Privacy Policy

Privacy Notice
Effective: 01/07/2024
1. Introduction
Holocaust Educational Trust (referred to as “We, “Our”, “Us” or “The
Trust”), is committed to protecting the privacy and security of your
personal data. The Trust is a registered charity in England and Wales
(1092892) and in Scotland (SC042996).
We have developed this privacy policy to inform you of the data we
collect, what we do with your data, what we do to keep it secure as well
as the rights and choices you have over your personal data. This policy
covers all programmes
Throughout this document we refer to Data Protection Legislation means
the Data Protection Act 2018 (DPA 2018), United Kingdom General Data
Protection Regulation (UK GDPR), the Privacy and Electronic
Communications (EC Directive) Regulations 2003 and any legislation
implemented in connection with the aforementioned legislation. Where
personal data comprises of people in the European Union it also
includes the EU General Data Protection Regulation (EU GDPR). This
includes any replacement legislation coming into effect from time to
time.
The Trust is the data controller for the personal data we process, unless
otherwise stated.
We are registered with the Information Commissioner’s Office (the ICO)
with registration number Z5371798.
You can contact us either by phone, email or post.
Our Data Protection Officer is:
The DPO Centre Ltd.
50 Liverpool Street
London
EC2M 7PY
Email: advice@dpocentre.com
Phone: 0203 797 1289
Website: www.dpocentre.com
2. The Data We Collect &
Lawful Basis
We only collect personal data that we know we will genuinely use and in
accordance with Data Protection Legislation. The type of personal data
that we will collect on you, and you voluntarily provide to us, depends on
our reason for interacting with you and are laid out below.
Students, teachers or coordinators of one of our educational
programmes
 Title, name, gender, date of birth.
 Personal and professional contact information, including address,
postcode, email address and telephone number.
 Job title.
 If registering for a programme involving travel managed by us;
dates of birth, passport details, EHIC numbers, visa status.
 If attending an event or programme where food is provided; dietary
requirements and allergy information.
 Anonymised special category data for monitoring purposes;
gender, sexuality, disability, ethnicity and religious beliefs.
 Any other information provided by you at the request of the Trust.
 If purchasing items or making a donation; bank details or payment
card information, donation amount and method (e.g., cheque, bank
transfer etc.), Gift Aid status.
Donors and supporters
 If purchasing items or making a donation; bank details or payment
card information, donation amount and method (e.g., cheque, bank
transfer etc.), Gift Aid status.
 If signed up to our mailing list, email addresses and contact
information.
Website users
 If using our website some information is collected through cookies.
For more information see our Cookie Policy.
The lawful basis for processing your personal data is based on:
 Consent; where necessary and appropriate we ask for consent to
process your personal information. This may be collected when
signing up to one of our educational programmes, requesting to
receive our mailing list or agreeing to attend an event managed by
the Trust.
 Performance of a contract; we process personal information where
we have entered into a contract to provide a service entered into a
contract to receive a service.
 Compliance with a legal obligation; your personal data may be
processed in order for us to comply with the law, for example in
safeguarding investigations.
 Vital interests; in emergency situations we may process your data
to protect your vital interests.
 Our legitimate interests; where legitimate interest is used as a
lawful basis we will complete a Legitimate Interest Assessment. We
may rely on legitimate interest for processing data related to CCTV,
managing the data of our Ambassadors, and managing our social
media accounts.
The lawful basis for processing your special category data is based on
explicit consent.
4. How We Use Your Data
If you have applied to take part in one of our programmes we will use
your information to organise and co-ordinate the programme. Example
uses of your data include but are not limited to:
 Keeping a record of our relationship with you and monitor the
contact we have with you.
 Organising in person or online events including educator sessions,
survivor testimony events, walking tours, residential trips, visits to
historic sites, classroom or school based educational sessions,
fundraising events, events arranged in collaboration with third
parties or any other event organised by the Trust.
 Monitoring web usage.
 Sending interested parties information about our resources,
programmes and events.
 Fulfilling orders for ticketed.
 Processing any donations made to the Trust.
If you have supported the trust, for example by making a donation, we
will use your information to:
 Process your donation
 Process your Gift Aid declaration, if eligible.
 Keep records of our relationship with you and monitor the contact
we have with you
5. Who We Might Share
Your Data With
We may share your personal data with other organisations in the
following circumstances:
 If the law or a public authority says we must share the personal
data.
 If we need to share personal data in order to establish, exercise or
defend our legal rights (this includes providing personal data to
others for the purposes of preventing fraud and reducing credit
risk).
 From time to time, employ the services of other parties for dealing
with certain processes necessary for the operation of our Website.
 If taking part in travel arranged by the Trust; tour, airline, coach or
other transport companies and our insurance provider.
 If attending an event; event management or venue partners.
 If attending an event where food will be served; catering or event
management partners.
 Wealth screening and insight companies.
 Suppliers who provide us with communications services.
 Delivery partners who assist us to deliver our programmes
effectively.
 HMRC, if you a making a donation that is eligible for Gift Aid.
6. Transfers of Personal
Data Out of the UK
Due to the nature of our organisation there may be instances where we
may need to transfer your data outside the UK. We may need to share
your data with other companies who are in the European Economic Area
(The EU member states, Norway, Iceland and Liechtenstein), in an
adequate listed country or in other third countries who may not have
similar data protection laws to the UK. If we need to transfer your
information outside the UK we will take steps to ensure that appropriate
security measures are taken with the aim of ensuring that your privacy
rights continue to be protected. For more information you can contact us
using our details below.
7. Marketing
Communications
We may send you relevant offers and news about the Trust in a number
of ways including by email if you have previously consented to receive
these marketing communications. When you register with us we will ask
if you would like to receive marketing communications, and you can
change your marketing choices online, over the phone or in writing at
any time. If you interact with us by signing up or making an enquiry for
one of our goods or services, in a way that suggests further
communication would be welcome, for example taking part in one of our
programmes, we may contact you with further communications under the
Privacy and Communications Regulations soft opt in rules. You will
always be given instructions of how to opt out when we first collect your
data and in any further communication you receive from us.
If you wish to amend your marketing preferences (including opting out)
you can do so by emailing info@het.org.uk.
8. Links
This website contains links to other websites, which are clearly marked
as such. Please note that we have no control over external websites and
are not responsible for the protection and privacy of any information
which you may provide to them. Please refer to a website’s privacy policy
when using it.
9. Cookies
Please refer to our separate Cookie policy for how we use Cookies on our
website and to change your consent.
10. Your rights over your
information
10.1.1. The right to be informed about our
collection and use of personal data;
You have the right to be informed about the collection and use of your
personal data. We ensure we do this with our internal data protection
policies and through our external website policy. These are regularly
reviewed and updated to ensure these are accurate and reflect our data
processing activities.
10.1.2. Right to Access Your Personal
Information
You have the right to access the personal information that we hold about
you in many circumstances, by making a request. This is sometimes
termed ‘Data Subject Access Request’. If we agree that we are obliged to
provide personal information to you (or someone else on your behalf),
we will provide it to you or them free of charge and aim to do so within
30 days from when your identity has been confirmed.
We may ask for proof of identity and sufficient information about your
interactions with us that we can locate your personal information.
If you would like to exercise this right, please contact us as set out
below.
10.1.3. Right to Correction Your Personal
Information
If any of the personal information we hold about you is inaccurate,
incomplete or out of date, you may ask us to correct it.
If you would like to exercise this right, please contact us as set out
below.
10.1.4. Right to Stop or Limit Our Processing of
Your Data
You have the right to object to us processing your personal information
for particular purposes, to have your information deleted if we are
keeping it too long or have its processing restricted in certain
circumstances.
If you would like to exercise this right, please contact us as set out
below.
10.1.5. Right to Erasure
You have the right to have personal data erased. This is also known as
the ‘right to be forgotten’. The right is not absolute and only applies in
certain circumstances.
If you would like to exercise this right, please contact us as set out
below.
10.1.6. For more information about your
privacy rights
The Information Commissioner’s Office (ICO) regulates data protection
and privacy matters in the UK. They make a lot of information accessible
to consumers on their website and they ensure that the registered
details of all data controllers such as ourselves are available publicly.
You can access them here https://ico.org.uk/ . If you are based
elsewhere within the European Economic Area a list of supervisory
authorities can be found here https://edpb.europa.eu/aboutedpb/board/members_en.
You can make a complaint to the ICO (or other supervisory authority) at
any time about the way we use your information. However, we hope that
you would consider raising any issue or complaint you have with us first.
Your satisfaction is extremely important to us, and we will always do our
very best to solve any problems you may have. To make a complaint
directly to us, please see our contact details below.
You can submit a complaint directly to the ICO via this
link https://ico.org.uk/make-a-complaint/.
11. Data Retention
We retain personal data in accordance with the Data Protection
Legislation requirements and for as long as necessary. Generally, data
for attendees of Trust programmes is stored for 7 years but this depends
on relevant legislation, best practice and Trust requirements. If you have
any questions or concerns to our data retention practices you can
contact us directly using our details below.
12. Giving Your Reviews
and Sharing Your
Thoughts
You may be able to share information through social networks like
Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our
Services. When doing this, your personal data (e.g. your name, email
address, profile photo etc) may be visible to the providers of those social
networks and/or their other users. Please remember it is your
responsibility to set appropriate privacy settings on your social network
accounts so you are comfortable with how your information is used and
shared on them.
13. Security
Data security is of great importance to the Trust and to protect your data
we have put in place suitable physical, electronic and managerial
procedures to safeguard and secure your collected data. We store your
data on our secure servers based in the UK.
We take security measures to protect your information including:
 Limiting access to our buildings to those that we have determined
are entitled to be there;
 Implementing access controls to our information technology;
 We use appropriate procedures and technical security measures
(including strict encryption, anonymisation and archiving
techniques) to safeguard your information across all our computer
systems, networks, websites and offices.
 Never asking you for your passwords;
 Advising you never to enter your account details or password into
an email or after following a link from an email.
14. Cyber essentials plus
As well as the above security measures the Trust has also achieved Cyber
Essentials Plus certification which is reviewed annually. Copies of our
certification is available if requested by contacting us below.
15. Changes to Our Privacy
Policy
We may change this Privacy Policy from time to time (for example, if the
law changes). We recommend that you check this policy regularly to keep
up to date.
16. How to Contact Us
If you would like to exercise one of your rights as set out above, or you
have a question or a complaint about this policy, the way your personal
information is processed, please contact us by one of the following
means:
By email: info@het.org.uk
By telephone: +44 (0)20 7222 6822
By post: BCM Box 7892, London, WC1N 3XX