1. Introduction

1.1. The British Institute of Human Rights (BIHR) is committed to respecting the privacy of the people who engage with us; in this policy we explain how we will treat your personal information.

1.2. This privacy policy was last updated in September 2021 and is compliant with the Data Protection Act 2018, which implemented the EU’s General Data Protection Regulation (GDPR).

2. What personal information is covered by this policy?

2.1. This Privacy Policy applies to all information that we collect about individuals who interact with us. It explains what personal information we collect and how we use it.

2.2. In respect of BIHR websites, this policy covers personal information that we may collect through your use of the following BIHR sites:

 3. Personal information that we process

 3.1. We collect, store and handle the following kinds of personal information:

  • Personal information, such as your name, telephone number, email or postal address, for the purpose of the services we provide in relation to our charitable mission and objectives.
  • Information that you provide when completing your profile on our websites.
  • Information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters.
  • Information about your visits to and use of our websites collected through Cookies (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths).
  • Information relating to any purchases you make of our goods or services through our main website (including your name, address, telephone number, email address and payment card details).
  • Information contained in, or relating to, any communication that you send to us or send through our websites (including the communication content and metadata associated with the communication and any information gathered on a form).
  • Any other personal information that you choose to send to us.
  • Information relating to any donations you make through our main website including your name, address, telephone number, email address, which appeal you are supporting, and in the case of direct debits the frequency and date of when direct debits will be taken [PLEASE NOTE: card details and bank details are collected on our main website, but only stored by our payment processors, and not by us – see section 5.5]

3.2. We will process your personal information only if there is one of the following lawful bases for doing so: consent, contract, legal obligation, vital interests, public task or legitimate interests (see ICO guidance for more information).

3.3. Before you disclose to us the personal information of another person, you must obtain that person's consent to both the disclosure and the processing of that personal information in accordance with this policy.

4. How we use your personal information

4.1. We will use your personal information only in a manner that is appropriate considering the basis on which the information was collected.

4.2. Personal information submitted to us through our websites will be used for the purposes specified on the relevant pages of the website concerned or in this policy.

4.3. On the basis of our legitimate interests in running our charity and aiming to achieve our charitable mission and objectives, we may use your personal information to:

  • deliver our services as stipulated in our charitable mission and objectives;
  • administer our websites and business;
  • personalise our websites for you;
  • enable your use of the services available on our websites;
  • send you goods purchased through our main website;
  • supply to you services purchased through our main website;
  • send statements, invoices and payment reminders to you, and collect payments from you;
  • send you non-marketing commercial communications;
  • send you email notifications that you have specifically requested;
  • send you our email newsletter, if you have requested it (you can inform us at any time if you no longer require the newsletter);
  • send you marketing communications relating to our business which we think may be of interest to you, by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications);
  • provide third parties with anonymous statistical information about our users, e.g. to enable our funders to understand our impact. PLEASE NOTE: those third parties will not be able to identify any individual user from that information;
  • deal with enquiries and complaints made by or about you relating to our websites;
  • keep our websites secure and prevent fraud;
  • verify compliance with the terms and conditions governing the use of our websites;
  • complete the processing of any donation you have made to us;
  • conduct aggregate analysis and develop business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of, our charity.

4.4. If you submit personal information for publication on one or more of our websites, we will publish and otherwise use that information in accordance with the licence you grant to us.

4.5. Your privacy settings can be used to limit the publication of your information on our main website and on our Communities of Practice Forum, and can be adjusted using privacy controls on the relevant website.

5. When we share your data

5.1. We will only pass your personal information to third parties if:

  • you have provided your explicit consent for us to pass data to a named third party; or
  • we are using a third party purely for the purposes of processing data on our behalf and we either have in place a data processing agreement with that third party that fulfils our legal obligations in relation to the use of third party data processors, or have carefully ascertained that the third party data processor fully complies with the UK Data Protection Act 2018; or
  • we are required by law to share your data.

5.2. We may also disclose your personal information:

  • in connection with any ongoing or prospective legal proceedings; or
  • in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); or
  • to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; or
  • to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.

5.3. We will only pass data to third parties outside of the EU where appropriate safeguards are in place as defined by Article 46 of the General Data Protection Regulation.

5.4. Your data, as collected on our websites, may also be available to the organisations who administer our sites to enable us and them to carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services.

5.5. All financial transactions on our main website are handled through our payment services providers, which are listed below with a link to the provider's privacy policy:

We will share information with our payment services providers only to the extent necessary for the purposes of processing payments you make via our website, refunding such payments and dealing with complaints and queries relating to such payments and refunds.

5.6. If you have opted into email contact from BIHR, we may store your information on the platform SendinBlue. SendinBlue will only process your data in accordance with its own Privacy Policy (https://www.sendinblue.com/legal/privacypolicy/).

5.7. If you register for and/or attend any BIHR event (i.e. a workshop, training session, webinar, meeting or any other type of event) that is hosted on Zoom or in Microsoft Teams, your personal information may be stored on the Zoom or Microsoft Teams platform.  Zoom and Microsoft will only process your personal data in accordance with their own privacy policies  (see https://zoom.us/privacy and https://privacy.microsoft.com/en-gb/privacystatement).

5.8. If you register for and/or attend any BIHR event (i.e. a workshop, training session, webinar, meeting or any other type of event) that has been arranged and/or paid for by an organisation for which you are employed or volunteer, or of which you are a member, we may share information on your registration and/or attendance with the organisation concerned. The information we share with the organisation concerned may include: your name and email address; the event(s) for which you register: your attendance at or absence from the event(s); and, if you are employed by or volunteer for the organisation, your role within the organisation and the department, division or area in which you work.

6. International data transfers

6.1. Information that we collect may be stored and processed in, and transferred between, other countries to enable us to use the information in accordance with this policy.

6.2. As already noted in section 5.3 of this policy, we will only pass data to third parties outside of the EU where appropriate safeguards are in place as defined by Article 46 of the General Data Protection Regulation.

7. Retaining personal information

7.1. Personal information that we process for any purpose or purposes shall be kept only for as long as is necessary for that purpose or those purposes.

7.2. We will also retain documents (including electronic documents) containing personal data:

  • to any extent that we are required to do so by law; or
  • if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; or
  • in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).

8. Security of personal information

8.1. We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

8.2. We will store all the personal information you provide on our, and where applicable our suppliers’, secure, password- and firewall-protected servers.  This may include data storage services provided in the Cloud.

8.3. All electronic financial transactions entered into through our main website will be protected by encryption technology.

8.4. You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

8.5. You are responsible for keeping the password you use for accessing any of our websites confidential; we will not ask you for your password (except when you log in to our websites).

9. Amendments

9.1. We may update this policy from time to time by linking to a new version on our websites. You will find the date this policy was last updated in section 1 of the policy (Introduction).

9.2. You should check this webpage occasionally to ensure you are happy with any changes to this policy.

9.3. We may notify you of changes to this policy by email if you are a registered user of one of our sites.

10. Your rights

10.1. You may instruct us to provide you with any personal information we hold about you. Provision of such information will be subject to the supply of appropriate evidence of your identity. (For this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank, plus an original copy of a utility bill showing your current address).

10.2. We may withhold personal information that you request, to the extent that we are permitted to do so by law.

10.3. You may instruct us at any time not to process your personal information for marketing purposes.

10.4. You may instruct us to delete any information that we hold about you (‘right to be forgotten’).  We may, however, retain some of your personal information to any extent that we are permitted or required to do so by law.

10.5. In practice, you will usually expressly agree in advance to our use of your personal information for marketing purposes.

11. Third party websites

11.1. The only websites governed by this privacy policy are BIHR’s websites, as detailed in section 2 of this policy, and we are not responsible for the privacy policies that govern third party websites, even where we have provided links to them.  If you use a link on one of our websites to another website, we recommend you read the privacy policy of the other website before sharing any personal or financial data.

11.2. We operate a number of social media pages including Facebook and Twitter.  Although this policy covers how we will use any data collected from those pages, it does not cover how the providers of social media websites will use your information.  Please ensure you read the privacy policy of the social media website before sharing data and make use of the privacy settings and reporting mechanisms to control how your data is used 

12. Updating information

Please let us know if the personal information that we hold about you needs to be corrected or updated.

13. Cookies

13.1. Our websites use cookies.

13.2. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. 

13.3. Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

13.4. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

13.5. We may use both session and persistent cookies on our websites.

13.6. The names of the cookies that we use on our websites, and the purposes for which they are used, are set out below:

  • We use Google Analytics to analyse the use of our website.
  • Our analytics service provider generates statistical and other information about website use by means of cookies.
  • The information generated relating to our website is used to create reports about the use of our website.
  • Our analytics service provider’s privacy policy is available at: http://www.google.com/policies/privacy/

13.7. Most browsers allow you to block cookies. However, blocking all cookies will have a negative impact upon the usability of many websites, and if you block cookies, you may not be able to use all the features on our websites.

13.8. You can also delete cookies already stored on your computer.  However, deleting cookies may have a negative impact on the usability of many websites.

14. Our details

14.1. BIHR is a company registered in England and Wales under company number 1101575, and our registered office is as follows: BIHR, c/o Lewis & Co Chartered Accountants, 8 Coldbath Square, London, EC1R 5HL.

14.2. BIHR is primarily a remote working organisation.

14.3. You can contact us:

14.4. You can also contact us by post, using the postal address given in 14.1. However, we recommend that you communicate with us by other means if possible as there may be delays in postal communications reaching us.

15. Requests for Information and Complaints

15.1. For further information on how your information is used, how we maintain the security of  your information, and to exercise your rights to access and/or erase information we hold on you, please contact the Director by emailing [email protected]

15.2. If you have a complaint about the treatment of your data, or would like to report a breach, you can contact the Information Commissioner Office, at: www.ico.org.uk