1       Introduction

Prisoners Abroad (“we”, “us”, or “our”) is committed to protecting and respecting the personal data that we hold. This privacy statement describes why and how we collect and use personal data and provides information about your rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for the purposes described in this privacy statement or as made clear before collecting personal data.

Personal data is any information relating to an identified or identifiable living person. When collecting and using personal data, our policy is to be transparent about why and how we process personal data.

We process personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose are set out in the relevant sections below.

The personal data that is provided to us is provided either directly from you, from a third party acting on behalf of an individual, or from publicly available sources (such as internet searches, Companies House).

Where we receive personal data that relates to an individual from a third party, we request that this third party inform the individual of the necessary information regarding the use of their data. Where necessary, reference may be made to this privacy statement.

2       Security

We take the security of all the data we hold seriously. Relevant staff are trained on data protection, confidentiality and security.

We have a framework of policies and procedures which ensure we regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

All information you provide to us is stored on our secure servers.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

3       Data that we hold

We collect information from you in the following ways:

When you interact with us directly: This could be if you ask us about our activities, register with us for an event, make a donation to us, ask a question about overseas imprisonment, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This includes when you phone us, visit our website, or get in touch through the post, or in person.

When you interact with us through third parties: This could be if you provide a donation through a third party such as Just Giving or one of the other third parties that we work with and provide your consent for your personal information to be shared with us.

When you visit our website: We gather general information which might include which pages you visit most often and which services, events or information is of most interest to you. Personal data may be collected when you fill in forms on our websites and this includes information provided when you register to use our website, subscribe to our service and/ or make an enquiry.

We may also track which pages you visit when you click on links in emails from us. We also use "cookies" to help our site run effectively. There are more details below – see 'Cookies'.

We use this information to personalise the way our website is presented when you visit to make improvements and to ensure we provide the best service and experience for you. Wherever possible we use anonymous information which does not identify individual visitors to our website.

From other information that is available to the public: In order to tailor our communications with you to your background and interests we may collect information about you from publicly available sources or through third party service providers (we have provided further details about this below – see 'Profiling: Making our work unique to you').

3.1.1     Cookies

‘Cookie’ is a name for a small file, usually of letters and numbers, which is downloaded onto your device, like your computer, mobile phone or tablet when you visit a website.

They let websites recognise your device, so that the sites can work more effectively, and also gather information about how you use the site. A cookie, by itself, can't be used to identify you. 

How do we use cookies?

We use cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you come to our website and also allows us to improve the user experience.  

The cookies we use

We use the categorisation set out by the International Chamber of Commerce in their UK Cookie Guide.

We use all four categories of cookies:

  • Strictly necessary cookies are essential for you to move around our website and to use its features.
  • Performance cookies collect anonymous information about how you use our site, like which pages are visited most.
  • Functionality cookies collect anonymous information that remember choices you make to improve your experience, like your text size or location. They may also be used to provide services you have asked for such as watching a video or commenting on a blog.

No cookies, please

You can opt out of all our cookies (except the strictly necessary ones). Find out how to control and delete cookies in your browser.

But, if you choose to refuse all cookies, our website may not function for you as we would like it to.

If you have any questions about how we use cookies, please contact us at [email protected]

3.1.2     What data is processed?

Personal information we collect includes details such as your name, date of birth, email address, postal address, telephone number and credit/debit card details (if you are making a purchase or donation), as well as information you provide in any communications between us.  You will have given us this information whilst making a donation, registering for an event or any of the other ways to interact with us.

We will mainly use this information:

  • To process your donations or other payments, to claim Gift Aid on your donations and verify any financial transactions.
  • To provide the services that you have requested.
  • To update you with important administrative messages about your donation, an event or services you have requested.
  • To comply with the Charities (Protection and Social Investment) Act 2016 and follow the recommendations of the official regulator of charities, the Charity Commission, which require us to identify and verify the identity of supporters who make major gifts so we can assess any risks associated with accepting their donations.
  • To keep a record of your relationship with us.
  • Where you volunteer with us, to administer the volunteering arrangement.

 If you do not provide this information, we will not be able to process your donation, sign you up for a particular event or provide services you have requested.

We may also use your personal information:

  • To contact you about our work and how you can support Prisoners Abroad (see section on 'Marketing' below for further information).
  • To invite you to participate in surveys or research.

3.1.3     Marketing

We will only contact you about our work and how you can support Prisoners Abroad by phone, email or text message, if you have agreed for us to contact you in this manner.

However, if you have provided us with your postal address we may send you information about our work and how you can support Prisoners Abroad by mail unless you have told us that you would prefer not to hear from us in that way.

You can update your choices or stop us sending you these communications at any time by contacting [email protected] or clicking the unsubscribe link at the bottom of the relevant communication.

Sensitive Personal Information

Data Protection Law recognises that some categories of personal information are more sensitive. Sensitive Personal Information can include information about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs.

We will only use this information:

  • For the purposes of dealing with your enquiry, training, and quality monitoring or evaluating the services we provide.
  • We will not pass on your details to anyone else without your express permission except in exceptional circumstances. Examples of this might include anyone reporting serious self-harm or posing a threat to others or children contacting us and sharing serious issues such as physical abuse or exploitation.
  • Where you have given us your express consent that you are happy for us to share your story, then we may publish it on our blog or in other media. 

3.1.4     How long do we hold data for?

We retain the personal data processed by us for as long as is considered necessary for the purpose(s) for which it was collected, there may also be occasions which will require data to be kept for longer, however this will typically be for legal purposes.

In addition, personal data may be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it. We will periodically review this data, to ensure that it is still relevant and necessary.

  • Personal data relating to supporters – supporter data may be retained for as long as there is a legitimate interest to hold such data for this purpose/these purposes. If one or more of these purposes becomes obsolete a review of the types of data held should be made, and any types of data not required for the remaining purposes should identified as needing to be erased or destroyed. 
  • Personal data relating to service users – data relating to service users will be retained for three years after case closure at which time it will be destroyed, however, Prisoners Abroad reserves the right to retain information for longer than three years in exceptional cases.
  • Personal data relating to staff and volunteers – the following guidelines give an indication of how long personal and sensitive data on prospective, current and former employees will be kept;
  • Application forms – unsuccessful candidates – will be kept for one year
  • All other information will be kept for the duration of employment
  • Disclosure & Barring Service disclosures will be destroyed after six months
  • A summary of record of service e.g. name, position, dates of employment will be kept for 10 years from the end of employment.
  • Procedures for erasing or destroying data – When no longer required, all personal data stored in hard copy form should be placed in the confidential waste bins for disposal. All personal data stored in electronic form should, when no longer required, be erased from all relevant databases, spreadsheets or electronic lists.

3.1.5     Legal basis for using your information

In some cases, we will only use your personal information where we have your consent. 

However, there are other lawful reasons that allow us to process your personal information and one of those is called 'legitimate interests'. This means that the reason that we are processing information is because there is a legitimate interest for Prisoners Abroad to process your information to help us to achieve our vision of ensuring people survive imprisonment overseas with dignity and hope.

Whenever we process your Personal Information under the ‘legitimate interest' lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.

Some examples of where we have a legitimate interest to process your Personal information are where we contact you about our work via post, use your personal information for data analytics, conducting research to better understand who our supporters are, improving our services, for our legal purposes (for example, dealing with complaints and claims), or for complying with guidance from the Charity Commission.

3.1.6     6.       Marketing

We will only contact you about our work and how you can support Prisoners Abroad by phone and email if you have agreed for us to contact you in this manner.

However, if you have provided us with your postal address we may send you information about our work and how you can support Prisoners Abroad by mail unless you have told us that you would prefer not to hear from us in that way.

You can update your choices or stop us sending you these communications at any time by contacting [email protected] or clicking the unsubscribe link at the bottom of the relevant communication.

3.2      Our people

We collect personal data for our people as part of the administration, management and promotion of our organisational activities.

Our staff handbook explains further how personal data is held for our staff.

3.2.1     Applicants

Where an individual is applying to work for Prisoners Abroad, personal data is collected through the application process.

There are a number of purposes that personal data for applicants are collected.

  • We process an applicant’s personal data in order to assess their potential employment at Prisoners Abroad.
  • Administration and management. We may also use this personal data in order to make informed management decisions and for administration purposes.

Personal data collected for applicants is held for as long as necessary in order to fulfil the purpose for which it was collected, or for a maximum of two years where those purposes no longer become necessary.

3.3      Suppliers

We collect and process personal data about our suppliers, subcontractors, and individuals associated with them. The data is held to manage our relationship, to contract and receive services from them, and in some cases to provide services to our members.

3.3.1     Why do we process data?

  • Receiving goods and services. We process personal data in relation to our suppliers and their staff as necessary to receive the services.
  • Providing services to our service users. Where a supplier is helping us to deliver services to our service users, we process personal data about the individuals involved in providing the services in order to administer and manage our relationship with the supplier and the relevant individuals and to provide such services to our clients.
  • Administering, managing and developing our services. We process personal data in order to run our organisation, including:

- managing our relationship with suppliers;

- developing our services;

- maintaining and using IT systems;

- hosting or facilitating the hosting of events; and

- administering and managing our website and systems and applications.

  • Security, quality and risk management activities. We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails.  We have policies and procedures in place to monitor the quality of our services and manage risks in relation to our suppliers.  We collect and hold personal data as part of our supplier contracting procedures.  We monitor the services provided for quality purposes, which may involve processing personal data.
  • Complying with any requirement of law or regulation. We are subject to legal, regulatory and professional obligations. We need to keep certain records to show we comply with those obligations and those records may contain personal data.

3.3.2     What data do we hold?

We will hold supplier’s names, contacts names, and contact details of suppliers.

3.3.3     How long do we hold data for?

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).  Data may be held for longer periods where required by law or regulation and in order to establish, exercise or defend our legal rights.

4       Sharing personal data

We will only share personal data with others when we are legally permitted to do so.  When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.

Personal data held by us may be transferred to:

Third party organisations that provide applications/functionality, data processing or IT services to us

We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems.  For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services.  The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

Third party organisations that otherwise assist us in providing goods, services or information

Law enforcement or regulatory agencies or those required by law or regulations

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights.  We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

4.1.1     Your rights

You have various rights in respect of the personal information we hold about you – these are set out in more detail below.  If you wish to exercise any of these rights or make a complaint, you can do so by contacting our Fundraising team at Prisoners Abroad, 89-93 Fonthill Road London N4 3JH, by email at [email protected] and by phone on 020 7561 6820 (option 5). 

You have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner's Office (“ICO”). For further information on your rights and how to complain to the ICO, please refer to the ICO website https://ico.org.uk/concerns

  • Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge.  Please make all requests for access in writing, and provide us with evidence of your identity.
  • Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.  Please contact us as noted above, providing details of your objection.
  • Consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
  • Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
  • Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
  • Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
  • Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
  • No automated-decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.  You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law.  You also have certain rights to challenge decisions made about you.  We do not currently carry out any automated decision-making.

Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request.

5       Data Controller and contact information

The data controller for Prisoners Abroad is Zeta MacDonald, Deputy Chief Executive.

If you have any questions about this privacy statement or how and why we process personal data, please contact us at:

Prisoners Abroad, 89-93 Fonthill Road, Lodnon N4 3JH, [email protected]

020 7561 6820

6       Changes to our privacy statement

Updates to this privacy statement will appear on this website.  This privacy statement was last updated on 24/05/2018.