Greenpeace believes we have a fundamental duty to keep your data secure so you can have confidence when learning about our campaigns and supporting us. We have developed this policy to help you understand what we do with your data.
This policy applies to:
- Greenpeace Ltd, company number 1314381, Canonbury Villas, London N1 2PN.
- Greenpeace Environmental Trust, registered charity in England and Wales 284934, company number 1636817, Canonbury Villas, London, N1 2PN.
Greenpeace Ltd and Greenpeace Environmental Trust are registered as data controllers with the Information Commissioner’s Office for the United Kingdom and are collectively referred to as Greenpeace in this document. This policy is written in accordance with the General Data Protection Regulation (GDPR) 2018 and with the Data Protection Act 1998.
This policy applies to all pages hosted on this site and other services Greenpeace runs. It does not apply to other non-UK Greenpeace organisations around the world or other organisations we may direct you to whose privacy policies may differ.
1. How your data is collected
1.1 Who collects your data
Greenpeace is responsible for all collection of your data for Greenpeace. In many cases, such as our website or our helpline, this will be done directly by Greenpeace. However, in some circumstances they may be collected on behalf of Greenpeace by third parties who have been employed by Greenpeace. When your data is collected by a third party in this way, those third parties are legally bound to process your data only for the purposes explicitly set out by Greenpeace.
Your information may be shared with us by charitable giving sites or independent events organisers, for example JustGiving or London Marathon, or by carefully selected commercial partners, if you have specifically consented to allow your data to be shared with Greenpeace in this way. Depending on your settings or the privacy policies for social media and messaging services, you might give us permission to access information from those accounts or services. For example, if choosing to register for an activity using a ‘Sign up with Facebook’ link, Facebook may share information such as your name and email address with us.
1.2 What data Greenpeace collects
In most circumstances, Greenpeace will only ask for your name and contact details (plus payment details if you are joining or donating). Sometimes, we may ask for additional information where it may either help us in our campaigns or help us keep our communications relevant to you. We may also use your name and contact details to check against sources, such as Royal Mail’s National Change of Address and the BT file, to ensure we have the most up to date contact details for you.
Greenpeace will also collect information such as your Internet Protocol (IP) address for monitoring and improving the effectiveness of our website services as well its security.
We may occasionally supplement your data with other publicly and commercially available information where it meets GDPR standards.. This may include information such as your parliamentary constituency or the characteristics of your local area to inform campaigning and requests for support, or on rare occasions, information such as company directorships, estimations of your wealth or potential interest in legacy giving, to ensure our communications are relevant. We may store relevant information about you that you voluntarily share with us.
We will only collect sensitive personal data where absolutely necessary and with your explicit consent. All data collected by Greenpeace will be retained only for an appropriate length of time, defined by our legal requirements and operational needs, and will be securely archived or deleted after this time.
Cookies are small files that are downloaded onto your computer (or your mobile phone) from websites that you visit. Cookies contain information that allows websites to recognise that you have used the site before.
All browsers allow you to control which cookies you accept and which you delete. You will usually find these settings under the ‘Preferences’ or ‘Tools’ menu of your browser. For more information about cookies, please see www.allaboutcookies.org.
2. How your data is kept secure
2.1 What Greenpeace does to keep your data secure
Greenpeace uses industry-standard tools, such as firewalls and Secure Socket Layers, to safeguard the confidentiality of your personally identifiable information. We make every effort to protect against the loss, misuse and alteration of the information under our control.
In addition, we always use a secure connection when collecting personal financial information from you and conform to PCI standards. All forms which request credit card or bank details use the SSL (Secure Sockets Layer) protocol for encryption. Most web browsers (e.g. Microsoft Explorer, Mozilla Firefox, Safari, Google Chrome, etc.) support SSL. The link between your web browser and the server is secure if your web browser displays a small padlock or key symbol somewhere in the frame, or the address bar shows a web address beginning https:// (rather than http://)
We endeavour to keep all supporter data inside the European Economic Area (EEA), and ensure that any time data is transferred outside the EEA exactly the same provisions on data security and processing are applied.
2.2 Who has access to your data
Greenpeace will never sell your data to any other organisation. Greenpeace also never shares or swaps your data with another organisation unless we have made it obvious up front (e.g. for the purpose of handing in a petition to the government). In order to keep our administrative costs low so more of our supporters’ money goes towards our campaigns, we do employ some third parties to process data such as to handle donation payments or fundraise for us. In all these cases these third parties only have access to the data they need to handle the process and do not have permission to use it for any other purposes. We may also share anonymised (or ‘hashed’) versions of your data with partners such as social media providers for the purposes of helping achieve our campaigning and fundraising aims, by delivering personalised content to existing supporters and identifying similar audiences.
Within Greenpeace, only those authorised to process your data can access your data. We work hard to ensure our staff and volunteers can only see the data they need to perform their tasks. All our staff are trained to understand data protection and what they need to do to keep your data secure.
3. How we use your data
Greenpeace uses your data in a variety of ways which include the following:
- Providing you with information or products that you have requested from us.
- Processing donations and joining fees received from you.
- Making enquiries or informing you about your interactions with us (e.g. resolving issues with Direct Debits, or informing you of changes to events)
- Responding to any complaints from you.
- Offering you ways to fund our work.
- Inviting you to campaign with us.
- Keeping you updated on our campaigning work.
- Informing you of volunteering opportunities.
- Inviting you to participate in surveys or research.
- Reviewing records such as for financial audits.
- Analysing and refining our advertising, campaigning and other operations to increase our effectiveness and lower our costs.
- Monitoring your information to prevent fraud.
- Working with authorities in cases of fraud or criminal investigations.
4. How Greenpeace will communicate with you
For any marketing communications about our campaigning, fundraising or volunteering we will only contact you via email and SMS if we have your consent to do so. We may send you marketing materials through mail or via phone if we have your consent or we believe you would be interested in our campaign, unless you have expressed a preference not to receive such content. We will send those with a regular payment to us a copy of Connect, our informative magazine.
You may also see advertising online and on some social media sites if you have supported us before, or if your use of these channels suggests that you would find our campaigns relevant.
To respond to your queries we will contact you either via the medium you used to contact us or by a medium you have indicated you would like us to respond with. If we need to contact you for any administrative purposes then we will usually email you or call you depending on what contact details we have available for you.
4.1 How you can affect the way Greenpeace communicates with you
The first time you sign up with Greenpeace, you will choose how you would prefer to be contacted. We will respect your choices and not make any changes to your preferences unless you change them yourself, or contact us to change them on your behalf.
You can unsubscribe from our emails at any time through the unsubscribe link at the end of all our emails, and stop seeing any social media advertising through settings on those sites.
You can also change your mind on how you would like us to contact you or tell us that you would no longer like to hear from us through our preference centre, by calling +44 20 7865 8100 or emailing us via the contact form.
The Fundraising Regulator, an independent body which regulates fundraising practices, also operates the Fundraising Preference Service (FPS) which you can use to indicate which non-profit organisations you would no longer like to hear from.
5. How Greenpeace protects children’s privacy
The safety of children is very important to us. No information should be submitted or posted to Greenpeace by children under the age of 13 without prior parental/guardian consent. If you are aged under 13, please ensure you obtain your parent/guardian’s consent before sending any personal information to this website.
All applicable laws are followed with respect to data collection from children. Where we have date of birth information, we will not share data collected from children with any third parties at any time under any circumstances.
Parents and guardians should be aware that owing to the nature of our campaigns, images posted on the Greenpeace website may be considered unsuitable for children under the age of 13 (e.g. photographs of dead or dying animals).
6. How to find out more or make a complaint
You have a right to ask for a copy of the information we hold about you, which Greenpeace will supply to you within one month. Greenpeace will ask for proof of identity, and may charge a fee should any request be unusually complex or time-consuming.
If you have any specific questions about how Greenpeace processes your data which are not answered here or you would like to make a complaint about how we have managed your data then please either write, call or email us via the details below.
Deputy Fundraising Director: Data, Planning and Insight
Tel: +44 20 7865 8100 or email us via the contact form.
If you are not satisfied with our response to your enquiry then you can contacted the Information Commissioner’s Office directly via the details on their website.
7. Changes to this policy
Last updated: 18th April 2018