Privacy Policy

Hearing Dogs for Deaf People (“we”, “us”, “our”) is committed to protecting the privacy and personal information of everyone who engages with us. This policy explains what information we collect, how and why we use it, and the rights you have over your data.

This policy covers:

  • Hearing Dogs for Deaf People
  • Hearing Link
  • Hearing Dogs for Deaf People (Trading) Ltd
  • Hearing Link (Trading) Ltd 
    (collectively referred to as “we”, “us”, or “our”).

We are registered with the Information Commissioner’s Office (ICO) under number: Z7456458. 
Registered charity numbers: England & Wales 293358, Scotland SC040486.

Registered address: 
Hearing Dogs for Deaf People, The Grange, Wycombe Road, Saunderton, Princes Risborough, Buckinghamshire, HP27 9NS

For any questions about this policy or your data rights: 
Email:  dataprotection@hearingdogs.org.uk 
Phone: 01844 348100 (Mon–Fri, 9am–5pm)

 

1. Summary – What You Need to Know

We collect and use personal information so we can:

  • Process donations and Gift Aid
  • Provide services and support
  • Keep in touch with supporters
  • Run events and volunteering programmes
  • Conduct responsible fundraising, including prospect research and due diligence
  • Meet our legal and regulatory obligations

We never sell your data. 
You can change your communication preferences or opt out of profiling at any time.

 

2. Who this policy applies to

This policy applies to anyone who interacts with us, including:

  • Donors and supporters
  • Volunteers
  • Recipients , their networks and service users
  • Event participants
  • Customers of our trading entities
  • Website visitors
  • Professionals, partners and suppliers
  • Anyone who interacts with us on or offline.  

 

3. Information we collect

3.1 Information you give us directly

Including when you:

  • Donate
  • Sign up for an event
  • Join a mailing list
  • Use or enquire about our services
  • Purchase goods
  • Volunteer or apply for a role

This may include:

  • Contact details such as name, address, email, phone number
  • Date of birth
  • Communication preferences
  • Payment details (including any Gift Aid declarations)
  • Information relating to your relationship with us
  • Reasons for donating or areas of interest

3.2 Information we collect automatically

When you use our website or digital channels:

  • IP address
  • Device and browser type
  • Cookies and tracking data
  • Pages visited
  • Interactions with emails or online content

(For more information, see our separate  Cookie Policy)

3.3 Information from third parties and publicly available sources

We may receive information from:

  • Fundraising platforms (e.g. JustGiving, Facebook, Funraisin, GoDonate, Gatherwell, CFP Lottery & Raffles Ltd)
  • Event partners and registration platforms (e.g. Opentable)
  • Payment and Gift Aid partners
  • Data accuracy services
  • Publicly available sources (see Section 6)
  • External research or wealth screening agencies (e.g. Prospecting for Gold, Factory)
  • Professional advisors (e.g., trusts, foundations, donor-advised funds)

3.4 Special category data

We only collect sensitive personal data when necessary, and with additional safeguards. This may include:

  • Health or accessibility information (e.g. for event participation, or as a beneficiary or service user)
  • Safeguarding and welfare information

We do not use special category data for fundraising profiling.

4. How we use your information

We use your personal information to:

  • Process donations, purchases and Gift Aid
  • Respond to enquiries and applications
  • Steward and support donors
  • Administer events and volunteering
  • Manage beneficiary services
  • Carry out due diligence and risk management
  • Send you information about our work (according to your preferences)
  • Understand supporter behaviour to improve our fundraising and communications
  • To improve our services and supporter experience
  • Conduct prospect research, profiling and wealth screening (see Section 6)
  • Meet legal, financial and regulatory obligations

We always aim to use the minimum information needed and only keep it as long as necessary.

 

5. Our lawful bases for processing

We rely on one or more of the following lawful bases:

Consent 
For email or SMS marketing, and for processing special category data when needed.

Contracts 
Where processing is necessary to fulfil an order, booking, or agreement.

Legal obligation 
For Gift Aid, financial audits, safeguarding, fraud prevention and statutory reporting.

Vital interests 
To protect someone in an emergency.

Legitimate interests 
For activities including:

  • Postal fundraising
  • Impact reporting
  • Supporter analysis and segmentation
  • Prospect research and wealth screening
  • Due diligence for significant, unusual or high-value gifts
  • Data accuracy and suppression
  • Personalisation and stewardship
  • Event administration
  • Internal governance and reporting

We conduct Legitimate Interest Assessments (LIAs) for higher-risk activities such as profiling and prospect research.

A summary of our LIA and DPIA for prospect research/wealth screening is available on request.

6. Profiling, Prospect Research & Wealth Screening

We undertake proportionate profiling and research to ensure supporters have a relevant, respectful experience and to steward donations responsibly. This also helps us avoid inappropriate or excessive fundraising approaches.

We never make automated decisions about you.

 

6.1 What we do

We may:

  • Combine information you provide with publicly available sources
  • Assess potential interest in or capacity for supporting our work
  • Identify individuals who may be able to offer connections, expertise or advocacy
  • Analyse giving history, event attendance or engagement
  • Enrich our database with postcode-based indicators or segmentation models
  • Conduct due diligence on higher-value gifts, unusual donations, or relationships posing risk

We do not:

  • Use private social media content
  • Access personal data from data breaches, leaks or paid “people finder” services
  • Carry out intrusive or excessive profiling

All research is subject to human review and professional judgement.

6.2 Sources we use

  • Public and reputable sources may include:
  • Companies House
  • Charity Commission
  • Land Registry
  • Who’s Who and Debrett’s
  • Publicly visible LinkedIn profiles
  • Published articles or reliable news media
  • JustGiving and fundraising platforms  
  • Philanthropy publications
  • Trust and foundation annual reports
  • Electoral registers (where lawfully available)

6.3 External screening agencies

Where we use agencies such as Prospecting for Gold, Experian, or Factary

  • We share only the minimum data needed (often name and postcode or hashed data)
  • They operate under contract and may not use the data for their own purposes
  • Data is encrypted in transit
  • Data is deleted promptly after processing
  • We conduct data protection due diligence and contract controls

6.4 Use of Artificial Intelligence (AI) and Automated Tools

We may use artificial intelligence (AI)-enabled tools and automated systems to support our work more efficiently and responsibly. These tools are used as a tool to assist staff to work more effectively, never to replace human judgement.

AI may be used to help us:

  • Analyse large volumes of data to identify patterns or trends
  • Improve data quality, accuracy and consistency
  • Support supporter insight, segmentation, marketing or reporting
  • Draft or summarise internal documents or communications
  • Enhance service delivery, operational planning or risk management

Where AI tools may be used in connection with personal data:

  • We only use them for clearly defined, lawful purposes
  • We apply data minimisation and privacy-by-design principles
  • Outputs are reviewed by staff before any action is taken
  • We do not make decisions about individuals based solely on automated processing

We do not use AI to:

  • Make fully automated decisions on individuals
  • Carry out intrusive profiling
  • Process special category data for fundraising purposes
  • Share personal data with AI providers for their own training or commercial use

Any third-party AI providers we use are subject to appropriate due diligence, contractual safeguards, and data protection requirements. Where AI tools process personal data, they operate only on our instructions and in line with UK data protection law.

You have the right to object to processing that involves profiling or automated tools, and to request further information about how your data is used.

6.5 Legal basis

We rely on legitimate interest for all prospect research, profiling and wealth screening. We complete a Data Protection Impact Assessment (DPIA) and a Legitimate Interest Assessment (LIA) to ensure risks are minimised and your rights are protected.

6.6 If you wish to opt out

You can opt out of any profiling or research at any time by contacting:

Email:  dataprotection@hearingdogs.org.uk 
Phone: 01844 348100 (Mon-Fri 9am-5pm)

We may still need to undertake basic due diligence on certain gifts for legal and regulatory requirements.

 

7. Due diligence for significant gifts or partnerships

We carry out proportionate due diligence to:

  • Prevent fraud and financial crime
  • Comply with charity and fundraising regulations
  • Make informed decisions about accepting donations in line with our Gift Acceptance Policy
  • Protect our reputation, beneficiaries, volunteers and supporters

This may involve reviewing:

  • Sanctions lists
  • PEP (politically exposed person) registers
  • Adverse media
  • Corporate structures
  • Potential conflicts of interest

All checks are documented and reviewed proportionately.

8 Direct Marketing and Digital Tracking

8.1 Direct Marketing

We send marketing by email or SMS only with your consent. 
We may send postal marketing under legitimate interest if you have not opted out.

You can change your preferences or opt out at any time by contacting dataprotection@hearingdogs.org.uk, supporter@hearingdogs.org.uk  or using the unsubscribe link in emails.

8.2: Digital Tracking & Online Advertising

We use digital tools to understand how supporters engage with our online content and to ensure our fundraising and communications are relevant. This may include:

  • Tracking interactions with our emails (e.g. whether links are clicked or emails are opened).
  • Using cookies, pixels and similar technologies on our website and social media platforms. You can manage these through your browser or device settings.  
  • Working with advertising partners (such as Facebook, Google or other digital platforms) to deliver targeted adverts or measure campaign effectiveness.
  • Creating “lookalike” audiences or custom groups on social media platforms, based on supporter data we already hold, to reach people with similar interests.

We only share the minimum data required with advertising partners, and it is always transferred securely. Partners work under contract are not permitted to use this data for their own purposes. You can control cookies through your browser settings and opt out of targeted advertising directly via the relevant platform.

We rely on legitimate interest for these activities, and we complete a Legitimate Interest Assessment (LIA) to ensure your rights are protected. You can opt out of digital tracking or targeted advertising at any time by contacting:  dataprotection@hearingdogs.org.uk

 

9. Who we share your information with

We never sell your data.

We may share information with trusted third parties who support our work and help us deliver our services, including:

  • Mailing houses and fulfilment partners
  • Event organisers and platforms
  • Fundraising and marketing agencies
  • Payment providers and direct debit processors
  • Wealth screening or research agencies
  • Customer Relationship Management System and IT system providers
  • Auditors, professional advisors and regulators

All suppliers are contractually required to:

  • Act only on our instructions
  • Apply appropriate technical and organisational security measures
  • Delete information when no longer required
  • Never use your data for their own purposes
  • Undergo due diligence checks  

10. International transfers

Whilst we actively try and avoid working with data processors who hold information outside of the UK and EU. Some suppliers may process data outside the UK or EEA. 
Where this happens, we ensure appropriate safeguards, including:

  • ICO-approved International Data Transfer Agreements (IDTAs)
  • Standard Contractual Clauses (SCCs)
  • Assessed technical and organisational protections

You can request more information about international transfers by contacting us.

11. How we protect your information

We use robust security measures, including:

  • Encrypted systems and secure servers
  • Restricted access and role-based permissions
  • Multi-factor authentication
  • Staff DBS checks (where applicable)
  • Staff training and awareness
  • Regular audits and penetration testing
  • Pseudonymisation and anonymisation where appropriate
  • Secure data destruction practices

12. How long we keep your information

We keep data only for as long as necessary. Indicative periods:

  • Donation & Gift Aid records: 7 years after last gift aid claim
  • Major donor research files: 3–7 years after last meaningful interaction
  • Volunteer records: duration of role + 5 years
  • Beneficiary/service user records: 5 years after last contact
  • Legacy records: until the estate is fully administered (often many years)
  • Special category data: minimum necessary period

A full retention schedule is available on request.

13. Children and vulnerable people

We take extra care when handling the data of children and potentially vulnerable adults. If we believe someone may be vulnerable, we will:

  • Adjust or limit fundraising communications
  • Avoid profiling or screening activity
  • Obtaining explicit consent from guardians for under 16s
  • Communicate sensitively
  • Ensure additional safeguards are in place including specific terms and conditions for vulnerable individuals and gambling products.

Where necessary, we may process information to ensure someone’s protection or wellbeing.

13.1 Accessibility

We recognise that privacy information can sometimes be difficult to understand, especially for children and young people or those who may need additional support.

If you would like this policy explained in a simpler format, large print, British Sign Language, or Easy Read version, please contact us. We are happy to provide information in a way that works best for you.

14. Your rights

You have the right to:

  • Be informed
  • Access your data
  • Correct inaccurate information
  • Request deletion
  • Restrict processing
  • Object (including to profiling or direct marketing)
  • Request transfer of your data
  • Challenge automated profiling
  • Withdraw consent where processing is consent-based

To exercise your rights: 
Email: dataprotection@hearingdogs.org.uk 
We aim to respond within one calendar month (or three calendar months for complex requests).

15. Complaints

Hearing Dogs for Deaf People are registered with the Fundraising Regulator and as such adhere to their code of conduct.  

If you have concerns about how we use your information, please contact: 
Email:  dataprotection@hearingdogs.org.uk

You can also contact the Information Commissioner’s Office (ICO): 
www.ico.org.uk

16. Updates to this policy

We may update this policy occasionally. The most recent version will always be available on our website.

Last updated: February 2026 
Next review due: On or before February 2027