Privacy Policy

At all times we aim to respect any personal information you share with us, or that we receive from other organisations, and keep it safe. This Privacy Notice (Notice) explains how we hold and use personal information and your rights and options in relation to it.

If you have any questions about this Notice please contact us using the address provided below. This Notice contains important information about your personal rights to privacy. Please read it carefully to understand how and why we use your personal information.

Who we are

HeadFIT is a legacy project operated by The Armed Forces Covenant Fund Trust Limited, a limited company registered in England and Wales (registered company no: 11185188) acting as a trustee of The Armed Forces Covenant Fund, a registered charity (registered charity no: 1177627) and Non-Departmental Public Body (NDPB). Its registered office address is 3rd Floor, 3 Wellington Place, Leeds LS1 4AP. The Trust is the controller of the personal information that is collected through the site or otherwise as set out below.

How we collect information about you:

When you give it to us directly

For example, personal information that you give us by filling in forms on our websites or offline.

When you visit our websites

When you visit our websites, we automatically collect the following personal information:
(a) Technical information, including the internet protocol (IP) address used to connect your computer to the internet, browser type and version, time zone setting, browser plug-in types and versions and operating systems and platforms.

(b) Information about your visit to the website, including the uniform resource locator (URL) clickstream to, through and from the site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, referral sources, page interaction information (such as scrolling and clicks) and methods used to browse away from the page.

We also collect and use your personal information by using cookies on our websites – please see our Cookie Notice for more information

We may combine your personal information from one or more of these sources for the purposes set out in this Notice.

What personal information do you process?

We may collect, store and use the following kinds of personal information:

• Name and contact details, including postal address, telephone number, email address and, where applicable, social media identity;
• Information about your computer / mobile device and your visits to and use of our websites, including for example your IP address;
• Any other information shared with us as per the section “How we collect information about you” above.

How and why we use your personal information:

Your personal information, however provided to us, may be used for the purposes specified in this Notice, including:

• To communicate with you as set out in this Notice below (including the sections “Campaign communications” and “Administrative communications” below);
• To administer our websites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• To improve your interactions with our websites, for example by ensuring that content is presented in the most relevant and effective manner for you and for your computer;
• To report on the results and impact of our work;
• As part of our efforts to keep our websites and our internal operations safe and secure;
• To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
• To deal with enquiries and/or complaints made by or about you;
• To satisfy legal obligations which are binding on us, for example arising from contracts entered into between you and us or in relation to regulatory, government and/or law enforcement bodies with whom we may work;
• Prevention of fraud, misuse of services or money laundering; and/or
• Enforcement of legal claims

Campaign Communications

We may use your contact details to provide you with information about our work which we consider may be of interest to you.

We will obtain your consent to contact you via email and text message for these purposes.

See the section “Our legal basis for processing your information” for more information about our use of legitimate interests.

We will not send any marketing materials unless you opt to receive our mailings.

Will we share your personal information?

Unless stated in this Notice, we do not share (unless we have your consent to do so), sell or rent your personal information to third parties for their own marketing purposes.

Security of and access to your personal information

We take proportionate and appropriate measures to safeguard your personal information and to prevent the loss, destructions, misuse or alteration of it.
For example, your personal information is only accessible by appropriately trained staff and contractors, and stored on secure servers. In general, the personal information that we collect from you will be stored at a destination within the UK. However, we use agencies and/or suppliers to process personal information on our behalf. Your personal information may therefore be transferred or stored outside, and/ or otherwise processed by contractors operating, outside, the UK or EEA who work for us or for one of our suppliers.

In these cases we will take all steps reasonably necessary to ensure that the recipient implements appropriate safeguards to protect your personal information (for example, by entering into a contract approved by the European Commission or, if the company is based in the US, checking that it is certified under the EU-US Privacy Shield).
The transmission of information via the internet is never completely secure, and although we do our best to protect it, we cannot guarantee the security of personal information transmitted via the internet.

Our legal basis for processing your personal information

The Armed Forces Covenant Fund Trust (The Trust) must rely on a lawful basis to collect and use your personal information. Data privacy law specifies six such grounds, and we consider the following to be relevant to our use of personal information:

• Where you have provided your consent -For example, to send you direct marketing by email or SMS.
• Where it is necessary so that we can comply with a legal obligation to which we are subject – For example where we are obliged to share your personal information with HMRC to process a Gift Aid declaration
• Where it is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract
  For example if you are assisting with or otherwise involved in one of our Projects under a contract.
• Where there is a legitimate interest in us doing so.

Legitimate Interests

Personal information may be collected and used if it is reasonably necessary to achieve a legitimate interest (as long as that processing is fair, balanced and does not unduly impact your rights).

Data may be gathered automatically when you access out website. Please read the section above on ‘when you visit our website’

We will not directly gather or process your personal data unless you specifically choose to give it to us; for example, through a marketing newsletter or site survey. If you choose to share your data with us. We will only use any data for the purpose for which it is collected.

How long do we keep your personal information

Whatever your relationship with us, we will only store your personal information for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements.

Usually this will be for a specified amount of time in accordance with our internal retention policy. That length of time may vary depending on the reasons for which we are processing the personal information and whether we have a legal (for example under financial regulations) or contractual obligation to keep it for a certain amount of time.

Subject to the above, generally, we typically retain personal information relating to donors and people who have taken campaign actions or signed up to our mailing lists for 6 years after their last donation or interaction with us and we will then to consider whether to retain for further six years.

Once the retention period has expired, personal information will be confidentially disposed of or permanently deleted.

If you object to further contact from us, we will keep some basic information about you on a “suppression list” in order to avoid sending you unwanted communications in the future.

Yours Rights

You have a number of legal rights in relation to our use of your personal information. These rights include:

• Right to object – you have the right to object to processing where we are (i) relying on the legitimate interests as a legal basis, (ii) using your personal information for direct marketing or (iii) using your personal information for statistical purposes.
• Right to withdraw consent – where we are using your personal information on the basis of your consent, you can withdraw that consent at any time.
• Right of access – you can ask for confirmation of what personal information we hold about you and request a copy of that personal information. Provided we have successfully confirmed your identity (we need to be sure we are only releasing your personal information to you), we will provide you with your personal information subject to any exceptions that apply.

This is sometimes called a “subject access request” and can be done by writing to us at the email or postal address in the “Contact us” section below.

• Right of erasure – in some cases, you can ask us to delete your personal information from our records (or to anonymise it). We may retain some limited personal information in order to ensure you are not contacted by us in the future.
• Right of rectification – if you believe our records concerning you are inaccurate, you have the right to ask us to update them. You can ask us to check the personal information that we hold about you if you are unsure.
• Right to restrict processing – in certain situations you have the right to ask us to restrict the processing of your personal information if there is disagreement about its accuracy or legitimate usage.
• Right to data portability – where we are processing your personal information using automated means on the basis of consent, or to perform a contract, you may ask us to transfer it to another service provider in a usable format.

To exercise any of these rights, please send us a description of the personal information in question, along with an explanation of the rights you wish to exercise, using the address provided below. In some cases we may ask for proof of identification or further information before we can process your request.

Please note that these rights only apply in limited circumstances. For more information, we suggest that you consult guidance from the Information Commissioner’s Office (ICO) – https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ – or please contact us using the details in the “Contact us” section below if you are unsure.

Third Party Websites

Due to the collaborative nature of our work, our websites often contain links to other sites, including those of our delivery partners. For example, signposting those seeking mental health support to organisations such as Samaritans and Mind. This Notice does not cover those external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website or if you are involved in one of our Projects, please visit the website of those partners who are listed on the campaign website as being involved so you can understand how they collect, use and share your personal information.

Changes to this Notice

We keep this Notice under regular review and may update it from time to time, so we recommend that you check it regularly. Where necessary we may also notify you of changes to this Notice by email. This Notice was last updated on 11th July 2024.

Contact Us (including Complaints)

If you have any questions or concerns (including complaints) about this Notice or about the way in which your personal information is being used please let us know by contacting us at the following address:

The Armed Forces Covenant Fund Trust,

3rd Floor, 3 Wellington Place LS1 4AP

In each instance, please ask for or address your communication to Data Protection Lead

You are entitled to make a complaint at any time to the Information Commissioner’s Office, the UK regulatory authority for data privacy (https://ico.org.uk/global/contact-us/). We are always grateful for the opportunity to resolve your concerns before you approach the ICO, so appreciate if you would contact us in the first instance.