Our Privacy Policy

This privacy policy describes the way The Factary (“we“, “us“) gathers, uses, manages and discloses personal data we collect through researching publicly available sources and information which is provided to us by non-profit clients (“Clients“).

The Factary is committed to safeguarding and protecting all forms of personal data. For the purposes of the Data Protection Act 1998 (the “DPA“), the data controller is The Factary Limited. The Factary complies with the DPA and is actively transitioning its in-house policies and procedures in preparation for the new General Data Protection Regulations (“GDPR“) which come into force by 25 May 2018. Terms used in this privacy policy and defined in the DPA shall bear the meaning given in the DPA.

If you have any queries regarding this policy, please address them to our Data Protection Officer, Marcus Low, by emailing him at DataProtectionOfficer@factary.com, contacting him by phone on 0117 916 6740, or at the postal address set out in paragraph 7.3. The Factary operates as a consultancy and provides fundraising and data advice and services to various non-profit clients.

The Factary undertakes its personal data processing in the capacity of Data Controller or Data Processor, depending on the types of data being processed and the circumstances in which the processing is taking place.


  • 1.1 For information on the type of personal data we collect via our website, please refer to our cookie policy. Our use of cookies helps us to provide you with a good experience during your visit and also allows us to improve our website. When you visit the website we will ask you whether you agree to our use of cookies. If you do not agree, then you may continue to use the website but your browsing experience may be adversely affected.
  • 1.2 Information that you supply to us about you, whether via our website, by email, or by other means, will be securely stored by us.


  • 2.1 Our database contains data gathered entirely from publicly accessible sources, including:
    • (a) public registers for personal and corporate information:
      • (i) Bureau van Dijk MINT;
      • (ii) Debrett’s People of Today online;
      • (iii) Who’s Who Online, plus past print editions;
      • (iv) Companies House;
      • (v) Charity Commission website;
      • (vi) electoral roll (sourced via 192.com);
      • (vii) Land Registry (sourced via Price Paid Data, gov.uk);
    • (b) published directories and rich lists:
      • (i) Corporate Register, latest and past editions;
      • (ii) The Sunday Times Rich and Pay Lists, latest and past editions;
      • (iii) various DSC publications;
    • (c) online news archives and databases:
      • (i) Factiva;
    • (d) publicly sourced data from the internet:
      • (i) company websites;
      • (ii) corporate reference sources; and
      • (iii) newspapers and journals.
  • 2.2 Information regarded as ‘sensitive personal data’ under the DPA will only be collected where that data has clearly been released into the public domain by the individual themselves or where information pertaining to due diligence procedures is reported in reputable press sources. Information such as details of legal proceedings or accusations will be collected when appropriate. An example of where this may be appropriate is where such information may cause the Client reputational or ethical harm.
  • 2.3 Personal data collected and stored in our database include the following:
    • (a) contact details (home or business addresses only) which are publicly known. This data is used only to help verify an individual’s identity when researching Client Data (as defined below) and not used to contact the individual, or absorbed into Client Data;
    • (b) date of birth. This data is used only to help verify an individual’s identity when researching Client Data;
    • (c) estimated net worth and gift capacity based on publicly available data;
    • (d) known and well established philanthropic and charitable interests available in the public domain;
    • (e) directorships or trusteeships which are publicly known and provided;
    • (f) honours or qualifications which are publicly known and provided; and
    • (g) publicly available biographies. These are usually sourced from company director profiles shown on company websites, or that of trustees on trust or charity websites.
  • 2.4 We store this information in order to provide services to Clients to assist with their fundraising.
  • 2.5 We encourage all Clients to use the research we provide in an ethical and responsible manner, and to reflect this in their fundraising practices. We expect supporters to be treated as individuals and for Clients to respect supporters’ wishes and privacy, and to at all times comply with applicable data protection legislation.
  • 2.6 Estimated net worth and gift capacity are based on publicly available data from trustworthy sources such as published rich lists, property values, published club memberships, published company reports, publicly known share dealings and news articles. We also base our wealth estimates on career histories, and known activities and indicators of wealth.
  • 2.7 Philanthropic and charitable interests come from the Charity Commission website, publicised donations, known support of causes, and known hobbies and interests.
  • 2.8 Identified activities which have the potential to create prejudice or negative publicity to a cause may be included for clients as part of due diligence research to ensure non-profits do not raise money from unethical or controversial sources.


  • 3.1 The Factary understand that a non-profit’s fundraising database is its most important asset. Where a Client contracts with us for the provision of services and provides its fundraising database (“Client Data“) to us to enable the performance of such services, we act as a data processor in relation to that Client Data. We manage the security of that database and the processing of such data with the upmost degree of care and attention and in accordance with the instructions of the Client as a Data Controller.
  • 3.2 All intellectual property in Client Data remains the property of the Client and no Client Data is absorbed or transferred in any way into any database belonging to The Factary.
  • 3.3 All electronic file transfers between Client servers and The Factary are carried out over encrypted and secure FTP (SFTP) connections to and from our UK servers. All data logins are password protected and both logins and file transfers are monitored by us.
  • 3.4 Client Data is kept no longer than necessary. This means that, unless authorised by Clients otherwise, Client Data will be securely deleted from our servers no later than 3 calendar months of project completion – or earlier/later if instructed and authorised by the client.
  • 3.5 The Factary will not pass on, or disclose, any information contained within Client Data to a third party unless authorised to do so by the Client or required to do so by law.


  • 4.1 The Factary will collect and store personal information for many types of purposes and from many sources.
  • 4.2 We use the information we collect from you via cookies in accordance with our Cookies Policy. We may also use that information:
    • (a) to engage interactively or otherwise with visitors to our website;
    • (b) to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    • (c) to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
    • (d) as part of our efforts to keep our site safe and secure.
  • 4.3 We use the information we collect from publicly available sources to:
    • (a) carry out the services we provide to Clients;
    • (b) maintain The Factary’s internal database of trusts and charities; and
    • (c) maintain The Factary’s internal database of philanthropic and High Net Worth Individuals.
  • 4.4 Subject to paragraph 6 and other than to provide services to our Clients, we do not sell or otherwise share this data with any other third parties.
  • 4.5 We use the Information provided by Clients to:
    • (a) carry out the services we provide to Clients (save that Information provided by a Client is only used in relation to the services provided by that Client in accordance with our Terms of Business);
    • (b) create and maintain a sales and marketing database which includes details about Clients only; and
    • (c) contacting and corresponding with Clients about our products and services and about issues impacting the non-profit sector.


  • 5.1 All staff of The Factary are trained to undertake their tasks by following accepted best-practice policies and procedures when processing personal data.
  • 5.2 Data protection reviews are regularly carried out and all staff are made aware of current trends, news reports and updates from the Information Commissioner’s Office as well as forthcoming changes to any of The Factary’s own, or generally accepted, best-practice data protection policies and procedures.
  • 5.3 All personal data is processed by staff of The Factary in the strictest confidence.
  • 5.4 All personal data is stored on encrypted hard drives and these servers are UK-based and managed.
  • 5.5 Only authorised staff and clients of The Factary have access to our servers.


  • 6.1 We may disclose your personal information to third parties:
    • (a) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
    • (b) if The Factary Ltd or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; or
    • (c) if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property or safety of The Factary Ltd, our customers, or others.


  • 7.1 Individuals, whether they be staff of The Factary or any other individual external to the organisation, have the right to obtain a copy of all the information held about them within our organisation. This is known as a ‘subject access request’. A fee of £10 is currently levied on any subject access request.
  • 7.2 Individuals also have the right to request that this information be amended if it is out of date, inaccurate or untrue. The Factary will consider all such requests seriously, and will follow a strict protocol when dealing with all subject access or change requests. It is our responsibility and legal obligation to amend any inaccuracies brought to our attention which might exist, wholly or in part, with respect to any personal data stored by The Factary – and it’s in our interests to do so.
  • 7.3 If you are a Client and receive any marketing communications from us, you have the right to be unsubscribed from such communications on request. There is no fee for this. Please contact our Data Protection Officer using the contact details at paragraph 7.4 below or follow the instructions sent with any communication.
  • 7.4 If you have a subject access request or have any other type of enquiry, please contact our Data Protection Officer, Marcus Low, by emailing him at DataProtectionOfficer@factary.com, contacting him by phone on 0117 916 6740, or by post at The Factary Ltd, Brunswick Court, Brunswick Square, Bristol BS2 8PE.


  • 8.1 Any changes we make to this privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to this privacy policy.
  • 8.2 This privacy policy was last reviewed and updated on 12 January 2017.