Who are Factary?
The Factary (“Factary”) is Europe’s leading prospect research agency, offering a range of research and consultancy services to non-profit clients to help them devise and implement successful fundraising strategies. Our aim is to bring fundraisers, non-profits and philanthropists together to share knowledge for good. Other pages on this site give further detail about Factary and our services.
Factary processes personal data and is registered with the Information Commissioner’s Office (ICO) (Registration number: Z6137967).
What is this policy for?
Our approach to data protection and privacy
Factary is committed to safeguarding and protecting all forms of personal data. Factary complies with both the Data Protection Act 2018 (“DPA”) and with the UK General Data Protection Regulation (“UK GDPR”).
How Factary uses data
Data we collect from you
We use the information we collect from you via cookies in accordance with our Cookies Policy, which sets out the type of personal data we collect via our website.
Information that you supply to Factary, whether via our website, by email, or by other means, will be securely stored by us. We will only use this data to contact you about projects we may be undertaking for you or services we provide to you, or to send you details of Factary services or publications that may be of interest to you. This data we hold will only be disclosed to third parties if we are required to do so by law or in the event that we sell or buy any business or assets.
Should you wish to opt out of our mailing lists please let us know by emailing DataProtectionOfficer@factary.com.
Data we collect for research purposes
Factary undertakes research as a data processor for non-profit clients. This research is used by clients in their fundraising, as a way to understand and build better and more meaningful relationships with individuals, companies, trusts or other potential funders.
Research undertaken by Factary uses only publicly available sources, for example:
- registers of personal and corporate information (e.g. Companies House, Debrett’s People of Today, Who’s Who);
- newspaper sources, both current and archived (e.g. The Sunday Times Rich and Pay Lists, Dow Jones Factiva);
- philanthropy datasets (e.g. the Charity Commission, Factary Phi, Trustfunding); or
- geodemographic and statistical data (e.g. ONS and census data)
We provide elements of this data to clients to help with their fundraising, together with categories of wealth and gift capacity information relating to donors. This is based on publicly available data such as company annual accounts, career history (including remuneration and shareholdings), published rich lists, property values, land registry information and news articles. We may also research the known philanthropic and charitable interests of donors, key professional interests and networks together with society and club memberships.
Factary, as a data controller, does not process or store personal data in the form of a database for the purposes of its own research.
Any data Factary processes on behalf of its Clients (the data controllers) will consist of data stored and processed legally by the data controller or other data that is available in the public domain (which has either been released by the individual themselves or has been reported by reputable research & press sources). Where data that is classified as ‘sensitive’ is processed, this is warranted for the purposes of due diligence. For example, information such as details of past legal proceedings or criminal accusations will be researched and passed to clients to contribute to due diligence processes which enable the client to identify potential risks to gift acceptance or reputational/ethical harm.
Furthermore, we encourage clients to use the research we provide in an ethical and responsible manner, and to reflect this in all their fundraising practices. We expect all data subjects to be treated lawfully as individuals and for clients to respect their wishes and expectations as relating to personal privacy, and to comply, at all times, with applicable data protection & UK GDPR guidelines and legislation.
We only use the information we collect from publicly available sources to:
- carry out the research services we provide to clients;
- maintain Factary’s internal database of trusts, charities, and publicly known donations; and
- maintain Factary’s internal database of UK demographic data.
Data sent to us by clients
Factary understands that a non-profit’s fundraising data is one of its most important organisational assets. Where a client enters into contract with us for the provision of research services and provides us with its data (“client data”), to enable the performance of research services (for example, a Database Screening), we manage the security and processing of that data, including any personal data it contains, to the highest of standards and in accordance with the law, and ensuring data compliancy with the DPA and UK GDPR.
Factary will carry out its services as Data Processor and the client will remain Data Controller throughout the processing agreement.
All data processing including other data management issues of which Factary are made aware (such as data breaches or SARs etc.) will be managed in conjunction with the client (Data Controller).
All intellectual property in client data remains the property of the client and no client data is processed in any way other than that instructed by the client (Data Controller). All electronic file transfers between client and Factary are carried out over encrypted and secure FTP (SFTP) connections to and from our UK servers. All data logins are password protected, and logins and file transfers are monitored by us.
Client data is kept no longer than necessary. This means that, unless otherwise authorised by clients, client data will be deleted from our servers no later than 6 months after the data is initially received – or earlier/later if instructed and authorised by the client. Factary will not pass on, or disclose, any information contained within client data to a third party unless authorised to do so by the client (Data Controller) or if required to do so by law.
In short, we only use the information provided by clients to:
- carry out agreed and confidential services for clients;
- create and maintain a sales and marketing database which includes details about clients and client contacts only; and
- contact and correspond with clients about our products and services and about issues impacting the non-profit sector.
How we make sure we stay compliant
All Factary staff are trained to undertake their tasks by following accepted best-practice policies and procedures when processing personal data. Data protection reviews are regularly carried out and all staff are made aware of current trends in good data management, relevant news reports and updates from the Information Commissioner’s Office, as well as forthcoming changes to any of Factary’s best-practice data protection policies and procedures.
All personal data is processed by staff of Factary in the strictest confidence, and is stored on encrypted hard drives on servers which are UK-based and managed. Only authorised staff have access to our servers.
If you’d like to access your personal information
You have the right to know if Factary holds any data about you. You also have the right to obtain a copy of this data; this is known as a ‘subject access request’ (SAR). There is no fee for this.
If you would like to submit a SAR to us then please email us or write to:
Data Protection Office
You also have the right to request that any information be changed if it is out of date, inaccurate or untrue. Factary will consider all such requests seriously, and will follow a strict protocol when dealing with all subject access or change requests. It is our responsibility and legal obligation to amend any inaccuracies brought to our attention which might exist, wholly or in part, with respect to any personal data stored by Factary.
If you are a client and receive any marketing communications from us, you have the right to be unsubscribed from such communications on request. There is no fee for this. There is no fee for this. Please contact our Data Protection Officer with the subject heading ‘Mailing list opt-out’, using or otherwise citing the email you wish to unsubscribe.
All enquiries should be made to the Data Protection Office (contact details shown above).