Privacy Policy

Information on this policy

Your personal information (such as your name and contact details, known as ‘personal data’) is protected by specific legislation:

  • Until 25 May 2018: The Data Protection Act 1998
  • 25 May 2018 onwards: General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
  • Privacy and Electronic Communications (EC Directive) 2003

The laws in this area continue to develop quickly. We take our responsibilities around data very seriously, and it’s important to us that you understand how and why we ask for and work with your details. Your privacy is important to us and we have policies to ensure that we collect only the data that we need to carry out our business, and that we don’t keep it any longer than we need to.
This policy explains how we collect, manage, use and protect your personal data, including how we work with third parties.

We never sell or swap your details with any other organisation for their marketing purposes. If you would like more information on anything in this policy, please do get in touch with IDEAS.

Our Data Protection Officer is the Administrator for IDEAS who can also be contacted using the email address

Understanding your rights

It is important that you understand your legal rights around your personal data and how we may use it. If you would like to discuss or exercise any of these rights, please do get in touch with our Administrator (contact details above)

Right to be informed

This Privacy Policy ensures that you are informed about how we will process your personal data. You might also see messages on some of our forms (or otherwise when we collect personal data from you) that explain why we ask for specific pieces of information from you.

Right of access

You have the right to access a copy of your personal data and receive certain information about what the data is and how and why we are processing it. Please note that we will require you to prove your identity before we disclose any information.

Right to rectification

If you feel that any of the information that we hold about you is incorrect, do let us know so that we can look into it.

Right to object

You have the right to object to the processing that we have outlined in this policy.

Right to erasure / to be forgotten

You have the right to request that we delete your information and can discuss this with us at any time. You should know that there are some circumstances where we may need to keep your details, for example, if it is necessary to comply with a legal obligation on us. If this situation occurs, then we will explain and discuss these circumstances with you.

Right to restrict processing

You can request that we restrict processing of your data, as an alternative to deleting it – this means that we will keep the data but stop processing for most purposes. You may want to exercise this right if you feel that the data is inaccurate, that our processing of it is unlawful, whilst we progress a request from you to object to processing, or if we have no further need of the data, but you require us to keep it in relation to the establishment, exercise or defence of a legal claim.

Rights related to automated decision making

You have rights to avoid being subject to decisions based solely on automated processing (including profiling) which has a significant effect on you. At IDEAS we do not carry out any such processing.

Right to data portability

You have the right to request a copy of certain personal data to have it transferred to another organisation in certain circumstances.

You should know that there are some circumstances where these rights may not apply, but where this is the case we will always explain this to you. Please do contact us if you have any questions or concerns on how we collect and use your personal data, or on your rights, as we are always happy to speak to you. You also have the right to make a complaint direct to the UK’s data protection authority, the Information Commissioner’s Office (ICO). The ICO can be contacted at: and concerns can be also logged via the ICOwebsite.

Why we collect and use personal data

We collect personal data to help us to process your requests, keep in touch with you and to help us to interact with you in the most effective way.

Examples of why we process your personal data include:

  • To keep you updated on our work and the impact of your support;
  • To make sure you know about events that you can participate in;
  • To invite you to participate in campaigns or make you aware of relevant campaigns;
  • To support you as a volunteer;
  • To process payments, and verify financial transactions to protect you from fraud;
  • To provide services, products or information you have requested;
  • To check with you on how you want us to contact you, and record these preferences;
  • To keep notes of conversations that you have with our team, as a reference if you want to revisit the conversation later;
  • To notify you of changes to our policies when these affect you;
  • To ensure that content from our site is presented in the most effective way for you and your computer;
  • If we need to do so to comply with a law, process or regulatory requirement;
  • To process a job application you may make with us.

The information that we collect

The personal data that we collect about you will be based on how you interact with us, but we collect the following information from many of our supporters:

  • Your name;
  • Your postal and email addresses;
  • Your telephone number or numbers;
  • Details of any correspondence that we have had with you. For example, if you call about additional advice on resources used within the network;
  • How you would like to hear from us, and when you told us this;
  • Your date of birth;
  • Events that you have taken part in or enquired about.

There is also other information that we may collect and hold in specific circumstances. For example:

  • Your bank account details if you are a customer or supplier with us;
  • Health information that you give us if you are participating in an event, to help us to ensure your safety;
  • Campaigning actions that you have taken on our behalf;

Sensitive data

Some personal data is legally considered to be sensitive, and so is subject to additional safeguards – in data protection law this is known as ”special category” data. Data on the following matters is classed in this way:

  • Race;
  • Ethnic origin;
  • Political opinions;
  • Religion or philosophical beliefs;
  • Trade union membership;
  • Genetics;
  • Biometrics (where this is used for identification purposes);
  • Health;
  • An individual’s sex life; or
  • Sexual orientation

Similar protections apply to personal data relating to criminal convictions and offences.

We will only collect or use this type of data if there is a specific reason for doing so. We will always explain this reason to you when we ask for the data and will usually ask for your explicit consent to use it. For example, if you register to run a marathon on our behalf, we will ask to collect and store information on your health for your own protection and to make sure that we can provide you with appropriate facilities and support. We wouldn’t ask for consent if it is information that you have clearly made public, for example, the political views of a political figure or candidate, or your religion if you are working with us because you represent a faith group such as your church.

Age is not legally considered as a special category of data, but we will always treat it sensitively.

You might also want to look at how we collect information about you, which includes occasions where we may work with third parties.

How and when we collect information about you

There are a number of ways that we collect information; most often this will be directly from you, for example, if you fill out a form on our websites (ideas-forumstridemagazine; signpostsglobalcitizenship; teachglobalambassadors). Whenever we ask for information from you we will explain why we are asking for it (including by reference to this policy). Most communication is electronic within IDEAS for example Stride is a free online magazine and you will receive an email when the new issue is online and if an update to content. You can unsubscribe to these mailings any time.

We do not buy lists of data to use for our marketing purposes or share data with other charities for them to use in their marketing purposes.

Anonymous information: cookies

Like most websites, the IDEAS site uses cookies; small data files that are downloaded when you use a website, to make the site easier to use. The information that is gathered is totally anonymous to us, but it helps us to see how people use our site, so that we can provide a better user experience.

Our legal basis for processing your information

We will always make sure that we consider why we are processing your personal data and identify our legal basis for doing so. Often this will be because you have given us your consent. We may also process your data where we are furthering our legitimate aims and have assessed that the processing is not likely to be too intrusive, or to unduly infringe on your rights and freedoms. In legal terms, this is called the “legitimate interests” basis.

In some cases, we have a legal or statutory duty to process information, and we will always comply with any legal requirement.

We may also process your personal data where it is necessary to carry out the terms of a contract which we have with you (or when we are in the process of forming that contract with you).

Marketing communications

We will make it easy for you to tell us if you would like to receive “marketing” communications (including information on training, events and opportunities) from us and hear more about our work, and the ways in which you would like to receive this information. IDEAS tends to use emails though also can use post, SMS and phone. In every communication, we will always make it clear how you can tell us if you choose not to receive further marketing communications, either at all, on certain topics or by certain methods.

If you tell us that you do not want to receive marketing communications, we will remove you from our list and will then not send you any further marketing materials.

Processing your data on the basis of your consent:

There are a number of circumstances where we only process your data on the basis of your consent. Examples of this are:

  • To send you marketing by email – e.g. information on global citizenship courses; events and opportunities available.
  • To send you updates on Stride and Signposts.
  • To send you direct messages through social media.

When you give your consent for us to contact you, we do not treat this as valid indefinitely. However, we understand that our supporters want to continue to hear from us whilst they have an active relationship with us, and for a period afterwards.

We will consider your consent to be valid whilst you take these actions, and then for 24 months afterwards, to enable us to keep you up to date with our work and to offer you other ways you might choose to support us. At the end of this time period then we will get in touch with you to re-confirm that you are happy to continue to hear from us.

You can withdraw your consent at any time. If you wish to do so, or have any questions on this, please do just get in touch with our Administrator at any time and they’ll be happy to help:

The Legitimate Interests basis

We have a duty to our member to promote ourselves and our work on global citizenship; to responsibly progress our charitable aims through advocacy work, projects and working with network members; to update our supporters and the general public on our progress; and to operate in an effective way. We always pursue these interests in a respectful manner, with our supporters at the heart of what we do.
We might further our legitimate interests in the following ways:

To communicate with you about marketing and fundraising materials or products:

  • To respond to requests for information, such as training or resources around global citizenship on a particular theme. At times your request may be forwarded to a member organisation who do the direct delivery in your area though we would always make you aware.
  • To send you mail relating to activity that we think you may be interested in (unless you have told us you do not want this). We will always consider how much mail you receive from us, and what the topic is, to ensure that it is appropriate.
  • To use social media so that you see IDEAS work on your newsfeed. 

To ensure that we understand our supporters and so can contact them in a way that is relevant for them, and to make sure that we are using our budgets effectively:

  • To segment and analyse our data that we hold so that we can understand who our beneficiaries and supporters are and contact them about specific activity. For example, to identify which teachers have participated in a particular training.
  • To manage our everyday business needs
  • To work with third party suppliers, where we can make use of their expertise in a specialist field, or where they can provide services at a more cost-effective rate than we could manage internally. 
  • To update our database records to keep them accurate, for example, to amend an address where we receive returned mail.
  • To contact former job applicants who have been placed in our vacancy list. 

You have the right to object to us processing your data on the grounds of our legitimate interests. If you would like us to stop using your data on this basis, please do get in touch with our Administrator. You will also see a ‘please do not contact me by post’ box on our communications where we are using the legitimate interest basis, and you can also tick this to ask us to stop sending these.

Administrative messages

There are some administrative messages that we legally must share with you, which are not affected by how you have told us you would like us to contact you for marketing purposes.

Examples of these include:

  • Confirming the details of any direct debit that you set up with us, including your bank account and payment details;

How we work with third parties in processing personal data

At IDEAS, we sometimes work with third parties. It’s important that you understand the circumstances where this might happen, and who we work with.

We never sell or swap your details with any other organisation for their marketing purposes.

These are some examples of how we work with third parties:

  • Where we sign a contract with a third-party supplier to carry out services for us. These contracts will always hold a supplier to our own high standards of data protection, to ensure that they treat your information with the same care as we do.
  • Where you register to take part in an event (such as a training course), and we have to provide your details to the event organiser to secure your place.
  • Where we use companies who can help us to enhance the information that we hold about you, for example, to help us to understand which local authority you fall into, which sector/school you work in.
  • Where we might use your phone number or email address to communicate with you on social media. This won’t be through direct, personal messages, but updates about our work and stories that we think you might be interested in, which might appear in the form of content on your newsfeed.
  • Where we legally have to share information.

Third party suppliers

We may use companies to provide services and process your personal data on our behalf, where they have a specific expertise or can offer the most cost-effective solution for us. Some of the activities that third-party companies carry out for us are:

  • Making telephone calls to our beneficiaries with regards to courses coming up;
  • Signing up individuals to training sessions;
  • Sending emails;

Whenever we work with a company in this way, we will always have a contract with them, to be certain that they treat your data with the same level of care and respect as we do. We will only send them the data that they need to carry out their specific service, and they are required to delete it or return it to us once they have completed this. Your data will only ever be passed to them for the services that they carry out on our behalf, it is never shared for their marketing purposes.

Event organisers

Some events require us to pass your personal information to the event organisers to secure your place. We will always make this clear to you at the point of your registration, so you understand the information that we will transfer, and who will receive it. For example, a travel company if you are representing IDEAS on our behalf at an event.

Third Parties who send us data

Some third-party organisations collect data on our behalf, and share it with us, in accordance with their policies and procedures for data protection compliance. These organisations are members of IDEAS. We do not use this to add new contact data; so if we already have your address, we may update this, but if we do not have your telephone number we will not use one of these organisations to find and record it. Whenever you give your data to any organisation, you should always make yourself aware of their Data Protection and Privacy Policies.

Below is an example of organisations we currently receive this information from:

  • Member organisations (a list of members can be found on our website) this information tends to be recorded as a service delivery provider on behalf of IDEAS under a service level agreement.

Social media

Using social media is a great way for us to update you on our work, and let you know the difference your support is making. We use Twitter to promote sessions and share news. We do not actively seek people to follow us. We may review the data to show what if of particular interested to people. Please check the privacy policies of your social media choice.

Where we have a legal requirement

We will always share data where we have a legal requirement to do so. Examples of this include providing audit information to HMRC or if we are required to do so by law enforcement officials. If we were to merge with another charity or restructure, we may also share your personal details with other entities involved in the merger/restructure for that purpose.

How long we keep your data for

We want to make sure that we have up to date records for as long as you are actively supporting IDEAS, so for as long as you wish to engage with us, such as receive free communications on resources and events or to correspond with us. Once you are no longer require to be kept informed, we will keep your data for a set period of time, which we calculate depending on the information that you originally provided, and why you gave it to us. At the end of this time period, we will remove any personal details from our records of you, to ensure that any information is entirely anonymous.

In general, we will keep records of financial donors for at least seven years, some funders require us to keep some records for longer. If we have asked for sensitive personal data specific to an event, we will dispose of this data within a month after the event.

You can find more detailed information on how long we keep your data for, and other timescales that might apply below.

In most cases we will keep financial records for seven years if you have been a customer or supplier to IDEAS. This ensures that we keep the information we need for any financial audit.

The seven-year time period applies to most people, but you should be aware of the exceptions below:
If none of these circumstances apply to you then we will keep your data for four years. We want to make sure that we have appropriate records of any conversations or enquiries, in case you ask us to come back to them later.

What happens at the end of this time period?

At the end of this time period, we will remove your personal details from our records, to ensure that they are entirely anonymous. We keep records on how our supporters have interacted with us, but not of who those supporters are. For example, we want to be able to see how many supporters a particular event, told us that they took a campaign action or requested information from us. This helps us to understand how to use our resources in the future, so that we can raise funds in the most effective way.

Your right to be forgotten

You have a right to be forgotten, which means that you can ask us to delete your personal details before the end of the time limits we’ve listed in the table above. You should know that there are some circumstances where we may need to keep your details, for example, in order to comply with a legal obligation. If this situation occurs then we will explain and discuss these circumstances with you.

If you would like to discuss or exercise this right, please do get in touch with our Administrator.

  • Email
  • Telephone: 0131 225 5959
  • Post: IDEAS, 3 Alva Street, Edinburgh, EH2 4PH

How we keep your information secure

IDEAS takes the care of your data very seriously and we use a combination of organisational and technological security measures to protect your personal information to the highest possible standards. This includes the use of secure servers, firewalls, virus & malware protection, secure socket layer (SSL) encryption and secure file transfer protocol for our work with third parties.

Access to all IDEAS data is protected by complex passwords, including letters, numbers and characters: in some cases more than one method of authentication is used. We make sure that only staff who need to access your personal data can do so. Any member of our staff who has access to your personal data is given training to make sure that they understand the importance of keeping your information safe and secure at all times.

Whilst we take all of the measures that we’ve outlined above, unfortunately, the transmission of information using the internet is not completely secure. Although we will do our best to protect your personal data sent to us this way, we cannot guarantee the security of data transmitted to our site.
In the extremely unlikely event that we experience a data breach, our Data Protection Officer would immediately work with our Information Security Officer and the Information Commissioner’s Office if necessary.

Where we keep your information and when it might be transferred outside of Europe

IDEAS is aware that countries outside of the European Economic Area have differing standards of data privacy. Much of our data is kept within IDEAS’ systems here in Scotland, but there are a number of exceptions that you should be aware of:

Your data may also leave the European Economic Area if you travel with us, for example by signing up to one of our projects or representing IDEAS. This will only be information specifically related to your trip, for example to book your travel, or to arrange your visit to one of our partner organisations.

Some countries have been determined by the European Commission to have “adequate” standards of data protection compliance. Organisations we work with who process data in the USA have verified that their data processing standards meet the standards in the EU-US Privacy Shield, which sets out clear safeguards and transparency responsibilities for US-based organisations processing data from EU citizens, or that they otherwise have proper safeguards in place.

How to control the marketing that we send you

We want to make sure that we keep in touch with you when, and how you want. Every marketing communication that we send will outline how you can update us on your preferences, and all of our emails have an Unsubscribe link.

You are also always welcome to get in touch with our Administrator in any of the following ways:

  • Email
  • Telephone: 0131 225 5959
  • Post: IDEAS, 3 Alva Street, Edinburgh, EH2 4PH

We will ensure that our records are updated as soon as possible once we receive your instructions.

Administrative messages

There are some administrative messages that we legally must share with you, which are not affected by how you have told us you would like us to contact you for marketing materials.

Examples of these are:

  • Confirming the details of any direct debit that you set up with us, including your bank account and payment details;

If we send you one of these messages, we will only use it to share the detail that we have to legally provide you with and will not use it for marketing.

Information on profiling

We undertake a number of different activities that can be known as “profiling”. We use these to help us to understand how best to manage our resources, so that we can understand your interests or your capacity to give, and give you a truly tailored experience.

The most common form of profiling that we undertake is to segment and analyse our supporter data. In practice this means sorting our data to build reports to understand the characteristics of our supporters, and how they choose to interact with us. We also use segmentation to identify particular audiences for some of our communications: for example, to send information on running events to supporters who have previously enquired about or participated in these in the past. One part of segmentation is propensity modelling, where we look at different aspects of the data that we hold to determine how likely a supporter is to respond to communications that we send. Based on what you’ve done before, we will tailor any ask we make to you.

You are also always welcome to get in touch with our Administrator in any of the following ways:

  • Email
  • Telephone: 0131 225 5959
  • Post: IDEAS, 3 Alva Street, Edinburgh, EH2 4PH

We will ensure that our records are updated as soon as possible once we receive your instructions.

How we use your information if you apply for a role at IDEAS

We collect information from anyone who applies to work or volunteer at IDEAS. We only use this information for our recruitment or employment purposes and it is entirely separate to our supporter data. As an applicant or employee, you are entitled to the same rights as our supporters, and these are outlined in our Rights section.


When you apply to work or volunteer at IDEAS we will ask for information about you and your work history to understand how your skills and past experience matches the requirements of a role.
There are two circumstances where we might disclose details outside of IDEAS as we process your application:

  1. We will ask for details of referees, and we will contact them to verify the information that you have given us – when we contact them, we will share your name and the role that you have applied for. We contact referees on the basis of our legitimate interests as an organisation to understand applicants and their suitability for the roles they apply for.
  2. Some roles also require us to obtain a disclosure from the Disclosure & Barring Service. This will be clearly marked in the advertisement, and so we will not give you further notice before we apply for this disclosure.

All candidates applying to work or to volunteer at IDEAS will automatically have their application details saved and retained on our secure vacancy portal for 6 months.

If you would like for us to remove your personal details from our system at any time before that, please write to to let us know.

You should know that we always keep anonymous statistical information about applicants to develop our recruitment processes and for equality and diversity monitoring, but this does not contain any information that could be used to identify individual job applicants.


If you begin employment with us, we will put together a staff file, which will contain your information. We keep this information in this file secure and will only use it for matters that apply directly to your employment with IDEAS.

We provide all of our employees with an internal privacy notice, which explains exactly how we process their data as an employee, including how we use their personal data in case of emergency, and how long we retain all of this information for.

Changes to this Policy

From time to time, we may make changes to this Policy and you will always be able to see here when it was last updated. If we make significant changes, such as in how or why we process your personal data, we will also publicise these changes on our website or may contact you directly with more information.

Please do revisit this policy each time you consider giving your personal data to IDEAS.