Privacy and security
Who are ‘we’?
In this policy, whenever you see the words ‘We’, ‘Us’ or ‘Our’, it refers to the RNLI, RNLI Shop and RNLI College. RNLI Shop and RNLI College are separate companies, each registered as a data controller in their own right.
RNLI Shop sells a range of goods and enters into corporate partnership arrangements; all of its profits are passed to the RNLI. RNLI College owns and operates Our crew and lifeguard training centre in Poole. Its facilities (including bedrooms, conference rooms, restaurant and bar) are used by Our people who come from all over the UK and Republic of Ireland for training. It markets any spare capacity of these assets to the public and to corporate clients, and passes all its profits to the RNLI.
Both these companies are wholly owned and controlled by the RNLI. Many of the staff who work for these two companies – including all the company directors – are RNLI employees and the companies share many of the RNLI’s ‘head office’ functions such as marketing, legal and HR.
The full legal information for each entity is:
RNLI is The Royal National Lifeboat Institution, a charity registered in England and Wales (209603), and Scotland (SC037736). Registered Charity number 20003326 in the Republic of Ireland
RNLI Shop is a trading name of RNLI (Sales) Limited, a company registered in England and Wales at West Quay Road, Poole, Dorset, BH15 1HZ; Reg. Co. number 2202240
RNLI College Limited is a company registered in England and Wales at West Quay Road, Poole, Dorset, BH15 1HZ; Reg. Co. number 7705470
Your acceptance of this policy, and Our right to change it
By using Our websites, social media pages, entering a competition or providing your information you consent to Our collection and use of the information you provide in the way(s) set out in this policy. If you do not agree to this policy please do not use Our sites, social media pages or services.
We may make changes to this policy from time to time. If We do so, We will post the changes on this page and they will apply from the time We post them. This policy was last changed on 14 July 2016.
What is personal data?
Personal data is information that can be used to help identify an individual, such as name, address, phone number or email address.
The policy in brief
It’s important that you read the full policy to understand what information We hold, how We may use it, and what your rights are – but if you don’t have time to read it all now, here’s a quick summary:
- We collect information that is either personal data (as outlined above) or non-personal data (such as IP addresses, pages accessed etc)
- We collect information about the people We assist or rescue, members, supporters, users, volunteers and employees.
- We collect information to provide services or goods, to provide information, to fundraise for Our lifesaving work, for administration, research, profiling, analysis, and for the prevention/detection of crime.
- We only collect the information that We need or that would be useful to Us in Our quest to provide the best possible service.
- We do Our very best to keep personal information secure, including SSL technology (secure server software) wherever We collect personal data online.
- We never sell your data and We will never share it with another company or charity for marketing purposes.
- We only share data where We are required by law or with carefully selected partners who do work for us. All Our partners are required by their contract to treat your data as carefully as We would, to only use it as instructed, and to allow Us to check that they do this.
They are the basics, but don't forget to come back later and read the full policy (below), so you've got all the details you need.
the full policy
This policy applies to all the websites We operate, Our use of emails and text messages for marketing purposes, and any other methods We use for collecting information. It covers what We collect and why, what We do with the information, what We won’t do with the information, and what rights you have.
What information do We collect and why?
We will only ever collect the information We need – including data that will be useful to help improve Our services. We collect two kinds of information:
- non-personal information such as IP addresses (the location of the computer on the internet), pages accessed and files downloaded. This helps Us to determine how many people use Our sites, how many people visit on a regular basis, and how popular Our pages are. This information doesn't tell Us anything about who you are or where you live. It simply allows Us to monitor and improve Our service.
- personal information such as name, postal address, phone number, email address, date of birth (where appropriate), information about your interests and hobbies etc.
We collect this information in connection with specific activities, such as newsletter requests, registration or membership requests, product purchases, feedback, donations, competition entries etc. The information is either needed to fulfil your request or to enable Us to provide you with a more personalised service. You don't have to disclose any of this information to browse the sites. However, if you do choose to withhold requested information , We may not be able to provide you with certain services.
What do We do with the information?
We will use the information you provide to:
- fulfil your requests – such as applications for membership, donations, competition entries, participation in campaigns and provision of information
- process sales transactions, donations, or other payments and verify financial transactions
- identify visitors and contributors
- handle orders, deliver products and communicate with you about orders
- provide a personalised service to you when you visit Our websites – this could include customising the content and/or layout of Our pages for individual users
- record any contact We have with you
- prevent or detect fraud or abuses of Our websites and enable third parties to carry out technical, logistical or other functions on Our behalf
- to carry out research on the demographics, interests and behaviour of Our users and supporters to help Us gain a better understanding of them and to enable Us to improve Our service. This research may be carried out internally by Our employees or We may ask another company to do this work for Us
- communicate with Our supporters and customers
- if you have agreed to it, provide you with information that We think may be of interest to you.
Using your information for marketing
In 2016 the RNLI was the first major charity to announce that it was moving to an 'opt-in only' communication policy. This means that, as of January 2017, We only send marketing information to people who have specifically said that they agree to Us doing this, and We will only do so in the way(s) they have agreed to. Marketing information covers information from RNLI Shop and RNLI College about the goods and services sold, fundraising appeals by the RNLI, and information about Our rescues and the other work We do such as providing safety messages and education.
So, as of January 2017, only those people who have opted in will receive these communications. If you want to receive this information but haven’t opted in, you can do so by emailing email@example.com or by calling Our Supporter Care team on weekdays between 8am-6pm on 0300 300 9918 or +44(0)1202 663234 (non-UK).
If We contact you by email, every message We send will include a link to opt out of receiving future messages if you change your mind. If We contact you by other means and you want to change how – or if – you receive Our communications, please call Supporter Care on weekdays between 8am-6pm on 0300 300 9918 or +44(0)1202 663234 (non-UK).
Sharing your information
We will only share your information if:
- We are legally required to do so, e.g. by a law enforcement agency legitimately exercising a power or if compelled by an order of the Court
- We believe it is necessary to protect or defend Our rights, property or the personal safety of Our people or visitors to Our premises or websites
- We are working with a carefully-selected partner that is carrying out work on Our behalf. These partners may include mailing houses, marketing agencies, IT specialists and research firms. The kind of work We may ask them to do includes processing, packaging, mailing and delivering purchases, answering questions about products or services, sending postal mail, emails and text messages, carrying out research or analysis and processing card payments. We only choose partners We can trust. We will only pass personal data to them if they have signed a contract that requires them to:
- abide by the requirements of the Data Protection Act
- treat your information as carefully as We would
- only use the information for the purposes it was supplied (and not for their own purposes or the
purposes of any other organisation)
- allow Us to carry out checks to ensure they are doing all these things.
Storing your information
Information is stored by Us on computers located in the UK. We may transfer the information to other offices and to other reputable third party organisations as explained above – they may be situated inside or outside the European Economic Area. We may also store information in paper files.
We place a great importance on the security of all personally identifiable information associated with Our supporters, customers and users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal data under Our control. For example, only authorised personnel are authorised to access user information and We use secure server software (SSL) to encrypt financial and personal information you input before it is sent to Us. While We cannot ensure or guarantee that loss, misuse or alteration of data will not occur while it is under Our control, We use Our best efforts to try to prevent this.
Unfortunately, the transmission of data across the internet is not completely secure and whilst We do Our best to try to protect the security of your information We cannot ensure or guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred.
Where you or We have provided a password enabling you to access parts of Our websites or use Our services, it is your responsibility to keep this password confidential. Please don't share your password with anyone.
We will keep your information only for as long as We need it to provide you with the goods, services or information you have required, to administer your relationship with Us, to inform Our research into the causes and prevention of drowning or the preferences of Our supporters, to comply with the law, or to ensure We do not communicate with people that have asked Us not to. When We no longer need information We will always dispose of it securely, using specialist companies if necessary to do this work for Us.
What We don’t do with your information
We never sell or share your information to other organisations to use for their own purposes.
The Data Protection Act gives you certain rights over your data and how We use it. These include:
- the right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed
- the right to prevent your data being used for direct marketing
- the right of access to a copy of the information We hold about you (known as a subject access request)
If you wish to exercise any of these rights please contact the Data Protection Officer in writing at RNLI, West Quay Road, Poole, BH15 1HZ or by emailing firstname.lastname@example.org. Please note it is Our policy to charge the statutory maximum fee of £10 for a subject access request.
For more information about your rights under the Data Protection Act go to the website of the Information Commissioner’s Office at ico.org.uk.
The RNLI is not a ‘public authority’ as defined under the Freedom of Information Act and We will not therefore respond to requests for information made under this Act; using the funds generously donated to Us by Our supporters for such activities is not in accordance with Our charitable purposes.
other important information
Some of the services We offer are aimed specifically at children (for example Our Storm Force membership club, and Swim Safe programme) and to deliver these services safely it is necessary for Us to collect data and store it on Our database. Before We collect data from anyone under 18 We will always ask them to:
- obtain the permission of a parent or guardian before registering with Us, and
- let an adult know before they use Our sites to obtain information about fundraising, campaigning or supporting Our work.
It is Our policy not to request donations or subscriptions, or accept product orders, from children under 18.
Links to third party websites
Social media sites
Other people’s data
Some of the services We offer allow you to provide the personal data of other people (eg tagging people on photos on social media or using Our ‘Tell a Friend’ service). Before providing anyone else’s data please ensure they are happy for you to do so and under no circumstances must you make public another person’s home address, email address, or phone number.
If you have any questions about this policy or how We use data please contact the Data Protection Officer at the address given above or via email (email@example.com).