Our Privacy Policy

The Factary is Europe’s leading prospect research agency, offering a range of research and consultancy services to non-profit clients to help them devise and implement successful fundraising strategies. Our aim is to bring fundraisers, non-profits and philanthropists together to share knowledge for good.

What is this policy for?

This privacy policy describes the way The Factary (“we”, “us”) gathers, uses, manages and discloses the personal data we collect through research using publicly available sources, and any personal data or information which is provided to us by non-profit clients (“clients”).

By using the Factary website, you consent to the collection and use of your personal information as set out in this privacy policy.

Our approach to data protection and privacy

The Factary is committed to safeguarding and protecting all forms of personal data. The Factary complies with the Data Protection Act 1998 (“DPA”) and is actively transitioning its in-house policies and procedures in preparation for the new General Data Protection Regulations (“GDPR”) which come into force by 25 May 2018. Consequently, terms currently used in this privacy policy are defined, and shall bear the meaning given, in the DPA.

How The Factary uses data

Data we collect from you

We use the information we collect from you via cookies in accordance with our Cookies Policy, which sets out the type of personal data we collect via our website.

Our use of cookies helps us to provide you with a good experience of, and also allows us to improve, our website. When you first visit the website we will ask you whether you agree to our use of cookies; if you do not agree then you may continue to use the website but your browsing experience may be adversely affected. We may use the information supplied by you to engage with you, to administer or improve our site, for internal operations or as part of our efforts to keep our site safe and secure.

Information that you supply to The Factary, whether via our website, by email, or by other means, will be securely stored by us. We will only disclose your personal information to third parties if we are required to do so by law or in the event that we sell or buy any business or assets.

Should you wish to opt out of our mailing lists please let us know by emailing DataProtectionOfficer@The Factary.com.

Data we collect for research purposes

The Factary undertakes research for non-profit clients. This research is used by clients in their fundraising, as a way to understand and build relationships with individuals, companies, trusts or other funders who may be existing, or future, donors and supporters.

Research undertaken by The Factary uses only publicly available sources, for example:

  • registers of personal and corporate information (e.g. Companies House, Debrett’s People of Today, Who’s Who);
  • newspaper sources, both current and archived (e.g. The Sunday Times Rich and Pay Lists, Dow Jones Factiva);
  • philanthropy datasets (e.g. the Charity Commission, The Factary Phi, Trustfunding); or
  • geodemographic and statistical data (e.g. ONS and census data)

We provide elements of this data to clients to help with their fundraising, such as estimated net worth and gift capacity information of donors. This is based on publicly available data such as company annual accounts, career history (including remuneration and shareholdings), published rich lists, property values, land registry information and news articles. We may also research the known philanthropic and charitable interests of donors, key professional interests and networks together with society & club memberships.

The Factary does not collect and store personal information in the form of a database.

The Factary does not collect and store data classified as ‘sensitive personal data’ under the DPA, unless that data has clearly been released into the public domain by the individual themselves or where information pertaining to due diligence research is reported in reputable press sources. For example, information such as details of legal proceedings or criminal accusations will be researched and passed to clients to contribute to due diligence processes which enable the client to identify potential risks or gift acceptance or reputational/ethical harm.

Furthermore, we encourage clients to use the research we provide in an ethical and responsible manner, and to reflect this in all their fundraising practices. We expect all data subjects to be treated as individuals and for clients to respect their wishes and privacy, and to comply, at all times, with applicable data protection & GDPR guidelines and legislation.

In short, we only use the information we collect from publicly available sources to:

  • carry out the research services we provide to clients;
  • maintain The Factary’s internal database of trusts, charities, and publically known donations; and
  • maintain The Factary’s internal database of UK demographic data.

Data sent to us by clients

The Factary understands that a non-profit’s fundraising database is its most important asset. Where a client enters into contract with us for the provision of services and provides us with its database (“client data”), to enable the performance of research services, we manage the security of that database and the processing of such data with extreme care and attention, and in accordance with the instructions of the client as a Data Controller, whilst ensuring data protection & GDPR guidelines and legislation are met at all times.

All intellectual property in client data remains the property of the client and no client data is absorbed or transferred in any way into any database belonging to The Factary, or otherwise. All electronic file transfers between client and The Factary are carried out over encrypted and secure FTP (SFTP) connections to and from our UK servers. All data logins are password protected, and logins and file transfers are monitored by us.

Client data is kept no longer than necessary. This means that, unless otherwise authorised by clients, client data will be deleted from our servers no later than 3 calendar months following project completion – or earlier/later if instructed and authorised by the client. The Factary will not pass on, or disclose, any information contained within client data to a third party unless authorised to do so by the client (Data Controller) or if required to do so by law.

In short, we only use the information provided by clients to:

  • carry out agreed and confidential services for clients;
  • create and maintain a sales and marketing database which includes details about clients and client contacts only; and
  • contact and correspond with clients about our products and services and about issues impacting the non-profit sector.

How we make sure we stay compliant

All The Factary staff are trained to undertake their tasks by following accepted best-practice policies and procedures when processing personal data. Data protection reviews are regularly carried out and all staff are made aware of current trends in good data management, relevant news reports and updates from the Information Commissioner’s Office, as well as forthcoming changes to any of The Factary’s best-practice data protection policies and procedures.

All personal data is processed by staff of The Factary in the strictest confidence, and is stored on encrypted hard drives on servers which are UK-based and managed. Only authorised staff have access to our servers.

If you’d like to access your personal information

You have the right to know if The Factary holds any data about you. You also have the right to obtain a copy of this data; this is known as a ‘subject access request’ (SAR). A fee of £10 is currently levied on any SAR. If you would like to submit a SAR to us in the first instance please email us or write to:

Data Protection Officer
The Factary
Brunswick Court
Brunswick Square
Bristol
BS2 8PE

You have the right to request that any information be changed if it is out of date, inaccurate or untrue. The Factary will consider all such requests seriously, and will follow a strict protocol when dealing with all subject access or change requests. It is our responsibility and legal obligation to amend any inaccuracies brought to our attention which might exist, wholly or in part, with respect to any personal data stored by The Factary.

If you are a client and receive any marketing communications from us, you have the right to be unsubscribed from such communications on request. There is no fee for this. Please contact our Data Protection Officer with the subject heading ‘Mailing list opt-out’, using or otherwise citing the email you wish to unsubscribe.

Updates to this privacy policy

Any changes we make to this privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to this privacy policy.

This privacy policy was last reviewed and updated on 19 July 2017.