Skip to main content
Donate

Privacy Notice

We, at Good Law Project, are committed to protecting your privacy. This is our service user privacy notice and explains when and why we collect personal information about you, how we use it and the conditions under which we may disclose it to others.

We, at Good Law Project, are committed to protecting your privacy. This is our service user privacy notice that explains when and why we collect personal information about you, how we use it and the conditions under which we may disclose it to others.

Your personal data is defined as any information that can directly or indirectly identify you. This notice also explains how we keep your data safe and secure and includes information you need to know about your rights and how to exercise them.
If you have any questions regarding our Privacy Notice and our use of your personal data or would like to exercise any of your rights, please get in touch via the following page: https://goodlawproject.org/about/contact/

How and when do we collect information about you

We collect information about you in the following ways:

  • when you visit our website
  • when you register for events or news articles
  • when you sign up for marketing emails
  • when you make a donation
  • when you undertake a survey
  • when you participate in our social media activities
  • when you participate in a campaign, for example when you sign a petition, share your experience or do another campaign action
  • when you contact us by email or another form of communication
  • when you contact our press team as a journalist or as a representative of a news outlet
  • when you share your information directly on other platforms like Tiktok or Meta to sign up for our campaigns or marketing.

Information is safely stored in our online database system.

Types of information collected about you

We may collect the following information about you:
Name, address, phone number, post code, voting intentions, general information like which companies you use, comprehensive demographic data, annual household income, age, IP address.

The information collected may include special category of data, which include health information, sexual orientation, race, ethnic origin, political opinion, religion, trade union membership, genetic and biometric data.

How is your information used?

We use your information for the following reasons:

  • Offering you ways to fund our work.
  • Inviting you to campaign with us.
  • Keeping you updated on our campaigning work.
  • Inviting you to participate in surveys or research.
  • Providing you with information or products that you have requested from us.
  • Providing you with information that is relevant to your interests.
  • Processing donations received from you.
  • Making enquiries or informing you about your interactions with us like resolving issues with donations, or informing you of changes to events.
  • Responding to any complaints from you.
  • Informing you of volunteering opportunities.
  • Analysing and refining our advertising, campaigning and other operations to increase our effectiveness.
  • Monitoring your information to prevent fraud.
  • Working with authorities in cases of fraud or criminal investigations.
  • Maintaining a working relationship with you as a journalist or as a representative of a news outlet in order to collaborate on publishing content.

You may opt out of our fundraising and marketing communications at any time by clicking the unsubscribe link at the end of our marketing emails.

Lawful Basis for Processing

We rely on the following lawful basis for processing your personal data, identified in Article 6 of UK GDPR.

  1. When you visit our website, we rely on legitimate interest. 
  2. When you register for an event to attend it or participate in our social media activities, we rely on legitimate interest.
  3. When you access our services through our project, we rely on our legitimate interest.
  4. When you make donations on third-party websites like Crowd Justice or on our website, we rely on our legitimate interest.
  5. When you subscribe to our news updates or online updates, we rely on consent.
  6. When you take action as part of our campaigns, for example by adding your name to a petition or by emailing your MP through our website, we rely on our legitimate interest. 
  7. When you share your information directly on platforms like TikTok, Meta, Google Ads, or LinkedIn, we rely on your consent.
  8. When you contact us from a news outlet (including but not limited to newspapers, blogs, TV, radio and streaming) in regards to interviews, comments or information, we rely on legitimate interest.
  9. When we process special category of data, the lawful basis is identified in Article 9(2)(g), substantial public interest (UK GDPR) and Schedule I, Part II, Condition 8, ‘equality of opportunity or treatment’ of the DPA 2018

For processing criminal records data, we rely on Art 10 of the UK GDPR, and Condition 10 from schedule 1, Data Protection Act 2018, ‘preventing or detecting unlawful acts.’

Confidentiality, data sharing

At Good Law Project, we handle your data with utmost confidentiality and take all necessary steps in this regard. Please be assured that we will never sell your details to any third party.

We engage with several third parties to process your personal data. These third parties act as data processors of your data. Goodlaw Project will either sign a data processor agreement with such processors or will review the terms and conditions of such processors’ agreements to ensure compliance with Data Protection Legislation.

Further, where personal data is stored outside of the UK and the EEA, safeguards to protect personal data may include but are not limited to the UK Addendum used in conjunction with the EU Standard Contractual Clauses (SCCs), or UK International Data Transfer Agreement (IDTAs). Such safeguards will be subject to Transfer Risk Assessments (TRAs).

We will engage the following third parties for our activities:

  • CRM: Salesforce is our CRM, which would help us store data of our stakeholders, partners, supporters and those involved in our wider work
  • Marketing: Nationbuilder and Mailchimp will primarily be our marketing platform, which also be used to store data regarding actions supporters have taken in the past, and profile and target supporters
  • Petitions: The data processed from our petitions will be stored in Mailchimp, Salesforce and Zapier.
  • Crowdfunding: Our donation systems are powered by Stripe, PayPal and GoCardless. We also partner with SmartRaise to deliver a better user experience. We do not access any payment information stored in the systems of Stripe, Paypal and Gocardless.
  • Events: We use WordPress and Eventbrite for registration of events. We use Eventbrite, Mailchimp and Salesforce for storing data of attendees from events.
  • Communications: We use Front to manage incoming emails from our supporters and anyone who contacts us to enquire about our work or undertake any actions for supporters like cancelling recurring donations.
  • Advertisements: We use Blueprint for capturing data contact details from Meta ads which are later stored in our CRM.
  • Surveys: we collect data through Typeform, 123forms, or Mailchimp, which act as our survey tools
  • Email-to-target: when you send an email as part of a campaign. We collect data on who you email, and the message you send through ImpactStack. 
  • Cookies: For how we use cookies, please see the section on cookies in this privacy notice below.
  • Profiling: for data collected through our screening and profiling techniques, please see the section below on ‘Profiling’.
  • Data collected directly on other platforms: We may use platforms like TikTok or Meta to directly collect personal data of service users, which we then transfer to our relevant database like Mailchimp and Salesforce.
  • Website performance: We use Google Analytics 4 and Matomo to analyse website traffic and better understand user experience. We use Cloudflare Turnstile to confirm our website visitors are human – this is standard practice that allows us to give you an improved experience with our website, whilst preserving your privacy. 
  • Integrations: We sometimes use Zapier and Supermetrics to integrate the platforms we use for our campaigns and automate data flows between systems. For example, we may use Zapier to automate data transfers from our payment processors to Salesforce. 

Keeping your information safe

We take looking after your information very seriously. We have implemented appropriate physical, technical and organisational measures to ensure that your personal information is secure when under our control, both on and offline, from improper access, use, alteration, destruction and loss.

When we are provided with personal information about you, steps are taken to ensure that it is treated securely. Electronic data is stored on a secure server provided by a third party and is accessed via password-protected computers that are used only by our employees.

Any personal information that is shared with third parties mentioned in this privacy notice will be communicated via secure systems. We have put appropriate systems in place to enable third parties to communicate information securely, and third parties are provided with information regarding how to do so. We cannot, therefore, be held accountable for the security of any personal information sent from a third party which is not sent via secure arrangements.

Whilst we make every effort to protect your personal information we cannot guarantee the security of any information you transmit to third parties, and you do so at your own risk. When we receive information about you, best efforts are made to ensure its security on their systems.

Profiling

In order to identify potential high value supporters and expand our support network, we may use profiling and screening techniques. We would gather publicly available information regarding previous support, connection to our cause, previous philanthropic activity, credibility, geographical, demographic, and career information, financial soundness, peer networks and other publicly available information (e.g. age, address, listed Directorships, hobbies and interests).

This information also allows us to understand how likely it is that you would be interested in supporting us so that we can better tailor our communications such as telling you about the things you are likely to be interested in, letting you know of ways to fundraise with us which are relevant to you and making sure that we only talk to you about a financial level of giving that is appropriate to you.

In case of a generous donation that would classify you as a major donor, we would undertake in-house research as part of our due diligence process and note information including name, the date the donation was received, the value of the donation, how the donation was received, currency, any conditions given with the donation and details of previous donations. Additionally, we would gather publicly available information on interests, source of wealth, and involvement or association with any networks, societies, membership organisations or political parties from sources including Companies House, the Electoral Register, ‘rich lists’, company websites, social networks such as Linkedin, political and property registers and news archives. This information ensures that the donation has not come from an illegal or unethical source and that there are no public concerns about you or your activities.

If you have already engaged with us, we may also profile information that you have provided to us during your engagement, including information such as occupation, title, details of any correspondence you have had with the Good Law Project, Date of Birth, fundraising appeals responses, event participations, and details of your reasons to engage with the Good Law Project.

We rely on our legitimate interest in order to profile and screen your information. If you would rather we did not do this, please just let us know and we will, of course, respect your wishes. Otherwise, following our initial profiling and screening, we will contact you either via phone or via e-communication if you agree for us to process your information. During our conversation, we will inform you of our processing and of your rights as data subject (which include right to object, to restrict our processing and to have your data deleted). If you are happy to engage with us, we’ll proceed with establishing our relationship with you, which will include further engagement and profiling.

Additionally, we sometimes ask existing supporters, board members and volunteers whether they would be prepared to open their networks up to us. An existing supporter may tell us about an individual previously unknown to us and facilitate an introduction. We would then advise our board member or existing supporter about our data responsibilities and ask them to ensure that the person they would like to introduce to us is happy for an introduction to take place. Following the introduction, we would direct the individual to this privacy notice and confirm their marketing consent preferences before communicating with them further. We will also share a link to our privacy notice in the footer of all of our marketing email communications.

Campaigning for change

We aim to work alongside people who have lived experience of the issues we campaign on. If you choose to take part in one of our campaign actions and share personal information with us, we may use that information to support the campaign. 

If you share your experience with us, either in written, video, or picture format, we may use this information to help further develop our campaigns. For example, we may use the information you share with us in case studies and stories that we share with the media, on our website, in our email campaigns, or on our social media channels. We will seek to anonymise your data where possible. 

If you take part in a campaign action to target someone in power, such as your local MP, we may forward your email together with your contact information, to the relevant target. We will also collect and store your message and personal information. We may also use this information to further develop the campaign, for example by sharing your anonymised message to your target on our social media channels.

If you have any concerns about the way we may use your data in our campaigns or share such information on our social media, please do contact us via our contact page.

Online advertising

When we do online (paid) advertising, this is targeted at those using websites we think will attract new supporters to us, or at those web users who have shown an interest in the organisation or related subjects. We do not store data received in this way, as we place ads according to online behaviours and interests (see Cookie Policy below).

We use Meta’s API, lookalike ads and Meta pixel in this process. Please view Meta’s policies on how they process your data stored with them in this process. We also may use Google Ads, Care2, TikTok and LinkedIn ads to target subjects for the reasons mentioned above. We may securely share your data with these ad services, to ensure we target our ads correctly. For example, we may use Facebook’s Custom and Lookalike Audiences to enable us to display adverts to audiences who have similar interests or characteristics to our existing supporters. This also allows us to exclude existing supporters from our targeted ads, helps us avoid showing you adverts which are not relevant to you, and also allows us to make the most of our marketing budget. existing supporters or other people who have similar interests or characteristics.

We always aim to minimise the amount of personal data we share with other platforms and we only use social media platforms that provide a facility for secure and encrypted upload of data.

We also use retargeting ads (for eg. via Meta) to show you ads for our campaigns, projects and for encouraging contributions for our activities, and we use this to reach out to people who have already shown interest in our work i.e. if you have previously donated to us, or when you visit our website or if you have opted in for our marketing emails.

The information collected through retargeting ads is used by us to show you relevant ads for our campaigns and the work we do. You can usually opt out of such ads by clearing your browser’s cookies, but please read the relevant provider’s policy to know about this in detail.

If you would prefer that we don’t use your data for online advertising in the ways described in this section, please contact us via our contact page.

If you have asked us not to use your information for targeted social advertising, you may still see adverts related to us. This is because the social media platform or advertising network may hold information about you that wasn’t provided by us.

Cookies

We use cookies and similar technologies to collect and store information (which may include your personal information) about how you interact with our website. We may use these technologies to help us deliver relevant information about our organisation.

Cookies are small text files placed on your device which uniquely identify your device. Cookies cannot be used to run programs or deliver viruses to your device. For more information about our use of these technologies please contact us by using the details set out above.

We use Google Analytics 4, Google Tag Manager, Meta, Facebook, Linkedin, Stripe, Google, Twitter and ReCaptcha. Please refer to the cookies policies of these respective providers to understand how your information is stored.

How long is the data retained for

We keep your data as long as necessary. If you’ve made a donation or showed interest in supporting us, we may keep your data for 6 years.

For our event attendees, people undertaking surveys and petitioners, we store the data for 6 years. For our subscribers to our newsletters, we retain the data till consent is withdrawn.

Data is destroyed or deleted in a secure manner as soon as the retention date has passed.

Your Rights

Under data protection laws in the UK and EU, you have certain rights over the personal information that we hold about you. If you would like to exercise your rights, please get in contact by using the details listed above.

Here is a summary of the rights we think apply:

  • Right to be Informed – You have the right to be informed as to how we use your data and under what lawful basis we carry out any processing. This Privacy Notice sets this information out. However, if you would like further information, please get in touch.
  • Right of Erasure – also known as the right to be forgotten – You may ask us to delete some or all of the information we hold about you. Sometimes where we have a legal obligation we cannot erase your personal data.
  • Right to Object – You have the right to object to processing where we are using your personal information, such as where the processing is based on legitimate interests, or for direct marketing.
  • Inaccurate personal information corrected – Inaccurate or incomplete information we hold about you can be corrected If any of your information is out of date or if you are unsure of this, please get in touch through any of the contact details listed in this notice.
  • Right of restriction – You have a right to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy, or if we are not lawfully allowed to use it.
  • Right to Access your information – You have a right to request access to a copy of the personal information that we hold about you, along with the information on what personal information we use, why we use it, who we share it with, how long we keep it for and whenever it has been used for automated decision making. You can make a request for access free of charge. Proof of identity is required.
  • Automated decision making – Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right to question the outcome of automated decisions that may create legal effects or create a similar significant impact on you.
  • Right to withdraw consent – Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data.

Making a complaint

If you think your rights have been breached or you are not happy with the ways we handle your data, you can raise a complaint by contacting our Data Protection Officer at sofiya@hope-may.com.

Any questions or concerns that may not require a formal complaint can be passed on via our contact page.

You can also contact the Information Commissioner’s Office by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 0303 123 1113 (local rate) or 01625 545 745.

Changes to our Privacy Notice

This privacy notice is kept under regular review. If we make any changes to the way in which we process your data, we’ll make the required changes to this privacy notice and notify you by posting a banner on the Good Law Project website. For any very significant changes in the way we process data, we will inform you directly as well.

This privacy notice was last updated on 2 April 2024.

Good Law Project uses the law to hold power to account, protect the environment and ensure no one is left behind

We are proud to be primarily funded by members of the public, which keeps us fiercely independent

Donate now

Stay up to date and be the first to hear about how to take action