Data Protection Officer
The Green House
244-254 Cambridge Heath Road
London E2 9DA
Who are nurtureuk?
We are the UK's leading charity that specialises in the practice of nurture. We also own and operate the Boxall Profile® Online tool.
Our registered charity number in England and Wales is 1115972. In Scotland, our registered charity number is SC042703.
The types of information we collect through this website
When you engage with us – for example, by ordering our services or products, or getting involved in our campaigns – we may collect and process information about you, or about other people who you are working on behalf of (“your personal information”). Depending on the activity, this may include name, email address, postal and billing address, telephone number, and name of employer.
We’ll also ask for information when you report a problem with our website, and if you contact us, we may keep a record of that correspondence.
Sometimes, we may ask you to complete surveys that we use for research purposes, but you’re under no obligation to respond to them.
We may also collect details of your visits to our website, including traffic data, location data, weblogs and other communication data, as well as the resources that you use.
Please note that if you are submitting personal information on behalf of another person, you agree that you either have their consent to do so, or are sharing the information with us for another lawful reason.
How we use your personal information
- We use your personal details to generate helpful pre-filled forms or invoices on our website.
- We may send you information about products or services you’ve ordered, including related fundraising or campaigning activities.
- We analyse the way people use our website, to make it as efficient and user-friendly as possible.
- We use IP addresses to establish your approximate location, prevent disruptive use of our website, and to see how many visits we receive from different countries or areas.
- We use personal data to understand our customers better, to make our direct marketing more targeted, and to provide our customers with the most relevant information.
All of this data will be securely stored on our servers, or as specified in the sections of this policy headed ‘Where we store information related to your use of this website’ and ‘How we store and process information related to use of nurtureuk services’.
If you no longer want us to store or use your information, you can request that we delete your data (see the section headed ‘How to access or delete your personal information’).
How we’ll contact you
If we contact you by phone or letter, we won’t do so again if you ask us not to. You can contact us to change your contact preferences by logging into your account on the nurtureuk website, or – if you don’t have an account – by emailing our team on firstname.lastname@example.org or calling +44 (0)203 475 8980.
We will never contact you to send you information about how you can support nurtureuk by email or text, unless you’ve given us permission to do so.
How we handle your personal information
We use SSL encryption on our website to encrypt any information you give us. This ensures that the data is collected and stored securely.
Once your data has been collected, we use reasonable and appropriate measures to ensure its security, including strict controls over who can access and process your data.
nurtureuk will never rent or sell your personal information to any other organisation, for use in their own direct marketing activities. Except as specified in the section headed ’Where we store and process information related to your use of nurtureuk services’, we will only disclose or share your personal information to third parties if:
- We are legally obliged to do so
- To protect the rights, property or safety of nurtureuk, our donors or others. This includes sharing information for the purposes of fraud detection and protection.
How we handle direct debit or credit card information
We always make sure that sensitive information, like debit cards, credit cards or personal information is collected and stored securely. Both we and our partners always use SSL encryption to encrypt data sent between us and our customers.
nurtureuk is Payment Card Industry (PCI) compliant and we use external PCI compliant providers to collect this data on our behalf. We do not store PCI data on our own systems.
To protect yourself when sending us sensitive information, please ensure that you’re using devices running supported operating systems and regularly updated browsers that offer some form of malware protection. Only ever connect your devices to networks that you trust.
How we use recurring payment methods
For some of our services, we allow individual customers to pay using recurring monthly or annual 0% interest instalments.
For some events, you can pay using a 0% monthly instalments payment system, over 6 or 8 months – depending on your preference.
If you pay for an annual membership subscription, you’ll be asked to agree to recurring annual payments before signing up. We will always notify you before your subscription is due to renew.
You can cancel a recurring payment to nurtureuk at any time. However, if you still owe us a payment, we’ll send you an invoice and reminders until the balance is settled. We’ll also explain the different ways you can pay this balance. To cancel a recurring payment, please email: email@example.com.
Securing your passwords
If you’ve chosen or been given a password to access certain parts of our website, you’re responsible for keeping that password confidential and not sharing it with anyone else.
Where we store information related to your use of this website
nurtureuk uses internet service providers and servers located in the UK or the European Economic Area. We’ll ensure that your personal information related to your use of this website is held by those internet service providers, in compliance with UK data protection regulations, including the Data Protection Act 2018 and the UK GDPR.
How we store and process information related to use of nurtureuk services
Depending on the nurtureuk services you use, buy, or sign up for on this website, your personal information may be transferred, stored or processed in other systems, by other data processors, and in other locations.
When we use the services of other data processors, we do so to fulfill our obligations under the terms and conditions of the services we provide, and in the legitimate interests of developing our charity, and improving your use of our products and services.
To manage contact data and our relationships with customers, members and partners, we use Salesforce CRM, a customer relationship management tool. The data we collect may include personal details including your name and email address, your relationship to an organisation, your job title, details of your use of nurtureuk products and services, including bookings for training courses and sessions.
This data is processed and stored within cloud-based Salesforce CRM servers based in the EEA. Data is stored encrypted (at rest when stored on the servers, in the database, in search index files, and in the file system).
We use Zendesk, a customer support tool, to provide support on the use of this website and nurtureuk’s products and services, and if you email one of our email addresses through this website. The data we collect and process in this way may include your name and email address, your relationship to an organisation, the content of your original enquiry or customer service query, along with any replies to resolve your query, which may include additional data you choose to share (for example, any additional information within your email signature). This data is processed and stored safely in encrypted form in the UK or EEA.
When you sign up for some of our services, including membership, and opt in to be contacted by us, we use Mailchimp, an e-mail marketing tool, to manage mailing lists and to send emails to you. The data that is held on Mailchimp servers may include your name, your email address, the identify of your employer or another organisation you are connected to. This data may be processed and stored safely in encrypted form outside the UK or EEA. Our data processing agreement with Mailchimp includes the EU Standard Contractual Clauses approved by the Information Commissioner’s Office, which offer essentially equivalent protection as under the UK GDPR.
We use Google Cloud and Google Workspace services to store and process some information related to your use of nurtureuk services, and to store emails you may send to us through this website, and some forms you may complete within the website. This data may be stored on Google cloud-based servers within the UK or EEA, encrypted at rest, or on Google cloud-based servers outside the EEA, encrypted at rest. In its processing agreements with us, Google uses the Standard Contractual Clauses approved by the ICO, which provide a high level of protection for user data.
We use Zapier, an automation tool, to transfer some personal data between our systems. This data may include your name, email address, organisation name, and sign-ups or purchases of our between our systems. Your data may be retained for a a period in line with our retention policy after a transfer has been made, and is stored safely on cloud-based servers before being automatically deleted. While this data may be processed and stored safely in encrypted form outside the UK or EEA, our data processing agreement with Zapier includes the EU Standard Contractual Clauses approved by the Information Commissioner’s Office, giving you essentially equivalent protection as under the UK GDPR.
If you request an invoice for a purchase of a product or service from within this website, we will use a third-party service provider to process this request. As part of this processing, your name, email address and relationship to an organisation may be collected and stored by our provider, to service these requests, and to meet requirements in law, such as retention of sales records for VAT purposes. To manage invoicing and customer data related to these requests, we use Iplicit, a cloud-based accounting system. If your data is held on this system, it is stored securely on servers within the UK or EEA.
How long we will store your data
We will ordinarily store the information we hold related to your use of this website, and related to use of products and services for a period in line with our data retention policy. To determine the appropriate period to retain data, we consider the nature and sensitivity of the data, the potential for harm, whether we can achieve our purposes through other means, as well as any applicable legal or contractual requirements.
How to access or delete your personal information
You can request that we delete your personal information that we hold. To request this, contact our Data Protection Officer and your data will be deleted from both the website, our servers and any additional systems we use, with the exceptions noted below. If we delete your data on your request, you’ll no longer be able to access your account, the information it contains, or to access or use any of our services that you have previously signed up for or purchased, or been entitled to use.
Please note that we’re legally required to hold some personal information to fulfil our statutory obligations – for example, when we collect Gift Aid or process an invoice. We may also be required to hold some data to meet other legal or contractual requirements, and in some cases where a separate data processing agreement (for example, with your employer, or with an organisation that has commissioned services on your behalf) covers the use of all or some of your data.
You have a right to know if nurtureuk is storing any of your personal data, and a right to be provided with that information (with some exceptions, as specified under the UK GDPR).
To ask us for your personal data, you can email firstname.lastname@example.org or write to:
Data Protection Officer
The Green House
244-254 Cambridge Heath Road
London E2 9DA
We do not make a charge for this. It'll help us to find your information if you can tell us something about the nature of your contact with us.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
A cookie is a small file that’s sent to your computer or mobile phone, containing information that tells us you’ve used our website before. Cookies are safe and secure, and are commonly used on websites.
A cookie typically contains:
- The name of the server the cookie was sent from
- The lifetime of the cookie
- A unique identifier (usually a number).
How cookies work
When you visit our website, cookies are downloaded to your device. Your browser and our web server exchange the cookie, and we use this number to recognise you when you return to our site or browse from page to page. Only the server that sends a cookie can read and use it.
This file is stored on your computer's drive or phone's storage. All websites can send a cookie to your browser if allowed by your browser settings. Many websites do this to track the flow of online traffic.
Types of cookies
Cookies can be categorised by their life span:
Session or temporary cookies
These cookies expire when you close your browser or when the session times out
Persistent or permanent cookies
These cookies are usually stored on your hard disk, survive across multiple sessions, and last longer.
We may also share information about your use of our site with our trusted social media, advertising and analytics partners.
We use Google Analytics to better understand how our visitors are using this site and to improve their online experience. Using cookies and other technologies, Google Analytics gathers fully anonymised data about how you and other visitors use this website, which is then stored securely. The data gathered may include:
- IP address (which is stored in a de-identified form)
- The type and screen size of your device
- Your approximate geographic location
- Your domain name
- Your browser type, version and plug-ins
- Your operating system and platform
- Your settings or preferences
- Your use of the different pages of the site, or other content within the website, and your completion of defined pathways through the website or tasks within the website
- The language you use to display our website.
We use Hotjar to better understand our customers' needs and to improve their online experience. Hotjar is a technology service that tells us about people’s behaviour on our website: how much time they spend on which pages, which links they click, what they do and don’t like etc. Using cookies and other technologies, Hotjar gathers the following information about each visitor to our site:
- Their IP address (which is stored in a de-identified form)
- The type and screen size of their device (with unique device identifiers)
- Their geographic location (just the country)
- The language they use to display our website.
Hotjar stores this information for us in a pseudonymised user profile. Hotjar is contractually forbidden to sell any data collected on our behalf. For further information, please see the 'about Hotjar' section of Hotjar’s support site.
We use Facebook Pixel to serve you information or ads on your social media based on your browsing behavior. This allows your behavior to be tracked after you have been redirected to our website by clicking on the Facebook ad. The Facebook Pixel stores a cookie on your device to enable us to measure the effectiveness of Facebook ads for statistical and market research purposes. We do not have access to the information collected through the Facebook Pixel. However, the information collected via the Facebook Pixel, on this website as well as other websites on which Facebook Pixel is installed, is also stored and processed by Facebook. Facebook may link this information to your Facebook account and also use it for its own promotional purposes in accordance with Facebook’s Data Usage Policy. The Facebook Pixel also allows Facebook and its partners to show you advertisements on and outside of Facebook. You can opt-out of displaying Facebook ads by visiting your Facebook Ad Settings, and you can clear and control the information third parties share with Facebook in your Off-Facebook Activity page.
Controlling or deleting cookies
You can control and disable cookies through your browser settings. To find out more, visit the website allaboutcookies.