PRIVACY POLICY

1. Who we are  

The Fashion Revolution Foundation is a registered charity in England and Wales (charity number 1173421). We are also a company limited by guarantee (company number 10494997). Registered address is 70 Derby Street, Leek, Staffordshire ST13 5AJ, UK.

Fashion Revolution Community Interest Company (CIC) is a registered company in England and Wales (company number 08988812). Registered address is 70 Derby Street, Leek, Staffordshire ST13 5AJ, UK.

This privacy policy relates to the above parties, hereafter referred to collectively as Fashion Revolution.

Fashion Revolution is committed to protecting your privacy and ensuring that any personal information or data we hold about you is held fairly and securely. Under data protection law, Fashion Revolution is a “data controller”. This means that we have control over the way we process your personal information.

This privacy policy is intended to explain: what personal data we collect about you; when we collect personal data; the purposes for which we use your personal data; and the legal basis or ground we are relying on for each processing activity. We will also explain the security measures we have taken as an organisation to keep your personal data secure. Under data protection law, you as an individual, have rights in relation to the personal data that we hold about you and we will set these out too.

2. What personal data do we collect?

Personal data or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use and store the following personal data about you:

  • Identity Data includes your name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender;
  • Contact Data includes billing address, delivery address, email address, telephone numbers and contact preference;
  • Financial Data includes bank account and payment card details (if you are making a donation);
  • Transaction and Events Data includes details about previous donations, products and services you may have purchased from us and events or activities you register for or attend;
  • Taxpayer Status for claiming GiftAid;
  • Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website;
  • Profile Data includes your username, donations, purchases or orders made by you, your interests, feedback and survey responses;
  • Usage Data includes information about how you use our website, products and services; and
  • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.

We also collect, use and store Aggregated Data when you visit our website or interact with our content. This includes information about the use of our websites, such as which pages users visit most frequently and which services, events and facilities are of most interest. We may also track which pages users visit when they click on links in Fashion Revolution emails. Aggregated Data may be de derived from your personal data but it is not considered personal data in law as this data does not directly or indirectly reveal your identity. 

3. Special Category Data

Special category data is data which is more sensitive and requires more protection. We only collect special category data, with express consent provided from the data subject, related to health, which we legitimately need to have to ensure that we provide appropriate facilities or support to enable participation in our events.

4. When do we collect your personal data?

We use different methods to collect data from and about you and have set these out below.

Direct Interactions

You may give us personal data when you correspond with us by post, phone, email or otherwise to:

  • Purchase products and services;
  • Subscribe to our services or publications;
  • Make a donation to us;
  • Request marketing to be sent to you;
  • Ask a question by phone, email, post or otherwise;
  • Apply for a job or volunteering position;
  • Participate in social media functions on our website e.g. entering a survey; or
  • When you report a problem with our website.

Automated technologies

As you interact on our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy below at para 12) for further details.

Third parties or publicly available sources

We may receive personal data about you from various third parties and public sources as set out below:

Technical Data from analytic providers.

Identity and Contact Data from publicly available sources such as Companies House and the electoral Register based inside the EU.

5. How we use personal data and the legal grounds we rely on.  

We use your personal data for the purposes listed below. For each processing purpose we have set out the legal ground (or basis) we have relied on:

To register you as a subscriber we use your Identity and Contact Data to identify and register you in order to fulfil our legal contractual obligations to you (“Legal Contract Ground”).

To send you publications we use your Identity, Contact and Financial Data in order to deliver publication materials to you and to fulfil our legal contractual obligations to you (“Legal Contract Ground”).

When you make a donation to us we use your Identity, Contact, Financial and Tax Status Data to identify you, for our internal record keeping, claim gift aid and to fulfil our legal contractual obligations to you (“Legal Contract Ground”).

To process your donation we use a third-party processor for processing your donation payment and to process gift aid to receive the tax relief. This enables us to fulfil our legal contractual obligations to you (“Legal Contract Ground”).

To send you marketing materials about our activities and future events we use your Identity, Contact and Marketing and Communications Data to provide you with details of our upcoming fundraising activities and events, which we believe will be of interest to you (“Legitimate Interest Ground”).

To deliver relevant website content to you we use your Identity, Contact, Profile Data and Usage Data. This allows us to tailor our website for your use (“Legitimate Interest Ground”).

To enable you to take part in a survey we use your Identity, Contact, Profile and Marketing and Communications Data to request you to take part in one of our surveys. Completed surveys legitimately help us understand how we can improve our services and information that we provide (“Legitimate Interest Ground”).

To manage our relationship with you we use your Identity, Contact, Profile and Marketing and Communications Data to enable us to notify you about any important administrative messages, changes to our terms or policies, relevant changes in the law (“Legal Obligation Ground”).

To engage you in a personalised way we use your Identity, Contact, Profile Data and sometimes publicly available information. Where we have identified that you may have the capacity or affinity to support Fashion Revolution at a higher level, we may legitimately use the information we hold about you to identify connections between you and our existing circle of supporters (“Legitimate Interest Ground”).

To administer and protect this website we use your Identity, Contact and Technical Data to properly administer our IT services to you and to prevent fraudulent activities (“Legal Obligation Ground”).

If required to do so by law or regulatory obligation we may need to disclose personal data to regulatory bodies (“Legal Obligation Ground”).

Please note, when we are relying on the Legitimate Interest Ground we consider your fundamental rights and freedoms before we process your personal data for our legitimate interests to consider and balance any impact on you (both positive and negative). We do not use your personal data for activities where our interests are overidden by the impact on you (unless we have your consent or are otherwise required or permitted by law) (“Legitimate Interest Assessment“).

For more information about the legal grounds we have relied on to process your personal data please go to www.ico.org.uk.

6. Marketing

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, events and activities may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased goods from us and in each case, you have not opted out of receiving that marketing.

You will also receive marketing communications from us if you have expressly consented to this by opting in to receive marketing materials when you have; made a donation to us; signed our manifesto; or become a subscriber to our website and in each case have not opted out of receiving that marketing.

If you change your mind and no longer wish for us to contact you for marketing purposes please let us know and we will stop contacting you. You can do this at any time by:

  • Unsubscribing to communications using the ‘unsubscribe’ link at the bottom of our emails indicating that you do not wish to receive email updates.
  • Contacting the Fashion Revolution Team by emailing legal@fashionrevolution.org.
  • Writing to us at: Fashion Revolution Team, 70 Derby Street, Leek, Staffordshire ST13 5AJ, UK.

7. Disclosures of your personal data 

We will share your personal data with the following third parties:

  • Payment processor for processing donation payments and claiming gift aid
  • Marketing service providers e.g. MailChimp to manage communications you opt-in to receive from us.
  • HMRC in order to claim GiftAid
  • Suppliers to fulfil orders of goods and products you purchase from us.
  • Customer relationship management systems (e.g. KindLink) to securely manage personal data of our donors and newsletter subscribers.
  • Country Coordinators to provide local news and details of local events to you if you are a subscriber and have opted in to receive marketing materials.

We require our third party service providers to respect the security of your personal data and to comply with data protection law. We do not allow our third-party service providers to use your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our instructions.

We will also share your personal data if we are required to so by law.

8. International transfers

Whenever we need to transfer your personal data outside the European Economic Area (“EEA”) we ensure a similar degree of protection is afforded to it, as it would have in the EEA, by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries
  • Where we use certain service providers, we may use specific contracts approved by the European Commission, which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact the Fashion Revolution Team by emailing legal@fashionrevolution.org if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

9. Data Security

We take appropriate physical, electronic and managerial measures to ensure that we keep your personal data secure, accurate and up to date. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Although we use appropriate security measures once we have received your personal data, the transmission of information over the internet is never completely secure. We do our best to protect personal data, but we cannot guarantee the security of information transmitted to our website, so any transmission is at the user’s own risk.

Any payment card details (such as credit or debit cards) we receive on our website are passed securely to our payment processing provider according to the Payment Card Industry Security Standards.

10. How long will we hold your personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

11. Your data protection rights

If you do not wish us to use your personal data for the purposes outlined above, you can refuse to opt-in on the relevant box on the print or online form on which we collect your data.

You have a right to request a copy of the personal data we hold about you. In some cases we may make a small charge for processing this request.

You can make a complaint or raise a concern about how we process your personal data.

In some circumstances, you have the right to object to our processing of your personal data or to stop us from continuing to make active use of personal data that we retain in our records.

We want to make sure that your personal data is accurate and up to date. You may ask us to correct or remove information that you think is inaccurate.

If you would like to contact us about any data requests described above at para 11. please email us at legal@fashionrevolution.org or write to us at Fashion Revolution, 70 Derby Street, Leek, Staffordshire ST13 5AJ, UK.

For more information about your rights under data protection law please go to www.ico.org.uk

If you are not happy with how we have handled a complaint, you can contact the Office of the Information Commissioner, which oversees the protection of personal data in the UK, or the Fundraising Regulator, which is responsible for overseeing fundraising activities carried out by charities in the UK.

Alternatively, you may choose to contact either the Information Commissioner or the Fundraising Regulator directly about your complaint, regardless of whether you have raised it with us first.

12. Our use of Cookies (“Cookie Policy”)

Our website uses cookies. Cookies are text files that are placed on your computer’s hard drive or mobile device during browsing sessions. Cookies are generated by web servers when you visit a website that uses cookies, such as the Fashion Revolution website.  They are passed to your computer or mobile device and a corresponding file (with the same ID tag) is stored on our Fashion Revolution website.  In this way, cookies can be used to keep track of your movements within a website.

You are not obliged to accept cookies and you can set your browser not to accept cookies.  For further information on how to change your preferences visit; www.aboutcookies.org or www.allaboutcookies.org.  However, if you do so, some of our features may not function as a result.

Some cookies reside on your device for just the time you’re visiting a website. These are called session cookies. Other cookies remain on your device until you delete them or they expire automatically.  These are called persistent cookies. Both types of cookies may be used on our website. Please see below for details of the cookies we use:

  • _gid_ga and _gat_UA-9828579. These cookies are set by Google Analytics.  They collect information about how visitors use our website. We use the information to help us improve our website. The cookies collect information in an anonymous form, including: the number of visitors to the website, where visitors have come to the website from and the pages they visited. For more information about these cookies, please read Google’s overview of privacy and safeguarding data: https://support.google.com/analytics/answer/6004245. These cookies are persistent cookies and expire after: _gid: 24 hours, _ga: 2 years and _gat_UA-9828579: 2 years.
  • __unam and __stid. These cookies are set as part of the ShareThis service and monitor clickstream activity, including: web pages viewed, navigation from page to page, time spent on each page. The ShareThis service personally identifies you only if you have separately signed up with ShareThis for a ShareThis account and given your consent. For more information, please readhttp://sharethis.com/privacy. These cookies are persistent cookies and expire after: __unam: 9 month, __stid: 1 year.
  • cookieconsent_status. This cookie is used to remember if you have accepted the use of cookies on this website. When you accept, a cookie is set which prevents the cookie notifier widget from appearing at the bottom of the browser window again. This cookie is persistent and expires after 1 year.
  • csrftoken. This cookie helps prevent cross-site request forgery (CSRF) attacks. This cookie is persistent and expires after 9 months.

13. Other Websites

Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies before you submit any personal data.

14. Changes to our privacy policy  

Any changes we may make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy. This privacy policy was last updated on 23 May 2018.