There are six data protection principles that Liberty must, and does, comply with. The personal information we hold about you must be:
1. Processed lawfully, fairly and in a transparent manner.
2. Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
3. Adequate, relevant and limited to what is necessary in relation to those purposes.
4. Accurate and, where necessary, kept up to date.
5. Kept in a form that permits your identification for no longer than is necessary for those purposes.
6. Processed in a way that ensures appropriate security of the data.
Who is collecting your data?
For the purposes of data protection law in the UK, Liberty (the National Council for Civil Liberties) of Liberty House, 26-30 Strutton Ground, London, SW1P 2HR, is the data controller in relation to the collection and use of your personal information in the United Kingdom.
What kind of information do we collect and how do we collect it?
We collect personal information in two ways from your use of the Website:
1. anonymous data that is automatically collected from all visitors to the Website
2. personal data that you voluntarily submit so that we can provide you with a service or so that you can pay a membership fee, make a donation or order merchandise or publications.
The type and amount of personal information we collect depends on how you use the Website.
You can access all pages on our website without telling us who you are and without revealing any personal information.
We collect some information when you visit the Website but this does not allow us to identify you personally. The information we collect includes the type of browser visitors use, time and date of visits, which pages are most viewed and which other websites and search engines direct visitors to the Liberty website. This enables us to evaluate the Website and work to improve it.
The software that we use to analyse our website is called Matomo. Unlike remote-hosted analytics services like Google Analytics, Matomo is hosted on Liberty’s web servers and all data tracked is inside Liberty’s Mysql database. This ensures that visitor behaviour on the Liberty website is not shared with advertising companies.
Liberty has specifically configured Matomo to respect your privacy by anonymising the IP addresses of visitors to our site and by respecting any ‘Do Not Track’ settings that you may have selected within your web browsers.
We do not link any of this anonymous data with any personal information that you may provide to us.
Cookies are small pieces of data sent from a website and stored on your computer by your web browser while you are browsing the website.
Personal data (including sensitive personal data) that you volunteer to us directly
We may collect information directly from you which personally identifies you (such as your name, address or email) when you participate in the following activities:
contacting us, for example by phone, email or through our online contact forms
signing up to campaign petitions or pledges
using tools from our website to email your local MP, councillor(s) or newspaper(s)
subscribing to a campaign email list to receive more information about our campaigning work and how you can get involved or donate
attending an event
joining as a Liberty member
donating to Liberty or the Civil Liberties Trust.
The information given may constitute sensitive personal data to the extent that it includes information on your political beliefs or any other personal sensitive data that you disclose within the content of your correspondence with us.
In addition, we may collect financial information from you when you:
join or renew your Liberty membership
make a donation to support Liberty or the Civil Liberties Trust
order merchandise or publications.
Legal basis for using your data
We collect your financial data for the purpose of fulfilling our contractual duties to you or to others – i.e. when we need this data to process your donation or gift or satisfy your order.
Where we have no contractual basis for retaining financial data (i.e. when transactions have been processed) we retain only that financial data which is required either to:
satisfy our obligations to maintain accurate financial and tax records, or
satisfy our legitimate interest in supporting future fundraising. This will include retaining information on the date of the donation, the amount donated and your personal data on our fundraising database.
If you make a donation to Liberty, we rely on our legitimate interest in providing you with information about what your donation will help to fund as the legal basis for sharing information about Liberty’s work and services with you by post only.
For all email, text or phone communication, we will seek your opt-in consent before we undertake this contact.
If you have not made a donation to Liberty – but have given us your personal data for another purpose – we will seek your opt-in consent for all email, text or phone communication after a confirmation of your initial interaction.
For example, if you sign a petition, you will receive a notification that your signature has been added to this petition, but you will receive no further information from Liberty unless you opt in to receive this by ticking a clearly labelled box.
As noted above, the primary type of sensitive personal data we collect is information relating to your political beliefs which you express through engagement with specific Liberty campaigning activities.
We process this data on the basis of our legitimate interest in furthering Liberty’s campaigning aims.
We do not think that any of the above activities prejudice you in any way. However, you have the right to object to us processing your personal data on this basis. You can do so by contacting us at firstname.lastname@example.org.
For what purposes will your data be processed?
If you are accessing our Advice and Information service using the Get Advice page or Contact Us form, your data will be used only for this purpose.
If you are making a donation, purchasing, signing up to an event or supporting a campaign action, we will process your data in order to satisfy this specific action.
If you make a donation or joining Liberty, we may contact you by post to give you further information about ways in which you can support Liberty.
For all other actions, if you give opt-in consent, we may contact you by email or post to give you further information about Liberty’s work and ways in which you can support us.
Who do we share your personal data with?
We do not disclose your personal data to anyone outside Liberty except:
where we have your permission (for example if you agree to provide a quote and photo which are then used in promotional Liberty materials accompanied by your name)
to other organisations who provide a service to us or you (such as payment processing companies or print companies), or
where we are required to do so by law.
If you have agreed to receive email communications from us, we may provide your email address in an encrypted format to Facebook for the purposes of identifying people with similar interests to yours who we can display our advertising to.
This data is not retained by Facebook and is not used for any other purpose by them. You can opt out of your data being used in this way by contacting us at email@example.com.
Financial data – Processing of your personal data by third party payment providers
When you make a payment, Worldpay asks for your name, address, phone, email address, and credit or debit card information. This information is used to process your payment and to verify credit or debit card data.
Your credit or debit card details will only be retained by Worldpay – a service provided by the Royal Bank of Scotland Group Plc. These details are not retained by Liberty, although in the case of a suspected fraudulent transaction, card details may be disclosed to us for the sole purpose of performing further checks.
The other data provided (name, address, phone, email address and whether you opt in to receiving correspondence from Liberty) is captured by Engaging Networks, the software platform Liberty uses to manage actions taken by supporters through our webpages, such as signing petitions or giving donations.
This information is retained by Liberty for the purpose of managing our fundraising function. Engaging Networks’ Privacy statement is here.
If you make a single online donation to the Civil Liberties Trust, your donation also goes through Worldpay and the data provided is treated in the same way. The only additional data collection is the declaration of your tax status. This information is retained by Liberty in order to enable us to make Gift Aid claims on behalf of the Civil Liberties Trust to Her Majesty’s Revenue and Customs.
If you give to Liberty through these third parties, they will provide you with their own privacy notices. We will normally receive your name, address, donation amount and date of the donation, and make use of this data in the manner described in this policy.
Creating a new Direct Debit mandate online to support Liberty requires your name, address, email address, and details of your bank account. This information is processed by RSM2000 – the payment processing provider that establishes the regular Direct Debit payment with your bank – and is retained by us securely in order to claim monthly or annual payments from your account as per your instructions. All transactions are covered by the Direct Debit Guarantee.
How will your data be stored?
Your personal data will be kept by Liberty in a secure environment. We care about protecting your information, which is why we put in place appropriate measures designed to prevent unauthorised access to, and misuse of, your personal data.
We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures, including security measures on our servers, restricted access controls and disaster recovery plans.
How we store and transfer your data internationally
We want to make sure that your personal data is stored and transferred in a way which is secure. We will therefore only transfer data outside of the European Economic Area or EEA (the Member States of the European Union (EU), together with Norway, Iceland and Liechtenstein) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
by way of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws, or
by transferring your data to an entity which has signed up to the EU-US Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions, or
By transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country's levels of data protection via its legislation.
How long do we keep your personal information for?
We will not keep your personal information for longer than is necessary for the purposes for which we collect it unless we believe that the law or other regulation requires us to preserve it (for example, because of a request by a tax authority).
When it is no longer necessary to retain your data, we will delete the personal information that we hold about you from our systems.
Your rights and how to contact us
As noted above, you have the right to withdraw consent or object to our processing of your data. You also have the right to seek information on which of your personal information we hold and you can, in certain circumstances, implement your rights to erasure, rectification or restriction of our processing. Find about more about your rights here.
If you have comments, questions or requests regarding the processing of your personal data, please contact firstname.lastname@example.org or write to us at Liberty, 26-30 Strutton Ground, London, SW1P 2HR.
Change of policy
We may amend this privacy statement from time to time. If we do, we will post a notice of the change on the website.
Note about internet service providers
Liberty reminds visitors that most internet service providers (ISPs) maintain records of all URLs visited by their customers. Visitors should contact their ISP for more information.
You can find more information on how to protect your privacy online here.
Website legal statement
The information contained on this site gives only general guidance as to the law as it applies in England and Wales and is written for people resident in, or affected by, the laws of England and Wales only.
It should not be relied upon as an authoritative statement of the law. If you think you have a legal problem, you should obtain advice from a lawyer or adviser.
Liberty cannot guarantee that information on the site is accurate, complete or up to date. Visitors who rely on any information do so at their own risk. Availability of information is subject to change without notice.
Liberty will not be held liable (to the fullest extent permitted at law) for any loss, damage or inconvenience arising as a consequence of any use of or the inability to use any information on this site.
Liberty takes no responsibility for the contents of linked websites and links should not be taken as an endorsement.
Content on this site is protected by copyright. The copyright owner is Liberty (The National Council for Civil Liberties).
Liberty encourages people to download or copy the material for personal use. Liberty does request appropriate acknowledgment of the copyright owner if material is re-published in any format.
You may not make alterations or additions to the material on this site, or use it for commercial purposes.