Home Privacy Policy
Will Fortescue
landscape, africa

Privacy Policy

(Last updated August 2022)

This update is primarily a clean-up of our previous version of the privacy policy. However, we have made some sections more explicit and made some changes to clarify our use of data and your rights. This includes:


  • We promise not to sell or swap any details that our supporters provide to us with any other organisation for their own purposes. We may share your details with some of our suppliers when required (see section 6.3), for example with mail houses to send you our Wildlife Matters supporter magazine, or with social media platforms to better tailor our adverts to our audience.
  • In order to ensure we are providing our supporters with the most relevant and interesting content, we or a third party (see section 6.3) may analyse our database and also use publicly available information to find more about you, which we would then use to tailor appropriate communications based on the results of our research (see section 4.3).
  • We may contact you by mail or phone under legitimate interest (see section 4.2), unless you tell us otherwise by contacting us at dswf@davidshepherd.org.  If  you are registered with the Telephone Preference Scheme, we will only contact you by phone for marketing purposes with your explicit consent.

1. Overview

The David Shepherd Wildlife Foundation (DSWF) relies upon the generosity and support of its individual and corporate donors in order to achieve its mission and goals. As such, it is committed to respecting and protecting your privacy.

This privacy policy explains where we collect your personal information, how we use it and how we keep it safe and secure. As a valued supporter, we will be transparent about how we use your information, and will only use it in ways you would reasonably expect us to. We take data protection very seriously and make it a priority to ensure that we have the right level of controls, interventions and processes in place to keep your personal information safe at all times. Our data processing is in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Whether you are an artist, donor, supporter, corporate partner, ambassador or school teacher, we want to ensure you receive the right communications for you.

We may update this notice from time to time. If we make any significant changes, we will attempt to communicate these to you through the most appropriate channels or highlight the changes on this page of our website.

This policy is designed to answer any questions you have in relation to privacy of your personal data, however if you have a query or wish to request a copy of this policy, please contact us here.

For more details on how and why we process personal data, as well as how we store and protect it, or on how to update your details, please read the full policy below, along with our Terms & Conditions.

2. Collection of Personal Data

2.1 Below are examples of circumstances, though not an exhaustive list, of ways in which we may collect, store and use your personal data in accordance with the General Data Protection Regulation (GDPR) and Data Protection Act (UK) 2018

i. Information that you provide using the services with our website or that is generated in the course of the use of those services (including the timing, frequency and pattern of service use).

ii. Information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters.

iii. Information relating to any donations you make such as one-off or regular giving donations (including Wildlife Shepherds), legacy pledges, adoptions and sponsorships, purchases you make from our website shop, fundraising donations (such as challenge or community events), merchandise or event tickets, competition entries or any other transactions that you enter into through our website.

iv. Any personal data that you choose to send to us by letter, email, social media, in person or on a telephone call.

v. Information or imagery provided to us via a survey or because you have taken part in an online or in-person event.

vi. Information obtained because you are a staff member, volunteer, partner or when you are employed as a contractor for DSWF.

2.2 In very limited circumstances, for example when you apply for a job with us, we may collect special category data about you. This is sensitive personal data relating to race or ethnicity or data concerning health and disabilities for example. This information will only be used for equal opportunities monitoring and no other purpose. We may also collect information about criminal convictions if it is appropriate to the nature of the role and where we are legally able to do so.

2.3 We will only ask for and use your personal data for the purpose stated at the point at which it is collected. If we believe your data is no longer needed for this purpose, we will not process your data further. ‘Processing’ your data includes various operations that may be carried out on your data, including collecting, sharing, organising, disclosing, storing and deleting it.

2.4 When administering legacies, we generally rely upon information provided to us by Executors/Administrators appointed by the Will and, where appropriate we may use the government’s Probate Search facility in order to obtain a copy of the Will.  We may also be informed by third parties of the death of supporters particularly if we are named as a beneficiary in a Will.

2.5 There may be instances where we will be provided with your information from other sources which do not directly come from interactions you have with us. These may include:

i. Through a third party: Occasionally your information might be given to us indirectly through a third party source. For example, from campaigning organisations that we work together with on policy change, or from fundraising platforms that you register with such as JustGiving or Enthuse. These third parties will only provide information to us if they have your consent to do so.

ii. When you visit our website or social media: We gather information using the interactions from our website and social media platforms, through the devices you use, in order to create a better experience for you, tailored to your needs, using ‘cookies’. See section 13 for more information.

iii. When your information is available publicly: In order to create a better experience for you and ensure that we communicate with you based on interests and information available, we may gather publicly available information about you from trusted sources. This may include social media, general media (newspapers/articles) or Companies House for example. We may look for interests, demographics and past activities such as donations, fundraising or campaigning (including if you are interested in giving major gifts or supporting us through corporate partnerships for example). We do this in order to be more cost-effective and make sure we are communicating with you on the most relevant topics that you are interested in.

2.6 Find out how we use this information under section 4.

3. Types of data

3.1 Supporters: For the purposes of this policy, ‘personal data’ is defined as information relating to you as a living, identifiable individual. This may include, but not be limited to one or more identifiable factors from which you personally could directly or indirectly be identified e.g. First and surnames, date of birth, gender, email address, postal address, telephone number, contact details and preferences, website pages visited, IP address or other website information, employment history and qualifications, credit / debit card or bank account details and UK tax paper information (in order to claim Gift Aid).

3.2 Schools and children’s data: The information we might collect depends on the level of engagement between DSWF, the school and the children involved. It can cover a variety of activities in regards to sharing information (such as in the running of events, competitions or working together on educational resources), and data may include (but not limited to) contact details and the school’s name and address or on occasion the names or images of students during involved in those activities. Although this information will not be shared, we may contact the school, individual or consenting adult, or in the case of competitions the entrant, to ask if we can share details or photos of an event as a case study on our website, in print material or newsletters. In that event we would only proceed if a signed model release form is in place.

3.3 Credit and debit card payment information: If you use your credit or debit card to buy something from our online shop, make a donation or fundraise for us, register for an event or enter our competitions (such as Wildlife Artist of the Year) we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard (PCI DSS). To find out more about PCI DSS standards, visit their website at www.pcisecuritystandards.org. Following the completion of your transaction, card details and validation codes are securely destroyed immediately after the payment or donation has been processed.

4. Use of Personal Data

4.1 We may use your personal information in the following ways:

i. To provide support in regards to our services, products or other information requested by you, or in relation to correspondence entered into with us. For example, we use your personal information to look into and respond to enquiries, complaints, legal claims, requests and other issues.

ii. To process shop orders and fulfil them, donations (including claiming Gift Aid), as well as to verify any transactions entered into. For example, to send statements, invoices and payment reminders to you, and collect payments from you.

iii. To administer events, awards, online orders, donations, fundraising or any other support required or where required or authorised by law to do so. This includes informing you about certain changes where we have a legal obligation such as a duty of care or safeguarding. This ensures that we are compliant with our legal obligations.

iv. To keep a record of your relationship with us and for administrative purposes (such as our accounting, auditing and record-keeping). We also use your personal information to advise you on updates and changes to our services or policies that you should be aware of, or that individually affect you.

v. If you enter personal information into a form on our website (such as a campaign action, donation or purchase) and start but don’t complete it, we may send you an email to check and see if there is any help we can give to resolve any problems you encountered.

vi. To update you on our work at DSWF and the difference your support is making to protect endangered species and their habitats around the world.

vii. To ensure we know how you prefer to be contacted.

viii. We may provide third parties with statistical data about our supporters, customers and contacts for research and marketing purposes, but those third parties will not be able to identify any individual user from that data.

ix. For marketing, campaigning or fundraising e.g. raising awareness, inviting you to events, sharing posts, signing campaign actions, helping us raise money, donating to us by mail, email, phone or social media to send you information about our latest news, campaigns and fundraising activities.

x. To ensure adverts are relevant and targeted to you based on IP address and cookie data that will map previous website interactions and allow advertising content to be tailored accordingly.

xi. We also use personal information to administer employmentvolunteering and internship applications.

4.2 The following is the legal basis for processing your personal information:

i. When sending marketing information via email to you as an individual, we will only do so with your consent. This may include information about our work, including campaigns, events and fundraising activities.

ii. We may rely on legitimate interest to use your personal information for data analytics and conducting research to better understand our supporter base, including analysing or profiling supporters to be more efficient in our marketing and fundraising (see section 4.3 for more information). We may also use your information to improve our services and communications, including dealing with enquiries, complaints and claims. We will make it easy for you to opt-out of postal or telephone communications and any other channels. See section 8 on how to change your communication preferences.

iii. We rely on legitimate interest to contact you via post or telephone about our work and how you can further support us. We may rely on legitimate interest to send information or contacting you about campaigns, updates and appeals based on what we consider may be relevant and of interest to you based on your previous interactions with DSWF.

iv. We may also rely on legitimate interest for business/company/corporate-related communications, which pertain to any activity which is mutually beneficial for ourselves as a charity and to businesses/companies as part of their charitable giving or social responsibility. You have the right to object to your data being processed if you wish by contacting using the details in section 15.

v. To find a more detailed explanation of ‘legitimate business interests’ read the guidance on the use of Legitimate Interests under the General Data Protection Regulation (GDPR).

4.3 Analysis, research and building supporter profiles:

i. To ensure we can provide our supporters with the most relevant and personalised experience, we may create profiles or use profiling techniques, using personal information we collect in conjunction with publicly available information to better understand our audiences.

ii. We or a third party (see section 6.3) may conduct research and/or analyse demographic, socio-economic, geographic and other information you have provided about your interests and preferences along with any publicly available information about you in order to build a suitable profile for tailoring communications appropriately for you. We may also use this information to help us determine other things you might be interested in getting involved in, or what capacity you might have to donate or fundraise for us, particularly if you have previously made a substantial donation or are highly engaged with the Foundation. If you do not want us to analyse your information or combine it with publicly available information in order to profile you, please contact us using the details in section 15.

4.4 Your privacy settings can be used to limit the publication of your data on our website and can be adjusted using privacy controls on your internet browser.

4.5 All of our financial transactions are handled through our payment services providers;

  • Stripe for credit and debit card payments
  • PayPal for credit and debit card payments
  • GoCardless for direct debit payments
  • CAF for direct debit payments

You can review the provider’s privacy policy on their respective websites. We will share data with our payment services providers only to the extent necessary for the purposes of processing payments you make via our website, refunding such payments and dealing with complaints and queries relating to such payments and refunds.

5. Security of Personal Data

5.1 We will take reasonable and robust technical and organisational precautions to prevent the loss, misuse or alteration of your personal data including appropriate staff training where relevant.

5.2 We have completed a risk assessment which is frequently reviewed to assess how personal data is stored and to mitigate the chances of any breach.

5.3 We will store the master copy of all the personal data you provide at the Blackbaud Data Centre, and their privacy policy can be found here – https://www.blackbaud.co.uk/company/privacy-policy/europe.  Working data maybe be held in the Microsoft 365 Cloud in their UK datacentre and their security policies can be found here: https://servicetrust.microsoft.com/. Backups of data are held in a secure EU datacentre.  All data is securely encrypted both in transit and at rest and protected with strong passwords and multi-factor authentication.

6. Access to your Personal Information

6.1 We may disclose your personal information to any of our authorised employees, volunteers, or subcontractors insofar as reasonably necessary for the purposes set out in this policy.

6.2 If you have authorised a third party to submit a data request on your behalf, we will ask them to prove they have your permission to request such data.

6.3 We take the protection of your personal information seriously, so we only enter into contracts with service providers that require them to comply with UK data protection laws and maintain proper controls to protect the security of your information. Sharing in this way does not permit the third party to use your personal information for their own marketing purposes. We may disclose your personal data:

i. To tailor marketing communications to you and give you the best supporter experience possible, for example with mail houses to send you our Wildlife Matters supporter magazine, or any other relevant communications.

ii. To the extent that we are required to do so by law.

iii. In connection with any ongoing or prospective legal proceedings.

iv. In order to establish, exercise or defend our legal rights, including providing information to others for the purposes of fraud prevention and reducing credit risk.

7. Retaining Personal Data

7.1 This section sets out our data retention policies and procedure, which are designed to ensure that we comply with our legal obligations in relation to the retention and deletion of personal data as specified within the General Data Protection Regulation (GDPR).

7.2 Personal data that we process for any purpose shall not be kept longer than is necessary for that purpose.

7.3 Notwithstanding the other provisions of this section, we will retain documents (including electronic documents) containing personal data:

i. To the extent that we are required to do so by law, for example retaining a record of your donations for 7 years if you have opted into Gift Aid as part of HMRC regulations.

ii. If we believe that the documents may be relevant to any ongoing or prospective legal proceedings.

iii. In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).

8. Updating Information

8.1 You have the right to request a copy of any personal data DSWF hold about you to check whether it is accurate. Please contact us using the details in section 15 if the personal data that we hold about you needs to be corrected or updated, or you wish to change your marketing preferences at any time.

8.2 We will only email or text you if we believe you have consented for us to do so. In every communication we send there will be instructions on how to unsubscribe. During any phone conversation you have with us please feel free to let us know how you prefer to be contacted. You can ask us to stop sending you marketing messages at any time by contacting us using the details in section 15 of this policy.

8.3 We may sometimes inadvertently contact individuals who are not in a position to make a decision for themselves to donate or give us their personal information. Where appropriate we will make a note our systems to ensure we do not make further donation, fundraising or purchasing (or any other transactional) requests of such individuals.

8.4 We endeavour to amend or update your contact details and communication preferences as soon as possible after you make your request, however you should expect the approximate timeframes for the changes to be made:

  • Email and phone – Up to 14 working days from receipt of your request.
  • Post – Up to 28 days from receipt of an opt-out or do not post request. This is due to the production times of postal communications, though we would expect this to be shorter.

9. Amendments

9.1 To remain in accordance with law, we regularly review our data protection policies, procedures and staff guidance. As such, this policy is updated from time to time and we will attempt to communicate these to you through the most appropriate channels or highlight the changes on this page of our website.

9.2 You should check this page occasionally to ensure you are aware of the most recent version of this policy.

10. Third Party Websites

10.1 Our website includes hyperlinks to, and details of, third party websites.

10.2 We have no control over and are not responsible for the privacy policies and practices of third parties. We do our best to ensure that these organisation’s sites are respectable and reputable, but we are not responsible for their privacy policies. These websites may collect information that can personally identify you. Please check their privacy notices to learn more.

11. Your Rights

11.1 You have the right of access to any personal data we hold about you (commonly known as a ‘data subject access request’). You may request us to provide such information to you however any such request will be subject to the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).

11.2 We will respond to your request within 28 days.

11.3 You have the right to request erasure of your personal data in certain circumstances however please note that there may be circumstances where you ask us to erase your personal data, but we are legally required or entitled to retain it.

11.4 If you have given consent for DSWF to collect and process your personal data, you have the right to change your mind and withdraw consent at any time.

12. Complaints Reporting Procedure

12.1 If you feel that your data has been handled incorrectly, or you are unhappy with the way we have dealt with your query regarding the way we use your personal data, you have the right to complain.

12.2 If you become aware of a data breach in relation to personal data DSWF holds about you, or anyone else, please contact us as soon as possible. We may ask you to supply appropriate evidence of your identity to protect any further data breach.

12.3 Complaints or notification of a breach will be addressed with utmost importance and should be made in writing by email or letter to the contact details in section 15. You may also choose to phone as well if the situation is urgent.

12.4 If you wish to report a data protection breach outside of the UK, you may need to contact your local supervisory authority to do so.

12.5 If you are unhappy or unsatisfied with our response to a complaint that you have made, you can contact the ICO at ico.org.uk on how we access or use your personal data.

13. Cookies

13.1 What are Cookies?

Cookies are small pieces of data, stored in text files, that are stored on your computer or other device when a website is loaded within your chosen browser. They are widely used to ‘remember’ you and your preferences, either for a single visit (through a ’session cookie’) or for multiple repeat visits (using a ‘persistent cookie’). They ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in. Cookies may be set by the site that you are visiting (known as ‘first party cookies’), or by other websites who serve up content on that site (‘third party cookies’).

13.2 What is Cookie Control?

You may notice that our website utilises a third party Cookie preference tool called ‘Cookie Control’. Cookie Control is a mechanism for controlling user consent and the use of cookies on this website application.

When (as the user) you consent to one of the optional cookie categories, Cookie Control will place a cookie to remember that decision. The name of the cookie will be the name of the category specified within the Cookie Control widget itself. That cookie will be removed when you (the user) revokes consent to that category.

13.3 What are ‘Strictly Necessary Cookies’?

These are the cookies that are essential for this website to perform its basic functions. These include those required to allow registered users to authenticate and perform account related functions, as well as to save the contents of virtual ‘carts’ on sites that have an e-commerce functionality.

Strictly Necessary Cookies are highlighted with a double asterisk (**) in the tables below:

  • Cookies set by WordPress
Cookie Name Description Duration
wordpress_<hash> ** On login, wordpress uses the wordpress_[hash] cookie to store your authentication details. Its use is limited to the admin console area, /wp-admin/ 2 years
wordpress_logged_in_<hash>  ** After login, wordpress sets the wordpress_logged_in_<hash> cookie, which indicates when you’re logged in, and who you are, for most interface use. Session
wp-settings-<time>-<UID>  ** WordPress also sets a few wp-settings-<time>-<UID> cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. Session
WordPress_google_apps_login ** This cookie is set by the plugin ‘Google Apps Login for WordPress’ and may be present for users who login to WordPress via their Google or GSuite account. Session
wordpress_test_cookie Used to check whether your web browser is set to allow, or reject cookies. Session
  • Cookies set by Google Analytics
Cookie Name Description Duration
_ga Used to distinguish users. 2 years
_gid Used to distinguish users. 24 hours
_gat Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>. 1 minute
AMP_TOKEN Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service. 30 seconds to 1 year
_gac_<property-id> Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out. Learn more. 90 days
_gaexp Optimize 360 – Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in. 90 days
  • Cookies set by CloudFlare
Cookie Name Description Duration
__cfduid ** The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. 1 years
  • Miscellaneous Cookies
Cookie Name Description Duration
complianceCookie Used to distinguish your acknowledgement of our website’s Cookie Banner and subsequent policy (this document). 14 days

13.4 How to change your Cookie preferences

The most popular web browsers typically provide additional tools to users for controlling or restricting cookies on their device.  To find out more about cookies, including how to see what cookies have been set, you can visit www.aboutcookies.org.

Find out how to manage cookies on popular browsers:

To find information relating to other browsers, visit the browser developer’s website.

To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

14. Data Protection Registration

14.1 We are registered as a data controller with the UK Information Commissioner’s Office (ICO).

14.2 Our data protection registration numbers are:

  • Z2788078 – DSWF Trading Company Ltd.
  • Z3228878 – David Shepherd Wildlife Foundation

14.3 Our trading company is wholly owned and controlled by our charity foundation. Any information we collect may be used by both entities. Our trading company exists so that we can support our charitable activities including running our website shop and allowing others to use our brand in support of our charity.

15. Our Details

15.1 This website is owned and operated by David Shepherd Wildlife Foundation.

15.2 We are registered with the Charities Commission under registration number 1106893, and our registered office is at One Bartholomew Close, London, EC1A 7BL.

15.3 Our principal place of business is at Saba House, 7 Kings Road, Shalford, Guildford, Surrey GU4 8JU. Please address all communications by post to this address.

15.4 For general enquiries, or if you want to change or find out more on how we use, collect and store your data, or update the data we have on your systems, please contact us here.

Drag Read