Privacy policy
1. Introduction
At Blue Cross, we are committed to protecting your privacy. This Policy explains how and why we use your personal data (i.e. any information which identifies you, or which can be identified as relating to you personally), to ensure that you remain informed and in control at all times. We will never sell your personal data. We will only ever share it with organisations who help us deliver our projects where strictly necessary and only if they comply fully with data protection law.
Please read this privacy policy together with any other information that we may provide on specific occasions when we ask to collect or process your personal data so that you are fully aware of how and why we are using it.
Any questions?
If you have any data protection questions in relation to this Policy, about how we use your personal data in general, or if you would like to make a request to exercise any of the rights you have over your personal data (see section 11 of this policy for more details), please send them to the Data Protection Officer at Blue Cross. The Data Protection Officer can be contacted by e-mailing [email protected], calling 0300 777 1897 or in writing to:
The Data Protection Officer
Blue Cross
Shilton Road, Burford,
Oxfordshire, OX18 4PF
How to contact us
If you are a Blue Cross supporter and would like to update the personal data we hold about you or wish to opt out of receiving marketing communications from us, you can let us know by writing to Customer Services at Blue Cross, Shilton Road, Burford, Oxfordshire, OX18 4PF or by email [email protected] or phoning us on 0300 790 9903. If you do not wish to receive future mailings we may need to add your details onto our database with a “do not contact” indicator. This is to ensure we can remove your details from any future mailing lists used to reach potential new supporters. If you are not a Blue Cross supporter and have received something from us that you are unhappy with then please contact our Customer Care Team. We check any new mailing list we use for “do not contact” indicators against our own records and against the Mailing Preference Service and Fundraising Preference Service, before sending out a communication to those on the mailing list.
2. About Blue Cross
We are Blue Cross, a registered charity (charity no. 224392 in England and Wales or SC040154 in Scotland). Like many charities, we are a company limited by guarantee (company no. 00363197). We also have a wholly-owned subsidiary, Blue Cross Trading Company Limited, a company registered in England and Wales (company no. 2203092), which only operates in ways which help to further our charitable aims. Our registered office is at Shilton Road, Burford, Oxfordshire, OX18 4PF. For the purposes of data protection law, we are a controller of your personal data and are registered with the Information Commissioners Office under the registration number Z578757X for the registered charity and Z4765166 for the trading company. This means we make decisions about how and why it is used, and have a duty to ensure your rights are protected.
Our purpose
Blue Cross is a charity that has been helping sick, injured, abandoned and homeless pets since 1897. We help thousands of pets in need, providing veterinary care, expert behaviour help and finding them loving homes. We also give advice and education for current and future pet owners and offer pet bereavement support.
3. Information we collect about you
3.1 Personal data you provide
We collect the personal data you provide to us. This includes information you give when you sign up to our newsletter or a campaign, make a donation, volunteer with us, contact us about a pet for rehoming or bring your pet into one of our animal hospitals, clinics or a veterinary practice that we work in partnership with, request pet care advice, register or participate in an event, purchase goods or services, or send an email to us.
The personal data we collect may include:
- personal details (name, date of birth, email, address, telephone, next of kin etc);
- financial information (payment information such as credit/debit card or direct debit details, and whether donations are gift-aided); and
- details of your preferences and interests e.g. which species you are most interested in.
- your pet’s name, name of veterinary surgeon.
If you sponsor a pet as a gift for someone else, or are the parent of one of our younger volunteers, your details will be recorded, as will your relationship to that person.
3.2 Personal data created through your involvement with us
Your activities and involvement with Blue Cross will result in personal data about you being created. This may include details of pets you have rehomed, how you have helped us as a volunteer, and your involvement with one of our appeals. If you decide to donate to us, we will keep a record of when, how much you have donated, and through what medium e.g. an appeal, sponsoring a pet, or via a charitable trust. If you choose to Gift Aid with a donation to us, then we will ask for your address and UK taxpayer status as this information is needed to fulfil our obligations under tax and charity law. It will also be shared with HMRC for tax regulation purposes.
3.3 Personal data we generate
From time to time, we conduct research and analysis on the information we hold, which can in turn generate personal data. For example, by analysing your interests and involvement with our work we may be able to build a profile which helps us decide which of our communications are most likely to interest you. Section 6 contains more information about how we use information for profiling and targeted communications.
3.4 Information from third parties
We sometimes receive personal data about individuals from third parties such as vet practices and other animal welfare organisations with whom we work to rehome pets and to provide veterinary services. If you participate in an event organised by an external party or make a donation through a donation aggregator like JustGiving, then they may pass personal data about you to us. Also, as explained in Section 6 we may use third parties to help us conduct research and analysis on personal data which can result in new personal data being created.
Recruiting new supporters
To enable us to recruit new supporters we use agencies for conducting face-to-face fundraising at private sites, to recruit face-to-face at shows, to send postal mail and to conduct door-to-door fundraising. Other methods to recruit new supporters include online advertising, press, radio and TV adverts and using social media channels. Where we have your consent to do so or have an ongoing relationship with you we will send appropriate information to you about our organisation and the things we are doing. This may include requests for donations.
Ensuring our fundraising is efficient and effective
We sometimes add extra information to that which you have already given us so that we can make sure our fundraising activity is appropriately directed. In particular this data may be used to help us decide at what level to seek your support – from a gift of a few pounds to (in a very small number of cases) many thousands of pounds. Such data may be obtained or derived from public records (e.g. Companies House) or from organisations such as the Royal Mail which maintains the National Change of Address database, or from information published in newspapers. We may obtain this information directly from sources like these or from third parties like Factary and Prospecting for Gold. Where we use this data we are careful to check the integrity of the data source and the accuracy of information provided. We conduct both a Data Protection Impact Assessment and a Legitimate Interests Assessment in respect of this work in order to ensure that we always respect your rights. If a third party is used for this process they may only use any personal data we provide for Blue Cross’ purposes, and they may never retain it for their own purposes.
3.5 Special categories of personal data
We do not normally collect any special categories of personal data about you, such as your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Nor do we collect any information about criminal offences and convictions. However, there are some situations where we will collect special categories of personal data such as your health if you are participating in a fundraising activity like running a marathon. If we do need to collect this sort of data, we’ll take extra care to ensure that your privacy rights are protected.
3.6 Accidents or incidents
If an accident or incident occurs on our property or involving one of our staff (including volunteers), our record of what happened and the action we have taken as a result may include personal data and special categories of personal data.
3.7 Volunteers
Our volunteers are incredibly important to Blue Cross. If you wish to find out more about what personal data we collect from them and how we use it, please see our Volunteer Privacy Policy.
4 How we use personal data
We only ever use your personal data with your consent, or where it is necessary in order to:
- enter into, or perform, a contract with you such as when you purchase a product from our catalogue;
- comply with a legal duty such as under the gift aid scheme where we are required to inform you of the proceeds of your donated items in our shops;
- protect your vital interests for example in a life or death situation; or
- for our own (or a third party’s) legitimate interests, provided your rights don’t override these for example sending direct marketing communications by post unless you tell us that you don’t want to receive them from us.
In any event, we’ll only use your information for the purpose or purposes it was collected for (or else for closely related purposes).
4.1 Administration
We use personal data for administrative purposes, i.e. to carry on our charitable work. These include:
- sending appointment reminders to clients of our animal hospitals or veterinary clinics, or providing health updates;
- keeping records of veterinary clients or those in receipt of veterinary grants;
- if you participate in an event organised by us, keeping you updated;
- processing donations and gift-aid declarations;
- managing feedback and complaints;
- maintaining databases of our volunteers and donors, e.g. to make sure that the personal data they contain is accurate and up to date;
- fulfilling orders for goods or services, whether placed online, over the phone or in person;
- helping us respect your choices and preferences, (e.g. if you ask not to receive marketing communications, we will keep a record of this);
- asking you to take part in a survey;
- enabling you to participate in a prize draw or competition.
4.2 Using your information to enforce and comply with the law
We must ensure our activities comply with the law. Therefore, we may need to share your personal data if we are required to do so by law, e.g.in connection with a court order. We may use your personal data for other purposes such as fraud prevention, to comply with money laundering regulations and to protect people’s rights, property or safety.
If certain levels of financial donations are made, the Fundraising Regulator’s Code of Fundraising Practice requires all charities in the UK to perform certain checks regarding the individual who has made the donation. More details can be found at www.fundraisingregulator.org.uk.
Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.
4.3 Our legitimate interests
We may process your personal data on the basis of our legitimate interests, provided that your fundamental rights do not override those interests. Our legitimate interests are:
- to keep our records updated;
- to administer our relationship with you;
- to determine how our limited resources might be used in the most effective way, including directing our fundraising activity most appropriately;
- to protect our security, guard against fraud and other wrongdoing; and
- to inform our marketing (including fundraising) and maximise support engagement and participation
4.4 Who we share your personal information with and why
We take all reasonable efforts to keep your details safe and secure and will only share them with suppliers or professional agents working on our behalf, for example professional fundraising organisations who send out our fundraising or marketing materials or telephone agencies making fundraising calls on our behalf, or companies who help us understand and plan our fundraising efforts, and identify donors and groups of donors where a more personal approach would be appropriate. We carefully select our partners and will only share information with them if we are confident that they will protect it and comply with data protection law. We will always have a contract in place with them that assures this.
We will never share your details with other organisations to use for their own marketing purposes.
We may also use other companies to provide services and process your personal information on our behalf including delivering postal mail, making telephone calls to our supporters, sending emails, sending SMS messages, processing credit card payments and analysing our supporter information (as set out in section 6) to help us communicate with you in the most appropriate way.
We may share your personal information with veterinary practices to provide the products or services you’ve requested or require from us, but only to the extent strictly necessary.
We use a separate company (Otter House Limited) to manage and fulfil orders to customers from our catalogue and online Blue Cross shop. We also use them to manage the distribution of our catalogue to our supporters.
4.5 Gifts in wills
We are provided with personal data from and about Executors, Trustees, solicitors, co-beneficiaries, next of kin and other nominated individuals or companies during the legacy administration process. We also receive regular reports from an agency when Blue Cross is named as a beneficiary within a will and are provided with a copy of the grant and testamentary documents once probate is granted and the information is in the public domain. We also receive from and provide information to other charities in which we share an interest under a will or codicil.
The type of information we receive includes home addresses and other contact details. Personal information such as this is only used for the purposes of administering the gift, we do not use such data to market or fundraise. Information may be shared internally but only on a need to know basis, for example to our Executive Team or delegated officers if a decision needs to be made during an administration.
All personal data is held on our case management system which enables our Legacy Administration Team restricted and licenced access to monitor and manage our entitlement under a will in which we benefit. As standard we work in a paperless office, but when paper records are retained, these are held within a secure area and in accordance with retention schedules and subsequently securely destroyed.
If we have a life interest gift such as a property that is being lived in by a tenant and our benefit derives on their death, a longer retention period will be appropriate. In these cases it is likely we will hold sensitive personal data (Special Categories of Personal Data) which is only held for the purposes of administering the gift and liaising with life tenants and will be information they have provided to us or we make them aware we hold this information at collection.
If Blue Cross are named Executor or Administrator it will be appropriate for us to hold this information as required to fulfil our ongoing duty.
5 Marketing
5.1 What does “marketing” mean?
Marketing includes news and information about:
- our charity, aims, ideals and what we stand for;
- our pet rehoming, veterinary and behaviour work;
- appeals and fundraising (including details of how to leave a legacy, donations etc.);
- our events and activities; and
- products, services and offers (our own, and occasionally those of third parties which may interest you).
5.2 Fundraising
As a charity, we rely on donations and support from others to continue our important work. From time to time, we will contact existing donors with fundraising communications. This might occur after a predetermined period, relate to an appeal, or suggest ways you can raise funds for us. This could range from taking part in a sponsored event to buying a product or service where Blue Cross will receive some of the proceeds e.g. a pet insurance package.
We will contact you by email where you have consented for us to do so.
We may contact you by phone if you have consented for us to do so. If you are registered on the Telephone Preference Service (“TPS”) we will only call you if we have your consent to do so.
If you have provided us with your postal address we may write to you about our work unless you tell us that you would prefer not to hear from us in this way. If you are registered on the Mail Preference Service (“MPS”) we will only write to you if we have your consent to do so.
We will not use your information for marketing communications if you have indicated that you do not wish to be contacted for such purposes. You can let us know at any time if you’d like to change your preferences or stop receiving communications altogether; please use the details in section 1 to let us know your preferences.
If you receive our e-newsletters, you can use the unsubscribe link in any of the emails we send to stop receiving these.
If you ask us not to contact you, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future.
5.2 Targeting our communications and researching our supporters
Our supporters make all of our vital work for pets in need possible. We have a duty to make sure that we are spending your donations wisely and that means doing some research and analysis to inform our decisions. We are continually striving to understand our supporters better, and communicate in the most appropriate and relevant way we can.
In order to work out who to contact, we, or a company working on our behalf, may analyse the personal data you provide to us and / or information we obtain in ways described in section 3.4 above in order to tailor our communications with you and make our appeals more relevant and cost-effective. Specifically, we carry out the following activities:-
5.2.1 Donor grouping
We may use freely-available information about a certain geographical area in order to better predict what residents of that area would be interested in e.g. residents of Oxford are unlikely to be interested in a new hospital which is opening up in Cornwall. We may also combine these demographic indicators with information you give us e.g. the types of appeals you have responded to in the past, in order to build a more accurate profile of the area. We may obtain likely indicators of interest or financial status based on your postcode rather than at an individual level. However, this information won’t be specific to you.
We keep track of the amount, frequency and value of each person’s donation, and where possible, what the donation relates to. This information helps us to ensure communications are relevant and timely and to send different communications to people who might choose to support us in a significant way.
5.2.2 Donor research
Our Major Donor team undertake research in-house or commissioned from third parties and where available may use data that is in the public domain, (such as directorships you hold as listed on Companies House, or press articles) which relate to you or your business. If collected, we would only use this information to tailor our communications and invite potential and current supporters to meetings, groups and events which might be of special interest.
6 Profiling
Profiling is a common technique used in direct marketing and involves analysing data to improve targeting of communications.
We use may use profiling to analyse some or most of our supporter base. For example, we may use algorithms to allow us to most effectively target the right communications to the right supporters.
In section 3.4 above we refer to the use of data obtained from third parties to help us to decide at what level to seek your support. Some of this data may have been derived using statistical or other techniques which could be regarded as profiling.
In addition to the above we may aggregate and anonymise personal data so that it can no longer be linked to any particular person. This information can be used for a variety of purposes, such as targeting new donors, or to identify trends or patterns within our existing supporter base. This information helps inform our actions and improve our appeals, products/services and materials.
You have a right to prevent us from using your data for profiling purposes. You can use the details below to exercise that right.
7 Our website and cookies
We do not collect or process personal data about visitors to our website unless they choose to provide it, such as when signing up to our newsletter.
We may collect personal data about visitors to our website as this helps us optimise and improve it for everyone. This information might include your internet protocol address, the browser being used, the device (eg its operating system) and the connection type (eg the internet service provider). However, none of this information is likely to directly identify you.
7.1 Cookies
Our website may use ‘cookies’ to enhance your experience and enable certain functionality (such as keeping track of your shopping cart or remembering that you have visited our website recently.). Web browsers place cookies on hard drives for recordkeeping purposes and sometimes to track information (such as repeat visits). Some optional cookies are set by third parties to deliver services such as personalised advertising.
You can select your cookie preferences and change or withdraw your consent at any time via our cookie policy page. You can also choose to set your web browser to refuse cookies, or to alert you when cookies are being sent. However, if you refuse to allow cookies, this may interfere with your ability to use our website in the most efficient way.
Read more about our cookies policy.
7.2 Remarketing
You may notice that sometimes, after visiting our website, you see an increased number of adverts from us on third party websites about things we think you might be interested in. This is because we sometimes use remarketing services such as Google and Facebook to ensure we only show relevant adverts to users. Providers like Google use this data to deliver personalised adverts. Any data collected will be used in accordance with our own privacy policy as well as the privacy policies of Google and Facebook.
We will retain remarketing data from Google for 30 days and for up to 180 days for Facebook.
7.3 Consent for marketing and cookies
Cookies that are not strictly necessary for the website to work are only used with your consent. You can select your cookie preferences and change or withdraw your consent at any time via our cookie policy page.
You can learn about how third parties use cookies, see how they advertise to you and set your preferences via their policy and ad settings pages.
- See how Google uses your personal data when you give consent on our site in Google’s Privacy and Terms and opt out of Google’s use of cookies through Google’s Ads Settings.
- Set preferences for how Meta advertises to you using your Facebook ad preferences.
7.4 Hyperlinks to other websites
Our website may contain hyperlinks to pages maintained by third parties. We are not responsible for the content or functionality of any of those external websites. If an external website requests personal data from you, whatever information you provide will not be covered by this policy. We suggest you read the privacy policy of any website before giving up any of your personal data.
8 Keeping your information safe
We employ a variety of physical and technical measures to keep your personal data safe and to prevent unauthorised access to, or use or disclosure of it. Electronic data and databases are stored on secure computer systems and we control who has access to them (using both physical and electronic means). Our staff and volunteers receive data protection training, and we have a set of detailed data protection procedures which they are required to follow when handling personal data.
We cannot absolutely guarantee the security of the internet, external networks or your own device, accordingly any online communications (e.g. information provided by email or through our website) are at your own risk.
9 Storage and retention
We only store personal data as long as it is required for the purpose(s) we collected it for (or for a related compatible purpose, such as keeping a record of a donation). Legal requirements mean that we have to retain certain items of personal data for a given period of time e.g. gift aid declarations must be retained for seven years. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of it, the purposes for which we process it and whether we can achieve those purposes through other means, together with the applicable legal requirements. We regularly review what data we have and delete that which is no longer necessary. In certain situations you have the right to request that your personal data be deleted (the ‘right to be forgotten’); please see section 11 for further details.
Details of retention periods for different aspects of your personal data are available in our retention policy and schedule which you can request by contacting us.
International transfers
Except as set out below, we normally only store personal data within the European Economic Area (EEA). If one of our subcontractors (such as a payment processor) needs to transfer it outside of the EEA then we will take steps to make sure adequate levels of privacy protection, in line with UK data protection law, are in place.
10 Children's personal data
We are committed to protecting the privacy of the young people that volunteer, fundraise, attend events organised by us and at schools or clubs or engage on our website. Where appropriate we will ask and obtain the consent of a parent or guardian.
11 Your rights
We want you to remain in control of your personal information. Part of this is making sure you understand your legal rights, which are as follows:
(a) where data is processed on the basis of consent, the right to withdraw that consent;
(b) the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of it (subject access);
(c) the right to have inaccurate data rectified;
(d) the right to object to your data being used for marketing or profiling, or on the basis of our or a third party’s legitimate interests;
(e) the right to restrict how your personal information is used; and
(f) the right to be forgotten, which allows you to have your data erased in certain circumstances. Please note this is not an absolute right and may not apply if we need to continue using it for a lawful reason.
(g) the right to data portability, which allows individuals to obtain and reuse the personal data they have supplied to Blue Cross for their own purposes across different services in a safe and secure way.
If you would like further information on your rights or wish to exercise them, please write to the Data Protection Officer using the details given in section 1, with details of your request.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so (for example, because the personal data no longer exists or there is an exception which applies to your request).
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner's Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
12 Updates to this policy
We may update this Policy at any time. When we do, we will post a notification on our website and revise the updated date at the bottom of this page. We encourage you to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we hold.
This Policy was last updated on 30 July 2024.