The information we collect
When you visit MRG’s website, we do not collect your data (such as name, address, phone number, email) unless you provide it. The only information we collect is anonymised and can be managed in one or more of the following ways:
External services. Our website is linked to external websites or applications (such as Mailchimp), which may process some of the personal data you give us while interacting with our website. We regularly ensure that any such external third parties have privacy policies in line with our commitments to you under this policy. We will never ask for your access credentials for any external platform.
By using our website, you consent to these terms.
When you apply for a job, opportunity or internship, we collect information necessary to process applications (such as those for jobs or volunteer roles) and assess your suitability for these. This could include information such as employment status, previous experience depending on the context, any unspent criminal convictions or pending court cases you may have, any equalities and diversity monitoring information you have chosen to give us, and any other personal information you might provide to us. Information about unsuccessful applicants is deleted after six months.
When you work with us as an employee, consultant, contracting party or partner, we are required by law to keep your employee information for up to seven years after the end of the contract. In some cases, we are required to hold data longer to comply with a donor contract. We will never keep private data about anyone who has worked for or with us for over 12 years.
When you sign up for an MRG newsletter or other communication, we collect your primary personal data, along with your contact preferences. We are using Mailchimp to manage our subscriber lists. You can always unsubscribe using the link at the bottom of all emails.
When you sign up for an event, sign a petition or use one of our contact forms, we collect some primary personal data directly from you. In the case of events, we may use participant management platforms such as Lu.ma or Eventbrite. Your IP address may also be collected and stored for up to 6 months.
When you donate, we collect primary personal data and your contact preferences directly from you. Your IP address may also be collected.
When you fundraise for us, we collect primary personal data directly from you or through the fundraising platform you have used, along with your contact preferences (if you provided any).
When you participate in an online event, you may be invited to enter basic personal information such as your name and email address, which becomes available to the platform we’re using to stream the event.
Suppose you are an employee of or working with an organisation in partnership with MRG and participate in one of our projects. In that case, we collect the basic information we need, such as contact information, general personal information, and anything necessary for the specific project. This will be held confidentially and destroyed within six months of the end date until we need to retain the data to comply with the donor contract.
We do not collect sensitive data such as personal data revealing racial or ethnic origin, disability status, political opinions, religious or philosophical beliefs, sexual orientation or sexual and gender identity via our website.
However, MRG does collect such data in the context of its work advocating for inclusion and equality, which involves monitoring the current access of different groups to opportunities and services. Such data is held under tight security and forms the basis of public reports, which include data used in aggregate ways that preserve contributors’ anonymity. Where we identify individuals (e.g. in a case study), full consent is sought in advance in writing from the individual or individuals concerned.
We also collect such data in equal opportunity forms when you apply for jobs. We only do so to monitor the recruitment process’s fairness and ensure we are fulfilling our requirements towards people with disabilities. We keep this data for unsuccessful applications for up to six months.
MRG does not share personal data from our website with third parties such as marketing and research companies, fundraisers, or other charities. The only parties who would ever have access to your data are those organizations we use to help us process data to carry out our charitable objectives, as well as our partner organizations (e.g. in the case of an event organized jointly with a partner organization).
MRG’s email system, file storage system, and related IT services are hosted by Microsoft services, ensuring the highest security standards available for data storage. Moreover, we strive to ensure that our staff members nurture healthy cyber-security habits and enforce essential security features such as two-factor authentication (2FA) wherever possible.
We regularly ensure that the security practices of our third-party services align with this policy. We are cautious to ensure that any stored sensitive information is encrypted to the highest standards.
You may be entitled to view, amend, or delete our personal information. To do so, please get in touch with us. More information about your rights to view, amend, or delete your data is available on the Information Commissioner’s Office website.
Why do we collect and use data?
Sometimes, we will need to keep the information you gave us for legal reasons. We may use this to contact you for reasons related to the following:
- Administering any donations you have made
- Administering your tax status about Gift Aid if claimed
- The completion of other transactions you have entered into
- The activity or online content you have signed up for
- Handling recruitment and shortlisting job applications
- For communications, marketing and fundraising reasons
We may also use your details to contact you sometime in the future by post, phone, email or SMS to tell you about our work and essential campaigns you might want to know more about.
Our policy is to contact you only where we have the relevant permissions. This is by the Privacy and Electronic Communication Regulations (PECR) and General Data Protection Regulations (GDPR). All our emails will offer you the chance to decline future emails, and you can update your preferences at any time simply by contacting us.
The information we gather helps us understand how our fundraising and communications are performing and allows us to target relevant people with our online advertising. Any information collected for research, analysis and reporting is anonymized.
This Policy was reviewed on 20 October 2023.