Content

Privacy policy

Text

This policy is designed to ensure that Terrence Higgins Trust complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Terrence Higgins Trust is committed to protecting your privacy. This privacy policy sets out how we use and protect any personal data that you provide to us, or that we collect from you.

The Terrence Higgins Trust privacy and cookies policy may change to reflect legislative and best practice updates so please remember to check back from time to time.

Scope

All personal information processed by Terrence Higgins Trust.

Policy statement

The following privacy and cookies policy will be displayed on all Terrence Higgins Trust websites and made available to all users of Terrence Higgins Trust services on request. Individuals will be made aware of its existence by the use of posters or leaflets in all Terrence Higgins Trust offices which summarise the policy and signpost users to the full notice.

1. Who we are

Here at Terrence Higgins Trust we make every effort to ensure that your personal information is processed in a fair, open and transparent manner.

We are a 'data controller' for the purposes of the UK General Data Protection Regulation and Data Protection Act 2019 ('Data Protection Law'). This means that we are responsible for, and control the processing of, your personal information. 

For further information about our privacy practices, please contact us by:

  • Writing to the Data Protection Officer at Terrence Higgins Trust, 439 Caledonian Road, London, N7 9BG.
  • Calling us on 020 7812 1600.
  • Emailing the Data Protection Officer at [email protected].

2. How we collect information about you

We collect information from you in the following ways:

When you interact with us directly: This could be if you use one of our services, ask us about our activities, register with us for an event, make a donation to us, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This includes when you phone us, visit our website, or get in touch through the post, or in person.

When you interact with us through third parties: This could be if you provide a donation through a third party such as JustGiving or one of the other third parties that we work with and provide your consent for your personal information to be shared with us.

When you visit our website: We gather general information which might include which pages you visit most often and which services, events or information is of most interest to you. We may also track which pages you visit when you click on links in emails from us. We also use cookies to help our site run effectively. There are more details below – see 'Cookies'.

We will use this information to personalise the way our website is presented when you visit to make improvements and to ensure we provide the best service and experience for you. Wherever possible we use anonymous information which does not identify individual visitors to our website.

From other information that is available to the public: In order to tailor our communications with you to your background and interests we may collect information about you from publicly available sources or through third-party subscription services or service providers (we have provided further details about this below – see ' Making our work relevant to you').

3. Information we collect and why we use it

Personal information

Personal information we collect may include details such as your name, date of birth, email address, postal address, telephone number, IP address and credit/debit card details (if you are making a purchase or donation), as well as information you provide in any communications between us. You will have given us this information whilst making a donation, using our services, registering for an event, placing an order on our website or any of the other ways you interact with us.

We will use this information:

  • To provide good quality sexual and reproductive health and HIV services.
  • For monitoring, evaluation and audit of service provision.
  • For marketing, fundraising, campaigning and membership services.
  • To process your donations or other payments, to claim Gift Aid on your donations and verify any financial transactions.
  • To provide the services or goods that you have requested.
  • To update you with important administrative messages about your donation, an event or services you have requested.
  • To keep a record of your relationship with us.
  • Where you volunteer with us, to administer the volunteering arrangement.
  • To invite you to participate in surveys or research.

In order for us to undertake the above we need to collect personal data from you for either correspondence purposes or detailed service provision, depending on the service you are accessing.

Our aim is not to be intrusive and we undertake not to ask irrelevant or unnecessary questions.

We may pass your personal data on to other service providers who are contracted to us in the course of dealing with you or information may be collected by other service providers on our behalf. Our contractors are obliged to keep your details securely, and use them only to fulfil the service they provide for you on our behalf. If you would like further information on this please do not hesitate to ask. Once your service need has been satisfied your details will be disposed of securely in line with our procedures set out in clause 9 of this policy.

Special category data as defined within the UK GDPR

Special category data is defined as the following data types:

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • genetics
  • biometrics
  • health
  • sex life
  • sexual orientation

Should we need to share any of the above data on to any other third parties we will only do so where there is a service need to do so, once we have obtained your consent or unless we are legally required to do so, for example to comply with the law, or a court order or where there is a clear safety risk to you or to someone else. If this is the case, we will always try to inform you.

4. Making our work more relevant to you

We want to improve how we communicate with you and to personalise the information we provide you through our website, services, products and information. To do this we sometimes acquire third-party data so that we can better understand your preferences and needs so as to provide a better experience for you.

We may carry out targeted fundraising activities using these techniques based on the information that we hold about you. We also work with third-party organisations who provide additional insight by providing them with limited personal supporter data. This insight allows us to effectively and efficiently fundraise by better understanding our supporters.

Research and profiling

Our work is only made possible thanks to the generosity of our supporters. By developing a better understanding of our supporters through researching them using publicly available sources we can tailor our fundraising communications to those most likely to be interested in them. This allows us to be more efficient and cost-effective with our resources, and also reduces the risk of someone receiving information that they might find irrelevant, or intrusive.

In order to do this we use information we hold about our supporters and potential supporters to research their potential to be a significant donor and collect additional details relating to their employment and any philanthropic activity. We may also estimate their gift capacity, based on their visible assets, history of charitable giving and how connected they are to Terrence Higgins Trust.

What information we collect

We use data which has been provided directly to Terrence Higgins Trust and combine this with information from publicly available sources such as charity websites and annual reviews, corporate websites, public social media accounts, the electoral register and Companies House in order to create a fuller understanding of someone’s interests and support and we do not use information sources which have not been made public.

Wealth screening

Wealth screening is a process employed by organisations to understand the potential numbers of individuals who could make a major gift. In order to do this, a third party company will screen a selection of records against publicly available sources and/or socioeconomic data to identify those supporters who may be able to make a significant donation.

You can of course opt out of this activity at any time by enforcing your right to object to profiling based activities. To do this, email [email protected] or contact us at Terrence Higgins Trust, 439 Caledonian Road, London, N7 9BG or by phone on 020 7812 1612.
 

5. Legal basis for using your information

Where consent is the appropriate legal basis for using your personal information, we will use this only once we have your consent for the specific service we are fulfilling for you.

There are other lawful reasons that allow us to process your personal information and one of those is called 'legitimate interests'. This means that the reason that we are processing information is because there is a legitimate interest for Terrence Higgins Trust to process your information.

Whenever we process your personal information under the ‘legitimate interest' lawful basis we make sure that we take into account your rights and interests and will not process your personal information using this legal basis if we feel that there is an imbalance.

Some examples of where we have a legitimate interest to process your personal information are where we contact you about our work via post, use your personal information for data analytics, or for conducting research to better understand who our supporters are, improving our services, or for our legal purposes (for example, dealing with complaints and claims).

6. Marketing

We will only contact you about our work and how you can support Terrence Higgins Trust by email or text message if you have agreed for us to contact you in this manner.

However, if you have provided us with your postal address and/or telephone number we may contact you with information about our work and how you can support Terrence Higgins Trust by mail or phone unless you have told us that you would prefer not to hear from us in that way.

You can update your choices or stop us sending you these communications at any time by contacting the supporter care team via email at [email protected] or by writing to the Supporter Care team at the following address:

Terrence Higgins Trust
439 Caledonian Road 
London
N7 9BG

For email communications, you can also unsubscribe using the link at the bottom of the relevant communication.

Our donation too, Fundraise Up, passes donation information directly and via the Facebook Pixel, where relevant. Users are able to select whether or not they subscribe for updates.

7. Sharing your Information

The personal information we collect about you will be used by our staff (and volunteers) at Terrence Higgins Trust so that they can support you.

We will never sell individual information and your details are never given out except where there is a service need to do so. Where this is the case you will have agreed to this as part of the service being offered (e.g. housing, welfare). You have the right to prevent this and to opt-out in accordance with the NHS national data opt-out policy but it may affect the services that we are able to offer you.

Terrence Higgins Trust may however share your information with our partners and suppliers who work with us on or on our behalf to deliver our services. In the contracts with our service providers we require that they use and store the data securely, delete it when they no longer need it and never use it for any other purposes. Some examples of where we may share your information are with our fulfilment partners who help to create and send information to you to reduce our costs, or with our partners who help us to process donations and claim Gift Aid.

We may also use information to produce anonymous reports to our funders and stakeholders

Legal disclosure

We may disclose your information if required to do so by law. (For example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority).

8. Keeping your information safe

We will take all reasonable steps to make sure that your data is treated securely and in accordance with this privacy policy however we receive this information e.g. by post, e-mail or through accessing our website.

The information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure as part of our information security management system.

Your personal information is accessed only by those who are authorised to access it while carrying out their duties.

Details relating to any transactions entered into through the Terrence Higgins Trust websites will be encrypted in transit to ensure their safety. The transmission of any information from you to Terrence Higgins Trust via website or e-mail is not completely secure, however, the transmission of such data is at your own risk.

Third party links

Terrence Higgins Trust websites contain links to third-party websites. These websites should have their own privacy policies but we do not accept any responsibility or liability for their policies.

9. How long we hold your information

We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. Once you no longer need our services we are legally required to keep records for a certain amount of time depending on the type of data that we hold. After this time we will securely destroy it according to our records retention and disposal procedures. Please contact us for further information on our retention periods. 

10. Your rights

You have various rights in respect of the personal information we hold about you – these are set out in more detail below. If you wish to exercise any of these rights or make a complaint, you can do so by contacting us at Terrence Higgins Trust, 439 Caledonian Road, London, N7 9BG, by email at [email protected] and by phone on 020 7812 1600. You can also make a complaint to the data protection supervisory authority, the Information Commissioner's Office.

  • Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge. 
  • Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection.
  • Consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
  • Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
  • Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
  • Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
  • Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
  • No automated-decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making.

Please note, some of these rights only apply in certain circumstances. We may also ask you to provide a copy of your ID so that we can evidence it is in fact you making the request.

Cookies

Text

A cookie is a small file placed on your computer's hard drive. Cookies can be used to provide core functionality for a website (e.g. logins), for website traffic reporting or for marketing purposes. 

A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

We sometimes use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to user needs. We only use this information for statistical analysis purposes.

To minimise the intrusiveness of our website statistics, we use digital fingerprinting in preference to cookies.

We use session cookies on our e-recruitment site. These cookies are automatically set by the system solely for the purposes of enabling you to be able to page through search results and to log in and apply for jobs. Once the browser has been closed, they are destroyed.

Types of cookies

Necessary cookies are cookies essential to ensure our websites work for you.

Performance cookies are cookies which help us optimise the performance of our websites. They tell us which pages are most popular, how people navigate our website and how many new users have viewed a page. We also sometimes use cookies to test different versions of a website page to see which work best. They don't identify you individually.

Functional cookies are cookies which allow our websites to remember the choices you make in order to give you a more personal experience. This is anonymous and can't track your activity on other websites.

Advertising cookies are used to deliver adverts relevant to you. They are also used to limit the number of times you see an advert and help measure how effective an advert is. They can also be used to choose the advertisements that are displayed to you on other websites.

First party cookies are set by the website you're visiting and only Terrence Higgins Trust can read them.

Third party cookies are not set by us and can be read by the owner of those cookies. They may be used by tools that we have on our websites, such as when we include a form, map or video. Usually we can't control what information they collect but we can tell you the cookies we use.

Session cookies are temporary cookies files that are removed when you close your browser. 

Persistent cookies stay in one of your browser's folders until you or your browser deletes them. They are used so you can be recognised when you come back to our website, such as your log-in details.

Disabling cookies on your browser

If you don’t want to receive cookies, you can modify your browser so that it notifies you when cookies are sent to it or you can refuse cookies altogether. You can also delete cookies that have already been set. 

If you wish to restrict or block web browser cookies that are set on your device, you can do this through your browser settings – the Help function within your browser should tell you how. Alternatively, you may wish to visit KnowCookies.com, which contains information on how to do this on a variety of web browsers. 

Here are the cookies we set for each of our websites:

  • tht.org.uk
  • forum.tht.org.uk
  • test.tht.org.uk
  • startswithme.org.uk
  • chemsex.org.uk
  • HIVPreventionEngland.org.uk
  • jobs.tht.org.uk
  • tht.cymru
Text

Terrence Higgins Trust (tht.org.uk) - updated 16 April 2024

Necessary cookies

Cookie key Cookie type Expiration Description
__cf_bm First-party 28 minutes 55 seconds The __cf_bm cookie is a cookie necessary to support Cloudflare Bot Management, currently in private beta. As part of our bot management service, this cookie helps manage incoming traffic that matches criteria associated with bots.    
_stripe_mid First-party 1 year 4 days 23 hours 59 minutes 54 seconds Stripe Payment, Stripe is used to making credit card payments. Stripe uses a cookie to remember who you are and to enable the website to process payments without storing any credit card information on its own servers. Set for fraud prevention purposes and helps us assess the risk associated with an attempted transaction.    
_stripe_sid First-party 29 minutres 54 seconds Stripe Payment, Stripe is used to making credit card payments. Stripe uses a cookie to remember who you are and to enable the website to process payments without storing any credit card information on its own servers. Set for fraud prevention purposes and helps us assess the risk associated with an attempted transaction.    
cookiefirst-consent First-party 12 months This cookie saves your cookie preferences for this website. You can change these or withdraw your consent easily.    
cookiefirst-consent First-party Persistent This cookie saves your cookie preferences for this website. You can change these or withdraw your consent easily.    
cookiefirst-id First-party Persistent This cookie contains your unique ID so CookieFirst can identify unique visitors to this website.    
JsessionID First-party Session This is a general purpose session cookie used by websites written in JSP. Usually used to maintain an anonymous user session by the server.
_cfuvid First-party Session .glassdoor.co.uk and .vimeo.com - Part of the services provided by Cloudflare.

Performance cookies

Cookie key Cookie type Expiration Description
_ga, _ga_******** First-party Session (.culturalspot.org), 1 year 4 days 23 hours 59 minutes 5 seconds (tht.org.uk) This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports.
_hjSession_******     First-party 29 minutes 6 seconds A cookie that holds the current session data. This ensues that subsequent requests within the session window will be attributed to the same Hotjar session.    
_hjSessionUser_******     First-party 1 year 4 days 23 hours 59 minutes 57 seconds Hotjar cookie that is set when a user first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.   
hjActiveViewportIds First-party Persistent This item is being set by Hotjar for performance and analytics purposes.

Functional cookies

Cookie key Cookie type Expiration Description
VISITOR_INFO1_LIVE YouTube 5 months 4 weeks 1 day 23 hours 58 minutes 55 seconds This cookie allows YouTube to check bandwidth usage.
vuid Vimeo 10 years 4 days 23 hours 58 minutes 55 seconds This is a cookie from Vimeo used for the video player on our website.    
YSC YouTube Session Register unique IDs and keep statistics on which videos users have viewed from YouTube.
mid Instagram 1 year 1 month 4 days 23 hours 59 minutes 55 seconds Enables social media functionality within the site.

Advertising cookies

Cookie key Cookie type Expiration Description
_fbp First-party 2 months 4 weeks 1 day 23 hours 59 minutes 58 seconds This cookie is used by Facebook for advertising purposes and conversion tracking.    
m    First-party 2 years 4 days 23 hours 59 minutes 6 seconds This cookie is being set for advertising purposes.    
_gcl_au Google
2 months 4 weeks 1 day 23 hours 59 minutes 3 seconds
This cookie is set by Google Adsense for experiments with 'cross-website' advertising.
IDE Google 1 year 3 weeks 3 days 23 hours 59 minutes 4 seconds
Cookie from Double Click (Google) which helps us to analyze and optimize our advertising campaigns.
lastExternalReferrer   Persistent
This item is used to determine the origin of your visit.
lastExternalReferrerTime   Persistent
This item is used for visitor evaluation
VISITOR_PRIVACY_METADATA youtube.com 5 months 4 weeks 1 day 23 hours 58 minutes 55 seconds This cookie is used to track and enrich the users privacy settings on YouTube.

Unclassified cookies

 

Name Domain Expiry Type
fundraiseup_func tht.org.uk Session Cookie
fundraiseup_cid tht.org.uk 10 years 4 days 23 hours 59 minutes 54 seconds Cookie

Occasionally, we embed tweets in news stories. See Twitter's privacy policy and how you can manage Twitter for Web data:

Where we embed YouTube videos, these may also set cookies. We are working towards replacing these with YouTube's 'privacy-enhanced' version.

We do not use remarketing on sites providing health information about HIV and STIs – this includes www.tht.org.uk. Find out about Google Analytics' currently available opt-outs.

Our previous web-based My Community Forum (forum.tht.org.uk)

Targeting cookies

Cookie key Cookie type Expiration Description
sid First-party Session This is a very common cookie name but where it is found as a session cookie it is likely to be used as for session state management.

Unclassified cookies

Cookie key Cookie type Expiration Description
mybb[lastactive]
 
First-party 1 year  
 
mybb[lastvisit]
 
First-party 1 year

Self testing (test.tht.org.uk)

Our self-test website is only available in the UK. 

We take data security very seriously and use tools similar to captcha which checks for bots without the privacy concerns associated with some.

Performance cookies

Cookie key Cookie type Expiration Description
_ga_DDGK0P4XXK Third-party 2 years This cookie is used by Google Analytics to persist session state.
 
_ga Third-party 2 years This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports.

It Starts With Me (startswithme.org.uk)

No cookies present

Chemsex (chemsex.org.uk)

No cookies present

HIV Prevention England (HIVpreventionengland.org.uk)

Strictly Necessary cookies

Cookie key Cookie type Expiration Description
__cf_bm First-party 30 minutes This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.

THT Jobs (jobs.tht.org.uk)

Strictly Necessary cookies

Cookie key Domain Cookie type Expiration Description
_hjAbsoluteSessionInProgress
 
.tht.org.uk Third-party 30 minutes The cookie is set so Hotjar can track the beginning of the user's journey for a total session count. It does not contain any identifiable information.
_hjFirstSeen
 
.tht.org.uk Third-party 30 minutes The cookie is set so Hotjar can track the beginning of the user's journey for a total session count. It does not contain any identifiable information.
_hjIncludedInPageviewSample
 
jobs.tht.org.uk First-party 2 minutes This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site's pageview limit.
_hjIncludedInSessionSample
 
jobs.tht.org.uk First-party 2 minutes This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site's daily session limit

Performance cookies

Cookie key Domain Cookie type Expiration Description
_ga_2YQ0G68FJ8
 
.tht.org.uk Third-party 2 years This cookie is used by Google Analytics to persist session state.
_ga
 
.tht.org.uk Third-party 2 years This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports.

Functionality cookies

Cookie key Cookie type Expiration Description
_gd1675945993924
 
Third-party Session This cookie contains no identifying information and is used for diagnostic purposes by Impact Radius, a service we use to track signup commissions for our affiliate program. We have categorized it under Functionality because it is necessary for the operation of our affiliate program.
_gd1675945993926
 
Third-party Session This cookie contains no identifying information and is used for diagnostic purposes by Impact Radius, a service we use to track signup commissions for our affiliate program. We have categorized it under Functionality because it is necessary for the operation of our affiliate program.
_gd1675945993641
 
Third-party Session This cookie contains no identifying information and is used for diagnostic purposes by Impact Radius, a service we use to track signup commissions for our affiliate program. We have categorized it under Functionality because it is necessary for the operation of our affiliate program.
_gd167595993647
 
Third-party Session This cookie contains no identifying information and is used for diagnostic purposes by Impact Radius, a service we use to track signup commissions for our affiliate program. We have categorized it under Functionality because it is necessary for the operation of our affiliate program.
__stripe_sid
 
First-party 30 minutes This cookie is associated with Calendly, a Meeting Schedulers that some websites employ. This cookie allows the meeting scheduler to function within the website.
_gd1675945993644
 
Third-party Session This cookie contains no identifying information and is used for diagnostic purposes by Impact Radius, a service we use to track signup commissions for our affiliate program. We have categorized it under Functionality because it is necessary for the operation of our affiliate program.
__stripe_mid
 
First-party 1 year This cookie is associated with Calendly, a Meeting Schedulers that some websites employ. This cookie allows the meeting scheduler to function within the website.

Unclassified cookies

Cookie key Cookie type Expiration
sessionid3547
 
First-party Session
pageview
 
Third-party 1 hour
lastaccesstime3547
 
First-party Session
hs_ga
 
First-party 1 year
created_a
 
Third-party Session
poll_session_seen
 
Third-party Session
m
 
Third-party 2 years
first_session
 
Third-party Session
_hjSession_456721
 
Third-party 30 minutes
_hid
 
Third-party Session
howuku_version
 
Third-party Session
howuku_session
 
Third-party Session
unique_session
 
Third-party 1 hour
_hjSessionUser_456721
 
Third-party 1 year

THT Cymru (tht.cymru)

Name Category Goal Cookie expiration time Provider Domain  
cookie
cookiefirst-consent
Necessary This cookie saves your cookie preferences for this website. You can change these or withdraw your consent easily. 12 months Cookie First tht.cymru  
local_storage
cookiefirst-consent
Necessary This cookie saves your cookie preferences for this website. You can change these or withdraw your consent easily. Persistent Cookie First tht.cymru  
local_storage
cookiefirst-id
Necessary This cookie contains your unique ID so CookieFirst can identify unique visitors to this website. Persistent Cookie First tht.cymru