Empty Space Spotter - Privacy Policy

Privacy Policy

[Note that this Privacy Policy follows current ICO Guidelines]

  1. Introduction

This is our Privacy Policy (together with our terms of use for all/any digital assets and any other documents referred to in it).  It applies to our website at www.habitatforhumanity.org.uk  (“the Website”) our Empty Space Spotter App (“the App”) and our Empty Spaces to Homes Platform [www.tbc] (“the Platform”). The Website, App and Platform are collectively referred to as “digital assets”.  This Privacy Policy describes the type of personal data that we collect from you (“you/your”) through the use of our digital assets, how that personal data, and also non-personal data, is used or disclosed by us and the safeguards we use to protect it

This Privacy Policy has been crafted in an effort to be as clear and concise as possible. Please read it carefully to understand our policies regarding your personal data and how we will treat it. By using or accessing our digital assets, you agree to the collection, use and disclosure of personal data in accordance with this Privacy Policy. [This Privacy Policy was last updated on {to be updated at least annually}]. Please check back regularly to keep informed of updates to this Privacy Policy.

Please read this Privacy Policy carefully. Your acceptance of our Privacy Policy is deemed to occur upon your first use of our digital assets. If you do not accept and agree with this Privacy Policy, you must stop using our digital assets immediately.

If you have any comments on this Privacy Policy, please email them to emptyspacespotter@habitatforhumanity.org.uk


Who we are

2.1 Here are the details that we as ‘data controller’ are required to give to you in accordance with Data Protection Legislation, including the retained EU law version of the EU’s General Data Protection Regulation ((EU) 2016/679) (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (as amended), and any other applicable or updated law which relates to the protection of individuals rights with regard to the processing of personal data):

2.1.1    Our Website address is:  www.habitatforhumanity.org.uk

2.1.2    Our Organisational name is: Habitat for Humanity GB (registered charity no: [1043641])

  • Our registered address is: [1A Royal Parade, Tilford Road, Hindhead. GU26 6TD]


What we collect

3.1 We collect, use, transfer and process the following data about you including:

3.1.1 personal data you put into forms, when entering a competition, promotion or surveys [anything else?] via our digital assets at any time.    This includes personal data provided at the time of registering to use our digital assets, subscribing to our organisation, creating an account on any of our digital assets, posting material or requesting further services

3.1.2 requests that marketing material be sent to you;

3.1.3 personal data you provide via our social media platforms; and

3.1.4 personal and non/personal data you provide to us when you contact us by email, phone or otherwise.

3.2 We also ask for your personal data when you report a problem with any of our digital assets or provide other feedback and we will collect the following personal and non-personal data to enable us to communicate with you;

3.2.1 a record of any correspondence between us;

3.2.2 details of transactions you carry out through our digital assets;

3.2.3 details of your visits to our digital assets and the resources you use;

3.2.4 any personal data that you upload to our digital assets and any other form of interaction data you provide; and

3.2.5 information about your computer (e.g., your IP address, browser, operating system etc) for system administration and to report aggregate information to any advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual

3.3 Please note that we do not store credit card details and we do not share any financial details with any third parties without your consent

3.4 Depending on your circumstances and the digital assets selected the personal data we gather about you includes: your name; address; email address; phone number; financial information; personal identification information and any further personal data as required as part of the service or product provided or which you share through our digital assets


4.1 We use cookies to distinguish users and improve the user experience of our website. Please look at our Cookie Policy for more cookie information.

5. How we use what we collect

5.1 We use personal and non-personal data about you to:

5.1.1 present digital assets and content effectively to you;

5.1.2 provide information on and allow you to use, all or any of the digital assets that you request, or (with your consent) any identified as being of interest to you to personalise your experience;

5.1.3 allow you to use our interactive digital assets if you want to;

5.1.4 to administer a contest, promotion, survey or other digital assets feature;

5.1.5 tell you about changes;

5.1.6 we will contact you electronically about similar digital assets and offerings to those previously of interest to you unless you tell us that you do not wish to receive such information the link contained in our email messages or by contacting us at any time via emptyspacespotter@habitatforhumanity.org.uk

5.1.7 with your prior consent, tell you about other organisational news that might interest you; and

5.1.8 allow selected third parties to contact you directly. We will ask for your consent each time, before passing on your details, and will not do so unless your consent is given

5.2 In some instances, it will be appropriate for us to combine your personal and non-personal data with other information that we hold about you, such as combining your name with your geographic location or your browsing history

5.3 If you do want to be contacted for marketing purposes to help us keep you informed about our work, you can tick the consent box that you will find on screen when we collect your personal data. You can unsubscribe or change your preferences at any time via the link contained in our email messages or by contacting us via emptyspacespotter@habitatforhumanity.org.uk

5.4 Please note: we don’t identify individuals to our Supporters/Advertisers (if any), but we give them aggregate information to help them reach their target audience, and we use information we have collected to display advertisements to that audience

5.5 Please note, that if you no longer wish for us to process your personal data for marketing purposes, you can contact us at emptyspacespotter@habitatforhumanity.org.uk  and we will update our systems. However, in doing so you acknowledge that this limits the information we can provide to you. In some cases, the collection and retention of personal data is a statutory or contractual requirement. Please see point 7 for further details on retention of personal data.

5.7 In addition to 5.1 we will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

5.7.1 Where we need to perform the contract we are about to enter into or have entered into with you

5.7.2 Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests

5.7.3 Where we need to comply with a legal or regulatory obligation

5.8 We do not rely on consent as a legal basis for processing your personal data other than in relation to our marketing communications or sending third party direct marketing communications to you via email, post, phone or text message. You have the right to withdraw consent to marketing at any time by updating your contact preferences, and we will move your data to our “unsubscribe list” or via the link contained in our email messages or by contacting us at any time via emptyspacespotter@habitatforhumanity.org.uk.  However, you acknowledge this will limit our ability to provide the best possible communications to you

5.9 As already indicated above, with your consent we will use your data for marketing purposes that will lead to us contacting you by email, post, phone or text message with appropriate information and news. We agree that we will not do anything that we have not agreed to under this Privacy Policy, and we will not send you any unsolicited marketing or spam. We will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the Data Protection Legislation.

5.10 Any and all photographs uploaded to Empty Space Spotter containing images of people will be deleted.

5.11 Misuse of the Empty Space Spotter app by way of uploading inappropriate images will be deleted. If images uploaded are deemed illegal, we withhold the right to pass all received data to relevant authorities and issue an app ban.

6. Where we store your data

6.1 As required, we will transfer your collected data to third parties for storage outside the UK in connection with the above purposes. For example, your personal data will be processed outside the UK to fulfil your order and/or be processed to administer payment [If relevant or likely to become relevant]

6.2 By giving us your personal data, you agree to this arrangement. Where such processing takes place, appropriate controls, such as the adoption of agreements containing appropriate standard contractual clauses are in place to ensure that your personal data is protected to the same standard as if it were in the UK. We will do what we reasonably can to keep your data secure, and up to date and in accordance with this Privacy Policy

6.3 Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our digital assets. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our written instructions, and they are subject to a duty of confidentiality

6.4 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so

6.5 We have implemented security measures such as a firewall and other cyber security to protect any data and maintain a high level of security

6.6 Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet is not completely secure and that you are advised to take suitable precautions when transmitting to us data via the internet and you take the risk that any sending of that data turns out to be not secure despite our efforts


Retention of Data

7.1 We will not collect more personal data than we need for the purposes set out in Paragraph 5. We will retain such personal data for the life of your contractual arrangement with us and for a period of up to seven years after your relationship with us has ended. We are however required to retain personal data for a longer period of time to ensure we comply with our regulatory and legislative requirements. We regularly review our data retention obligations to ensure we do not keep personal data for longer than we are legally obliged to any period longer than required to carry out the purposes set out in Paragraph 5. Please see our retention periods below

Purpose for collecting your Personal data: Marketing to help you with your legal needs by sending you insights, information and exclusive offers to help you grow and protect your business.

Type of personal data being held or processed: Name, email address, telephone numbers. Postal address where provided by data subject.

Lawful basis for processing: Consent

Retention Period: 3 years from date of signing up to marketing.


Purpose for collecting your Personal data: Prospective Donor (who has made zero payment)

Type of personal data being held or processed: Name, email address, telephone numbers, job role, postal address

Lawful basis for processing: Contract – pre-contractual steps

Retention Period: 5 years since day of last contact


Purpose for collecting your Personal data: Donor Contractual Arrangement/Terms of Engagement

Type of personal data being held or processed: Name, email address, telephone numbers, job role, postal address.

Lawful basis for processing: Contract

Retention Period: Minimum of 7 years – Since last day of contact


7.2 We do not store bank/credit card details, other than storing them momentarily on the Platform until they have been dispatched to our payments provider [If Toolkit has a pay option]

Disclosing your personal data

8.1 We are allowed to disclose your personal data in the following cases:

8.1.1      if we want to merge our organisation, we can disclose it to the potential merging organisation, any subsidiaries, or ultimate holding organisations as defined in Section 1159 of the UK Companies Act 2006

8.1.2     we can disclose it if we have a legal obligation to do so, or in order to protect other people’s property, safety or rights;

8.1.3     in connection with legal proceedings (including prospective proceedings);

8.1.4      in order to establish or defend our legal rights; and

8.1.5      we can exchange personal data with others to protect against fraud or credit risks.

8.2   We may at any time engage third parties to assist us in carrying out certain functions on our behalf. These include companies to assist with payment processing, search engine facilities, advertising and technology services. We only share the appropriate level of personal and non-personal data to enable the supplier to provide their services.  Where your personal data is required to be shared, we will take all reasonable steps to ensure your data is handled safely and securely and in accordance with our and the suppliers’ obligations under Data Protection Legislation.

8.3 Companies who have access to personal and non-personal data include:  Habitat for Humanity Great Britain.

Web hosting: [HFHGB website is built on wordpress, hosted by Kinsta]

Survey Platforms: Formstack

Online reviews platform:

e-Signing provider: Adobe

CRM: Blackbaud / Raisers Edge

Compliance Tool: We host on Kinsta which uses Google Cloud which should have highest standards of security and compliance.

Client communications and data analysis: Office 365

Other providers include: SMS alerts, IT and software and machine learning development, Online advertising management

Data analysis for the website would be Google Analytics

*** These are examples – there may be others that require inclusion

We may change these companies, so we expect you to check this page from time to time.

Your rights

9.1 You have a number of rights under the Data Protection Legislation;

9.1.1 The right to request a copy of the personal data we hold on you. When you request this personal data, this is known as a Subject Access Request (SAR). In most cases, this will be free of charge however in limited circumstances we apply an administration charge. For example, where repeated requests are made;

9.1.2 The right to have personal data we hold about you transferred securely to another service provider in an electronic form;

9.1.3 The right to have inaccurate personal data corrected and additional personal data added to your record;

9.1.4 The right to request any out of date personal data erased once there’s no business need or legal requirement for us to hold it;

9.1.5 The right to object to or restrict your personal data being processed, in limited circumstances and only when we don’t have legitimate grounds for processing your personal data;

9.1.6 The right to object to personal data being used to send you marketing material. As mentioned above, we will only send you marketing material where you have given your consent to do so. You can remove your consent at any time

9.1.7 You can ask us not to use your data for marketing. You can do this by not ticking the relevant boxes on our forms, or by contacting us at any time

9.1.8 To exercise any of these rights please contact emptyspacespotter@habitatforhumanity.org.uk


10.1 We are committed to ensuring your personal data is protected and held securely. However, the internet is not a secure medium and we cannot accept responsibility for the security of an email during transmission or non-delivery of that email.

Making a complaint

11.1 If you believe we have not processed any of your personal data in accordance with Data Protection Legislation or you have been affected by non-compliance you can make a complaint to:

Designated person detailsWeb developer: freelance – Mohisn Rasool (Sebta)

11.2 If you are not satisfied with our response, you can raise a complaint with the UK’s Information Commissioner’s Office, the UK’s independent authority set up to enforce Data Protection Legislation. For further information on exercising your rights on organisations processing your personal data, please click here. https://ico.org.uk/your-data-matters/your-right-of-access/

Links to other websites

12.1 Please note that our digital assets terms of use and our policies will not apply to other websites that you get to via a link from any of our digital assets

12.2 Our digital assets may, from time to time, contain links to and from the website of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. We have no control over how your data is collected, stored or used by other websites and we advise you to check their privacy policy before providing any data to them


13.1 If we change our Privacy Policy, we will post the changes on this page. If we decide to, we will email you.

Automated decision-making tools

14.1 In the event that we use personal data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) on you, you have the right to challenge such decisions under the Data Protection Legislation, requesting human intervention, expressing their own point of view, and obtaining an explanation of the decision from us

14.2 The right described in section 14.1 does not apply in the following circumstances:

14.2.1 the decision is necessary for the entry into, or performance of, a contract between you and us;

14.2.2 the decision is authorised by law; or

14.2.3 you have given your explicit consent.

14.3 Where we use your personal data for profiling purposes, the following shall apply:

14.3.1 Clear information explaining the profiling will be provided, including its significance and the likely consequences;

14.3.2 Appropriate mathematical or statistical procedures will be used;

14.3.3 Technical and organisational measures necessary to minimise the risk of errors and to enable such errors to be easily corrected shall be implemented; and

14.3.4 All personal data processed for profiling purposes shall be secured in order to prevent discriminatory effects arising out of profiling

Terms and Conditions

15.1 Please also visit our digital assets terms of use section establishing the use, disclaimers, and limitations of liability governing the use of our digital assets

Your consent

16.1 By ticking applicable boxes on signing up to any or all of our digital assets, you consent to our Privacy Policy.


Dispute Resolution

17.1 The Parties will use their best efforts to negotiate in good faith and settle any dispute that may arise out of or relate to this Privacy Policy or any breach of it

17.2 If any such dispute cannot be settled amicably through ordinary negotiations between the parties, or either or both is or are unwilling to engage in this process, either party may propose to the other in writing that structured negotiations be entered into with the assistance of a fully accredited mediator before resorting to litigation

17.3 If the parties are unable to agree upon a mediator, or if the mediator agreed upon is unable or unwilling to act and an alternative mediator cannot be agreed, any party may within 14 days of the date of knowledge of either event apply to us to appoint a mediator

17.4 Within 14 days of the appointment of the mediator (either by mutual agreement of the parties or by Habitat for Humanity GB in accordance with their mediation procedure), the parties will meet with the mediator to agree the procedure to be adopted for the mediation, unless otherwise agreed between the parties and the mediator

17.5 All negotiations connected with the relevant dispute(s) will be conducted in confidence and without prejudice to the rights of the parties in any further proceedings

17.6 If the parties agree on a resolution of the dispute at mediation, the agreement shall be reduced to writing and, once signed by the duly authorised representatives of both parties, shall be final and binding on them

17.7 If the parties fail to resolve the dispute(s) within 60 days (or such longer term as may be agreed between the parties) of the mediator being appointed, or if either party withdraws from the mediation procedure, then either party may exercise any right to seek a remedy through arbitration by an arbitrator to be appointed by us

17.8 Any dispute shall not affect the parties’ ongoing obligations under this Privacy Policy

What do we do with your details?

You deserve to know how we use your details and why. Depending on how you interact with us, the way…

You deserve to know how we use your details and why. Depending on how you interact with us, the way in which we “process” your information will vary. Some of this is required, i.e. donations and gift aid, and some is optional, i.e. direct marketing.

From 25 May 2018, you will not receive direct marketing materials from us unless you have opted in, or you are a supporter of our work and we therefore believe we have a legitimate interest in contacting you.

Occasionally we will seek to better understand our supporters and how we can best serve you. To do this, we might analyse the data you have provided to us to create a picture of trends and interests that can better inform our communications. This may include postcode analysis, as well as analysis of areas of our work you are most interested in, your feedback and comments, responsiveness to our communications, etc. However, any data used in this way will be anonymised for these processes and we will not add any data that you have not provided us to your record (this is also known as datamatching or telematching).

When we receive large donations we may do additional research to ensure that the source of the money is aligned to our values as an organisation.

If you make a donation

When you make a donation to Habitat for Humanity Great Britain we will collect your details so that we can process the payment, claim gift aid (if applicable) and thank you for your gift.

We will retain your details in our secure database in order to meet our legal and financial obligations, and to provide you with further information about our work, based on your consent or our belief that you would like to receive updates about our work and further opportunities to support it. This information will not be made available to anyone outside of Habitat for Humanity.

If you volunteer with us

If you are participating in an international volunteering trip we will require some personal information from you. This information will be shared with our carefully selected and monitored Team Leaders, who are volunteers, and Habitat for Humanity staff based in the destination country. This is for the sole purpose of managing the build and ensuring we can keep you healthy and safe whilst under our care.

After the completion of the build volunteers will not retain your personal details. Habitat for Humanity Great Britain will securely retain your details for as long as necessary in order to meet legal and health and safety obligations.

If you are participating in a challenge event for us

We work with Run for Charity to offer discounted ballots to UK and international challenge events. When you register with us we will share you details with Run for Charity who will work directly with the organisers of your chosen challenge event to ensure you can successfully participate and to ensure your health and safety. We will contact you in the run up to the event with regard to fundraising and training. Run for Charity and the event organisers will also contact you directly with race day details and other important information.

For our signature event, Hope Challenge, we will share your registration details with the organisers, Across the Divide, in order to ensure our health and safety obligations throughout the event. Habitat for Humanity Great Britain will retain your details for as long as necessary in our secure database so we can meet our legal and our health and safety obligations.

If you are receiving updates on our work
You are making an impact on the global housing crisis and we want to let you know about it. We provide these updates by sending direct marketing materials through the post and by email. These updates include:
• Newsletters and Appeals,
• Volunteering and Event Updates, and
• Campaign and Advocacy Updates.

You can choose what you receive from us and how you receive it. And you can always change your mind.

Suppliers we work with

We have limited resources, so we work with external suppliers to help us communicate with you.

We use carefully selected suppliers to help us deliver our mailings. We will keep your information safe and only use your details to contact you in the ways you’ve agreed to.

When necessary, we may share data with our carefully regulated and monitored external suppliers, for processing purposes or to help us improve our communications with our supporters. We will ensure their use of the data is in line with our own data protection policies and not kept or used by them for any other purposes.

We will only work with professional organisations that we have vetted and ensured meet our data protection standards. You have the right to view, request and delete your personal data held by any of our suppliers.


How we use cookies and other websites

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree,…

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie can be used by web servers to identify and track users as they navigate different pages on a website and identify users returning to a website. Cookies allow web browsers to respond to you as an individual. This allows websites to tailor their operations to your needs, likes and dislikes by gathering and remembering information about your preferences. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

 Types of cookies we use

Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

We use both session and persistent cookies.

Controlling and opting out of cookies

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Please be aware that disabling cookies may prevent you from taking full advantage of the all the features of this website.

You can read more detailed information on disabling cookies from http://www.allaboutcookies.org/

Categories of cookies we use

  1. Strictly necessary cookies: These cookies are essential for the user to move around the website and to use its features, e.g. making a donation and e-billing.
  2. Performance cookies: These cookies collect information about how the user makes use of the site, e.g. which pages the user visits most. These cookies do not collect information that identifies the user.
  3. Functionality cookies: These cookies remember choices made by the user and enhance the features, e.g. language or users location. This cookie is also used to remember a user’s preferences for a font size, or customisable parts of a web page.
  4. Targeting or advertising cookies: These cookies collect information about the users’ browsing habits. This may also include your use of social media sites, e.g. Facebook, etc. or how you interact with our website which then shows you relevant content elsewhere on the internet. NB. These may also be used to remarket to you in limited circumstances.

Google Analytics cookies

This site uses Google Analytics which is one of the most widespread and trusted analytics solutions on the internet to understand website visitor use and behaviour. Your identity is anonymised, and we use it to produce overall trends and statistics to interpret how well our website is doing.

These cookies may track things such as how long visitors spend on the site and the pages that they visit so we can continue to produce engaging content. You are able opt-out of Google Analytics cookies by using Google’s opt-out tool. For more details about Google’s Analytics you can read this overview.

As such, we look at:

  • Source/Medium of our visitors (e.g. organic traffic / Google)
  • Number and title of the pages visited and for how long
  • Donations and forms submitted

For example, we analyse how long our visitors stay on the website, how often people return to the website, which blog posts get the most readership, which volunteer trips get the most interest, and how many subscribers we get for the e-newsletter.

The data is automatically captured by Google Analytics and isn’t shared with any other third party. It allows us to assess the performance of our website in terms of content offering and user experience.

Google Tag Manager cookies

We use Google Tag Manager as an extension of Google Analytics to implement tracking tags for specific events on the website:

  • When a form gets completed and submitted (e-newsletter, volunteering, donations)
  • Installing the Google Analytics code
  • Installing the Facebook Pixel code
  • Installing the HotJar code

HotJar cookies

We use HotJar to better investigate the user experience on the website via:

  • Heatmaps: mapping the movement of the mouse to determine which parts of a specific page performs best
  • Polls/Surveys: asking simple questions to our visitors about potential issues on a page
  • Funnels: analysing the user journey through several pages to identify bottlenecks

All the information is anonymous and isn’t shared with any third parties.

HotJar’s tracking cookie is installed on our website via Google Tag Manager.

Facebook Pixel cookies

We use the Facebook “Pixel” (similar to a tracking cookie) to:

  • Monitor users coming to our website from Facebook
  • Assess the performance of our adverts on Facebook

The data is captured by Facebook’s “Pixel” and stored on their servers. The Pixel is installed on our site via Google Tag Manager.


We use Formstack to create online forms that:

  • Capture new subscribers to our e-newsletter and offline communication (postal, phone)
  • Register individuals for volunteer trips and challenge events
  • Receive online donations and payments
  • Receive feedback on our volunteer trips and events

All the data captured in the forms is stored by Formstack on their servers. Formstack complies with the EU-US Privacy Shield Framework regarding the collection, use, and retention of personal information transferred from the European Union to the United States. You can learn more about the Privacy Shield Framework here.  The data is retained for as long as necessary for us to manage our legal obligations.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we have no control or oversight over those external websites and cannot be held responsible for the protection and privacy of any information you provide whilst visiting such sites.  You should exercise caution and look at the privacy statement applicable to the website in question.


We are Cyber Secure

It’s important for you to know that we are protected by Cyber Essentials. It is a government backed scheme that…

It’s important for you to know that we are protected by Cyber Essentials. It is a government backed scheme that protects our organisation against common online threats.

Please see our certificate attached which certifies that our organisation was assessed as meeting the Cyber Essentials implementation profile.

Cyber Essentials Protected