By visiting our website, using any of our apps, or responding to social media posts, you are accepting and consenting to the practices described in this notice, so please read it carefully. Any changes we make to this privacy notice will be posted on this page, so remember to check back again if you are a regular user.
You can download a PDF version at the bottom of this page. There is also a glossary in case we use terms you don’t understand.
Updated on 05/11/18
1. Important information about who we are
This website is owned and operated by Barnardo’s (The Charity), who is also the Data Controller.
Barnardo’s is a registered charity (registered in England No. 216250. Registered in Scotland No. SC037605) and a company limited by guarantee (61625 England).
The registered office is:
Barnardo’s Data Protection Officer, Martine King, is responsible for answering any questions you have about this privacy notice. Martine may be contacted at the above address, by email: email@example.com or by phone: 020 8498 7055.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with any concerns you may have before you approach the ICO, so please feel free to contact us first.
Changes to the privacy notice and your duty to inform us of changes
This privacy notice was last updated on 17 May 2018.
It’s important that the personal data that we hold about you is accurate and up to date. Please keep us informed if your personal data changes during the duration of your relationship with us.
We may update this privacy notice from time to time. If we make significant changes we will contact you to confirm that changes have been made.
2. The personal data we collect from you, how we collect it and how we use it
2a. The people who use our children and young people’s services and provide family placement
This section explains what information Barnardo’s collects, keeps and stores about you and/or your family if you receive one of our services, or if you provide care or supported lodgings, and your rights in relation to that information. You may also be given information by your service about the information they keep about you and what happens to it.
What information do we collect?
Barnardo’s holds personal information about you which may include your name, date of birth, address, gender, ethnicity, sexual identity and whether you have a disability, so that we can make sure our services meet your needs. We will also record information about the service provided to you, including case reporting, plans and reviews.
Barnardo’s uses CCTV in some of its services to keep children, young people and staff safe. If you access one of the services where this is the case you will be told about it. We comply with the ICO’s CCTV code of practice.
Why do we collect your information?
Under the General Data Protection Regulation (GDPR), and the UK’s Data Protection Bill, we must have a legal reason to keep your data and process it. When Barnardo’s provides you with a service, we will process your data on the basis of legitimate interest or public task. We do this because we cannot provide a service to you without using your personal information.
Who do we share your information with?
We share your data within Barnardo’s with people who need to see it in order to provide you with a service. We may also share it with the organisation that pays for your service or with external agencies that inspect our work. You will be given a service information leaflet that will provide you with more detail. We may be required to share your data with other agencies for legal reasons, a court order for example, or with other organisations if we believe that you are at risk of harm or may harm someone else.
There may be occasions when we will ask you for consent to use your data, for example to help us inform the public about our work. If this is the case, we will explain to you exactly what your data will be used for. You can withdraw your consent at any time, and wherever possible, any of your data that has been used for publicity purposes will be deleted.
Who is responsible for your data?
The Data Controller is responsible for your data. This may be Barnardo’s or the local authority or agency that funds the service being delivered by Barnardo’s. You can get more information about who the Data Controller is for your data from your service provider.
How long do we keep your data?
Barnardo’s will keep your data for a specified period of time once we have finished working with you. Depending on the nature of the service and our legal obligations this will be a minimum of 6 years but can extend to 100 years for certain types of work. You will be given a service information leaflet which will tell you exactly how long we keep your data and why.
Sometimes Barnardo’s is required to transfer your data to the local authority that has commissioned us to provide your service, or to another organisation providing you with a service. The service information leaflet will give you more details about what will happen to your data.
How can you access your data? (subject access requests)
You may request a copy of the information that Barnardo’s holds about you (see section 6a: The right to access your personal information), but sometimes the local authority that pays for your service might be responsible for providing you with your data. If that’s the case, then the service information leaflet will explain who you should contact.
2b. People who support us
How do we collect your personal information?
We obtain personal information from you when you enquire about our activities, become a service user, send or receive an email, make a donation to us, support a campaign, or ask a question about our services. Sometimes we may obtain your personal information from third-party data suppliers, but only if they provide the appropriate evidence that you have agreed for your personal information to be shared with other organisations.
We also gather general information about the use of our websites such as pages visited and areas that are of most interest to users. We use this information to improve our website and make it a better experience for everyone. For further information see section 2c: Visitors to our website.
Occasionally we obtain publicly available information, such as contact information, or we research information to help us perform due diligence checks to ensure we are not being abused by fraudsters or criminals posing as genuine donors, or to ensure that there are no conflicts of interest from potential supporters or organisations prior to our engagement. We do these checks to help protect Barnardo’s from abuse. For further information see 'How we communicate with you' below.
What information do we collect?
The personal information we collect may include name, address, email address, telephone numbers, date of birth, bank account details (for setting up regular direct debit or payment information), gender and campaign experience (for contacting you in support of our campaigns) and your family relationships (when submitting a family history enquiry). Data protection law recognises that certain categories of personal information are more sensitive. These are known as special categories of data and cover health information, race, religious beliefs and political opinions. We do not usually collect special categories of data about our supporters unless there is a clear reason for doing so, such as participation in a run or walk or similar fundraising event or where we need to ensure we provide the appropriate facilities or support to enable you to participate in an event.
How do we use your data?
We may use your personal information for:
- dealing with your enquiries, requests and complaints
- processing your donations and orders made online or through our shops
- providing you with information about our work activities events and services
- complying with our legal obligations, policies and procedures, for example claiming Gift Aid
- providing and personalising our services
- administering membership records
- fundraising and marketing
- conducting market research
Donating or buying through our retail outlets or online shops
Data collected by our online shops is used to take and fulfil customer orders and to administer and enhance the site and service. If you donate items to one of our retail outlets, and are a UK taxpayer, we may ask your permission to claim Gift Aid on those items. In this case we ask for your name and address.
If you use your credit or debit card to donate to us, buy something, or pay for a registration online or over the phone, we will ensure this is done securely. We do not store your credit or debit card details following the completion of your transaction. All card details are securely destroyed once the payment or donation has been processed. Only staff authorised and trained to process payments can see your card details.
Barnardo’s uses CCTV in some of its retail outlets in order to keep staff and customers safe. We comply with the ICO’s CCTV Code of Practice.
How we communicate with you
Being able to communicate with you is important, as your support will help transform the lives of the UK’s most vulnerable children. We believe in being open, honest and transparent with our supporters and want you to feel comfortable about your decision to give us your personal information and how we use it.
We will use the details you provide to us to communicate with you about how we are transforming the lives of the most vulnerable children across the UK through the work of our services and research expertise. We would also like to tell you how your support is helping and other ways you can help in the future, whether that’s through volunteering, events or fundraising. From time to time we might also send you appeals asking for a donation to help change children’s lives.
We promise that we will only communicate with you in the way you wish us to and we will always respect your privacy. You can change your mind at any time and it's quick and easy to let us know that you no longer want to hear from us by calling the supporter relations team on 0800 008 7005 or emailing us at firstname.lastname@example.org.
We will always respond to your wishes in a sensitive, timely, courteous and professional way.
Please be assured that we will take appropriate measures to keep your personal information safe and secure and we promise not to contact you more than necessary. We will never pass your personal information on to other organisations for them to use for their own marketing purposes.
In certain instances, Barnardo’s collects and uses your personal information by relying on the legitimate interest legal basis. This is because when you, for example, request to receive services or products from us, we have a legitimate organisational interest to use your personal information to respond to you and there is no overriding prejudice to you by using your personal information for this purpose. We will always provide you with the option to opt out of hearing from us. In most instances, however, we will rely on obtaining your consent to use your personal information. For example, where we seek to obtain your consent to receive email marketing from Barnardo’s.
We will only communicate with you in the way you have told us to. For example:
If you have actively provided your consent to us along with your email address and/or mobile phone number, we may contact you for marketing purposes by email or text message. By subscribing to Barnardo’s emails or opting in to email communication from Barnardo’s you grant us the right to use the email address for email marketing.
If you have provided us with your postal address or telephone number, we may send you direct mail or telephone you about our work unless you have told us that you would prefer not to receive such information, or we receive a notification from the Fundraising Preference Service that you have requested to stop marketing communications. We also actively check telephone numbers against the Telephone Preference Service (TPS) and will only make telephone calls to you where your telephone number is listed on the TPS, if you have specifically told us that you do not object to such calls and have consented to receive them from Barnardo’s.
It’s your decision
It is always your decision as to whether you want to receive information about our work, how we raise funds and the ways you can get involved. If you do not want us to use your personal information in these ways, please indicate your preferences on the form on which we collect your data.
You may opt out of our marketing communications at any time by clicking the ‘unsubscribe’ link at the end of our marketing emails or sending us an opt-out text message following the instructions we provide you in our initial text.
You can also change any of your contact preferences at any time, including telling us that you don’t want us to contact you for marketing purposes, by calling the supporter relations team on 0800 008 7005 or emailing us at email@example.com.
We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted by us for such purposes. However, we will retain your details on a suppression list to help ensure that we do not continue to contact you
Personalisation and profiling
We also carry out targeted fundraising and campaign activity to ensure that we are contacting you with the most appropriate communication, which is relevant and timely and will ultimately provide a better experience for you. For example, by providing timely news about our work, letting you know the different ways you can support us and how you can help us to raise funds.
In order to do this, we may also use profiling techniques and engage with insight companies to provide us with general information about you, which you have volunteered around your lifestyle and purchasing habits. This will help us tailor our communication so you hear about the areas of our work that are of most interest to you such as volunteering, events, research, and how your support is helping transform the lives of the most vulnerable children across the UK.
We may also use the personal information that we have gathered about you in the course of our relationship to understand the likelihood of you responding to a fundraising communication from us, potentially donating and in some instances donating or supporting us at a higher level. Because we have a greater understanding of you, this means our communication will hopefully be relevant and of interest to you and in turn it will help us reduce our costs for communication by only communicating with supporters who want to hear from us. To assist us with this work we may use third-party service providers to assist us in this process. For more information on how we work with third parties, see ‘Disclosures’.
You can opt out of your data being used for profiling. However, this may mean that you stop receiving relevant marketing communications from us or they become more generic and less relevant to you as they are no longer based on your interests in our cause. If you do wish to opt out, contact the supporter relations team on 0800 008 7005 or email us at: firstname.lastname@example.org.
We will never pass your personal information on to other organisations for them to use for their own marketing purposes.
However, we may disclose your personal information under the following circumstances:
- To third parties who provide a service to us and are data processors. This would include our trusted partners who work with us in connection with our charitable purposes, and other entities that act as fundraisers for Barnardo’s, sell Barnardo’s products or provide Barnardo’s information and marketing services (subject to your communication preferences and our internal policies and procedures). We require these third parties to comply strictly with our instructions and data protection laws and we will make sure that appropriate controls are in place. We enter into contracts with all our data processors and regularly monitor their activities to ensure they are complying with Barnardo’s policies and procedures.
- Where we are under duty to disclose your personal information in order to comply with law or the disclosure is ‘necessary’ for purposes of national security, taxation and criminal investigation or we have your written consent.
- Where we need to perform due diligence checks to ensure we are not being abused by fraudsters or criminals posing as genuine donors for example money laundering proceeds of crime tax avoidance. We do these checks to help protect Barnardo’s from abuse.
Marketing to children
We are committed to protecting the privacy of the young people who engage with us through our website, fundraising events, marketing materials and communication lists.
Our fundraising events also request specific information about the age of participants. Anyone under the age of 16 must obtain parental or guardian consent before participating in an event organised by Barnardo’s. Children aged 13 and under who want to participate will be required to provide a parent's or guardian’s email address before engaging with us. We will then contact the parent or guardian to ask their permission to communicate with the child.
Vulnerable supporters policy
We are committed to protecting vulnerable supporters. Please refer to our vulnerable person policy.
Keeping your personal information
We keep your personal information for as long as required to operate the service in accordance with legal requirements and tax and accounting rules. Where your information is no longer required, we will ensure it is destroyed in a secure manner.
Our website may contain links to other websites that are outside our control and are not covered by this privacy notice. If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy notice which may differ from ours.
Text to donate
We offer text to donate which is a quick and easy way to donate to Barnardo’s. For further information please see our text to donate terms.
2c. Visitors to our websites
Barnardo’s sometimes send small data files, called cookies, from our websites to your computer, mobile phone or other device. These cookies are then stored on the hard drive of your device. Some of these cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. The data collected is not shared with any third party. The information we get through the use of these cookies is anonymous and we make no attempt to identify you or influence your experience of the site while you are visiting it. If you do not allow these cookies we will not be able to include your anonymous visit in our statistics.
By using this site, you agree that we can place these cookies on your device. We use the following cookies on our site:
- Provide functionality
- Improve performance
- Behavioural advertising
- Embedded content
Font size change (newFontSize)
This cookie simply stores your preference if you have opted to increase/decrease the website's font size. This enables the font size to be standard throughout the site.
Cookie banner (cookieBanner)
This session cookie remembers your acceptance of the cookie banner statement.
These cookies help Barnardo’s to analyse how users use the site.
Here is a more complete explanation of Google Analytics.
Google Tag Manager
Allows Barnardo’s to manage various tags from a central location, providing a robust and efficient management tool to control how tags are fired and defined. Read more about tags on Google.
This cookie is set as soon as you load a page which contains the Hotjar code. The cookie contains a universally unique identifier (UUID) which allows Hotjar to track the same visitor across multiple pages and sessions. This information provides us with a deeper understanding as to how people interact with our website. This allows us to make improvements that make our website easier to use. Find out more on the Hotjar website.
Google Remarketing (interest-based advertising)
This cookie identifies the sites you visit subsequent to visiting www.barnardos.org.uk and allows better and more relevant ads to be displayed to you. You can learn more about and control 3rd party remarketing on youronlinechoices.com.
This cookie collects behavioural data on individuals that have carried out certain actions on this site, e.g., making a purchase. This cookie enables us to understand how users use our sites and to optimise ad campaigns to reach to reach users more likely to be interested in that campaign.
This cookie is used to track and report on performance of our online ad campaigns, helping Barnardo’s to evaluate their effectiveness and optimise media allocation in the future. These cookies collect information in an anonymous format on pages visited by individuals exposed to online advertising activity.
This cookie is used to track and report on performance of our online ad campaigns, helping Barnardo’s to evaluate their effectiveness and optimise media allocation in the future. These cookies collect information in an anonymous format on pages visited by individuals exposed to online advertising activity.
Display Advertising DoubleClick Cookie
This cookie enables the reporting of analytics demographics and interests of users of our www.barnardos.org.uk website. This data includes age, gender or interests based on the users browsing of the Google Display Network and allows Barnardo’s to more carefully target our advertising to your interests – reducing the cost of reaching as many users likely to be interested in an advertising campaign.
Barnardo’s will not use or associate personally identifiable information in relation to its online advertising. Further, Barnardo’s will not use any sensitive information about site visitors for the purposes of advertising.
Facebook Tracking Pixel
Advertiser data is used solely, unless otherwise agreed, for retargeting and data modelling purposes across the individual advertisers activity. We use seat wide data for insight and understanding that is brand anonymous and collected across multiple sources. We never share data or insight for an individual brand with another company unless specifically agreed otherwise.
What data specifically is captured and what data cannot be captured?
Rocket Fuel collects anonymous information such as: anonymous consumer browsing behavior, purchase behaviors, behaviors and interactions on a client’s website, ads viewed and ad interactions and anonymized user IDs, etc. Rocket Fuel does not collect any Personally Identifiable Information (PII).
Is this data shared with parties outside of your organization?
Client’s data will not be shared with any parties outside of our organization.
How is user data that is obtained from tracking pixels/ cookies used by your organization?
The data we collect allows Rocket Fuel to identify patterns that result in better ad selection, resulting in campaign optimization. Our system tests millions of possibilities to predict future positive responses.
In what ways can the code implemented on the website impact user experiences?
When properly implemented, the pixel code should not impact a user’s experience.
How can consumers opt out of data collection from Rocket Fuel?
Rocket Fuel provides enhanced notice to consumers on IBA (interest based advertising) targeted ads via the AdChoices icon. When consumers engage with the AdChoices icon, they receive information regarding how the ad was targeted to them, why behavioural data is collected, and how they can opt-out of future data collection and use, if they so desire. Rocket Fuel is fully licensed and certified by the DAA in the United States, and the EDAA in Europe, to serve the AdChoices icon as a means of providing consumers with enhanced notice. In the event that a client prefers to use a third party to serve the AdChoices icon, Rocket Fuel partners with TRUSTe, which is also fully licensed and certified to serve the AdChoices icon on behalf of Rocket Fuel’s clients.
RadiumOne is an online advertising network that works with publishers around the world buying display advertising space and re-selling it in targeted packages.
Targeted Advertising is displayed (a) on the browsers of devices such as computers laptops tablets or smartphones or (b) inside mobile applications Users benefit from Targeted Advertising by receiving advertisements (“ads”) which are more interesting and relevant than untargeted ads while advertisers benefit through the more efficient delivery of ads to interested Users
Targeted Advertising is based on data that does not personally identify you and is collected from your devices as described below in “What Information We Collect” Data used in Targeted Advertising may range from your (i) interests (ii) similarities to other Users, (iii) general demographic information and (iv) general geographic location This non-personally identifiable information may be used to classify Users who are most likely to respond to an ad We do not intentionally collect information that identifies you (such as your name address phone number or email address) and we prohibit our partners from sharing this information with us
YouTube video, Vimeo video, Facebook buttons, Flickr photos
These cookies enable you to use functions embedded in our site (e.g., playing a YouTube video clip).
You can control and/or delete cookies as you wish or delete cookies installed by the site - for more details, see www.allaboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. To do so you should modify your browser settings, click on the help section of your Internet browser and follow the instructions. However, if you do this, you may have to manually adjust some preferences every time you visit the site and some services and functionalities may not work.
During your visits to our site you may notice some cookies that are not related to Barnardo’s. You should check the third party websites for more information about these.
2d. Job applicants – paid, volunteer and trustee roles
As part of any recruitment process, Barnardo’s collects and processes personal data relating to job applicants. If you apply for a role with Barnardo’s, we will only use the information you supply to us to process your application and to monitor recruitment statistics.
What information do we collect?
We will collect a range of information about you, including:
- your name, address and contact details, including email address and telephone number
- details of your qualifications, skills, experience and employment history
- information about your current salary
- whether or not you have a disability for which we need to make reasonable adjustments during the recruitment process
- information about your entitlement to work in the UK
- equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health, and religion or belief - we will only collect this sensitive information with your explicit consent, which can be withdrawn at any time
How do we collect your personal data?
We collect it in a variety of ways. For example, you may have filled in an application form, or submitted a CV or resume, you may have provided your passport details or other identification documents, or we may have collected it through interviews or other forms of assessment, like online tests.
We may also collect information about you from third parties, such as references supplied by former employers. Barnardo’s will only seek information about you from third parties once we’ve made you an offer. The exception is for roles based in schools which require us to obtain references prior to interview. In all cases the application process will make clear at what point we will be contacting third parties.
Where will we keep your data?
Your personal information will be stored, securely, in several places: on your application record, in our recruitment and selection system, our HR management systems and on other IT systems.
Why do we need your personal data?
We need to process your data in order to enter into a working agreement with you. In some cases we need to process your data to ensure we are complying with our legal obligations, e.g. checking an individual’s right to work in the UK.
We have a legitimate interest in processing your personal data during the recruitment process and for keeping records of the process. It allows us to manage that process, assess and confirm your suitability for the role and decide who to offer a role to. We may also need to process data from job applicants to respond to, and defend against, legal claims. Where we are relying on legitimate interest as a reason for processing data, we have considered whether or not those interests override the rights and freedoms of the applicant and have concluded that they do not.
We process health information if we need to make a reasonable adjustment to the recruitment process for the candidates who have a disability. This is to carry out our obligations and exercise specific rights in relation to employment.
For some roles Barnardo’s is obliged to seek information about criminal convictions and offences. This is necessary to carry out our obligations and exercise specific rights in relation to employment.
Barnardo’s will not use your personal information for any purpose other than the recruitment exercise for which you have applied.
How long will we keep your data?
Personal information about unsuccessful candidates will be held for one year after the recruitment exercise has been completed; it will then be destroyed. The exception to this is in Northern Ireland where we have a legal obligation to retain the data for Fair Employment reporting purposes for three years. Interview notes for all unsuccessful applicants are destroyed after six months. We retain depersonalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
If you set up an account on our online recruitment system, we will hold your data on file until you delete your account, when your data will be deleted and destroyed.
If your application is successful, personal data gathered during the recruitment process will be transferred to your personnel file and will be retained in accordance with our retention policy.
Who has access to your data?
Your information will be shared internally for the purposes of the recruitment exercise. This includes members of the HR (people) and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.
As part of the recruitment process we may need to share your data with third parties in order to conduct any necessary background checks and vetting processes, such as contacting previous employers/referees to obtain a reference; and/or the Disclosure and Barring Service to conduct criminal record checks. As part of the recruitment process, we will make clear to you which checks will be required and at what stage of the process.
What if you don’t provide personal data?
You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide Barnardo’s with the information, we may not be able to process your application properly, or at all.
You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences for your application if you choose not to provide such information.
Automated decision making
Some of Barnardo’s recruitment process is solely based on automated decision-making. For example, when applicants are asked to confirm they have the right to work in the UK; or when applicants confirm that they are not barred from undertaking roles working within regulated activity; or whether the applicant has a clean and valid driving licence where driving is an essential requirement for the role.
If an applicant is unable to fulfil the requirements they will not be able to progress any further with their application. Should an applicant wish to challenge any automated decision within the recruitment process they should contact the recruitment team via email: email@example.com.
2e. Our current and former employees, volunteers and trustees
Barnardo’s collects and processes personal data relating to its staff and volunteers in order to manage the work relationship with you.
What information do we collect?
Barnardo’s collects and processes a range of information about you that is appropriate to the role you perform with us. This will vary depending on whether you are an employed member of staff, casual worker (‘as and when’), volunteer, contractor, agency worker or student, and may include:
- your name, address and contact details, including email address and telephone number, date of birth and gender
- your image if you work in an office, service or store which has CCTV (We comply with the ICO’s CCTV Code of Practice)
- the terms and conditions relating to the work you are doing for Barnardo’s
- details of your qualifications, skills, experience and employment history, including start and end dates with previous employers and with us
- information about your salary, including entitlement to benefits such as pensions or death in service insurance cover
- details of your bank account and national insurance number
- information about your marital status, next of kin, dependents and emergency contacts
- information about your nationality and entitlement to work in the UK
- information about your criminal record
- relevant information if you drive a fleet vehicle, your own vehicle for business purposes or if we hire a car for you
- details of your schedule (days of work and working hours) and attendance at work
- details of periods of leave taken by you, including holiday, sickness absence, family leave and extended leave, and the reasons for the leave
- details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence
- assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence
- information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments
- equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief
How do we collect your personal data?
We collect your information in a variety of ways. For example, you may have filled in an application form, or submitted a CV or resume; you may have provided your passport details or other identity documents; from forms completed by you at the start or during your work with us; from correspondence with you; or through interviews, meetings or other assessments.
We may also collect information about you from third parties, such as recruitment agencies, references supplied by former employers, and information from criminal records checks as permitted by law.
Where will we keep your data?
Your personal information will be stored, securely, in several places: in your personnel file (hard copy and electronic staff file), in our HR management systems and in other IS systems (including Barnardo’s internal network and email system).
Why do we need your personal data?
Barnardo’s needs to process your data to enter into a working relationship with you and to meet our contractual obligations under any agreement with you. For example, if you are an employee we need to process your data to provide you with an employment contract, to pay you in accordance with that contract and to administer any benefits.
In some cases, Barnardo’s needs to process data to ensure that we are complying with our legal obligations. For example, it is required to check a worker’s right to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled. For certain positions, it’s necessary to carry out criminal records checks to ensure that individuals are permitted to carry out the role in question.
In other cases, Barnardo’s has a legitimate interest in processing personal data before, during and after the end of the working relationship. Processing staff data allows the organisation to:
- run recruitment and talent management processes
- maintain accurate and up-to-date staff records and contact details (including details of who to contact in the event of an emergency), and records of contractual and statutory rights
- operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace
- operate and keep a record of employee performance and related processes and workforce management processes
- operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay and other benefits to which they are entitled
- obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law, and ensure that workers are receiving the sick pay or other benefits to which they are entitled
- operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave) to allow effective workforce management, to ensure that Barnardo’s complies with duties in relation to leave entitlement, and to ensure that workers are receiving pay or other benefits to which they are entitled
- ensure effective general HR and business administration
- provide references on request for current or former employees
- respond to and defend against legal claims
- comply with our statutory and regulatory obligations
- maintain and promote equality, diversity and inclusion in the workplace
Where Barnardo’s is relying on legitimate interest as a reason for processing employee data, we have considered whether, by collecting the data, the charity is overriding the rights and freedoms of our employees and workers and has concluded that we are not.
Some special categories of personal data, such as information about health or medical conditions, are processed to carry out employment law obligations (such as those in relation to employees with disabilities and for health and safety purposes). Information about trade union membership is processed to allow Barnardo’s to operate check-off for union subscriptions (where this is processed through payroll).
Where we process other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring.
Who has access to the data?
Your information will be shared internally, including with members of the people team (including payroll), the finance team (including the pensions team), properties and facilities team (for security and insurance purpose), your line manager, managers in the business area in which you work and any other members of staff for whom access to the data is necessary for the performance of their roles.
Barnardo’s shares your data with third parties in order to obtain pre-employment references from other employers and, if applicable to your role, to obtain necessary criminal records checks from the Disclosure and Barring Service, Disclosure Scotland and AccessNI. Barnardo’s may also share your data with third parties in the context of TUPE transfers. In those circumstances the data will be subject to confidentiality arrangements. The services we provide to children and young people are subject to external regulation, so if you work in a service your personal data will be shared with inspectors, and commissioned service data may be shared with the commissioner.
Barnardo’s also shares your data with third parties that process data on our behalf, in connection with payroll, the provision of benefits, the provision of occupational health services, and the off-site archiving of personal data once you have left Barnardo’s employment.
Barnardo’s may transfer your data to countries outside the European Economic Area – see ‘Where we store and process your information’ section below.
How long will we keep your data?
Barnardo’s will hold your personal data for the duration of your working relationship with us. After the end of your working relationship with us, due to the nature of the work that Barnardo’s carries out, and in order to meet our safeguarding commitments, we may hold some of your data until your 75th birthday depending on your role.
3. Working with third parties
Barnardo’s will never sell your personal data. However, we may share your information with third parties in order to provide services to you. Your data may be accessible to some of the IT support companies who manage our business critical systems, however, this is only for the purposes of supporting our IT systems and is strictly governed by our contractual arrangements with them.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions. Some of our partners run their operations outside of the EEA (European Economic Area) and this may include countries who have different data protection laws. We will always take steps to make sure appropriate protections are in place (in accordance with UK data protection law) and that information is safeguarded.
Except for these specific cases listed below, we won’t share financial information with third parties without your specific consent unless required to do so by law. By donating or making a purchase from our websites you are consenting to your financial and/or personal information being passed to any third-party organisations necessary to process your transactions with Barnardo’s, such as credit card companies, banks and the companies that handle shipping on our behalf. We will also share your data with HMRC if you give us permission to claim Gift Aid on your donation.
We can share your personal information with:
- any member of our group, which means the registered charity, its holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
selected third parties, including:
business partners, suppliers and subcontractors for the performance of any contract we enter into with them, including:
- providers of our online shops and fundraising pages, advocacy, email marketing, and events
- our customer relationship management systems
- archive and storage systems
- commissioners, printers, fulfilment houses, photographers, videographers, creative designers, creative agencies, and online survey providers
- insurers, solicitors, brokers, loss adjusters, managing agents and landlords
- benefits providers and criminal records check processors
- business partners, suppliers and subcontractors for the performance of any contract we enter into with them, including:
- analytics and search engine providers that assist us in the improvement and optimisation of our site
- a prospective seller or buyer of our business or assets in the event we sell or buy any such business or assets, including where Barnardo’s or substantially all of its assets are acquired by a third party, in which case personal data will be one of the transferred assets
- for employees, payroll agencies, HMRC, pension, insurance companies.and statutory bodies, where regulated to do so by law
- we will keep your personal information confidential, and where we provide it to other third parties we will only do so under contract, on conditions of confidentiality and security, and only for the purposes for which you have provided your information to us
4. How do we keep your data safe?
We take the security of your personal information very seriously. We have internal policies, controls and appropriate data collection, storage and processing practices and security measures in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
We work hard to make sure that our security procedures do the job they are designed to do and any communications between you and our websites are protected by encryption (this means that communications are turned into codes that only Barnardo’s websites can understand, which stops unauthorised people seeing them). We work closely with industry-leading technical partners to make sure that all your personal information, including payment data, is safe and secure.
We use strict procedures and ISO 27000 security-compliant features to prevent unauthorised access to or loss of data from our systems. However, we cannot guarantee the security of data that you transmit to our websites and therefore any transmission to us is at your own risk.
Please be aware that any personal information you choose to post on the public areas of our websites can be read, collected, or used by other users and could be used to send you unsolicited messages. We are not responsible for the personal information you choose to make public. In addition, we are not responsible for the content you publicly post on the site that can be found via web-based search engines.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the site, you are responsible for keeping this password confidential. We ask you not to share that password with anyone.
5. How we store and process your information
The information that we collect from you may be transferred to, and stored in, a location outside of the United Kingdom, but only where we are satisfied that it has an adequate level of protection. It may also be processed by staff operating in these locations who work for us or for our service providers. This includes staff engaged in, among other things, the hosting of the site and the provision of support services. By submitting your personal information, you agree to this transfer, storing or processing. Barnardo’s will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this privacy notice.
6. Your legal rights
Under the General Data Protection Regulation (GDPR), you have the following rights:
a. the right to be informed
b. the right to access your personal information
c. the right to edit and update your personal information
d. the right to request to have your personal information deleted
e. the right to restrict processing of your personal information
f. the right to data portability
g. the right to object - including automated decision making and profiling
h. the right to lodge a complaint with a supervisory authority
If you wish to exercise your rights, please contact us, providing as much information as possible about the nature of your contact with us to help us locate your records. Any changes you have requested may take 30 days before they take effect.
6a. The right to be informed.
You have the right to be informed about the data we hold and share about you. This will be
described to you in the service specific information leaflet if you are a service user or through your
line manager if you are a member of staff or a volunteer or through our privacy notice above.
6b. The right to access your personal information
You have a right to access your personal data. By making a subject access request to Barnardo’s you can find out what personal data we hold about you, why we hold it and who we disclose it to. You must make a subject access request in writing, and include proof of your identity – you can download a standard form from this website to help make the process quicker and easier.
Or write to:
Data Protection Officer
Once we have received your request, and verified your identity, we will respond within 30 days.
6c. The right to edit and update your personal information
The accuracy of your personal information is important to us. You can edit your personal information including your address and contact details at any time.
6d. The right to request to have your personal information deleted
You have the right to request the deletion of your personal information which we will review on a case-by-case basis.
6e. The right to restrict processing of your personal information
You have the right to ‘block’ or suppress processing of your personal data. However, we will continue to store your data but not further process it. We do this by retaining just enough of your personal information so we can ensure that the restriction is respected in the future. Please note, this is not an absolute right and only applies in certain circumstances.
6f. The right to data portability
You have the right to get your personal data from us in a way that is accessible and machinereadable,
for example as a csv file. You also have the right to ask us to transfer data you have provided us with to another organisation where technically feasible.
6g. The right to object - including automated decision making and profiling
You have the right to object to your personal information being processed for marketing (including profiling) and for research purposes. From the very first communication from us and every marketing communication we send after you will have the right to object to marketing.
Alternatively, you can exercise this right by contacting the supporter relations team below. Please address requests to:
Supporter relations team
Barnardo’s Tanners Lane Ilford
Or email firstname.lastname@example.org
If we process your personal information for the exercise or defence of legal claims, or we can demonstrate compelling grounds that override your rights and freedoms we may not be able to fulfil your request. However, we will contact you to discuss further.
6h. Your right to lodge a complaint with a supervisory authority
If you wish to lodge a complaint or seek advice from a supervisory authority please contact:
The Office of the Information Commissioner
Cheshire SK9 5AF
Tel: +44 (0) 01625 545 745
Anonymization is the process of either encrypting or removing personally identifiable information from data sets, so that the people who the data describe remain unknown or anonymous.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to, eg, The Children’s Act, Care Leaver’s Act, as well as regulatory requirements under CQC and other quality bodies.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes.
The Data Controller is the organisation that is responsible for your personal data. They are required to keep it secure, make decisions about what happens to your data and are accountable if it’s lost or not kept confidential.
The Data Processor is the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Encryption is the method by which plain text or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key. Encryption is one of the most important methods for providing data security, especially for end-to-end protection of data transmitted across networks.
General Data Protection Regulation (GDPR) is the 2018 legal framework that sets guidelines for the collection and processing of personal information of individuals in the European Union (EU).
Legitimate business interests legal basis means the interests of our company in conducting and managing our business to enable us to give you the best service/products and the best and most secure experience. For example, we have an interest in making sure our marketing is relevant to you, so we may process your information to send you marketing that is tailored to your interests. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s economic situation, personal preferences, interests and location.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to the data subject without the use of additional information. The additional information must be kept separately.
Public task legal basis means we can rely on this lawful basis as we need to process personal data ‘in the exercise of official authority’. This covers public functions and powers that are set out in law; or to perform a specific task in the public interest that is set out in law.
Service information leaflet provides detailed information of the data that is processed by individual children’s services and business lines services, which is given to the data subject or their parents along with the children’s services privacy notice.
Special category data means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Subject access request is your right to get a copy of the information that is held about you.
Suppression list is a list that contains mailing or email addresses that you want to permanently exclude from future mailings or emails we send.
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor or persons who, under the direct authority of the controller or processor, are authorised to process personal data.