We are the International Humanist and Ethical Union, the global representative body of the humanist movement, uniting a diversity of non-religious organisations and individuals. (Read more on our About page.)
This privacy and data protection policy gives detailed information as to when and why we collect personal information, how we keep it secure and how we use it.
1. How we collect personal information
We only collect and store information with consent and for a specific purpose which is made clear when we ask for consent. We collect information when people interact with us, including signing up for our emails, registering as an Individual Supporter, making a donation or registering for an event.
We collect personal information in one of the ways described below:
- When you contact us to make a donation or other transaction or to register for an event over the telephone or by email
- When you initiate a transaction online, including to register for an event, subscribe for our email updates, make a donation, register as an individual supporter.
- When you fill in another online form or submission of information by phone or email, for example to make a purchase on our website, to respond to a consultation or survey conducted by the IHEU, to offer to volunteer with IHEU, or when a Member Organization provides details of delegates or representatives.
- If you otherwise contacted us by telephone, email or post
If you have an account and you log in to any of our websites (which all use the WordPress platform) we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article (for example if you are a volunteer on the Freedom of Thought Report website), an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We use Google Analytics to collect information on overall traffic to our websites.
2. What information we collect
We collect information that is necessary to perform the services you have requested or that was otherwise necessary for us to operate and develop our organization.
We collect the following information (depending on the situation and what individuals decide to submit):
Information obtained directly from you (for example, in person, over the phone, by post, or when you interact with us online:
- Email address
- Postal address
- Contact telephone number
Where relevant we may have also collected:
- Payment Card details (although please be aware we will not hold such information for any longer than necessary to process your transaction)
- Delivery address(es) and/or Billing address(es)
- Email preferences
- Details of goods and services purchased by you
- Whether a person has left us a legacy, and any information you have provided us with to administer this, such as details of your next of kin, executor or solicitor
- Information that you provide when you respond to a consultation, survey or promotion by us or one of our partners
- Information provided in correspondence when you contact us
- Direct debit details for ongoing payment arrangements
- Any particular access, dietary requirements or other preferences you may have to help us improve your experience at an event
We may also have classified personal contact data based on how a person interacts with us and information submitted by the person in question. For example, our database will record if someone is associated with one of our Member Organizations and in what capacity, has made a donation, has registered to attend events, and some minimal history such as when that person gave us their data and permission to use it.
We may also obtain information available from other external sources about you and combine it with information we hold about you. This will only be done if this information is publicly available (for example on Companies House or the land registry) or if you have given permission to a third party to share this information.
We use the information we hold about people for a number of purposes including to provide information that the person has asked for, to provide a service or fulfil orders that the person has requested from us, to request additional information, to develop and improve our services and to raise money for and otherwise operate and develop our organisation. Below we describe how and why we use this information and how long we retain it.
We may use your information in the following ways:
To fulfil our obligations under a contract with you and to otherwise carry out our business.
- sending content you have directly requested, such as signing up to receive our updates by email
- sending correspondence in relation to the membership of an IHEU Member Organization to contacts associated with that Member Organization
- fulfilling purchases made of our goods and services (including ticketed events or online purchases)
- processing a payments (although please be aware we will not hold payment details for any longer than necessary to process a transaction)
- administering and recording donations to us, including corresponding with you about your donation
- contacting you with any important information in relation to donations or in relation to the purchase of goods or services including confirmation of orders, reminders, details of any changes, delays or other information relevant to your booking, and thank you letters for donations
- contacting you in relation to the renewal of any recurring agreement with us
- contacting you in relation to any survey or consultation we run that the person has responded to
- for the internal administration of any purchases from us
- contacting you to respond to their queries (for example, if we receive an email with a question)
- improving our websites and online services
- fulfilling reporting obligations
When we have a legal obligation to do so
In appropriate circumstances we shall use your information to fulfil our legal obligations which may include:
- the use of any CCTV recording equipment on our premises for monitoring and security purposes
- detecting and reducing the risk of fraudulent transactions in person or online
- undertaking due diligence to detect fraud, money laundering and credit risk and protect the reputation of our organization and our Member Organizations
- to keep our databases up to date
- for our financial records
- such other obligations as are imposed on us from time to time
- deleting or updating the information we hold about you if we learn such information is inaccurate
- complying with your data rights (see below)
- Health and Safety implications if appropriate, for example reporting first aid incidents
When it is in our legitimate interest to do so
We may use information where it is in our legitimate interest to do so, to:
- classify our contacts into groups or segments by attitudes or types of behaviour (such as making a donation), using the information we have been provided directly (such as a person’s associate with an IHEU Member Organization). These segments help us to:
- understand our audience better; and
- enable us to tailor and target our content and services to help us manage and improve them.
- use pseudonymised details to guide advertising on social media platforms (such as Facebook, Twitter and Instagram) or through other third party advertising. The information shared with these platforms is pseudonymised to protect your personal information.
- enable us to run the test version of our website and customer relationship management system that we use internally to pilot new features and ensure the smooth running of our web services.
- identify and contact individuals who are in a position to support us financially
- retain personal information on our secure customer relationship management system for the above purposes.
How long we retain personal information for
We may keep personal information as long as necessary for the legal purposes set out above.
4. How we share data with third parties
We will not share, sell or otherwise make available personal information to third parties without your express prior permission.
We shall share your data with third parties who are performing services on our behalf (for example, where we use third party ticketing organisations), in order to comply with our legal obligations (for example fraud protection) or in order to enforce our rights, property or the safety of the IHEU, its staff, visitors or others.
We may share personal information with the following organisations:
- service providers working on our behalf. For example, this may include payment processing, database services, website hosting services, providers or online and/or cloud services
- third party data services and analytics platforms who assist us with segmenting and understanding our audiences (as described above)
If we have your permission, or it is otherwise made expressly clear in advance, we may share personal information with:
- named third parties where a person opted in to allow us to provide their details to such third parties when they purchased goods and services from us
- partner venues where tickets are bought via or events are hosted at such venues
If we are required to do so by law (for example under money laundering or charity law legislation, or under a court order) we may share your personal information with the police, other law enforcement or regulatory bodies or a government authority investigating unlawful activities.
5. Data protection rights of our contacts
Our contacts have certain rights under data protection laws in relation to the personal information we hold and are using.
To contact us about your data protection rights, please see the end of this page.
Your rights include asking for a copy of the information we hold about you, having any inaccurate information we hold about you corrected, or to request that we stop using your personal information in a particular way. Your data protection rights are summarised under the tab immediately below.
You have the following rights under data protection laws in relation to your personal data, these rights include:
- To be informed about how we use your personal data (the purpose of this Privacy and Data Protection Policy);
- To have accurate information held about you, and to have your details updated when they are inaccurate. If you have an online account you may amend your personal details and contact preferences at any time. If you prefer, you can contact us by email, telephone, by mail, or in person to update your details with us;
- To ask us to delete your data (often called the “right to be forgotten”), though we might not always be able to delete your data if under the law there are some circumstances in which we will need, or are entitled to, retain it;
- To get a copy of your personal data.
- To object to how we use your data, and request that we stop using it for certain purposes. There may be circumstances where you ask us to restrict such uses of your information, but we are entitled to refuse that request.
- To withdraw your consent, where we are using your personal information with your consent (as described above in the ‘Why We Collect Your Personal Data and How we use it”).
- To ask us to transfer your data to another organisation, where your data is held in a machine-readable, commonly used way, and can be safely transferred.
- If we make a decision about you using automated means, you have right to request that the decision be reviewed by a human; and
- The right to make a complaint to the Information Commissioner (www.ico.org.uk) if you think that any of your rights have been infringed by us in the UK.
Should you contact us to exercise these rights, we may need to request additional information so that we can verify your identity (and to ensure your personal information is not disclosed to any person who has no right to receive it). This may include:
- A colour copy of your driving licence, birth certificate or utility bill
- If your request relates to a specific transaction, evidence of that transaction (i.e. a receipt or confirmation)
We may contact you to ask you for further information in relation to your request to help us enact your rights in accordance with the law.
We try to respond to all legitimate requests within one month. However, occasionally it may take us longer than a month if your request is particularly complicated or you have made a number of requests. In such circumstances, we will notify you.
6. Security of your personal data
The IHEU is committed to keeping personal data secure. We use a variety of security technologies and procedures to help protect personal information from unauthorised access and use.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (‘EEA’). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of an order, the processing of payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Data Protection Notice. This is done in a number of different way including:
- The country we send the data to might be approved by the European Commission as being sufficiently secure;
- The recipient is located in the United States and is a certified member of the approved EU-US Privacy Shield Scheme; or
- The recipient company might have signed up to a contract obliging them to protect your information.
In all such cases we shall ensure that any transfer of your information is compliant with data protection law.
However, please note that the transmission of data via the Internet is not completely secure. Your communications may be routed through a number of countries before being delivered. We cannot guarantee the security of any data transmitted to our Websites, however, once we have received your data, we will use adequate security procedures to prevent unauthorised access.
7. Changes to this privacy and data protection policy
We keep this notice under review. We will let contacts know about any substantive changes made to it by email or another suitable method of communication. The latest version of this notice will always appear on this page.
8. CONTACT US ABOUT YOUR PERSONAL DATA
If you would like more information or would like to raise any queries, exercise your rights or make a complaint in relation to our use of your personal information, you may contact the IHEU by emailing firstname.lastname@example.org or writing to:
39 Moreland Street