Privacy Policy
We are The Charlie Waller Trust (Registered in England & Wales No. 05447902) and our registered office is First Floor, 23 Kingfisher Court, Newbury, Berkshire, RG14 5SJ.
The Charlie Waller Trust is responsible for collecting, processing, storing and safe-keeping personal and other information as part of providing training and educational
services, and carrying out our regular organisational activities. We manage personal information in accordance with data protection legislation including the Data Protection Act 2018 and we are registered with the Information Commissioners Office in the UK with reference number Z2242499. Any questions regarding our processing of personal data should be directed to our email address: hello@charliewaller.org
Data processing principles
This Privacy Policy outlines our approach to any kind of data processing where we are acting as a data controller or co-controller, including the collection, use, transfer, storage and deletion of personally identifiable information about natural persons. This policy applies to our processing of data collected through any means, actively as well as passively, from persons located anywhere in the world.
When processing data we will be guided by the following principles:
- We will only collect data for specific and specified purposes, which will be made clear at the point when we request your personal information;
- We will not collect data beyond what is necessary to accomplish those purposes; we will minimise the amount of information we collect from you to what we need to deliver the services required;
- We will collect and use your personal information only if we have legitimate business reasons for doing so, such as contacting you about events, programmes or initiatives which the Trust is running;
- We will not use your data for purposes other than those for which it was collected, without your prior consent;
- We will seek to verify and/or update your data periodically and we will accept requests from you for amendment of the data held;
- We will apply high technical standards to make our processing of data secure;
- Except otherwise stated, we will not store data in identifiable form longer than is necessary to accomplish its purpose or as required by law.
How we collect and use personal information:
Most personal information is provided directly and voluntarily by you when you engage with us in order to enquire about our services, events or activities. We will collect information from you when:
- You sign up to our newsletter or mailing list;
- You download an opt-in;
- Provide your details directly to a Trust employee or associate at an event;
- You book onto an event or programme we are running;
- You contact us for information via our website or social media channels, by phone or by email;
- You apply for a job with us;
- You make a donation to the trust via our website or by phone;
- You post on our social media channels, website or blog;
- You work with us in a commercial capacity.
We collect this information in order to make available to you our services or activities and to communicate with you in relation to our ongoing organisational activities and initiatives. We may use the information collected to:
- Allow us to process a booking for a programme or service which you purchase from the Trust;
- Create a profile for you in our client database;
- Send you our newsletters and/or provide you with information on services, events and activities which we feel may be of interest to you, where you have consented to be contacted for such purposes;
- Respond to enquiries you make about our services or activities;
- Ask you to take part in surveys or quiz events;
- Ensure that content from our site is presented to you in the most effective manner for you and your computer or device;
- Notify you about updates to our services or activities;
- Make Gift Aid claims to His Majesty’s Revenue & Customs (HMRC);
- Get feedback from you regarding the quality of our services and activities.
From time to time we will use a third party print and distribution service provider to send you direct mail containing information about our programmes and activities. When we instruct the service provider to distribute direct mail on our behalf, we send a password protected mailing list which only has the information necessary for them to carry out the task; your name and address. We only use such third party service providers to process data when we are confident that they have appropriate data protection measures and systems in place that are compliant with Data Protection Legislation.
We will never sell or lend your personal data to third parties, or share your personal data for marketing purposes, without your express consent. Nor will we transfer any personal data outside of the European Economic Area (EEA) without consent and appropriate due diligence.
What information we collect:
In accordance with Data Protection Legislation we only collect and process information which we require to meet the specific purposes as stated above. The information we may collect about you could include, but is not limited to:
- Contact details;
- Personal details and identifiers;
- Bank and payment details;
- Details about your occupation and business;
- Diversity data for Equality, Diversity and Inclusion (EDI) monitoring;
- Details about your lifestyle and social circumstances;
- Details about how you use our website including technical data such as IP address.
Occasionally we may ask for special category data if necessary for a particular service such as mental health history and medical information. As per our Data Processing Principles (point 2 above) we will only ask for information that is necessary to deliver our services and any special category data will only be collected with your express consent, and will be handled in line with Information Commissioner’s Office (ICO) best practice guidelines for special category data.
How we store your information:
We have in place appropriate technical and organisational measures to ensure the security, confidentiality, integrity and availability of personal data we control. Your information is securely stored on the Trust’s cloud storage database which is not publicly accessible or stored in any public domain – it is accessible to Trust employees and affiliates only, and is password protected. We also have in place appropriate procedures to handle any potential Personal Data Breaches, in accordance with Data Protection Legislation. Any such breaches will be reported to the relevant supervisory authority and notified to the affected data subjects where we are legally required to do so. We may store or process your data on cloud based platforms or service providers whose servers are based outside of the UK, such as Eventbrite, an event and comms management platform whose servers are located in the US. We will only use such third party service providers where we are confident that appropriate safeguards are in place to ensure that any personal data is subject to an equivalent level of security and protection as required under UK Data Protection Legislation. We will only keep your personal data for as long as is necessary to meet the requirements for which it was collected. This will vary depending on the nature of the requirements and the processing, but apart from in exceptional circumstances where longer retention is necessary, we will only retain your personal data for 6 years. After this period of time we will delete your personal data unless there is a legitimate business reason to retain all or parts of the data we hold.
Legal basis for processing your data
The General Data Protection Regulation (GDPR) provides that processing of your data shall only be lawful if and to the extent that at least one of the following applies:
- You have consented;
- For the performance of a contract;
- For compliance with a legal obligation which we must perform;
- To protect the vital interests of your or another person;
- It is in the public interest;
- It is in the legitimate interests pursued by us or a third party.
We collect data for the purposes set out above. All personal data is managed to ensure that it is either erased from our system when it is no longer required for the purpose for which it was collected, retained for legal reasons or minimised and retained. Any special category data collected from you has special protection and is limited to that permissible by law. In all instances where special category data is collected we will obtain your express consent.
Website use and marketing
Our site contains links to and from other websites which are operated by individuals and companies over which we have no direct control. If you follow a link to any of these websites, please note that these websites have their own privacy and terms of use polices. We do not accept any responsibility or liability for these policies. We advise you to check the policies for third party sites before you submit any personal data to the website.
Our website uses cookies; small pieces of code comprising of letters and numbers that are automatically placed on your machine, with your consent, to help our site provide a better user experience. Cookies do not typically include identifying personal information, but they may be linked to personal information which is stored about you. We use cookies to record your user preferences and to provide data for the purpose of website analytics.
We use website analytics to provide the best user experience and service to you and to evaluate and improve our site. We utilise third party data analytics service providers, Google Analytics and Click Dimensions, to improve our visibility and to monitor website browser behaviour and navigation across our site.
These data analytics tools use cookies to collect this information on our behalf in accordance with our instructions and in line with their own privacy policies which we believe to be robust and compliant with relevant Data Protection Legislation. Google Analytics and Click Dimensions may collect the following data about the way you use our site, which will usually be anonymised and aggregated before reporting back to us:
- Number of visitors to our site;
- Pages visited whilst using the site and time spent per page;
- Page interaction information, such as scrolling, clicks and browsing methods;
- Source location and details about where users go when they leave the site;
- Page response times and any download errors;
- Other technical information relating to end user device, such as IP address or browser plug-in.
From time to time we may use the information collected about you and your activity on our website to assess and evaluate your user experience and make changes to our website that affect your future user experience including navigation and automations.
In general, cookies should make your browsing experience better. You may choose not to accept cookies for our website, which you can do by disabling cookies in your browser settings, but please be aware that this may impact your user experience on our website.
We may send you marketing emails and communications when you have opted in or otherwise given consent for us to do so. These emails will usually come from one of our comms platforms, Dynamics or Eventbrite, where you personal data is stored and processed securely and in line with Data Protection Legislation. We will make it as easy as we can for you to opt out of unwanted processing, providing it does not restrict our ability to provide you with the primary service you have requested.
Please note if you wish to unsubscribe from any marketing emails that you have signed up for, you can do so by clicking onto the unsubscribe link on the marketing email that was sent to you. It may take 24 hours for this to become effective.
Changes to this Privacy Policy
This Privacy Policy will be reviewed every 12 months, or upon changes to relevant Data Protection Legislation being published, whichever is sooner. We reserve the right to update this Privacy Notice from time to time. Where appropriate, we shall contact you to notify you of any material changes to the Privacy Notice. You should also refer to our website periodically so that you may access and view our updated Privacy Notice. This will ensure that you understand how we are using your personal data and your legal rights around our usage of such personal data.
If you have any questions regarding the Trust’s data protection or privacy policies, please contact us at hello@charliewaller.org with the subject line “Privacy Policy Enquiry” and we will be happy to help answer your concerns. Should you still have concerns about the way in which the Trust manages your personal data then you should contact the relevant supervisory authority, which in the UK is the Information Commissioner’s Office.
The Charlie Waller Trust
The Charlie Waller Trust is a registered charity in England and Wales 1109984. A company limited by guarantee. Registered company in England and Wales 5447902. Registered address: The Charlie Waller Trust, First Floor, 23 Kingfisher Court, Newbury, Berkshire, RG14 5SJ.
Copyright © 2025 The Charlie Waller Trust. All rights reserved.