or species conservation)
If we do contact any of the above we will use other data that we hold to do so i.e: a member/supporter’s: This will involve an additional processing procedure using data from the member’s / supporter’s:
  • financial history with our organisation,
  • postcode, or
  • stated interests
By doing so we will ensure that we will only send appropriate fund raising appeals to those who are interested in them.

Amending your marketing preferences
You can update the ways we get in touch with you at any time. Please visit www.norfolkwildlifetrust.org.uk/preferences to do so or contact us at the office.
 

e) Volunteers: To enable you to volunteer with us

If you are a Norfolk Wildlife Trust volunteer, we collect your personal data so that we can keep in touch with you about:
  • changes to planned volunteer work programmes that you may be taking part in
  • dedicated volunteer thank-you events and training opportunities
  • current campaigns and engagement which you may wish to get involved with
  • the positive impact you have on our work, by sending you our NWT monthly e-newsletter and occasional volunteer newsletters
As defined by the ICO, the lawful basis for processing your data for these purposes is ‘contractual’ (where administering your volunteer record) and ‘legitimate interest’ (when sending you information about our work and wider campaigns and engagement).

If you are volunteering for a funded project, we will ask for your consent to provide your name to the project funder as part of project assessment.
 

f) Other contacts who we communicate with on a regular or one-off basis

We also collect and use the personal data of individuals who:
  • Are County Wildlife Site or other land owners;
  • Graze animals on our nature reserves;
  • Are license-holders for activity on our sites;
  • Are tenants or neighbours of our sites;
  • Are contractors or consultants with whom we work;
  • Visit our nature reserves and complete a feedback survey;
  • Are job or volunteer applicants;
  • Make enquiries or submit information to our Wildlife information service and photograph gallery;
  • May have contact with us for a one-off reason such as a complaint or accident on one of our sites
We will only send you information which we believe is relevant to you. We will not send you any direct marketing mailings without your consent unless you are a business or community contact also covered by (g) or (h) below.

As defined by the ICO, the lawful basis for processing your data for these purposes is usually ‘contractual’ but may vary depending on the nature of your engagement with us.


g) Business to Business marketing

We also collect details of selected companies and organisations for the purposes of marketing our consultancy services, commercial services, educational activities and Investors in Wildlife corporate membership. This information may include details of companies with whom we already work, or be taken from sources in the public domain.

In some cases, this information is also provided directly to us by contacts wishing to join our Norfolk Wildlife Services consultancy mailing list.

This activity is defined as ‘direct marketing’ by the ICO.

In carrying this out, we adhere to the principles of GDPR and, in the case of email or telephone marketing, the PECR. Further information can be found here

As defined by the ICO, the lawful basis for processing organisations’ data for these purposes is ‘legitimate interest.’ As per the law, sole traders will only receive marketing information by email if opt-in consent has been given.

In all cases, you can opt out and we will keep a suppression list to ensure we do not contact you again.

 

h) Community groups & other charities

We also collect details of community groups, parish councils and other charities with whom we wish to collaborate. This information may be given to us by individuals representing these groups, or be taken from sources in the public domain where we feel that these groups would be interested to hear from us for mutual benefit.

This activity is defined as ‘direct marketing’ by the ICO.
As defined by the ICO, the lawful basis for processing organisations’ data for these purposes is ‘legitimate interest.’

In all cases, you can opt out and we will keep a suppression list to ensure we do not contact you again.
 

i) Event participants appearing in photographs

Staff or volunteers may be tasked with taking photographs at NWT nature reserves or events. These images may be used in a range of contexts such as internal reports, reports for funders, website and social media posts, and on publicity materials and leaflets. It is usually not practical to ask every individual who appears in photographs for their consent, and so in the majority of cases, as defined by the ICO the lawful basis for processing individuals' data for these purposes is 'legitimate interest.'

If your child is under 18 then we'll need permission from you (as their parent or guardian) to photograph the child. The photos (taken by NWT or their school) will be used to promote the work of the Trust and/or to promote and evaluate funded projects. In this case the lawful basis is 'consent.'
 

j) Covid-19 Test and Trace

For the health and safety of our visitors, volunteers and staff, we have in place a system to collect the name and contact details of everyone who enters a Trust premises, to support the NHS Test & Trace scheme. This information will be used to enable NHS Test & Trace to contact you should you have been in the premises at the same time as someone who has tested positive for Covid-19.

We will only share your data when it is requested directly by NHS Test & Trace. This will only be in the unlikely event that there is a cluster of Covid-19 cases linked to a Trust premises. Information will be transferred securely to NHS Test & Trace who will use the data to contact trace those who were in the premises at the same time as the positive case, and will provide guidance and support to those who may be advised to self-isolate.

Along with the date and time of your arrival and departure, we will collect the following personal data if applicable:

  • name
  • telephone number (if available)
  • email address

The data will be destroyed securely after 21 days.

Currently there is no legal requirement to collect the data, and so if you participate in the scheme the legal basis for the data collection is your consent.

For more information please visit the NHS Test & Trace information page at www.gov.uk
 

Back to top

4. What kind of personal data do we collect? How do we collect it?

a) Basic information

We will usually collect basic information about you, including your name, postal address, telephone number and email address.

If you wish us to collect a card payment or Direct Debit payments, or if we are paying you for a service, we will also collect your banking details.

Except in the case of gifts bought by a third party, and some business to business marketing, we collect this data from you directly. Sometimes this is in person; other times, it is over the telephone, in writing or through an online form.
 

b) Getting to know you better

We also collect information about you that helps us to get to know you better. This may include:
  • information about your wildlife interests, which you tell us through our Membership Surveys
  • records of donations you’ve made towards fundraising appeals
  • your preferences of how you would like us to contact you
  • ways you’ve helped us through volunteering your time
  • records of events you’ve attended, or campaigns or activities that you’ve been involved in
Sometimes we will collect other information about you such as your date of birth and gender. When we do so, we will be very clear as to why we are collecting such information, and we will only do so with your specific permission.

Internal data analysis
We analyse data from our supporters, donors and volunteers, to determine the success of campaigns and appeals, better understand behaviour and responses and identify patterns and trends. This helps inform our work and makes the Trust a stronger and more effective organisation. Understanding our supporters, their interests and what they care about also helps us provide a better experience e.g. through more relevant communications.

NWT complies with relevant legislation to protect the rights of the individual including how we handle our donors’ data; and is aware of the particular rights of vulnerable adults in relation to individual giving.

Due diligence in researching individuals
i.    Internal data analysis
We analyse data from our supporters, donors and volunteers to determine the success of campaigns and appeals to help us better understand our supporters, identify trends and to help us determine what is most important to them in our work.  By doing so, we will provide a better experience e.g. through more relevant communications.

ii.   Prospect Research in Major Donor Fundraising
When conducting, presenting and storing prospect research NWT
  • does not use unethical methods to obtain prospect research information
  • avoids personal prejudice and bias
  • accepts responsibility for our actions within the fundraising process
  • is honest and transparent with regard to their purpose and their identity
  • complies with legislation including GDPR as to the data held.
Please know that NWT does not undertake any wealth screening in relation to individuals or prospective donors.

Profiling
We may conduct analysis of supporters by group, postcode or particular area to ensure that any campaigns or mailings are sent to those who will be most interested or likely to respond. This helps us to target our fundraising and spend our campaign funds more effectively.

On occasion, we may carry out research to determine whether an individual may be a potential major donor. In doing this, we may use up to date additional information from third party sources such as internet search engines, Companies House; biographies published on a corporate website and publicly available profiles.

We collect information that may include career overview; history of giving to our charity and how the individual is connected with NWT; public information on any philanthropic activities; a top-line check on any ethical concerns and a check to see whether an individual is registered with the telephone preference service (TPS) or fundraising preference service (FPS) or is otherwise on a 'do not contact' list.

We endeavour to make sure that such research and data collection that we do is only conducted using freely available public sources where an individual would in our view have reasonable expectation that their information may be read by the public or has freely made information available in respect of their business and/or philanthropic interests.

We do not seek to gather information where it is reasonable to conclude that an individual has made an effort to keep that information confidential or that they would reasonably expect such information about them to be private, such as information regarding family life on social networks or revealing personal relationships that exist outside the business world.

We always seek to ensure that any research or profiling is done in a way that does not unreasonably intrude on an individual's privacy whilst protecting the reputation of the Trust.

We do not hold prospect data longer than one month without making contact.

Keeping Prospect Research Ethical

We also endeavour to make sure that in accordance with fair and lawful processing requirements under the DPA and GDPR, individuals are made aware of the purposes for which we may collect and process their personal data at the earliest reasonable opportunity.

Appropriate due diligence policies
Any information we gather relating to a potential donor must be obtained to confirm that the donor is appropriate to the Trust and its Environmental Ethics policy i.e. to ensure that the donation is appropriate to the charitable objects and NWT business strategy.

NWT Trustees are responsible for assessing and managing risks to their charity’s activities, beneficiaries, property, work and reputation.

Money Laundering and adverse publicity about a donor are examples of how a charity could be exposed to criminal liability and suffer reputational damage.

We apply due diligence as per our environmental ethics policy is i.e. that where required, SMT, the CEO and the Trustees be notified of a potential donation or donor that could cause a risk to the Trust and its reputation.

iii)  Anonymised data
We may combine and anonymise personal data so that it can no longer be linked to any particular person. This information can be used for a variety of purposes, such as help recruiting new supporters, or to identify trends or patterns within our existing supporter base. This information helps inform our actions and improve our campaigns, products/services and materials.

 

c) Sensitive personal data

We do not normally collect or store sensitive personal data (such as information relating to race and ethnicity, health, beliefs or political affiliation) about supporters and members. However, there are some situations where this will occur.

When we do so, we will be very clear as to why we are collecting such information, and we will only do so with your specific consent and permission. In these situations, we collect the data from you directly.

If you are a volunteer then we may collect extra information about you, for example:
  • references
  • criminal records checks
  • details of emergency contacts
  • medical conditions
We may also collect sensitive personal data if you have an accident on one of our reserves. This information will be retained for legal reasons, for safeguarding purposes and to protect us (including in the event of an insurance or legal claim). If this does occur, we’ll take extra care to ensure your privacy rights are protected.
 

d) Children (under 18)

Some of our services are aimed specifically at young people (for example our Wildlife Watch membership and events) and to deliver these services safely we need to collect data.

In line with data protection law, we will not collect, store or process your personal details if you are under 13 years of age; unless we have the express permission from your parent or guardian to do so. We won’t use young people’s personal data for marketing purposes and we won’t profile it.

Children attending our events must be accompanied by an adult.

Photographs: If your child is under 18 then we'll need permission from you (as their parent or guardian) to photograph the child. The photos (taken by NWT or their school) will be used to promote the work of the Trust and/or to promote and evaluate funded projects.

Young Volunteers: The personal data of young volunteers is only passed to us by the parent or guardian/s and with a signed consent form.

A new Safeguarding Vulnerable People policy is currently being written and will be available soon. Please contact us if you wish to see our current version.
 

e) Cookies on our website and other related technology

Our website uses ‘cookies’ to help provide you with the best experience we can. A cookie is a small file which asks permission to be placed on your computer or mobile device. If you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual.

Our cookies help us:
  • Make our website work as you'd expect
  • Remember your settings during and between visits
  • Improve the speed/security of the site
  • Allow you to share pages with social networks like Facebook
  • Continuously improve our website for you
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of our website.

Our email newsletters use a 'clear image' (gif) to track the results of the campaign. If you wish to turn off the tracking, you can do so by opening the email in your browser.
 

f) Potential customers for consultancy or commercial services

We also collect details of selected companies and organisations for the purposes of marketing our consultancy services, commercial services, educational activities and Investors in Wildlife corporate membership. This information may include details of organisations with whom we already work, or be taken from sources in the public domain.

In some cases, this information is also provided directly to us by contacts wishing to join our Norfolk Wildlife Services consultancy mailing list.

No details other than name, address, telephone number and/or email address would be held and processed.

When carrying out direct marketing we adhere to the principles of GDPR and, in the case of email or telephone marketing, the PECR. Further information can be found here.

In all cases, you can opt out and we will keep a suppression list to ensure we do not contact you again.

 

g) Third parties

We do not purchase contact details from any third party.

We sometimes receive personal data about individuals from third parties. For example, if we are partnering with another organisation (e.g. you provide your information to another charity we’re collaborating with on a conservation project).

Your information may be shared with us by independent third parties when you have indicated that you wish to support the Trust with your consent (for example, Justgiving). You should check their Privacy Policy when you provide your information to understand fully how they will process your data.

We may collect information from social media where you have given us permission to do so, or if you post on one of our social media pages.

Back to top

5. How do we store your data?

a) Security

All of the personal data we hold is processed by our staff in the UK. However, for the purposes of IT hosting and maintenance your information may be situated outside of the European Economic Area (EEA). This will be done in accordance with guidance issued by the Information Commissioner’s Office.

Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.

b) Payment security

All electronic Norfolk Wildlife Trust forms that request financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.

If you use a credit or debit card to donate, purchase a membership or purchase something online or by telephone we will pass your card details securely to our payment provider.

Norfolk Wildlife Trust complies with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council.

Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk.

c) CCTV, security monitoring & surveillance

Some of our premises have CCTV and you may be recorded when you visit them. CCTV is there to help provide security and to protect both you and Norfolk Wildlife Trust. CCTV will only be viewed when necessary (e.g. to detect or prevent crime) and footage is only stored temporarily. Unless it is flagged for review CCTV will be recorded over.

Norfolk Wildlife Trust complies with the Information Commissioner’s Office CCTV Code of Practice, and we put up notices, so you know when CCTV is in use.

From time to time we receive information about suspicious activity or activity which contravenes our policies (such as dog walking on sites with clear No Dogs policies).

This information will only be retained when necessary (e.g. to detect or prevent crime). If we intend to make use of such information we will let the individual know that we have their data. More information can be found here.


d) Data retention policy

We will only use and store information for as long as it required for the purposes it was collected for. We continually review what information we hold, and delete what is no longer required.

For further information, please contact us for information details of our Data Retention schedules.

Back to top

6. Your rights

We respect your right to control your data. Your rights include:

a) The right to be informed
This privacy notice outlines how we capture, store and use your data. If you have any questions about any elements of this policy, please contact us.

b) The right of access
If you wish to obtain a record of the personal data we hold about you, through a Subject Access Request, we will respond within one month.

c) The right to rectification
If we have captured information about you that is inaccurate or incomplete, we will update it.

d) The right to erase
You can ask us to remove or randomise your personal details from our records.

e) The right to restrict processing
You can ask us to stop using your personal data.

f) The right to data portability
You can ask to obtain your personal data from us for your own purposes.

g) The right to object
You can ask to be excluded from marketing activity.

h) Rights in relation to automated decision making and profiling
We respect your right not to be subject to a decision that is based on automated processing.  

For more information on your individual rights, please see the Information Commissioner’s Office.

Back to top

7. Making a complaint

Norfolk Wildlife Trust want to exceed your expectation in everything we do. However, we know that there may be times when we do not meet our own high standards. When this happens, we want to hear about it, in order to deal with the situation as quickly as possible and put measures in place to stop it happening again.

We take complaints very seriously and we treat them as an opportunity to develop our approach. This is why we are always very grateful to hear from people who are willing to take the time to help us improve.

For further information, please see our Complaints Policy

Confidentiality
All complaint information will be handled sensitively, in line with relevant data protection requirements.

Responsibility
Overall responsibility for this policy and its implementation lies with our Chief Executive and Board of Trustees.

The Regulator: Information Commissioner’s Office
For further assistance with complaints regarding your data, please contact the Information Commissioner’s Office, whose remit covers the UK.
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF

Telephone: 0303 123 1113
Email: [email protected]

Back to top

8. Leaving our website

We are not responsible for the privacy practices or the content of any other websites linked to our website. If you have followed a link from this website to another website you may be supplying information to a third party.

9. Get in touch

Should you wish to find out more about the information we hold about you, or about our privacy policy, please contact us:
Data Protection Enquiries
Telephone: 01603 625540
Email: [email protected]
Bewick House, 22 Thorpe Road, Norwich, NR1 1RY

Our office hours are Monday – Friday, 9am – 5pm

10. Our commitment to safeguarding

Download our safeguarding commitment statement

   Safeguarding-Commitment-Statement - Download   
Show more +
We update this policy periodically.
Last updated: October 2023
Back to top