Privacy Policy

Welcome to Barnardo’s and thank you for reading our Privacy Notice. We are the UK’s largest
children’s charity, supporting over 272,000 children and their families through more than 900
services nationwide.
Barnardo’s respects your privacy and is committed to protecting your personal data and being
transparent about how we collect and use your data. We will comply with any data protection
legislation currently in force. This Privacy Notice, together with our Terms of Use, explains how we
use any personal information that you provide or which is provided to us by third parties.
By visiting our website, using any of our apps, or responding to social media posts, you are accepting
and consenting to the practices described in this Notice, so please read it carefully. Any changes we
make to this Privacy Notice will be posted on this page, so remember to check back again if you are a
regular user.
There is also a Glossary in case we use terms that you don’t understand.
1 Important Information about who we are
2 The personal data we collect from you, how we collect and how we use it:
a. People who use our services or provide family placement
b. People who support us
c. Visitors to our websites
d. Job applicants
e. Our current and former employees, volunteers and trustees
3 Working with Third Parties
4 How we keep your data safe
5 Where we store and process your information
6 Your legal rights (including your right to request a copy of your data)
7 Glossary
1 Important Information about who we are
This website is owned and operated by Barnardo’s (The Charity), who is also the Data Controller.
Barnardo’s is a registered charity (registered in England No. 216250. Registered in Scotland No.
SC037605) and a company limited by guarantee (61625 England).
The registered office is:
Barnardo’s
Tanners Lane
Barkingside
Ilford
Essex
IG6 1QG
Barnardo’s Data Protection Officer (DPO), Martine King, is responsible for answering any questions
you have about this Privacy Notice. Martine may be contacted at the above address, by email:
dpo@barnardos.org.uk or by phone: 020 8498 7055
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO),
the UK’s supervisory authority for data protection issues (www.ico.org.uk). We would, however,
appreciate the chance to deal with any concerns you may have before you approach the ICO, so
please feel free to contact us first.
Changes to the Privacy Notice and your duty to inform us of changes
This Privacy Notice was last updated on 17th May 2018.
It’s important that the personal data that we hold about you is accurate and up-to-date. Please keep
us informed if your personal data changes during the duration of your relationship with us.
We may update this Privacy Notice from time to time. If we make significant changes we will
contact you to confirm that changes have been made.
2 The personal data we collect from you, how we collect it and how we use it
2a People who use our Children & Young People’s Services and provide family placement
This section explains what information Barnardo’s collects, keeps and stores about you and/or your
family if you receive one of our services, or if you provide care or supported lodgings, and your rights
in relation to that information. You may also be given information by your service about the
information they keep about you and what happens to it. Further information is available in the
Service Information Leaflet.
What information do we collect?
Barnardo’s holds personal information about you which may include your name, date of birth,
address, gender, ethnicity, sexual identity and whether you have a disability, so that we can make
sure our services meet your needs. We will also record information about the service provided to
you, including case reporting, plans and reviews.
Barnardo’s uses CCTV in some of its services to keep children, young people and staff safe. If you
access one of the services where this is the case you will be told about it. We comply with the ICO’s
CCTV Code of Practice.
Why do we collect your information?
Under the General Data Protection Regulation (GDPR), and the UK’s Data Protection Bill, we must
have a legal reason to keep your data and process it. When Barnardo’s provides you with a service,
we will process your data under legitimate interest or public task. We do this because we cannot
provide a service to you without using your personal information.
Who do we share your information with?
We share your data within Barnardo’s with people who need to see it in order to provide you with a
service. We may also share it with the organisation that pays for your service or with external
agencies that inspect our work. You will be given a Service Information Leaflet that will provide you
more detail. We may be required to share your data with other agencies for legal reasons, a court
order for example, or with other organisations if we believe that you are at risk of harm or may harm
someone else.
There may be occasions when we will ask you for consent to use your data, for example; to help us
inform the public about our work. If this is the case, we will explain to you exactly what your data
will be used for. You can withdraw your consent at any time, and wherever possible, any of your
data that has been used for publicity purposes will be deleted.
Who is responsible for your data?
The Data Controller is responsible for your data. This may be Barnardo’s or the local authority or
agency that funds the service being delivered by Barnardo’s. You can get more information about
who the Data Controller is for your data from your service provider.
How long do we keep your data?
Barnardo’s will keep your data for a specified period of time once we have finished working with
you. Depending on the nature of the service and our legal obligations this will be a minimum of 6
years but can extend to 100 years for certain types of work. You will be given a Service Information
Leaflet which will tell you exactly how long we keep your data and why.
Sometimes Barnardo’s is required to transfer your data to the local authority who have
commissioned us to provide your service, or to another organisation providing you with a service.
The Service Information Leaflet will give you more details about what will happen to your data.
How can you access your data? (Subject Access Requests)
You may request a copy of the information that Barnardo’s holds about you (see The Right to access
your personal information), but sometimes the local authority that pays for your service might be
responsible for providing you with your data. If that’s the case, then the Service Information Leaflet
will explain who you should contact.
2b People who support us
How do we collect your personal information?
We obtain personal information from you when you enquire about our activities, become a service
user, send or receive an email, make a donation to us, support a campaign, or ask a question about
our services. Sometimes we may obtain your personal information from third party data suppliers,
but only if they provide the appropriate evidence that you have agreed for your personal
information to be shared with other organisations.
We also gather general information about the use of our websites such as pages visited and areas
that are of most interest to users. We use this information to improve our website and make it a
better experience for everyone. For further information please see section 2c “Visitors to our
website”
Occasionally we obtain publicly available information, such as contact information, or we research
information to help us perform due diligence checks to ensure we are not being abused by
fraudsters or criminals posing as genuine donors, or to ensure that there are no conflicts of interest
from potential supporters or organisations prior to our engagement. We do these checks to help
protect Barnardo’s from abuse. For further information around this please see the How we
communicate with you section below.
What information do we collect?
The personal information we collect may include name, address, email address, telephone numbers,
date of birth, bank account details (for setting up regular direct debit or payment information),
gender and campaign experience (for contacting you in support of our campaigns) and your family
relationships (when submitting a family history enquiry). Data Protection Law recognises that certain
categories of personal information are more sensitive. These are known as special categories of data
and cover health information, race, religious beliefs and political opinions. We do not usually collect
special categories of data about our supporters unless there is a clear reason for doing so such as
participation in a run or walk or similar fundraising event or where we need to ensure we provide
the appropriate facilities or support to enable you to participate in an event.
How do we use your data?
We may use your personal information for:
• Dealing with your enquiries, requests and complaints
• Processing your donations and orders made online or through our shops
• Providing you with information about our work activities events and services
• Complying with our legal obligations policies and procedures, for example claiming Gift Aid
• Providing and personalising our services
• Administering membership records
• Fundraising and marketing
• Conducting market research
Donating or buying through our retail outlets or online shops
How do we use your data?
Data collected by our online shops is used to take and fulfil customer orders and to administer and
enhance the site and service. If you donate items to one of our retail outlets, and are a UK tax
payer, we may ask your permission to claim Gift Aid on those items. In this case we ask for your
name and address.
If you use your credit or debit card to donate to us, buy something, or pay for a registration online or
over the phone, we will ensure this is done securely. We do not store your credit or debit card
details following the completion of your transaction. All card details are securely destroyed once the
payment or donation has been processed. Only staff authorised and trained to process payments
can see your card details.
Barnardo’s uses CCTV in some of its retail outlets in order to keep staff and customers safe. We
comply with the ICO’s CCTV Code of Practice.
How we communicate with you
Being able to communicate with you is important, as your support will help transform the lives of
the UK’s most vulnerable children. We believe in being open, honest and transparent with our
supporters and want you to feel comfortable about your decision to give us your personal
information and how we use it.
We will use the details you provide to us to communicate with you about how we are transforming
the lives of the most vulnerable children across the UK through the work of our services and
research expertise. We would also like to tell you how your support is helping and other ways you
can help in the future, whether that’s through volunteering, events or fundraising. From time to time
we might also send you appeals asking for a donation to help change children’s lives.
We promise that we will only communicate with you in the way you wish us to and we will always
respect your privacy. You can change your mind at any time and its quick and easy to let us know
that you no longer want to hear from us by calling:
The Supporter Relations Team on 0800 008 7005
or emailing us at supporterrelations@barnardos.org.uk.
We will always respond to your wishes in a sensitive, timely, courteous and professional way.
Please be assured that we will take appropriate measures to keep your personal information safe
and secure and we promise not to contact you more than necessary. We will never pass your
personal information on to other organisations for them to use for their own marketing purposes.
In certain instances, Barnardo’s collect and use your personal information by relying on the
legitimate interest legal basis. This is because when you, for example, request to receive services or
products from us, we have a legitimate organisational interest to use your personal information to
respond to you and there is no overriding prejudice to you by using your personal information for
this purpose. We will always provide you with the option to opt-out of hearing from us. In most
instances, however, we will rely on obtaining your consent to use your personal information. For
example; where we seek to obtain your consent to receive email marketing from Barnardo’s.
We will only communicate to you in the way you have told us to. For example:
Email/text marketing
If you have actively provided your consent to us along with your email address and/or mobile phone
number, we may contact you for marketing purposes by email or text message. By subscribing to
Barnardo’s emails or opting in to email communication from Barnardo’s you grant us the right to use
the email address for email marketing.
Post/telephone marketing
If you have provided us with your postal address or telephone number, we may send you direct mail
or telephone you about our work unless you have told us that you would prefer not to receive such
information, or we receive a notification from the Fundraising Preference Service that you have
requested to stop marketing communications. We also actively check telephone numbers against
the Telephone Preference Service (TPS) and will only make telephone calls to you where your
telephone number is listed on the TPS, if you have specifically told us that you do not object to such
calls and have consented to receive them from Barnardo’s.
It’s your decision
It is always your decision as to whether you want to receive information about our work, how we
raise funds and the ways you can get involved. If you do not want us to use your personal
information in these ways, please indicate your preferences on the form on which we collect your
data.
You may opt-out of our marketing communications at any time by clicking the ‘unsubscribe’ link at
the end of our marketing emails or sending us an “opt-out” text message following the instructions
we provide you in our initial text.
You can also change any of your contact preferences at any time, including telling us that you don’t
want us to contact you for marketing purposes, by calling:
The Supporter Relations Team on 0800 008 7005
Or emailing us at supporterrelations@barnardos.org.uk.
We will not use your personal information for marketing purposes if you have indicated that you do
not wish to be contacted by us for such purposes. However, we will retain your details on a
suppression list to help ensure that we do not continue to contact you
Personalisation and profiling
We also carry out targeted fundraising and campaign activity to ensure that we are contacting you
with the most appropriate communication, which is relevant and timely and will ultimately provide a
better experience for you. For example, by providing timely news about our work, letting you know
the different ways you can support us and how you can help us to raise funds.
In order to do this, we may also use profiling techniques and engage with insight companies to
provide us with general information about you, which you have volunteered around your lifestyle
and purchasing habits. This will help us tailor our communication so you hear about the areas of our
work that are of most interest to you, ie, volunteering, events, and research and how your support is
helping transform the lives of the most vulnerable children across the UK.
We may also use the personal information that we have gathered about you in the course of our
relationship to understand the likelihood of you responding to a fundraising communication from us,
potentially donating and in some instances donating or supporting us at a higher level. Because we
have a greater understanding of you, this means our communication will hopefully be relevant and
of interest to you and in turn it will help us reduce our costs for communication by only
communicating with supporters that want to hear from us. To assist us with this work we may use
third-party service providers to assist us in this process. For more information on how we work with
third parties, please see ‘Disclosures’.
You can opt out of your data being used for profiling. However, this may mean that you stop
receiving relevant marketing communications from us or they become more generic and less
relevant to you as they are no longer based on your interests in our cause. If you do wish to opt-out
please contact:
The Supporter Relations Team on 0800 008 7005
Or email us at: supporterrelations@barnardos.org.uk
Disclosures
We will never pass your personal information on to other organisations for them to use for their
own marketing purposes.
However, we may disclose your personal information under the following circumstances:
• To third parties who provide a service to us and are data processors. This would include our
trusted partners that work with us in connection with our charitable purposes, and other entities
that act as fundraisers for Barnardo’s, sell Barnardo’s products or provide Barnardo’s
information and marketing services (subject to your communication preferences and our
internal policies and procedures). We require these third parties to comply strictly with our
instructions and Data Protection Laws and we will make sure that appropriate controls are in
place. We enter into contracts with all our data processors and regularly monitor their activities
to ensure they are complying with Barnardo’s policies and procedures.
• Where we are under duty to disclose your personal information in order to comply with law or
the disclosure is ‘necessary’ for purposes of national security, taxation and criminal investigation
or we have your written consent.
• Where we need to perform due diligence checks to ensure we are not being abused by
fraudsters or criminals posing as genuine donors for example money laundering proceeds of
crime tax avoidance. We do these checks to help protect Barnardo’s from abuse.
Marketing to Children
We are committed to protecting the privacy of the young people that engage with us through our
website, fundraising events, marketing materials and communication lists.
Our fundraising events also request specific information about the age of participants. Anyone under
the age of 16 must obtain parental or guardian consent before participating in an event organised by
Barnardo’s. Children aged 13 and under who want to participate will be required to provide a
parent or guardian’s email address before engaging with us. We will then contact the parent or
guardian to ask their permission to communicate with the child.
Vulnerable Supporters Policy
We are committed to protecting vulnerable supporters. Please refer to our Vulnerable Supporters’
Policy.
Keeping your personal information
We keep your personal information for as long as required to operate the service in accordance with
legal requirements and tax and accounting rules. Where your information is no longer required, we
will ensure it is destroyed in a secure manner.
Other websites
Our website may contain links to other websites that are outside our control and are not covered by
this Privacy Notice. If you access other sites using the links provided, the operators of these sites
may collect information from you that will be used by them in accordance with their privacy notice
which may differ from ours.
Text to Donate
We offer text to donate which is a quick and easy way to donate to Barnardo’s. For further
information please see our text to donate terms and conditions.
2c Visitors to our websites
Barnardo’s sometimes send small data files, called cookies, from our websites to your computer,
mobile phone or other device. These cookies are then stored on the hard drive of your device. Some
of these cookies allow us to count visits and traffic sources so we can measure and improve the
performance of our site. They help us to know which pages are the most and least popular and see
how visitors move around the site. The data collected is not shared with any third party. The
information we get through the use of these cookies is anonymous and we make no attempt to
identify you or influence your experience of the site while you are visiting it. If you do not allow
these cookies we will not be able to include your anonymous visit in our statistics.
We use cookies on our shopping site to keep track of the contents of your shopping cart, to store
delivery addresses if the address book is used and to store your details if you select the ‘Remember
Me’ option. They are also used after you have logged on as part of that process.
You can control and/or delete cookies as you wish or delete cookies installed by the site – for more
details, see www.allaboutcookies.org. You can delete all cookies that are already on your computer
and you can set most browsers to prevent them from being placed. To do so you should modify your
browser settings, click on the help section of your Internet browser and follow the instructions.
However, if you do this, you may have to manually adjust some preferences every time you visit the
site and some services and functionalities may not work.
During your visits to our site you may notice some cookies that are not related to Barnardo’s. You
should check the third party websites for more information about these.
2d Job applicants – Paid, Volunteer and Trustee Roles
As part of any recruitment process, Barnardo’s collects and processes personal data relating to job
applicants. If you apply for a role with Barnardo’s, we will only use the information you supply to us
to process your application and to monitor recruitment statistics.
What information do we collect?
We will collect a range of information about you, including:
• Your name, address and contact details, including email address and telephone number;
• Details of your qualifications, skills, experience and employment history;
• Information about your current salary;
• Whether or not you have a disability for which we need to make reasonable adjustments
during the recruitment process;
• Information about your entitlement to work in the UK; and
• Equal opportunities monitoring information, including information about your ethnic origin,
sexual orientation, health, and religion or belief. We will only collect this sensitive
information with your explicit consent, which can be withdrawn at any time.
How do we collect your personal data?
We collect it in a variety of ways. For example, you may have filled in an application form, or
submitted a CV or resume, you may have provided your passport details or other identification
documents, or we may have collected it through interviews or other forms of assessment, like online
tests.
We may also collect information about you from third parties, such as references supplied by former
employers. Barnardo’s will only seek information about you from third parties once we’ve made you
an offer. The exception is for roles based in schools which require us to obtain references prior to
interview. In all cases the application process will make clear at what point we will be contacting
third parties.
Where will we keep your data?
Your personal information will be stored, securely, in several places: on your application record, in
our Recruitment and Selection system, our HR management systems and on other IT systems.
Why do we need your personal data?
We need to process your data in order to enter into a working agreement with you. In some cases
we need to process your data to ensure we are complying with our legal obligations, eg checking an
individual’s right to work in the UK.
We have a legitimate interest in processing your personal data during the recruitment process and
for keeping records of the process. It allows us to manage that process, assess and confirm your
suitability for the role and decide who to offer a role to. We may also need to process data from job
applicants to respond to, and defend against, legal claims. Where we are relying on legitimate
interest as a reason for processing data, we have considered whether or not those interests override
the rights and freedoms of the applicant and have concluded that they do not.
We process health information if we need to make a reasonable adjustment to the recruitment
process for the candidates who have a disability. This is to carry out our obligations and exercise
specific rights in relation to employment.
For some roles Barnardo’s is obliged to seek information about criminal convictions and offences.
This is necessary to carry out our obligations and exercise specific rights in relation to employment.
Barnardo’s will not use your personal information for any purpose other than the recruitment
exercise for which you have applied.
How long will we keep your data?
Personal information about unsuccessful candidates will be held for one year after the recruitment
exercise has been completed, it will then be destroyed. The exception to this is in Northern Ireland
where we have a legal obligation to retain the data for Fair Employment reporting purposes for
three years. Interview notes for all unsuccessful applicants are destroyed after six months. We
retain de-personalised statistical information about applicants to help inform our recruitment
activities, but no individuals are identifiable from that data.
If you set up an account on our online recruitment system, we will hold your data on file until you
delete your account, when your data will be deleted and destroyed.
If your application is successful, personal data gathered during the recruitment process will be
transferred to your personnel file and will be retained in accordance with our retention policy
Who has access to your data?
Your information will be shared internally for the purposes of the recruitment exercise. This
includes members of the HR (People) and recruitment team, interviewers involved in the
recruitment process, managers in the business area with a vacancy and IT staff if access to the data
is necessary for the performance of their roles.
As part of the recruitment process we may need to share your data with third parties in order to
conduct any necessary background checks and vetting processes, such as contacting previous
employers/referees to obtain a reference; and/or the Disclosure and Barring Service to conduct
criminal l record checks. As part of the recruitment process, we will make clear to you which checks
will be required and at what stage of the process.
What if you don’t provide personal data?
You are under no statutory or contractual obligation to provide data to us during the recruitment
process. However, if you do not provide Barnardo’s with the information, we may not be able to
process your application properly, or at all.
You are under no obligation to provide information for equal opportunities monitoring purposes and
there are no consequences for your application if you choose not to provide such information.
Automated decision making
Some of Barnardo’s recruitment process is solely based on automated decision-making. For
example, when applicants are asked to confirm they have the right to work in the UK; or when
applicants confirm that they are not barred from undertaking roles working within regulated activity;
or whether the applicant has a clean and valid driving licence where driving is an essential
requirement for the role.
If an applicant is unable to fulfil the requirements they will not be able to progress any further with
their application. Should an applicant wish to challenge any automated decision within the
recruitment process they should contact the recruitment team via email:
recruitment.support@barnardos.org.uk
2e Our current and former employees, volunteers and trustees
Barnardo’s collects and processes personal data relating to its staff and volunteers in order to
manage the work relationship with you.
What information do we collect?
Barnardo’s collects and processes a range of information about you that is appropriate to the role
you perform with us. This will vary depending on whether you are an employed member of staff,
casual worker (‘As and When’), volunteer, contractor, agency worker or student and may include:
• Your name, address and contact details, including email address and telephone number,
date of birth and gender;
• Your image if you work in an office, service or store which has CCTV (We comply with the
ICO’s CCTV Code of Practice).
• The terms and conditions relating to the work you are doing for Barnardo’s;
• Details of your qualifications, skills, experience and employment history, including start and
end dates with previous employers and with us;
• Information about your salary, including entitlement to benefits such as pensions or death in
service insurance cover;
• Details of your bank account and national insurance number;
• Information about your marital status, next of kin, dependents and emergency contacts;
• Information about your nationality and entitlement to work in the UK;
• Information about your criminal record;
• Relevant information if you drive a fleet vehicle, your own vehicle for business purposes or if
we hire a car for you;
• Details of your schedule (days of work and working hours) and attendance at work;
• Details of periods of leave taken by you, including holiday, sickness absence, family leave
and extended leave, and the reasons for the leave;
• Details of any disciplinary or grievance procedures in which you have been involved,
including any warnings issued to you and related correspondence;
• Assessments of your performance, including appraisals, performance reviews and ratings,
training you have participated in, performance improvement plans and related
correspondence;
• Information about medical or health conditions, including whether or not you have a
disability for which the organisation needs to make reasonable adjustments and
• Equal opportunities monitoring information, including information about your ethnic origin,
sexual orientation, health and religion or belief.
How do we collect your personal data?
We collect your information in a variety of ways. For example, you may have filled in an application
form, or submitted a CV or resume; you may have provided your passport details or other identity
documents; from forms completed by you at the start or during your work with us; from
correspondence with you; or through interviews, meetings or other assessments.
We may also collect information about you from third parties, such as recruitment agencies,
references supplied by former employers, and information from criminal records checks as
permitted by law.
Where will we keep your data?
Your personal information will be stored, securely, in several places: in your personnel file (hard
copy and electronic staff file), in our HR management systems and in other IS systems (including
Barnardo’s internal network and email system).
Why do we need your personal data?
Barnardo’s needs to process your data to enter into a working relationship with you and to meet our
contractual obligations under any agreement with you. For example, if you are an employee we
need to process your data to provide you with an employment contract, to pay you in accordance
with that contract and to administer any benefits.
In some cases, Barnardo’s needs to process data to ensure that we are complying with our legal
obligations. For example, it is required to check a worker’s right to work in the UK, to deduct tax, to
comply with health and safety laws and to enable employees to take periods of leave to which they
are entitled. For certain positions, it’s necessary to carry out criminal records checks to ensure that
individuals are permitted to carry out the role in question.
In other cases, Barnardo’s has a legitimate interest in processing personal data before, during and
after the end of the working relationship. Processing staff data allows the organisation to:
• Run recruitment and talent management processes;
• Maintain accurate and up-to-date staff records and contact details (including details of who
to contact in the event of an emergency), and records of contractual and statutory rights;
• Operate and keep a record of disciplinary and grievance processes, to ensure acceptable
conduct within the workplace;
• Operate and keep a record of employee performance and related processes and workforce
management processes;
• Operate and keep a record of absence and absence management procedures, to allow
effective workforce management and ensure that employees are receiving the pay and
other benefits to which they are entitled;
• Obtain occupational health advice, to ensure that it complies with duties in relation to
individuals with disabilities, meet its obligations under health and safety law, and ensure
that workers are receiving the sick pay or other benefits to which they are entitled;
• Operate and keep a record of other types of leave (including maternity, paternity, adoption,
parental and shared parental leave), to allow effective workforce management, to ensure
that Barnardo’s complies with duties in relation to leave entitlement, and to ensure that
workers are receiving pay or other benefits to which they are entitled;
• Ensure effective general HR and business administration;
• Provide references on request for current or former employees;
• Respond to and defend against legal claims;
• Comply with our statutory and regulatory obligations and
• Maintain and promote equality, diversity and inclusion in the workplace.
Where Barnardo’s is relying on legitimate interest as a reason for processing employee data, we
have considered whether, by collecting the data, the charity is over-riding the rights and freedoms of
our employees and workers and has concluded that we are not.
Some special categories of personal data, such as information about health or medical conditions,
are processed to carry out employment law obligations (such as those in relation to employees with
disabilities and for health and safety purposes). Information about trade union membership is
processed to allow Barnardo’s to operate check-off for union subscriptions (where this is processed
through payroll).
Where we process other special categories of personal data, such as information about ethnic origin,
sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities
monitoring.
Who has access to the data?
Your information will be shared internally, including with members of the People Team (including
payroll), the Finance Team (including the Pensions Team), Properties and Facilities Team (for security
and insurance purpose), your line manager, managers in the business area in which you work and
any other members of staff for whom access to the data is necessary for the performance of their
roles.
Barnardo’s shares your data with third parties in order to obtain pre-employment references from
other employers and, if applicable to your role, to obtain necessary criminal records checks from the
Disclosure and Barring Service, Disclosure Scotland and AccessNI. Barnardo’s may also share your
data with third parties in the context of TUPE transfers. In those circumstances the data will be
subject to confidentiality arrangements. The services we provide to children and young people are
subject to external regulation, so if you work in a service your personal data will be shared with
inspectors, and commissioned service data may be shared with the commissioner.
Barnardo’s also shares your data with third parties that process data on our behalf, in connection
with payroll, the provision of benefits, the provision of occupational health services, and the off-site
archiving of personal data once you have left Barnardo’s employment.
Barnardo’s may transfer your data to countries outside the European Economic Area – see ‘Where
we store and process your information’ section below..
How long will we keep your data?
Barnardo’s will hold your personal data for the duration of your working relationship with us. After
the end of your working relationship with us, due to the nature of the work that Barnardo’s carries
out, and in order to meet our safeguarding commitments, we may hold some of your data until your
75th birthday depending on your role.
3 Working with Third Parties
Barnardo’s will never sell your personal data, however we may share your information with third
parties in order to provide services to you. Your data may be accessible to some of the IT support
companies who manage our business critical systems, however, this is only for the purposes of
supporting our IT systems and is strictly governed by our contractual arrangements with them.
We require all third parties to respect the security of your personal information and to treat it in
accordance with the law. We do not allow our third-party service providers to use your personal
information for their own purposes and only permit them to process your personal information for
specified purposes and in accordance with our instructions. Some of our partners run their
operations outside of the EEA (European Economic Area) and this may include countries who have
different Data Protection Laws. We will always take steps to make sure appropriate protections are
in place (in accordance with UK Data Protection Law) and that information is safeguarded.
Except for these specific cases listed below, we won’t share financial information with third parties
without your specific consent unless required to do so by law. By donating or making a purchase
from our websites you are consenting to your financial and/or personal information being passed to
any third party organisations necessary to process your transactions with Barnardo’s, such as credit
card companies, banks and the companies that handle shipping on our behalf. We will also share
your data with HMRC if you give us permission to claim Gift Aid on your donation.
We can share your personal information with:
• any member of our group, which means the registered charity, its holding company and its
subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
• selected third parties, including:

  • Business partners, suppliers and sub-contractors for the performance of any contract we
    enter into with them, including:
    o Providers of our online shops and fundraising pages, advocacy, email marketing,
    and events;
    o Our Customer Relationship Management systems;
    o Archive and storage systems;
    o Commissioners, printers, fulfilment houses, photographers, videographers,
    creative designers, creative agencies, and online survey providers
    o Insurers, solicitors, brokers, loss adjusters, managing agents and landlords
    o Benefits providers and Criminal Records Check processors;
  • Analytics and search engine providers that assist us in the improvement and
    optimisation of our site;
  • Where we are under a duty to disclose or share your personal information in order to
    comply with any legal obligations, or in order to enforce or apply our Terms of Use and
    other agreements; or to protect the rights, property, or safety of Barnardo’s, our donors,
    beneficiaries or others. This includes exchanging information with other companies and
    organisations for the purposes of fraud protection and credit risk reduction
  • A prospective seller or buyer of our business or assets in the event we sell or buy any
    such business or assets, including where Barnardo’s or substantially all of its assets are
    acquired by a third party, in which case personal data will be one of the transferred
    assets
  • for employees, payroll agencies, HMRC, pension, insurance companies.and statutory
    bodies, where regulated to do so by law
    We will keep your personal information confidential, and where we provide it to other third parties
    we will only do so under contract, on conditions of confidentiality and security, and only for the
    purposes for which you have provided your information to us.
    Third Party Websites
    Our websites may contain links to third party websites. This policy only applies to this site so if you
    follow a link to a third party site, please make sure you read the privacy policy on that site. We do
    not accept any responsibility for third party sites.
    4 How do we keep your data safe?
    We take the security of your personal information very seriously. We have internal policies, controls
    and appropriate data collection, storage and processing practices and security measures in place to
    ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed
    except by our employees in the proper performance of their duties.
    We work hard to make sure that our security procedures do the job they are designed to do and any
    communications between you and our websites are protected by encryption (this means that
    communications are turned into codes that only Barnardo’s websites can understand, which stops
    unauthorised people seeing them). We work closely with industry leading technical partners to make
    sure that all your personal information, including payment data, is safe and secure.
    We use strict procedures and ISO 27000 security compliant features to prevent unauthorised access
    to or loss of data from our systems, however, we cannot guarantee the security of data that you
    transmit to our websites and therefore any transmission to us is at your own risk.
    Please be aware that any personal information you choose to post on the public areas of our
    websites can be read, collected, or used by other users and could be used to send you unsolicited
    messages. We are not responsible for the personal information you choose to make public. In
    addition, we are not responsible for the content you publicly post on the site that can be found via
    web-based search engines.
    Where we have given you (or where you have chosen) a password which enables you to access
    certain parts of the site, you are responsible for keeping this password confidential. We ask you not
    to share that password with anyone.
    5 Where we store and process your information
    The information that we collect from you may be transferred to, and stored in, a location outside of
    the United Kingdom, but only where we are satisfied that it has an adequate level of protection. It
    may also be processed by staff operating in these locations who work for us or for our service
    providers. This includes staff engaged in, among other things, the hosting of the site and the
    provision of support services. By submitting your personal information, you agree to this transfer,
    storing or processing. Barnardo’s will take all steps reasonably necessary to ensure that your
    information is treated securely and in accordance with this Privacy Notice.
    6 Your legal rights
    Under the General Data Protection Regulation (GDPR), you have the following rights:
    a. the right to be informed
    b. the right to access your personal information
    c. the right to edit and update your personal information
    d. the right to request to have your personal information deleted
    e. the right to restrict processing of your personal information
    f. the right to data portability
    g. the right to object- including automated decision making and profiling
    h. the right to lodge a complaint with a supervisory authority
    If you wish to exercise your rights, please contact us, providing as much information as possible
    about the nature of your contact with us to help us locate your records. Any changes you have
    requested may take 30 days before they take effect.
    6a. The right to be informed.
    You have the right to be informed about the data we hold and share about you. This will be
    described to you in the service specific information leaflet if you are a service user or through your
    line manager if you are a member of staff or a volunteer or through our privacy notice above.
    6b. The right to access your personal information
    You have a right to access your personal data. By making a subject access request to Barnardo’s you
    can find out what personal data we hold about you, why we hold it and who we disclose it to. You
    must make a subject access request in writing and include proof of your identity – you can download
    a standard form from this website to help make the process quicker and easier.
    Email: dpo@barnardos.org.uk
    Or write to:
    Martine King
    Data Protection Officer
    Barnardo’s
    Tanners Lane
    Barkingside
    Ilford
    Essex
    IG6 1QG
    Once we have received your request, and verified your identity, we will respond within 30 days.
    6c. The right to edit and update your personal information
    The accuracy of your personal information is important to us. You can edit your personal information
    including your address and contact details at any time.
    6d. The right to request to have your personal information deleted
    You have the right to request the deletion of your personal information which we will review on a
    case-by-case basis.
    6e. The right to restrict processing of your personal information
    You have the right to ‘block’ or suppress processing of your personal data. However, we will
    continue to store your data but not further process it. We do this by retaining just enough of your
    personal information so we can ensure that the restriction is respected in the future. Please note,
    this is not an absolute right and only applies in certain circumstances.
    6f. The right to data portability
    You have the right to get your personal data from us in a way that is accessible and machinereadable, for example as a csv file. You also have the right to ask us to transfer data you have
    provided us with to another organisation where technically feasible.
    6g. The right to object
    You have the right to object to your personal information being processed for marketing (including
    automated decision making and profiling) and for research purposes. From the very first
    communication from us and every marketing communication we send after you will have the right to
    object to marketing.
    Alternatively, you can exercise this right by contacting the supporter relations team below. Please
    address requests to:
    Supporter relations team
    Barnardo’s Tanners Lane Ilford
    Essex
    1G6 1QG
    Or email supporterrelations@barnardos.org.uk
    If we process your personal information for the exercise or defence of legal claims, or we can
    demonstrate compelling grounds that override your rights and freedoms we may not be able to fulfil
    your request. However, we will contact you to discuss further.
    6h. Your right to lodge a complaint with a supervisory authority
    If you wish to lodge a complaint or seek advice from a supervisory authority please contact:
    The Office of the Information Commissioner
    Wycliffe House
    Water Lane
    Wilmslow
    Cheshire SK9 5AF
    Tel: +44 (0) 01625 545 745
    Website: www.ico.org.uk
    7 Glossary
    Anonymization is the process of either encrypting or removing personally identifiable information
    from data sets, so that the people who the data describe remain unknown or anonymous.
    Comply with a legal or regulatory obligation means processing your personal data where it is
    necessary for compliance with a legal or regulatory obligation that we are subject to, eg, The
    Children’s Act, Care Leaver’s Act, as well as regulatory requirements under CQC and other quality
    bodies.
    Consent of the data subject means any freely given, specific, informed and unambiguous indication
    of the data subject’s wishes
    The Data Controller is the organisation that is responsible for your personal data. They are required
    to keep it secure, make decisions about what happens to your data and are accountable if it’s lost or
    not kept confidential.
    The Data Processor is the natural or legal person, public authority, agency or other body which
    processes personal data on behalf of the controller
    Data Protection Act 1998 is a United Kingdom Act of Parliament designed to protect personal data
    stored on computers or in an organised paper filing system. … The Act defines eight data protection
    principles to ensure that information is processed lawfully. This law will be updated once the Data
    Protection Bill (2018) has been passed.
    Encryption is the method by which plain text or any other type of data is converted from a readable
    form to an encoded version that can only be decoded by another entity if they have access to a
    decryption key. Encryption is one of the most important methods for providing data security,
    especially for end-to-end protection of data transmitted across networks.
    General Data Protection Regulation (GDPR) is the 2018 legal framework that sets guidelines for the
    collection and processing of personal information of individuals within the European Union (EU).
    Legitimate Business Interests Legal Basis means the interests of our company in conducting and
    managing our business to enable us to give you the best service/products and the best and most
    secure experience. For example, we have an interest in making sure our marketing is relevant to you,
    so we may process your information to send you marketing that is tailored to your interests. When
    we process your personal information for our Legitimate Interests, we make sure to consider and
    balance any potential impact on you (both positive and negative), and your rights under Data
    Protection Laws. Our legitimate business interests do not automatically override your interests – we
    will not use your personal data for activities where our interests are overridden by the impact on
    you (unless we have your consent or are otherwise required or permitted to by law).
    Personal Data means any information relating to an identified or identifiable natural person (‘data
    subject’); an identifiable natural person is one who can be identified, directly or indirectly, in
    particular by reference to an identifier such as a name, an identification number, location data, an
    online identifier or to one or more factors specific to the physical, physiological, genetic, mental,
    economic, cultural or social identity of that natural person.
    Personal Data Breach means a breach of security leading to the accidental or unlawful destruction,
    loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or
    otherwise processed.
    Profiling means any form of automated processing of personal data consisting of the use of personal
    data to evaluate certain personal aspects relating to a natural person, in particular to analyse or
    predict aspects concerning that natural person’s economic situation, personal preferences, interests
    and location.
    Pseudonymisation means the processing of personal data in such a manner that the personal data
    can no longer be attributed to the data subject without the use of additional information. The
    additional information must be kept separately.
    Public Task Legal Basis means we can rely on this lawful basis as we need to process personal data
    ‘in the exercise of official authority’. This covers public functions and powers that are set out in law;
    or to perform a specific task in the public interest that is set out in law.
    Service Information Leaflet Provides detailed information of the data that is processed by Individual
    Children’s Services and Business Lines Services which is given to the data subject or their parents
    along with the Children’s Services Privacy notice.
    Special Category Data means data revealing racial or ethnic origin, political opnions, religious or
    philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of
    uniquely identifying a natural person, data concerning health or data concerning a natural person’s
    sex life or sexual orientation.
    Subject Access Request is your right to get a copy of the information that is held about you.
    Suppression List is a list that contains mailing or email addresses that you want to permanently
    exclude from future mailings or emails we send.
    Third Party means a natural or legal person, public authority, agency or body other than the data
    subject, controller, processor or persons who, under the direct authority of the controller or
    processor, are authorised to process personal data