Content

Privacy policy

Text

This policy is designed to ensure that Terrence Higgins Trust complies with the General Data Protection Regulation (GDPR) that came into force on Friday 25 May 2018.

Terrence Higgins Trust is committed to protecting your privacy. This privacy policy sets out how we use and protect any personal data that you provide to us, or that we collect from you.

The Terrence Higgins Trust privacy and cookies policy may change to reflect legislative and best practice updates so please remember to check back from time to time.

Scope

All personal information processed by Terrence Higgins Trust.

Policy statement

The following privacy and cookies policy will be displayed on all Terrence Higgins Trust websites and made available to all users of Terrence Higgins Trust services on request. Individuals will be made aware of its existence by the use of posters or leaflets in all Terrence Higgins Trust offices which summarise the policy and signpost users to the full notice.

1. Who we are

Here at Terrence Higgins Trust we are committed to protecting your personal information and making every effort to ensure that your personal information is processed in a fair, open and transparent manner.

We are a 'data controller' for the purposes of the EU General Data Protection Regulation 2016/679 ('Data Protection Law'). This means that we are responsible for, and control the processing of, your personal information. 

For further information about our privacy practices, please contact us by:

  • Writing to Terrence Higgins Trust, 314-320 Gray’s Inn Road, London, WC1X 8DP.
  • Calling us on 0808 802 1221.
  • Emailing to [email protected].

2. How we collect information about you

We collect information from you in the following ways:

When you interact with us directly: This could be if you use one of our services, ask us about our activities, register with us for an event, make a donation to us, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This includes when you phone us, visit our website, or get in touch through the post, or in person.

When you interact with us through third parties: This could be if you provide a donation through a third party such as JustGiving or one of the other third parties that we work with and provide your consent for your personal information to be shared with us.

When you visit our website: We gather general information which might include which pages you visit most often and which services, events or information is of most interest to you. We may also track which pages you visit when you click on links in emails from us. We also use cookies to help our site run effectively. There are more details below – see 'Cookies'.

We will use this information to personalise the way our website is presented when you visit to make improvements and to ensure we provide the best service and experience for you. Wherever possible we use anonymous information which does not identify individual visitors to our website.

From other information that is available to the public: In order to tailor our communications with you to your background and interests we may collect information about you from publicly available sources or through third-party subscription services or service providers (we have provided further details about this below – see ' Making our work relevant to you').

3. Information we collect and why we use it

Personal information

Personal information we collect may include details such as your name, date of birth, email address, postal address, telephone number and credit/debit card details (if you are making a purchase or donation), as well as information you provide in any communications between us. You will have given us this information whilst making a donation, using our services, registering for an event, placing an order on our website or any of the other ways you interact with us.

We will use this information:

  • To provide health and social care services.
  • For monitoring, evaluation and audit of service provision.
  • For marketing, fundraising, campaigning and membership services.
  • To process your donations or other payments, to claim Gift Aid on your donations and verify any financial transactions.
  • To provide the services or goods that you have requested.
  • To update you with important administrative messages about your donation, an event or services you have requested.
  • To keep a record of your relationship with us.
  • Where you volunteer with us, to administer the volunteering arrangement.
  • To invite you to participate in surveys or research.

In order for us to undertake the above we need to collect personal data from you for either correspondence purposes or detailed service provision, depending on the service you are accessing.

Our aim is not to be intrusive and we undertake not to ask irrelevant or unnecessary questions.

We may pass your personal data on to other service providers who are contracted to us in the course of dealing with you or information may be collected by other service providers on our behalf. Our contractors are obliged to keep your details securely, and use them only to fulfil the service they provide for you on our behalf. If you would like further information on this please do not hesitate to ask. Once your service need has been satisfied your details will be disposed of securely in line with our procedures set out in clause 9 of this policy.

Sensitive personal information as defined under article 9 of GDPR

Sensitive personal data as defined under article 9 of GDPR covers the following data types:

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • genetics
  • biometrics
  • health
  • sex life
  • sexual orientation

Should we need to pass any sensitive personal data on to any other third parties we will only do so where there is a service need to do so, under article 9 for the purposes of the provision of preventative or occupational health and social care, once we have obtained your consent or unless we are legally required to do so, for example to comply with the law, or a court order or where there is a clear safety risk to you or to someone else. If this is the case we will always try to inform you.

4. Making our work more relevant to you

We want to improve how we communicate with you and to personalise the information we provide you through our website, services, products and information. To do this we sometimes acquire third-party data so that we can better understand your preferences and needs so as to provide a better experience for you.

We may carry out targeted fundraising activities using these techniques based on the information that we hold about you. We may also work with third-party organisations who provide additional insight, this may include providing wealth screening information or general information about you that is publicly available. This information can be appended to the information that you have provided which allows us to use our resources more effectively by better understanding the background of our supporters and making appropriate requests based on what may interest them and their capacity to give.

You can of course opt out of this activity at any time. To do this, email [email protected] with the subject line ‘Please stop analysis of my data’ or by contacting us at Terrence Higgins Trust, 314-320 Gray’s Inn Road, London, WC1X 8DP or by phone on 0808 802 1221.

5. Legal basis for using your information

Where consent is the appropriate legal basis for using your personal information we will use this only once we have your consent for the specific service we are fulfilling for you.

There are other lawful reasons that allow us to process your personal information and one of those is called 'legitimate interests'. This means that the reason that we are processing information is because there is a legitimate interest for Terrence Higgins Trust to process your information.

We may also process special categories of personal data, where appropriate, in line with GDPR article 9 regulations in relation to the provision of health and social care services.

Whenever we process your personal information under the ‘legitimate interest' lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.

Some examples of where we have a legitimate interest to process your personal information are where we contact you about our work via post, use your personal information for data analytics, or for conducting research to better understand who our supporters are, improving our services, or for our legal purposes (for example, dealing with complaints and claims).

6. Marketing

We will only contact you about our work and how you can support Terrence Higgins Trust by email or text message if you have agreed for us to contact you in this manner.

However, if you have provided us with your postal address or phone number we may send you information about our work and how you can support Terrence Higgins Trust by mail or phone unless you have told us that you would prefer not to hear from us in that way.

You can update your choices or stop us sending you these communications at any time by contacting us or by clicking the unsubscribe link at the bottom of the relevant communication.

7. Sharing your Information

The personal information we collect about you will mainly be used by our staff (and volunteers) at Terrence Higgins Trust so that they can support you.

We will never sell individual information and your details are never given out except where there is a service need to do so. Where this is the case you will have agreed to this as part of the service being offered (e.g. housing, welfare etc). You have the right to prevent this but it may affect the services that we are able to offer you.

Terrence Higgins Trust may however share your information with our partners and suppliers who work with us on or on our behalf to deliver our services. In the contracts with our service providers we require that they use and store the data securely, delete it when they no longer need it and never use it for any other purposes. Some examples of where we may share your information are with our fulfilment partners who help to create and send information to you to reduce our costs, or with our partners who help us to process donations and claim Gift Aid.

We may also use information to produce anonymous reports to our funders and stakeholders

Legal disclosure

We may disclose your information if required to do so by law. (For example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority).

8. Keeping your information safe

We will take all reasonable steps to make sure that your data is treated securely and in accordance with this privacy policy however we receive this information e.g. by post, e-mail or through accessing our website.

The information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure as part of our information security management system.

Your personal information is accessed only by those who are authorised to access it while carrying out their duties.

Details relating to any transactions entered into through the Terrence Higgins Trust websites will be encrypted in transit to ensure their safety. The transmission of any information from you to Terrence Higgins Trust via website or e-mail is not completely secure, however, the transmission of such data is at your own risk.

Third party links

Terrence Higgins Trust websites contain links to third-party websites. These websites should have their own privacy policies but we do not accept any responsibility or liability for their policies.

9. How long we hold your information

We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. Once you no longer need our services we are legally required to keep records for a certain amount of time depending on the type of data that we hold. After this time we will securely destroy it according to our records retention and disposal procedures. Please contact us for further information on our retention periods. 

10. Your rights

You have various rights in respect of the personal information we hold about you – these are set out in more detail below. If you wish to exercise any of these rights or make a complaint, you can do so by contacting us at Terrence Higgins Trust, 314-320 Gray’s Inn Road, London, WC1X 8DP, by email at [email protected] and by phone on 0808 802 1221. You can also make a complaint to the data protection supervisory authority, the Information Commissioner's Office, https://ico.org.uk/

  • Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge. Please make all requests for access in writing, and provide us with evidence of your identity.
  • Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection.
  • Consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
  • Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
  • Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
  • Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
  • Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
  • No automated-decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making.
    Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request.

Cookies

Text

A cookie is a small file placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. 

Cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not as well enabling some functionality, such as logins. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to user needs. We only use this information for statistical analysis purposes.

We also use session cookies on our e-recruitment site. These cookies are automatically set by the system solely for the purposes of enabling you to be able to page through search results and to log in and apply for jobs. Once the browser has been closed, they are destroyed.

Disabling cookies on your browser

If you don’t want to receive cookies, you can modify your browser so that it notifies you when cookies are sent to it or you can refuse cookies altogether. You can also delete cookies that have already been set. 

If you wish to restrict or block web browser cookies which are set on your device then you can do this through your browser settings; the Help function within your browser should tell you how. Alternatively, you may wish to visit www.aboutcookies.org, which contains comprehensive information on how to do this on a wide variety of desktop browsers. 

Here are the cookies we set for each of our websites:

Terrence Higgins Trust

Session cookie (SSESS*)
Expires - 23 days
Purpose - To authenticate a logged-in user

_ga
Expires - 3 years
Purpose - Distinguish users in Google Analytics

_gid
Expires - 24 hours
Purpose - Distinguish users in Google Analytics

_gat
Expires - 1 minute
Purpose - Throttle requests in Google Analytics

_gac_*
Expires - 90 days
Purpose - Link Google AdWords to Google Analytics

__cfduid
Expires - 1 year
Purpose - Part of our security firewall Cloudflare (e.g. identifying trusted users)

__atuvc
Expires - 2 years
Purpose - Part of the AddThis widget used for social sharing buttons.

__stripe_mid
Expires - 1 year
Purpose - Part of our card payment provider, Stripe.

__stripe_sid
Expires - 30 minutes
Purpose - Part of our card payment provider, Stripe.

3rd party cookies 
Doubleclick - Used for Google Analytics demographics and interest reporting
More about Google Advertising cookies.

We use Google Analytics Advertising Features for demographics and interest reporting, which help us to better understand our site users. We do not use remarketing on sites providing health information about HIV and STIs - this includes www.tht.org.uk. Find out about Google Analytics' currently available opt-outs.

myHIV forum

.YAFNET_Authentication
Expires - 1 month
Purpose - Maintaining login to the forum

ASP.NET_SessionId
Expires - When the browsing session ends
Purpose - Session management

PreviousVisit
Expires - 6 months
Purpose - Forum functionality

ScrollPosition
Expires - When the browsing session ends
Purpose - Forum functionality

panelstate_* cookies
Expires - 1 year
Purpose - Forum functionality

_ga
Expires - 3 years
Purpose - Distinguish users in Google Analytics

_gid
Expires - 24 hours
Purpose - Distinguish users in Google Analytics

_gat*
Expires - 1 minute
Purpose - Throttle requests in Google Analytics

AMP_TOKEN
Expires - 30 seconds to 1 year
Purpose - Link AMP Clinet ID to Google Analytics

_gac_*
Expires - 90 days
Purpose - Link Google AdWords to Google Analytics

cf_use_ob
Expires - when the browsing session ends
Purpose - Part of our security firewall Cloudflare

__cfduid
Expires - 1 year
Purpose - Part of our security firewall Cloudflare (e.g. identifying trusted users)

Self testing (test.tht.org.uk)

PHPSESSID
Expires - when the browsing session ends
Purpose - session management

billingIsNotShipping, collectPoint, isHubBoxOrder
Expires - when the browsing session ends
Purpose - selection of HubBox collection point for Click and Collect

_ga
Expires - 3 years
Purpose - Distinguish users in Google Analytics

_gid
Expires - 24 hours
Purpose - Distinguish users in Google Analytics

_gat*
Expires - 1 minute
Purpose - Throttle requests in Google Analytics

_gac_*
Expires - 90 days
Purpose - Link Google AdWords to Google Analytics

__cfduid
Expires - 1 year
Purpose - Part of our security firewall Cloudflare (e.g. identifying trusted users)

It Starts With Me

catAccCookies
Expires - 1 year
Purpose - Saving cookie sent

fc_sb_*
Expires - 10 years
Purpose - Form functionality

cq*
Expires - 30 minutes
Purpose - Quiz functionality

_ga
Expires - 3 years
Purpose - Distinguish users in Google Analytics

_gid
Expires - 24 hours
Purpose - Distinguish users in Google Analytics

_gat*
Expires - 1 minute
Purpose - Throttle requests in Google Analytics

AMP_TOKEN
Expires - 30 seconds to 1 year
Purpose - Link AMP Clinet ID to Google Analytics

_gac_*
Expires - 90 days
Purpose - Link Google AdWords to Google Analytics

__cfduid
Expires - 1 year
Purpose - Part of our security firewall Cloudflare (e.g. identifying trusted users)

3rd party cookies 
Doubleclick - Used for Google Analytics demographics and interest reporting
More about Google Advertising cookies.

Facebook pixel
To maximise the effectiveness and value of our marketing, we also use Facebook's pixel to track visits and conversions. This collects information about pages visited and actions taken such as button clicks. We receive no personal data from this but Facebook may link it to your Facebook account. Find out more about Facebook's use of cookies and set or edit your ad preferences on Facebook.

Mambo

__atssc
Expires - 2 years
Purpose - addthis social sharing

_atuvc
Expires - 13 months
Purpose - addthis social sharing

_ga
Expires - 3 years
Purpose - Distinguish users in Google Analytics

_gid
Expires - 24 hours
Purpose - Distinguish users in Google Analytics

_gat
Expires - 1 minute
Purpose - Throttle requests in Google Analytics

AMP_TOKEN
Expires - 30 seconds to 1 year
Purpose - Link AMP Clinet ID to Google Analytics

_gac_*
Expires - 90 days
Purpose - Link Google AdWords to Google Analytics

__cfduid
Expires - 1 year
Purpose - Part of our security firewall Cloudflare (e.g. identifying trusted users)

3rd party cookies 
Doubleclick - Used for Google Analytics demographics and interest reporting
More about Google Advertising cookies
addthis.com - Used in social sharing 
Facebook - Used in social sharing and logging in 
Twitter.com - Used in social sharing

Other microsites

PHPSESSID
Expires - When the browsing session ends
Purpose - Session management

_ga
Expires - 3 years
Purpose - Distinguish users in Google Analytics

_gid
Expires - 24 hours
Purpose - Distinguish users in Google Analytics

_gat
Expires - 1 minute
Purpose - Throttle requests in Google Analytics

AMP_TOKEN
Expires - 30 seconds to 1 year
Purpose - Link AMP Clinet ID to Google Analytics

_gac_*
Expires - 90 days
Purpose - Link Google AdWords to Google Analytics

__cfduid
Expires - 1 year
Purpose - Part of our security firewall Cloudflare (e.g. identifying trusted users)

3rd party cookies 
Doubleclick - Used for Google Analytics demographics and interest reporting
More about Google Advertising cookies.