Privacy Policy

Hestia Privacy Statement

At Hestia, we value the support and engagement people have with our charity. From our service users and their families, Trustees, staff, students, volunteers, donors or campaigners – each person is a valued part of our organisation and the support we provide.

Our commitment to your data

We primarily collect data in relation to the contract or relationship we have with individual service users, particularly when it’s necessary to support their journey through our services. In the work that we do with our service users and in the engagement, we have with supporters and funders, Hestia gathers personal data. We collect data to enhance our service quality; help us to tailor our services for training and resource allocation; to understand our supporters better and also help us to fundraise more efficiently.

We want every interaction people to have with Hestia to be positive. In all areas of our work, we are committed to protecting your personal information, being open about what information we hold, ensuring that we only gather information as necessary and retaining it only for as long as we need to.

This Statement outlines how we go about this and ensures we comply with the requirements and stipulation of the GDPR which is effective from 25th May 2018.

The Statement applies to how Hestia – and any of its subsidiaries – collects and uses personal information you provide to us and that we collect, whether online, via phone, email, in letters or in any other correspondence or from third parties.

We ensure that we use your information in accordance with all applicable laws concerning the protection of personal information.

This Statement explains:

What information Hestia may collect about you
How we will use that information
How we process that information
How we use your information in marketing and fundraising
Whether we disclose your details to anyone else
Your choices regarding the information you provide to us
How you can ask to change or delete personal data when it is no longer needed for the reason it was collected
How we use cookies to provide services to you or to improve your use of our websites.

If you have any queries about this privacy statement and / or our cookies policy please contact the Data Protection Officer at Hestia, Beaufort House, 15 St. Botolph Street, London, EC3A 7DT or email: [email protected]

Who we are

Hestia is a London based charity and our ambition is make interventions which will empower people in crisis to recover, move beyond their crisis and change their lives for the better.

Hestia works with adults and children in crisis. We do not limit our work by client group or service model, unlike other charities which do similar work and we have developed competencies across a range of interventions. We take a psychologically informed approach to our work. However, people come to us with increasingly complex needs and there are fewer statutory or community resources to complement our work than before.

We work across London and its borders (Kent and Berkshire). The majority of our work is commissioned from Local Authorities with a smaller number of contracts from health commissioners, the Home Office and the Ministry of Justice.

Charity legal details

Hestia is a charity registered with the Charities Commission under charity number 294555, and a company limited by guarantee and registered in England and Wales under company number 2020165.

1 Information we collect about you

Hestia collects information in the following ways:

Information from third parties: We receive information about you from third parties and from the public domain. This may include information such as your name, postal address, email address, phone number, your geographic location, credit/debit card details, national insurance details and whether you are a tax payer so that we can claim Gift Aid. We, like all charities and companies, are able to confirm what browser you are using, IP address and computer operating systems that are being used and this information may be used to improve the services we offer. We do not buy, sell or swap data with third parties or other charities.

Information you give us: - when you sign up for a service, engage with our social media or message boards to make a donation to us, register for an event or otherwise provide us with personal information. When you register, we’ll ask for personal information, like your name, email address and telephone number to store with your account.

Information we get from your use of our website and digital services: We collect information about the services you use and how you use them, like when you watch a video on YouTube, visit our websites or view and interact with our ads and content. This helps us to understand your interests in our cause and information and to tailor our resources to be more focused on what supporters or service users need.

2 Sensitive personal data

Data Protection law and the GDPR recognises that certain categories of personal information are more sensitive. This is known as sensitive personal data and covers health information, race, religious beliefs and political opinions.

Our main use for sensitive personal data will be to provide the services that we are commissioned to deliver and we will always make it clear to our service users what sensitive personal data we are collecting, why we are collecting this data and what purposes we may use it for.

We may also collect sensitive personal data if you make the information public or if you tell us about your health and care experiences relating to the support we provide you (for example, if you agree to act as a case study for us or volunteer to share your story); however, again, we will always make it clear to you when we collect this information from you what the sensitive personal data we are collecting is, and what purposes we may use it for.

We will not collect sensitive personal data about non- service users unless there is a clear reason for doing so. For example, to enable everyone to participate in a fundraising event or initiative, we may need this information to ensure that we provide appropriate facilities or support to enable your participation.

3 Website users

When you use our website, we collect data about the services and features you use and how you use them, including how you interact with its content and any advertisements.

When you provide your personal details when filling out a registration, making a donation, communicating with us or signing up for or receiving a service on our website, we will collect this data and store it in your record so as to fulfil your request, answer your enquiries and keep a record of our correspondence with you.

Our website uses cookies. Cookies are files which are sent to the computer or device through which you access this website, and they collect small amounts of data. They are used to store information about such computer or device and your preferences so that our website doesn't have to keep asking you for them. We use cookies on Hestia’s website as follows:

The form used for the Hestia Supporter Newsletter will collect data – such as your name, email address and postcode – that will allow Hestia to personalise all correspondence with you.
To allow us to collect statistical and performance data about how the website is used. We may collect geolocation data about your geographic location, the mobile device that is used and to confirm what browser you are using, and computer operating systems that are being used. This data doesn’t contain any identifiable information about people. We use this data to improve the functionality of our website and ensure you have a good experience when browsing it.
Facebook, Twitter and LinkedIn pixel cookies are used to collect data about which sections of the website are accessed by people who are registered users of these social media services. These service providers collect this data, which then allows Hestia to reach new audiences. Hestia only has access to aggregated data from these companies, not identifiable personal information.
When a supporter creates a Facebook Donate page, we will store the data about the donation and who sent it, but will not contact that donor with any marketing other than as otherwise expressly permitted hereunder.

For further details about this, see our Cookie Policy.

When you use social media

When you view information published by Hestia using social media hosted across various platforms, we will collect and receive information that provides aggregate data relating to items such as video views, demographics and location data. Sources of this data may include:

YouTube
Instagram
Facebook
Twitter
LinkedIn

Identifiable personal information about people who access these platforms is collected in order to allow Hestia to reach and market new audiences.

4 Use of cookies

WHAT IS A COOKIE?

Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.

You can find more information about cookies at:

www.allaboutcookies.org
www.youronlinechoices.eu
For a video about cookies visit a look at cookies

Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests. The cookies used on this website have been categorised based on the categories found in the ICC UK Cookie guide.

Category 1: strictly necessary cookies

These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.

Category 2: performance cookies

These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.

By using our website, you agree that we can place these type of cookies on your device.

Category 3: functionality cookies

These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.

By using our website, you agree that we can place these type of cookies on your device.

A list of cookies used on this website is set out below.

Non-exhaustive list of cookies

Google Analytics: This allows us to collect anonymous information about how visitors use the website. For example, information on which pages on the site have been visited, and the length of time spent on each page. This information enables us to improve the website for future visitors.

Session: Session cookies enable us to keep track of your movement from page to page so you do not get asked for the same information you have already given to the site. This allows you to proceed through many pages of a site quickly and easily without having to authenticate or reprocess each new area you visit.

5 Transfer of data internationally

We may transfer data that we collect from you outside of the European Economic Area (EEA) for processing and storing. When transferring data outside of the EEA, we will only do so where we are sure that there is an adequate level of protection in place for personal data. By submitting your personal data, you agree to this transfer, storing or processing.

Data that is provided to us is stored on our secure servers. Details relating to any transactions entered into or on our site will be encrypted.

6 Tracking

We use multiple first and third party technologies such as pixel tags and web beacons to track and improve the user experience on our sites, quality of service and to monitor the effectiveness of campaigns and digital marketing activity.

We may use them to:

See what website content is popular and how people are using the site as they allow us to track users movement through our websites. This type of information is amalgamated so that we can build up a picture of how the site is performing.
Make sure we offer you a consistent service. For example, if we are testing new website content or we want to run a survey, we use tracking to remember what content you have seen or if you have already been asked to join the survey. In addition, when we email you, we may place a tag (also known as ‘tracking pixel’) on the email we send out. These let us monitor performance of our emails marketing activity

7 Use of Credit and Debit card information

Financial transactions relating to our website and services are handled by our payment services providers, Stripe, GoCardless and Paypal. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at :

- Stripe (URL https://stripe.com/gb/privacy)

- GoCardless (URL https://gocardless.com/legal/privacy/)

- Paypal (URL https://www.paypal.com/ie/webapps/mpp/ua/privacy-full)

All purchases or donations should be completed through the donation page or on our web site (www.hestia.org/donate/donatenow/) or via our Fundraising team (020 7378 3139).

8 Legal Basis for Processing Data

When we collect and use your personal information, we will make sure this is only done in accordance with at least one of the six legal grounds available to us under Data Protection legislation and the General Data Protection Regulations. One of these is where we have obtained your specific consent to use your information for a previously notified purpose, such as to send you email/text marketing or to provide you with a product, service or information at your request.

Another is where we have a legal obligation to use or disclose information about you – for instance, where we are ordered by a court or regulatory authority or we are legally required to hold supporter transaction details for Gift Aid or accounting/tax purposes.

In certain instances, we may collect and use personal information where this is necessary in our legitimate interest as a charity, this includes being able to:

Send direct marketing material to supporters by post or contacting them by telephone for fundraising purposes (subject to checking against the Telephone Preference Service and any existing marketing preferences). See more about Marketing below.
Conduct research to better understand who our supporters are and better target our fundraising activity. See more about Fundraising below.
Monitor who we deal with to protect our charity against fraud, money laundering and other risks.
Maintain and administer our supporter database and systems.

In all cases, we balance our legitimate interests against your rights as an individual and make sure we only use personal information in a way or for a purpose that you would reasonably expect in accordance with this Policy and that does not intrude on your privacy or previously expressed marketing preferences.

Where we process sensitive personal data (as mentioned above), we will make sure that we only do so in accordance with one of the additional lawful grounds for processing such as where we have your explicit consent or you have made that information manifestly public. This will be on the basis of legitimate interests of vital interests. When we do this, we will tell you what sensitive personal data we are collecting and why.

9 Marketing information

We provide direct marketing and fundraising communications to supporters which includes news, information and data about:

Hestia and our work supporting adults and children in crisis, and related events and campaigns.
Campaigns to support adults and children in crisis, and the issues that they encounter, in order to bring about positive change in their lives.
Online and paper petitions relating to campaigns.
Opportunities to volunteer
Appeals and fundraising (including donations, competitions, raffles and similar promotional activities).
Our events, activities, local groups and committees.
Leaving a legacy.

Hestia relies on donations and support from others to continue its work on behalf of adults and children in crisis. Being able to contact you for marketing and campaigning purposes is an important part of our fundraising activity and purpose.

Fundraising is an important part of our marketing, but we will not share your data with any other organisation, individual or company to allow them to use your personal information for marketing or campaigning purposes, unless we have obtained your specific, freely given, informed and unambiguous consent to do so.

Anonymised data

We may aggregate and anonymise personal information so that it can no longer be linked to any particular person. This anonymised data can be used for a variety of purposes (such as recruiting new supporters) or to identify trends or patterns within our existing supporter base. This data helps inform our actions and improve our campaigns, products, services and materials.

In accordance with our legal and regulatory obligations and our internal policies and procedures, we may also use personal information to carry out due diligence on potential or actual donors. If you opt out of analysis of your data for due diligence purposes, we may not be able to accept donations from you.

You are in control

You can change your personal information and preferences about how we contact you whenever you choose.

How to change or stop us contacting you by post, telephone, email or text message

You can change your contact preferences at any time by contacting our Supporter Care team at Hestia, Beaufort House, 15 St. Botolph Street, London, EC3A 7DT
or emailing to [email protected] or calling 0207 378 3100

How to unsubscribe from Hestia’s email newsletters

If you have previously opted-in to receive email communications from Hestia but no longer wish to receive email communications, please click the unsubscribe link at the bottom of any of our emails to be removed from our list. Or via our web site (www.hestia.org/my-details)

We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted by us for such purposes. However, we will retain your details on a suppression list to help ensure that we do not continue to contact you. Unless you have told us that you wish for your data to be deleted.

10 Fundraising

As a charity, we have a legitimate interest in generating both community support and financial donations to deliver our work. After carrying out a balanced assessment, we rely on Legitimate Interests for the processing of your Personal Data for direct marketing purposes, whether you are an active supporter to Hestia, or when we approach you as a potential new supporter to the charity.

In all our fundraising communications we will give you clear opportunities to opt-out of future communications. We will provide easy to understand information on our appeals making you aware that we are processing your data based on legitimate interests, including how to contact our Fundraising Team and request to be removed from specific or all future communications from Hestia.

11 Recipients of your personal data

Hestia may disclose your personal information in the following circumstances:

To other Hestia entities, trading subsidiaries, suppliers or service providers only to provide the products or services you've requested from our site(s) for instance, where we might use an external fulfilment company to deliver goods to you.

To third parties who provide a service to us and are data processors. This would include our trusted partners that work with us in connection with our charitable purposes, and other entities that act as fundraisers for Hestia, sell Hestia products or provide Hestia information and marketing (subject to your communication preferences and our internal policies and procedures). We require these third parties to comply strictly with our instructions and data protection laws and we will make sure that appropriate controls are in place. We enter into contracts or robustly assess their terms and conditions to ensure GDPR compliance with all of our data processors and regularly monitor their activities to ensure they are complying with Hestia policies and procedures.

Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies), or in order to enforce or apply our rights (including in relation to our website or other applicable terms and conditions) or to protect Hestia, for example in cases of suspected fraud or defamation.

We will never share, sell or swap your details with any third parties for the purposes of their own marketing or the monetising of your data.

12 Children and young people – Under 13

We are committed to protecting the privacy of the young people that engage with us through our disability care and education services.

Our fundraising events also request specific information about the age of participants.

If you are under 13 and would like to get involved, please ensure that you have consent from a parent or guardian before giving us your personal information. When we collect information about a child or young person aged under 13 we will make it very clear as to the reasons for collecting this information and how it will be used.

12 Web site – offensive behaviour

If you post or send any content on Hestia digital channels that we believe to be inappropriate, offensive or in breach of any laws, such as defamatory content on our social media pages, we may use your personal information to inform relevant third parties such as your internet provider or law enforcement agencies.

13 Breach notifications

The security of your data is important to us. If in the circumstances of a data breach, we will report this to the ICO within 72 hours of the Organisation becoming aware of it if appropriate. If you have information about a breach please contact the Data Protection Officer at [email protected] or contact staff at the relevant service who will trigger the data breach process.

If the breach is sufficiently serious to warrant notification to the public, the charity will do so without undue delay.

14 How do we store your information?

We use a range of tools and third party suppliers to store your information. In all cases we work to ensure that the measures we take and suppliers used are GDPR compliant. We are working to ensure, where we can, that we do not keep paper copies of information and only scan and store information electronically, however in some circumstances, particularly under our statutory requirements, we will need to have available paper copies of documents and ensure these are stored securely.

15 Data security

We take appropriate technical and organisational measures against unlawful or unauthorised processing of personal data and accidental loss or destruction or damage to personal data.

16 How long do we keep your information?

How long will you use my personal data for?

If you have opted-in to receive our marketing communications we will be asking for re-consent every 2 years from the date you originally consented. You can unsubscribe from our data at any time during this period.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances you can ask us to delete your data: see Request erasure below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

17 Privacy assessments

Hestia will always assess and plan for how personal data and processing will be managed when new projects are being developed. This will occur when the charity is thinking about using a new tool or service with which to process data for example.

18 Your Legal Rights

In certain circumstances, you have rights under data protection laws regarding your personal data.

Your rights include:

Request access to your personal data.
Request correction of your personal data.
Request erasure of your personal data.
Object to processing of your personal data.
Request restriction of processing your personal data.
Request transfer of your personal data.
Right to withdraw consent.

If you wish to exercise any of the rights set out above, please contact us: [email protected]

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

19 Your ability to edit and/or delete your account information and preferences

The accuracy of your personal information is important to us. You can edit your Hestia account information, including your address and contact details and change any of your contact preferences at any time (including telling us that you don’t want us to contact you for marketing purposes by telephone or by post) via our web site www.hestia.org/my-details or via our Fundraising team (020 7378 3139).

20 Complaints

If you are not satisfied with our work or something that we have done or failed to do, we want to know about it. We also welcome your views on what we do well. Your comments enable us as a charity to learn and continuously improve our services.

Please find further information about giving us feedback, or lodging a complaint at: www.hestia.org/Pages/Contact.aspx

21 Contacting us

We welcome any queries, comments or requests you may have regarding this Privacy Policy and any other relevant policies. Please do not hesitate to contact us.

If you prefer to write, contact the Data Protection Officer at Hestia, Beaufort House, 15 St. Botolph Street, London, EC3A 7DT or email: [email protected]

Latest

For Children Recovering from Abuse

We're collecting money so that Hestia can provide Christmas gifts for children in Hestia's domestic abuse refuges.
Vianney's Story

Meet Vianney, a Team Manager in the Modern Slavery Response Team at Hestia. Find out more about her journey here at Hestia.
Sykes & Son Summer Challenges

Sykes & Son are taking on Cycle Belfast 2024 and the Montane Summer Spine Race 2024 to support adults and children in crisis.
Independent Anti-Slavery Commissioner meets survivors supported by Hestia

Last week, Hestia welcomed Independent Anti-Slavery Commissioner, Eleanor Lyons, to meet with survivors of modern slavery and human trafficking who are supported by the charity.

Bright Sky app

The Bright Sky app provides support for those experiencing domestic abuse as well as those concerned about friends and family members
Career opportunities

Start your career today to help adults and children in crisis.
Contact Us

Contact Hestia
Domestic Abuse

Hestia provides domestic abuse support services in London and the south east, including domestic abuse refuges and community-based support.
Mental Health & Complex Needs

Hestia provides a wide range of mental health support to adults in London.
Volunteer today

Apply for your volunteering role
Where we work

Click on an area of London to see which services we provide
Life beyond crisis

Hestia supports more than 15,000 adults and children in crisis across London every year
Modern Slavery Response

Hestia provides safe houses and outreach support to victims of modern slavery in London
Camden Crisis Sanctuary

The Camden Crisis Sanctuary is a safe place for people in mental health crisis and distress to attend for support.