Privacy Policy

Who are we?

The River Thame Conservation Trust is an environmental charity working for a river catchment with healthy fresh waters and wildlife, valued and enjoyed by local people.

Your Privacy

We are committed to keeping your personal data safe. This Privacy Policy explains what data we collect, how and why we use it and how we keep it safe. It outlines how we will store and use your information and how you can stay in control of your personal data.

1. Why do we collect personal data?

We need to collect some types of personal data to help deliver our vision of healthy fresh waters and wildlife, valued and enjoyed by local people. In line with GDPR, we will only collect, store and use your personal data when we have identified a clear purpose and reason to do so. This is known as our lawful basis for processing data.

The reasons we may collect personal data are outlined below:

a. To send you information about our work

We have a River Thame Conservation Trust Mailing List which we use to send subscribers information about the work we do, events they might be interested in attending, news from our partners and news from the wider environmental scene. The mailing list is opt-in only, meaning you give us your consent to contact you in this way and you can opt-out at any time.

We have a Thame Land Management Cluster Mailing List which we use to share farming practices across the Thame catchment. As a farmer or landowner, you may be interested in what we can offer you. The mailing list is opt-in only, meaning you give us your consent to contact you in this way and you can opt-out at any time.

For both mailing lists, we respect your right to update the information we hold about you, or your right to be removed from the list and for us to delete your details at any time. Should you want to remove yourself from either list, please click the ‘unsubscribe’ button at the footer of one of our campaign emails. If you appear inactive for over three years, such as not opening our emails, we will remove you from our database.

We have a bank of contacts which we use to deliver existing projects and develop new ones. You may be a partner or landowner working with us on one of our projects, or you may be able to help (or has previously helped) to develop new projects. In this case, we would only send you relevant information about the project, progress updates and/or to help gather information for reporting and monitoring purposes. The lawful basis for this contact would be legitimate interest or contractual.

b. To enable you to volunteer with us at events and on specific projects

If you are signed up to our River Thame Conservation Trust Mailing List, you will receive information about the work we do, events they might be interested in attending, news from our partners and news from the wider environmental scene. The mailing list is opt-in only, meaning you give us your consent to contact you in this way and you can opt-out at any time.

If you join one of our volunteer projects (such as , Water Quality Monitoring Network, Outfall Safari), you will have given us your consent to contact you about the project, store your contact details, your health and safety form including your emergency contacts’ details and bank information if we are reimbursing you for expenses. You will have given us your consent to hold information to enable us to do these things. The information is stored securely within the Trust’s database for use by RTCT staff. If we need to share your details with other volunteers, we will only do so with your consent.

If you sign up to attend one of our events or training sessions, we will store your name and email address so we can share details of the event with you. We may store information and contact you via direct email, through our website or . You will have given us your consent to collect this data. If you decide not to continue as part of one of our volunteer projects, these details will be deleted 90 days after the event.

c. To respond to your enquiries

If you have got in touch with us to make an enquiry (via the telephone, email, letter, Social Media or our website contact form), we will use the information you have provided to us to respond.

2. What personal data do we collect and how?
a. Our website
i. Cookies

A cookie is a small file which can be placed on your device and is used to improve your online experience.

You can choose to accept or decline cookies. However, declining cookies on our website may prevent you from taking full advantage of our website.

If consent is given to accept cookies, the cookie file is added to your computer and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

At RTCT, we use cookies for a variety of reasons. Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. We monitor how many people have visited our website and use traffic log cookies to identify which pages are being used. This information helps us analyse data about webpage traffic and improve our website to our customers’ needs.

We only use this information for statistical analysis purposes and then the data is removed from the system. The cookies we use in no way give us access to your computer or any information about you other than the data you choose to share with us.

You can find more information about cookies at www.allaboutcookies.org

ii. Leaving a comment

When visitors leave comments on the site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here. After approval of your comment, your profile picture is visible to the public in the context of your comment.

iii. Leaving our website

If you leave our website, by clicking a link to an external site, we are not responsible for the privacy practices of any of these other websites.  If you have followed a link from this website to another website you may be supplying information to a third party.

b. Basic Information
  • Your name, email, telephone number
  • Your postal address for specific projects
  • Your bank details if you are donating to us or claiming expenses
  • Your role and the organisation you work for

This information will have been collected directly from you or in the case of project development, it may be publicly available on the internet.

c. Additional information about you
  • A record of the events you have attended and activities you have been involved in
  • How much time you have spent volunteering with us and on which activities
  • Photos of you at our events

This information will be gathered through our event sign-in sheets. There will always be a clear Privacy Notice stating what we are collecting this from you and why.

d. Sensitive Personal Data

There are some circumstances where we will need to gather information which is classified as sensitive personal data. For example, if you volunteer with us, we may collect:

  • references
  • criminal records checks
  • details of emergency contacts
  • medical conditions

When we do so, we will be very clear as to why we are collecting such information, and we require your consent to do so.

To abide by the Health & Safety Act (1974), we may also collect sensitive personal data in case of an accident on our premises or at one of our events. This information will be recorded in our Accident Report folder and will be retained for three years for legal reasons. The information will be anonymised into a report for the Trust to help improve the safety of our work and events. This information is kept on file indefinitely but cannot be attributed to an individual.

e. Children and young people

We will not collect, store or process your personal details if you are under 13 years old unless your parent or guardian has given us their consent to do so.

3. How do we store the data?

If your personal data is electronic, it will be stored on our server. Personal data stored physically will be kept securely on our premises. For both, we control who has access to information.

Our staff have received in-house data protection training on our policies and we have a set of data protection procedures which staff are required to follow when handling personal data.

All of the personal data we process is processed by our staff in the UK, however for the purposes of IT hosting, or reporting to external funders, your information may be situated outside of the European Economic Area (EEA).

For example, we use the following cloud-based technology to store and process some data and, where we have your consent to do so, we use photos on our social media accounts to promote what we do. Links to their relevant Privacy Policies are provided below:

EventBrite          https://www.eventbrite.com/support/articles/en_US/Troubleshooting/eventbrite-eu-data-protection

Facebook            https://www.facebook.com/about/privacy/update

Google                 https://cloud.google.com/security/gdpr/

Mailchimp           https://kb.mailchimp.com/accounts/management/about-the-general-data-protection-regulation

Microsoft            https://privacy.microsoft.com/en-us/privacystatement

Twitter                 https://twitter.com/en/privacy#update

What’s app         https://www.whatsapp.com/legal/#privacy-policy-information-we-collect

WordPress         https://wordpress.org/about/privacy/

If we are aware of a data breach, we will take appropriate action and contact the relevant organisations and/or individuals concerned.

4. How long will we keep your data?

We will only keep your data as long as necessary. For each data category, we have assessed how long we need to keep it to ensure we protect your individual rights but also abide by relevant laws and best practice. If you want to find out more about how long we keep data for, please contact us.

a. Your rights

Under GDPR, you have rights as an individual.

The right to be informed: Our Privacy Policy outlines how we capture your data, how we store it and how we use it. If you have any questions about this, please contact us.

The right of access: You are entitled to know what data we hold on you. If you would like to see a record of what we hold, you can send a Subject Access Request to us for no charge, and we will respond within one month. To do this, email enquiries@riverthame.org with the subject: Subject Access Request Form.

The right to rectification: We will update any information we hold on you that is inaccurate or incomplete.

The right to erase: You can ask us to remove or anonymise the information we hold on you.

The right to restrict processing: You can ask us to stop using your personal data at any time.

The right to data portability: You can ask to obtain your personal data from us for your own purposes.

The right to object: You can ask to be excluded from any marketing activity.

Rights in relation to automated decision making and profiling: We will not subject you to a decision that is based on automated processing.

5. Making a complaint

Overall responsibility for this policy and its implementation lies with our Boards of Trustees. While we endeavour to protect your privacy, you are entitled to make a complaint if you feel we have failed to do so. You can make a complaint directly to us. If you do so, it will be treated confidentially.

If you feel we have not handled your complaint properly, you can get in touch with the Information Commissioner’s Office directly. For further assistance with complaints regarding your data, please contact the Information Commissioner’s Office, whose remit covers the UK.

Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Telephone: 0303 123 1113         Email: casework@ico.org.uk

6. Making changes

We reserve the right to change this privacy policy at any time without prior notice to you. Any changes will be posted on our website and become effective at the time of posting. In the event that changes are made that affect the use or disclosure of your personal information, we will make reasonable efforts to notify you of these changes.

Get in touch

Should you wish to find out more about the information we hold about you, or about our Privacy Policy, please contact us.

Email: enquiries@riverthame.org

Post: River Thame Conservation Trust, Bury Knowle House, Headington, Oxford, Oxfordshire, OX3 9HY.

Join our Mailing List

Stay up to date with our work with quarterly updates straight to your inbox

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Read past issues of our newsletter here.