Data Protection, Privacy & GDPR
Our Data Protection and Privacy Notice
Toynbee Hall is committed to good practice in the handling and protecting of your personal data and privacy along with careful compliance with the requirements of the Data Protection Act (2018) and the General Data Protection Regulation.
Toynbee Hall is registered with the Information Commissioner in the UK as a “data controller” in accordance with the provisions of the Data Protection Act 2018. Further details of the registration are available at ico.org.uk/ESDWebPages/Entry/Z6999734
This Privacy Notice describes how and why Toynbee Hall obtains stores and processes data which can identify you.
Toynbee Hall are committed to good data management in order to protect people from harm. This means:
keeping information securely in the right hands;
holding good quality information; and
obtaining explicit consent from our clients to record and process their data.
Toynbee Hall also ensures that it takes into account the legitimate concerns of individuals about the ways in which their data may be used. In particular, we aim to be open and transparent in the way we use personal data and, where relevant, to give individuals a choice over what data is held and how it is used.
The GDPR creates new rights for how organisations treats individual’s data and these are detailed below.
Toynbee Hall complies with all relevant DPA legislation and also ensures that the principles of the General Data Protection Regulations are incorporated into the service that we provide.
The right to be informed
Toynbee Hall will ensure that all individuals understand why their data is being obtained, how it is being used and how they can access it. We shall provide this information in a manner that is concise, transparent, intelligible and easily accessible. This information is provided for all ways in which you may communicate with us.
The right of access
Toynbee Hall wants all people it helps to understand how they can access their personal data, and will ensure that they are able to do this easily and quickly. Please contact us if you want further information on how to access your data.
The right to rectification
In order to provide advice that is comprehensive, accurate and tailored to the circumstances of each person that we help, Toynbee Hall wishes to hold accurate data about them. If you believe that your personal data is inaccurate or incomplete then we will ensure that this is rectified. If Toynbee Hall has disclosed the personal data in question to third parties it will inform them of the rectification where possible. Toynbee Hall will never disclose any data about you without first checking that this is ok with you and making it clear to you why this has been done. Should you want your data to be rectified, then please write to the Toynbee Hall’s Data Protection Officer (DPO) confirming which data you wish to be rectified.
Toynbee Hall’s DPO can be contacted via email at Daniel.firstname.lastname@example.org
We are licensed by the Information Commissioner’s Office (the UK’s Data Protection regulator) to act as a data controller. Our licence reference number is Z6999734. This can be checked by visiting https://ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/.
We will respond to you as soon as possible but no later than within 48 hours. If Toynbee Hall does not take action to rectify the data, we shall explain why and will inform you of your right to complain to the Information Commissioners Office.
The right to erasure
Toynbee Hall wants you to be comfortable about the data that we hold about you and we provide the facility for you to request the deletion or removal of your personal data where there is no compelling reason for its continued processing.
You have a right to have your personal data erased and to prevent processing in the following circumstances:
where the personal data is no longer necessary in relation to the purpose for which it was originally collected/ processed;
when the individual withdraws consent;
when the individual objects to the processing and there is no overriding legitimate interest of for continuing to process it; or
when the personal data was unlawfully processed and the data has to be erased in order to comply with a legal obligation.
Toynbee Hall refuse to comply with a request for erasure where the personal data is processed for the following reasons.
To exercise the right of freedom of expression and information.
To comply with a legal obligation for the performance of a public interest task or exercise of official authority.
For public health purposes in the public interest, archiving purposes in the public interest, scientific research historical research or statistical purposes; or the exercise or defence of legal claims.
The right to restrict processing
If you wish for us to no longer process your data, then we will ensure this happens. You may wish to do this if:
you contest the accuracy of the personal data;
where you object to the processing of the data;
when processing is unlawful and you oppose erasure and request restriction instead; or
if Toynbee Hall no longer needs the personal data but you require the data to establish, exercise or defend a legal claim.
If Toynbee Hall has disclosed the personal data in question to third parties, we shall inform them about the restriction on the processing of the personal data, unless it is impossible or involves disproportionate effort to do so. Toynbee Hall will inform individuals if it decides to lift a restriction on processing.
The right to data portability
Should you wish for your data to be provided to you in a machine readable format (e.g. CSV) so that another organisation can process this data, then Toynbee Hall will facilitate this where possible. Please contact us for more information.
The right to object
You have the right to choose how we use your data, if you object to how we use your data, then please let us know.
The rights in relation to automated decision making and profiling
Toynbee Hall does not use automated decision making in any of its processes. The some of our case management software uses a logic driven model on referral options but this does not constitute automated decision making.
Toynbee Hall will not use personal data for direct marketing.
For more information please visit:
For details how to object and/or lodge a complaint with a supervisory authority (GDPR) such as the ICO – please visit:
How do we collect information?
We obtain information from you when you enquire about our activities, receive an e-newsletter, make a donation to us or otherwise provide us with personal information.
What information do we collect?
The personal information we collect will vary depending on which service you interact with and might include name, date of birth, email address, postal address, telephone number. We will not ask for information unless it is necessary/relevant to the service/interaction we are providing.
How do we use this information?
We will use your personal information to provide you with the services or information you have requested, administration purposes and to further or charitable aims, including fundraising activities.
How do we protect personal information?
We take appropriate measures to ensure that the personal information disclosed to us is kept secure, accurate and up to date. We may also need to disclose your information if required by law or if we have your permission to do so. We will not sell any information about your web browsing activity.
Right of access
You have the right to ask for a copy of the information we hold about you (for which we may charge a small fee) and to have any inaccuracies in your information corrected. If you wish to exercise this right please email email@example.com
Our website may include links to websites run by other organisations. Toynbee Hall is not responsible for the privacy practices of these other websites.
Will we disclose the information we collect to outside parties?
We will not disclose your contact information to any third parties.
Adverts and Sponsored Links
This website will not contain sponsored links and adverts. We do not share our data or cookies with external advertisers.
Downloads & Media Files
Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to always verify their authenticity using third party anti virus software or similar applications.
We accept no responsibility for third party downloads and downloads provided by external third party websites and always advise users to verify their authenticity using third party anti virus software or similar applications.
Contact & Communication With us
Users contacting this us through this website do so at their own discretion and provide any such personal details requested at their own risk. Any personal information is kept private and stored securely until a time it is no longer required or has no use.
We use a ‘Google Docs’ form to record online enquiries and use WorldPay to manage our donations.
We will only contact you as part of the initial process of receiving debt or legal advice, we will not use your details to send you other unrelated products/services information. We may contact you at various points of your debt advice process to seek feedback on our performance, but this will be discussed with you in full when you complete your initial assessment.
Email Mailing List & Marketing Messages
We operate an email mailing list program for our newsletters – utilising the email management software ‘Dotmailer’, and will not send you unsolicited emails/messages. Each email will also contain an option to unsubscribe in a prominent position
External Website Links & Third Parties
Although we only look to include quality, safe and relevant external links, users are always advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites.)
We do not use shortened URL’s in this website; URL shortening is a technique used on the web to shorten URL’s (Uniform Resource Locators) to something substantially shorter. This technique looks similar to this: example: http://bit.ly/zyVUBo.
By default some social media platforms shorten lengthy urls [web addresses]
Users are advised to take caution and good judgement before clicking any shortened urls published on social media and other platforms by this website and its owners. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.
We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should therefore note they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social Media Policy & Usage
We adopt a Social Media Policy to ensure our business and our staff conduct themselves accordingly online. While we may have official profiles on social media platforms users are advised to verify authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for user passwords or personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.
There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page. You can find further information about some social media privacy and usage policies in the resources section below.
Resources & Further Information
• Overview of the GDPR – General Data Protection Regulation
• Data Protection Act 2018
• Privacy and Electronic Communications Regulations 2003
• The Guide to the PECR 2003
v.1.2 May 2018 Edited & customised by: Toynbee Hall
If you have any questions or complaints relating to this Privacy Notice or how we use the personal information we have about you, please contact firstname.lastname@example.org. We will endeavor to respond to you promptly.