Privacy statement

At Crisis we are committed to making sure that your personal information is protected and never misused.  

When we talk about 'personal information' here, what we mean is any data which could directly or indirectly be used to identify you - for example your name, email, your computer's IP address or information we hold to help support those that use our services such as date of birth or career history. 

Our privacy policy explains what information we collect, why we collect it, how we use it, and explains the control you have over your personal information and the procedures we have in place to protect it. It applies to personal information we collect through our services and marketing communications including our website, email, SMS, in person, post and by telephone.   

We take responsibility for the personal information we collect about you, and we aim to be transparent about how we handle it, and give you control over it.  

If you have any questions, comments or concerns about any part of this policy or how Crisis handles your information please contact our Data Protection Officer:  

Beverley Adams-Reynolds  
The Data Protection Officer   
Crisis UK   
66 Commercial St   
London E1 6LT   

Or by email:    

Crisis Privacy Policy

Crisis takes the protection of your personal information seriously. Our values include treating everyone with dignity and this includes making sure we keep your privacy in mind.

Crisis never sells or exchanges our supporter's information with other organisations. ('Supporters' means people who have volunteered, fundraised, campaigned or donated to Crisis).

This privacy policy tells you;

  • what information we collect about you
  • the ways in which Crisis collects your information when you support us
  • our legal basis for using that information
  • what the information may be used for.

This privacy policy also outlines your rights about your personal information.Crisis takes the protection of your personal information seriously. Our values include treating everyone with dignity and this includes making sure we keep your privacy in mind.


We consider your privacy in everything we do. Privacy policies can be complex. We have tried to make ours as clear and as accessible as possible. We have also summarised how we handle your personal information at Crisis in our privacy principles below. 

At Crisis we are committed to protecting your privacy and handling your personal information in the right way and as you would expect it to be handled:

  1. We will only ask for or collect the personal information that we need to run and improve our services and to talk to you about our work - such as volunteering, fundraising, donating and campaigning.
  2. We give you control over the personal information we hold about you to make sure it is accurate.
  3. We make sure your personal information is always secure and protected.
  4. We are fair and transparent about how we use the personal information we hold.
  5. We only ever use your personal information for the purpose that you trusted us to use it for.
  6. We will never sell your personal information and only share it as outlined in our privacy policy, or when you ask us to.
  7. We respect your choices and will tell you if there are important changes that affect your personal information or how we use it.
  8. We take responsibility for the personal information that we hold about you. 

Who we are

Crisis is the national charity for homeless people. We help people out of homelessness directly and we campaign for the changes needed to solve it altogether. We work side by side with people to help them rebuild their lives. From decades of experience of working with thousands of homeless people, we know what's needed to leave homelessness behind for good. We use this experience to shape the services we provide and the changes we campaign for.

Crisis UK is a registered charity in both England and Wales, and Scotland. Our registration number for England and Wales is 1082947, and for Scotland it's 040094. Crisis at Christmas is also a company limited by guarantee – Company number 1949056.  

What we do

Every bit of our work contributes to our mission to end homelessness. The services we provide are informed by our decades of experience working with homeless people, and the research we've carried out over the years. Our research is driven by what we know from working side-by-side with homeless people every day. This experience and knowledge informs our campaigning for permanent change.

Our services

We support people out of homelessness for good. We do this with education, training, health services and help with housing and employment. We offer one-to-one support, advice and courses for homeless people in 11 areas across England, Scotland and Wales. 


We help people who are homeless to find and keep a rented home. We do this by working with landlords to make sure there are suitable places to live and by giving homeless people the tools and information they need to rent successfully. 

Research and campaigning

We carry out pioneering research into the causes and consequences of homelessness, and campaign for changes that can end homelessness for everyone, for good. 

At Crisis our objectives are to:  

  • Run high quality services that help people have stable homes, financial security, better well-being and more positive relationships.  
  • Develop and deliver a range of housing solutions.  
  • Be the leading source of knowledge on the causes, effects and solutions for single person homelessness.  
  • Influence opinion, public policy and raise awareness so that homelessness matters to more people.  
  • Raise funds to support what we do currently, and helps us to do more. 
  • Develop our people, our systems and how we work to make everything support Crisis' work, growth and development.  

Our full strategy for 2018-23 can be downloaded here.

We are not interested in collecting every personal detail about you. Our main reason for collecting personal information is to run our services and support our work to help end homelessness. To end homelessness we need to fund our services, carry out research and campaigning work through charity fundraising and by attracting volunteers to support us.

Crisis defines personal information as any information that could be used to identify an individual.

We collect personal information in a number of different ways: It could be information you may share with us, or we may collect information using other means such as through email and our website.

If you support Crisis (for example if you volunteer, fundraise, donate or campaign for us) we collect and use personal information such as an individuals name, postal address, email address and phone numbers. We will also hold details of any donations or transactional services you may make with us, together with your marketing communications preferences. We will hold a record of our communications with you and any communications with us.

If our telemarketing partner - Ethicall - contacts you as one of our supporters, the calls are recorded and sent securely to Crisis. We can use these to confirm that you gave oral consent to update your marketing preferences.

Calls to our in-house supporter services team are not recorded, but our out of hours supporter service is managed for us by Angel Fulfilment Services and we can access these calls to assure the quality of the call, and to verify content where necessary.

If you have kindly added Gift Aid to a donation we must record the fact that you are a UK taxpayer. HMRC requires that we maintain a record of that Gift Aid for seven years after your last donation to us.

As a volunteer we ask for your personal contact information, and we ask for some (optional) information which we use to provide some equality and diversity information to make sure our Diversity and Inclusion Policy is working.


If you visit one of our Skylight centres, cafés or shops your visit may be recorded on CCTV. Crisis maintains CCTV in all our premises for the safety and security of our staff, members, and volunteers who work there, and to support any investigation to criminal activity that may take place in or around our premises. Images are kept for a maximum of 30 days, but the retention periods vary from site to site according to what the CCTV system they use.

Crisis’ main purpose is to run services that help people to get out of homelessness - for good. We can only manage that by raising funds from people who share our values and goals. As someone who donates to us we use your information to make sure you only hear about the areas of our work that you're interested in and support.

We do not believe in hiding how we work, and we aim to be totally honest, clear and transparent in everything we do. This includes how and when we collect personal information, where it is kept and how we make sure it is kept safe and secure. In the sections below we explain the different reasons why we collect this information. Your information might not be used for all the reasons below - it will depend on your relationship with us, whether you use our services, support us through our campaigns, appeals or fundraising activities, or donate your time as a volunteer. 

Purpose and what this means:

Running Skylight services  

If you access our Skylight services we will collect personal information about you. We use this to assess eligibility to services, and to make sure we support you in the best way possible. If you are joining Crisis as a member we will collect some information like contact details and whether you have any special health conditions we need to be aware of. We also collect some information like gender, or what languages you speak for inclusion purposes. We also collect some information (such as criminal convictions) to keep everyone safe. With your explicit consent we will share this information with local services who can also help you. We will only ever share information without consent if it is to protect the safety and well-being of someone we believe is at risk of harm, for legitimate police requests to support a serious criminal investigation, or if we are directed to share information by a court order. 

Our Christmas Service  

Each year we open centres across the country, bringing festive cheer, activities, good food, shelter and health-related support to homeless people (our guests) who join us for the Christmas period. When you join us as a guest at Christmas, we collect personal information (including some health information). This is to make sure we give you the best support, and also encourage you to start a longer-term relationship with us.

Fundraising and marketing 

We use a range of fundraising and marketing activities as all major charities do, to raise income and promote our aims and goals. At Crisis we use a variety of marketing activities and channels like direct marketing, events, raffles, campaigns and appeals (in print, broadcast - TV and radio - and digital) to generate income, and encourage people to volunteer. This might include talking to you about these activities through our outbound telemarketing partner Ethicall. In partnership with GB Group PLC , Ethical pass existing phone numbers to GBG to check the validity of the number before calling you.

Our Christmas appeal is the biggest appeal of our year. It gives us an opportunity to raise awareness about our year-round services and creates awareness about our campaigning and policy work to end homelessness for good. If you are a Crisis supporter we rely heavily on contacting you, and potential new supporters, by post to generate the funding we need to open doors for the thousands of people who turn to us, not only at Christmas but throughout the year. To achieve this Crisis rent contact lists through our creative partner organisation Catalyst to make sure we reach as wide an audience as possible.

Research and surveys 

We welcome our supporters’ views on the effectiveness of our services and our campaigning activities. We may therefore occasionally use the contact details we have for you to ask you to participant in on-line surveys and research to ensure that we are meeting your expectations in our efforts to end homelessness. To fulfil this we use an external service provider Typeform  - an EU based company utilising Amazon Web Servers In the USA for data storage. All personal information has appropriate safeguards in place to protect in (pseudonymised) to meet GDPR requirements. 

Volunteer management

Crisis would not be able to do its work without the help of our amazing and dedicated volunteers who support our Skylight services all year round, helping us to raise funds through community and sporting events and running our shops. Our volunteer numbers grow to around 11,000 at Christmas and without them our Christmas centres would not have grown the way they have over the years. It is of great importance that if you volunteer for us that you are safe and have the best possible time while doing so. To do this we use your information to match you to the correct volunteering opportunities and to keep you updated through newsletters or dedicated emails (with your consent), to give appropriate training, and help you to deliver and promote the work of Crisis.

Wealth screening and financial profiling

Crisis does not routinely data-match to find out more information about you.

If you are a philanthropist – someone who is able to make larger gifts to us we may analyse the information we collect and use publicly available information to create a profile of your interests, preferences and level of potential future donations so that we can contact you in the most appropriate way. We will always tell you if we are holding additionally sourced information and we always respect your right to have this information deleted.

We use research bodies such as Factary to help research philanthropic giving to other organisations, and MINT UK and Mouseprice to identify individuals, trusts or companies with a philanthropic interest in our cause. This helps us to understand the philanthropic landscape better, to gain an understanding of which types of donors are giving, at what levels and to what causes. This helps us to shape our fundraising strategy.

Staff and recruitment administration 

Crisis has grown rapidly in recent years, opening new Skylight centres, and increasing our reach to those who need our help the most. To continue to deliver our goals we have also grown our numbers of staff. We process the personal information of our employees for recruitment, staff administration, salary, pensions, health and safety, and performance management.

Crisis outsource several staff administration areas to organisations with specific expertise that we cannot develop in-house. These include remuneration (including salary benchmarking), pensions, occupational health services and legal advisory services.

Crisis needs a lawful reason to collect and use personal information. The law names six legitimate ways that we can process personal data. Of those six, we consider that five of them can be applied to Crisis’ operations:


As a supporter of Crisis we will always ask for explicit consent to send marketing and fundraising emails, and text messages. We will also ask if you want to be contacted by phone. All our telemarketing campaigns are checked with the Telephone Preference Service and Fundraising Preference Service to make sure that we do not make contact  if you do not want to receive marketing communications from us.

Where we have rented contact lists from external agencies for our Christmas appeal we always check these against the Mail Preference Service and Fundraising Preference Service. 

You can of course withdraw consent at any time by contacting our supporter services team on 08000 384838 or email 

If you volunteer with Crisis we will always ask for permission to process personal information. 

Contractual relationship  

If you are a member accessing Skylight services, you are deciding to accept help and advice from us. This can be considered the basis of a contractual relationship, which means we provide you with a service in return for abiding by the 'Members' Code of Guidance'. We can only provide you with the most appropriate services if you choose to share some of your personal information (such as your name). We will use the information to support your journey out of homelessness. We will not share this information without your explicit consent unless it is to protect the safety and well-being of someone we believe to be at risk of harm, or through a legitimate police request or directed through a court order.

Legal obligation  

If you become a member, volunteer, or are someone who visits one of our cafés or shops, Crisis has a legal obligation to process health and safety information, which may include personal information in relation to incidents on Crisis’ premises. 

If you have kindly added Gift Aid to a donation we must also process some minimal information for HMRC and hold this for seven years. 

Vital interests  

If you are a member, Crisis will sometimes share personal information, without your explicit consent, to partner organisations (including the police and local authorities) if we believe that there is a real and significant risk of harm to you or another person - however this is uncommon.

Legitimate interests  

The law allows Crisis to legally collect and use (process) personal information if it is necessary for a legitimate business interest of the organisation. However it must be used in a fair and balanced way that does not impact on your rights. This includes using direct marketing for charitable purposes if there is a wider benefit to society. For Crisis this means that for our Christmas appeal we can lawfully write to you to encourage your support of our work. 

Crisis processes personal information for this purpose and under this lawful basis, there may be times where the quality of the evidence of consent may not be as robust as in recent years. In line with best practice Crisis has, carried out a balancing test to reflect how we consider we may process information under this lawful basis, which you can read here. 

You have the right to object to our lawful processing of your information. To let us know that you do not want to receive any more direct marketing please contact our supporter services team on 08000 38 48 38 or by email on  

As a Crisis member, we also consider that we have a genuine and legitimate interest in processing the information we have about you to support and help your journey out of homelessness. We have also conducted a balancing test in respect of processing member information

We have other legitimate interests holding and form processing. They are governance, publicity and income generation, operational management, financial management and control and for administrative purposes. There is more information about this below:


  • To help deliver our charitable aims (set out in our objectives) 
  • To report criminal acts and comply with law enforcement agencies 
  • Internal and external audit for financial or regulatory compliance purposes 
  • Statutory reporting for areas funded by the European Social Fund 

Publicity and income generation:

  • Direct marketing including supporter profiling for campaigns, generating income or charitable fundraising other forms of marketing, publicity or advertisement 
  • Exercising the right to freedom of expression or information, including in the media 
  • Data analysis and insight measurement, targeting and segmentation to develop corporate strategy and improve communication efficiency
  • Processing for research purposes 

Operational management 

  • Employee and volunteer recording and monitoring for recruitment, safety, performance management or workforce planning purposes 
  • Providing and administrating of staff benefits such as pensions 
  • Physical security, IT and network security 
  • Maintaining of 'do not contact' lists (suppression files) 
  • Processing for historical, or statistical purposes 

Financial management and control 

  • Processing financial transactions and maintaining financial controls 
  • Preventing fraud, misuse of services or money laundering 
  • Enforcing legal claims 

Purely administrative purposes 

  • Responding to any solicited enquiry from any of our stakeholders 
  • Delivering requested products or information packs 
  • Communications to members for appointments, classes, and health related appointments where appropriate in our Skylight centres 
  • Administering of Gift Aid 
  • ‘Thank you’ communications and receipts 

When we use your information we will always consider if it is fair and balanced to do so and if it is within a supporter's reasonable expectations. We will balance your rights and our legitimate interests to make sure that we use your personal information in ways which are not unfair or unduly intrusive.

We collect personal information that you share with us when you contact or interact with us through our website, email, phone, face-to-face, post and through our online and offline forms. You can decide not to provide certain information, or ask that any information that you have previously shared is removed - but only under certain circumstances. For example HMRC requires us to keep Gift Aid information for seven years. If this request is made, please be aware that you might not be able to take full advantage of our services or support our work to end homelessness.

For example, you might provide information to us when contacting customer service teams, making a donation, registering for an event, completing a survey, competition or questionnaire or updating your communication preferences. Through these interactions your name, address, email address, and contact number and payment information could be collected. 

Employment and recruitment personal data 

As someone who applies to work for us, your interview information is kept for the duration of your employment with us if you are successful and join us as a member of staff. For unsuccessful candidates, we keep your information for only six months after the recruitment campaign closes. 

Supporter personal data 

As a supporter, when you use our website, or get in touch with us directly to our supporter services team (or though one of our agents like our out of hours supporter care phone line), we collect information about you. This helps us understand not only your interests, but also how you may want to support and hear from us. Collecting information about those who support us helps to deliver our service and make sure that we continue to raise funds to end the injustice of homelessness. 


If you take part in the research we carry out, we will always explain the purpose of the research and ask your consent to use your information. You can withdraw from a research project at any time. 

Member personal data 

As a member who uses our Skylight services, we will collect information about you that allows us to tailor our services to support your journey out of homelessness in the best way possible. We will only share your personal information with your explicit consent except for three possible circumstances: If we believe that a person is a serious risk of significant harm, and sharing information may help to protect the person at risk; through legitimate police requests to support a serious criminal investigation; or if we are directed through a court order. 

Crisis never sells or exchanges our supporter information with other organisations. 

Member information 

Under all data protection law in the UK and EU, certain categories of personal data are classed as ‘special category’ or ‘sensitive’. As a Crisis member we do ask you to provide us with some special category information to help us understand your needs and support the research we do (anonymised). Special category information includes your ethnicity, sexuality, any expressed religious beliefs, health data, self-disclosed criminal convictions and expressed political opinions. As a member if you don’t want to share these details with us that is perfectly OK, but we may not be able to offer the full range of services available through our Skylight centres. 

Job applicant information 

If you apply for a job with us, and share sensitive information as part of the application process, the information will be stored in a personnel record if you are successful, or for six months after the closure of the recruitment campaign if your application has been unsuccessful.

Supporter information 

As a supporter it is less likely that we may process sensitive information - but we might if you are participating in an event or working as a volunteer in one of our shops, and we need to make sure we provide appropriate facilities to support specific health issues. 

Credit or debit card information 

As a supporter, if you use a credit or debit card to make a donation to us, your card details are processed through our payment-processing partner - Worldpay – as part of the payment process. We do this in accordance with the Payment Card Industry Security Standards. We also accept payments through Paypal. 

Crisis also accept contactless donations using Liberty Pay where Allied Irish  provide merchant bank services. In these instances, your card details may be transferred outside the EEA by the service provider. Please check their websites for further details.

For payment for goods at pop-up events, Crisis use Izettle to facilitate card transactions.

Most of the information we hold is given to us directly by you during your interaction with our website, our services, or supporter activities such as fundraising. We may also receive your information when you donate to us through third party services like Just Giving, Virgin Money Giving, and Payroll Giving Agencies. 

For our Christmas campaign we use external agencies to help us attract new supporters (volunteers, campaigners, fundraisers and donors). This is managed by our creative partner Catalyst. Catalyst provide us with the contact details of people who have expressed an interest in the work of charitable organisations and have agreed to receive communications from charities. We do not retain the details of everyone who receives a letter from us and only hold the information of those people who kindly go on to make a donation to us.

In some situations, we may update your information through other agencies; for example to check that we have a valid postal address, or to check whether you are registered on the telephone preference service or fundraising preference service

Crisis applies to trusts and foundations for funding towards our services. These organisations have been established to give grants and seek applications from charities that share similar values and goals. We research each organisation thoroughly before applying on either an invited or a speculative basis. In order to facilitate this process, we will retain contact details on our database. If a trust or foundation does not wish to support us at the time of application, we will retain these details for future applications. If any trust or foundation does not wish to be contacted now or in the future, we will respect their wishes - removing them from our active list and deleting all personal details.

Through our shops Crisis has an ethical furniture range that is assembled in our Merseyside Skylight – purchases go towards giving a homeless person both the experience of working in a team environment, and also supporting our skylight centre activities. When you buy a piece of furniture we will collect your information to process the purchase and deliver the furniture where you have asked us to do this. We will not use your information for marketing purpose unless you have asked us to do this. Where you ask us to deliver your furniture, we pass your contact details to our suppliers purely for this purpose.


We only keep your information for as long as we need to, to be able to use it for the reasons given in this privacy policy.  

In general terms we remove identifiable personal information from our records five years after the date of your last interaction with us. In most cases this represents seven years after the last financial transaction. There are two exceptions to this:  

  1. Where someone has kindly left Crisis a gift in their Will. In these cases we will maintain our records of that pledge to carry out legacy administration and communicate effectively with the families of people leaving us a legacy.  
  2. Where someone has kindly added Gift Aid to a donation to us, we are required by HMRC to retain those details for seven years after the last donation. If you request that we will delete your details, we must retain a minimum level of information to support this legal requirement from HMRC.  

As one of our members, we will keep your personal information for up to four years after you last engaged with us, except where you used a service that received external funding, as we are legally required to keep that information for longer. On request, we will delete information except if we have a legal or contractual basis to retain minimal information for example, if you had a reportable accident in one of our Skylight centres, we would be legally required to retain Health and Safety records for three years.  

For volunteers we keep information for four years after your last interaction with us.

If you support us by actively campaigning on our behalf, we will keep your information for five years after your last campaign activity in order that we can keep you updated on campaign progress or new campaigns that we are leading on.

If you apply to work for us, your interview information is kept for the duration of your employment with us if successful and join us as a member of staff. For unsuccessful candidates, we keep your information for only six months after the recruitment process ends. 

If you take part in research carried out by Crisis, we will always explain the purpose of the research and ask for consent to use your information. You may withdraw from a research project at any time. Research will be anonymised and only held for as long as the research is relevant to our work - for example to show trends like the reduction or increase in homelessness by region across Britain.  

We will only send digital marketing communications when you have told us that you are happy for us to.  

As a supporter you can change the way that we contact you in the following ways;  

Opt-in/start contacting me: 

If you hadn’t previously asked us to send you marketing communications, you can ask us to start contacting you (sometimes called an "opt-in") by calling our supporter services team on 08000 38 48 38 or emailing us at 

Changing communication preferences: 

If you have previously said that you would like us to contact you ("opted-in") but you want to change or update that, just call our supporter services team on 08000 38 48 38 or by emailing us at 

Opt-out/stop contacting me:

If you want to stop receiving communications from us (sometimes called "opting out"), you can by calling our supporter services team on 08000 38 48 38 or emailing 

Philanthropic supporters

As a philanthropist – someone who is able to make larger gifts to us - we will automatically opt you out of our general fundraising correspondence and organisation wide mailings. This means all the contact you have with us is completely bespoke to you, and matches the level of involvement you want with Crisis. Please let us know how you’d like to be contacted by the philanthropy team by either calling 020 7036 2620 or emailing

It is also important for us to be able to contact you by post to administer your gift and acknowledge your support. However, if you would rather not receive post, please let us know by either calling 020 7036 2620 or emailing

Supporter information  

Crisis doesn’t share, sell or exchange your information with other organisations to be used for their own marketing communications. However, Crisis does use external service providers to support our telemarketing, postal campaigns and email communications for marketing purposes. In these circumstances, the relationship between Crisis and the external provider is governed by a contract and strict security requirements to protect personal information. Crisis ensures that where external suppliers sub-contract elements of their service to us, that the contractual requirements levied against the main contractor are cascaded throughout the supply chain.  

We send you information about activities that you have expressed an interest in or we believe you may wish to support us with. To tailor these communications, we use a variety of both in-house and external analytic services. Some of these external analytic services are services provided outside of the UK but within the EU. Where this happens, we ensure that robust contracts are in place with appropriate data protection clauses that meet GDPR & DPA 2018 standards.

Member information  

We respect that as a member you may be required to share information with us that is often sensitive (special category data). Where we need to share this information with external agencies (such as housing authorities or services, or other charities where work in collaboration improve someone’s ability to leave homelessness for good) to help increase or progress the support available to you, we will only do this with a your explicit and informed consent. The only exception to this is where we believe that someone is at risk of real and significant harm, and the sharing of appropriate information with relevant authorities will safeguard and protect them. 

When completing training which is supported by an external accreditation agency (for example if you are using our retail training programme) we will share your details with the training provider.

Our Crisis Skylight in Brent works in partnership with Homeless Link, who process personal data on our behalf through a third-party organisation - Salesforce. Data is stored within the EEA, but may be backed-up outside of the EU. Where data is backed-up outside of the EU we ensure that appropriate technical and organisational safeguards are in place to maintain the safety and integrity of the data. Salesforce are certified on the EU-US Privacy Shield. 

Volunteer information 

We only share volunteer information in very limited circumstances; for example where there is a serious safeguarding issue relating to you as a volunteer - we have a duty to refer it to the Disclosure and Barring Service.

Transfer of personal information overseas 

Under data protection law organisations that want to transfer personal data outside of the EU must assess whether the country the data would go to has an adequate level of protection for individuals. The European Commission decides whether countries are considered adequate, either partially or fully. Several of the contracted suppliers that Crisis works with store information outside of the EU. These are usually where we have embedded a data capture form in our website, and the data you enter is transferred securely to our overseas contractor for processing. Data is stored in both the USA and Canada through three key suppliers: Sendgrid (USA), Amazon Web (via Typeform) servers (USA) and Engaging Networks (Canada).

The EU has published a partial 'finding of adequacy' for Canada which excludes not-for profit bodies, we therefore utilise the EU standard contractual clauses as a lawful basis to transfer information to our processor. Crisis also ensures that information is secure both in transit and at rest with the supplier – Engaging Networks.

For suppliers in the USA we rely on the legal framework of adequacy under the EU-US Privacy Shield. This is a binding legal instrument under European law which can be used as a legal basis for transferring personal data to the USA. The Shield contains many strong privacy requirements including the companies who receive data have an obligation to provide greater transparency about the processing they do, and tighter restrictions for forward transfers of that data. The Privacy Shield documents contain assurances from the US government that any access by their public authorities to personal data transferred under the Shield will be subject to clear limitations, safeguards and oversight mechanisms. Sendgrid’s Privacy Shield registration can be found here.

We are committed to protecting your personal information. We use appropriate technical and organisational measures, including encryption, to protect personal information and privacy, and we review them regularly. We protect your information using a combination of physical and IT security controls, including access controls that restrict and manage the way that information and data is processed, managed and handled. We also make sure that our staff are adequately trained in protecting personal information. 

Our procedures mean that we may sometimes ask for proof of identity before we share your personal information with supporters or members - for example when we contact you we will want to check that we are speaking to the owner of that personal information.

In the unlikely event of a security breach which compromises our protection of personal information, and we need to let you know about it, we will do so

Data Protection Rights  


Where Crisis is using your information with consent you can withdraw that consent at any time. You also have the right to ask Crisis to stop using your information for direct marketing purposes. Just contact our supporter services team on 08000 38 48 38 or email  

Your rights are clearly laid out in data protection law, see below for more detail. 

The Right to be Informed  

You have the right to be told how your personal information will be used. This Privacy Policy document, and shorter summary statements used in our communications, is intended to be a clear and transparent description of how your information may be used

The Right of Access  

You can write to the Data Protection Officer asking for what information we hold about you and can request a copy of that information. The Data Protection Officer's contact details are at the top of this page. From May 2018, once we are sure you have the right to see the requested records (for example: We have confirmed that you are who you say you are) we will have one calendar month to comply.

The Right of Erasure (also known as the right to be forgotten)  

You have the right to request that your information be deleted from our systems and databases but only in certain circumstances e.g. HMRC requires that we keep Gift Aid information for seven years. 

If you have been kind enough to support us and have added Gift Aid to a donation in the past, Crisis has a legal duty to retain minimal information for HMRC for seven years after your last donation.

In many cases we would recommend that we suppress rather than delete your information completely, otherwise you may be contacted in error if your details are then given to us from a third party lead generation company. 

As a member using our Skylight services you can request that your information is deleted. Each request is reviewed and where there is no legal requirement to retain information (for example health and safety, or safeguarding duty) we will remove your information. We will also ask any organisation that we have shared your information with to also delete it.

The Right of Rectification  

You have the right to ask that we correct and update factually inaccurate information that we may hold about you.

The Right to Restrict Processing  

  • You have the right to request that we restrict the processing of your personal data in certain circumstances: 
  • When you are contesting the accuracy of the data we hold, and we are verifying the accuracy of that data. 
  • When you have objected to having your information processed under the lawful basis of legitimate interest, and we are considering whether our organisation’s legitimate grounds override yours. 
  • When the processing is unlawful and you oppose erasure and request restriction instead. 
  • Where we no longer need the information, but you have requested your data from us to establish, exercise or defend a legal claim. 

The Right to Data Portability  

You have the right to data portability. This means that you can ask for and reuse your personal information for your own purposes across different services. It has been designed to allow you to copy or transfer your information from one IT environment to another - for example from one banking service to another, or one utility provider to another.

The Right to Object  

You have the absolute right to stop the processing of your personal information for direct marketing purposes, even in circumstances where we may be processing your information under the legitimate interest lawful basis. 

You also have the right to object to your information being processed for secondary purposes e.g. data analytics and insight measurement, even in circumstances where we may be processing your information under the legitimate interest lawful basis. If you wish to exercise this specific right, please let us know on

The Right to Object to Automated Decisions  

You have the right to object to automated decisions where a someone (usually a Data Controller) is using your personal information in a computerised model or algorithm to make decisions “that have a legal effect on you”. This is more likely to be applicable to scenarios such as if you have applied for a mortgage or credit card and the decision is made automatically based upon your credit profile. Crisis does not do this kind of modelling.

The Data Protection Act gives you the right to request access to the information held by an organisation – this is called a Subject Access Request. The FAQs below will help you if you want to access the personal information held about you by Crisis.

How do I make a Subject Access Request (SAR)?

You can make a request in writing or verbally to any part of the organisation, but the quickest way may depend on your relationship with us.

  • If you are a member using our Skylight services, the easiest way may be to ask the person you have been working with
  • If you are a volunteer, you may want to make your request through your volunteer coordinator
  • As a supporter making gifts to us, you can contact our supporter helpline on or call them on 08000384838


Confirming your identity

We may have to confirm your identity before we are able to process your request. This is to ensure that we disclose only your personal information to you.

If you are a member using our Skylight services or have very recently left, it is highly likely that we will not need any confirmation from you. If you left more than six months ago, we may have to confirm some of the information that you gave to us when you joined so we can establish who you are.

As a volunteer or supporter, your contact details including your home address, or the amount of a regular donation, or the date on which it leaves your bank account may be enough.

In rare circumstances, if we are not able to confirm who you are from what you share with us, we may have to ask for more formal proof of identity.

It would also be helpful if you are able to confirm how you have supported or work with us in the past.

Can I make a request on behalf of someone else?

This is only possible in limited circumstances, being

  • Where you can evidence that you have the authority of the person whose information is being requested
  • Where you are their legal representative
  • Where you have power of attorney over the individual’s affairs

What information can I ask for?

You can ask for any information that we hold, but it is helpful and speeds up the process if you can tell us if you are looking for anything specific, for example, a copy of a supporter record, a copy of member details, details of donations made.

Can I ask for emails?

Yes, it is helpful if you can specify a time period and/ or the name of the person.

How will I receive my information?

You can receive it either to an email address of your choice or as a hard copy by post to a specified address, this will always be sent signed-for delivery.

Do I have to pay for my information?

In general, no. However, if you were to make repeat requests or the volume of work is considered excessive, we can charge a reasonable administration fee.

How long does it take?

We aim to process requests as soon as possible, but within one calendar month from the resolution of any enquiries about your identity or the scope of your request. If we find that it is likely to take longer than a month, we will write to you within that month and advise you of the reason and give you a revised date by which you can expect us to complete the request.

What if I think information is missing or I have concerns about how my information has been processed by Crisis?

We will work with you if you have concerns about missing information but please note that we don’t keep information forever and have retention policies governing how long we keep information for.

We would prefer you to raise any concerns about missing information or how your information has been handled with us initially, preferably at your point of contact with the organisation. However, you may escalate concerns to our data protection officer (DPO) at any time. Your concerns will be acknowledged within three working days and we aim to resolve the issue within 15 working days.

If you are unhappy with the response from our DPO, you may escalate your concerns to our Senior Information Risk Owner who is our Director of Corporate Services. He can be contacted at

We will consider all concerns raised within a reasonable period of a SAR being completed, up to a maximum of three months after you receive your information.

You can go straight to the regulatory body, the Information Commissioner (ICO), at any time during this review process. The Information Commissioner (ICO) can be contacted at or by phone on 0303 123 1113. The ICO would, however, expect that you have sought to resolve your concerns with us before approaching them.

To help ensure our communications with you are relevant, we analyse geographic, demographic and other key characteristics and behaviours relating to you; as well as your previous responses to our marketing communications. This helps us to personalise and improve your supporter experience with Crisis and minimise wastage. Some of this analysis is based on data provided by you and some of this is provided by external organisations.

We only want to send communications that are of genuine interest and relevant to you. You are in control of how we use your personal information for marketing and fundraising purposes. Simply call our supporter service team on 08000 38 48 38, and you can update information about how we contact you, how often and what the types of fundraising communications that you receive. Alternatively, email or use our website to contact us. 

Facebook Marketing 

You may come across Crisis naturally on Facebook through your own networks, or you might be presented with a promoted advert from us. We use targeting advertising on Facebook which allows people who are interested in our work to connect with us and become a supporter. We do this to inform, educate and engage new potential supporters. 

We may provide your email address, mobile number and address to Facebook, so they can determine whether you are a registered account holder with them. Our adverts may then appear when you access Facebook. Facebook deletes that data that we provide them in an encrypted format if it does not match with an account.

Facebook is a hugely valuable tool for us and the community that we serve, which is why we use it as a platform. Facebook is a commercial company however. We want to remind our supporters and users that information shared on timelines, on our page or in private messages may be used and sold by Facebook for commercial purposes.

Crisis uses resident cookies to store data on the hard disk of computers to identify when you return to our website. If a person has cookies disabled in their browser, they are still able to use our website. Crisis uses sessions to store data on our server, which is individually identifiable. This means that a session cookie could be stored on your machine and will expire once that visit to the Crisis website has ended. The Crisis website functionality is dependent on accepting session cookies. Crisis tracks visitors to and on the Crisis website by using referrer tracking. Crisis uses click through and open mail tracking when sending emails. This gives Crisis the ability to tailor future email communications. 

By using our website, our social media pages (such as LinkedIn, Facebook, Twitter, and YouTube), subscribing to our services, and donating to us, you agree that, unless you have set your computer's browser to reject them, we can place temporary session cookies on that device and use that data in accordance with this policy.

Information we collect automatically

When you use our website, we (or our third party partners) may collect information about your device and usage of the Services.

We may use a variety of technologies (collectively, “Tracking Technologies”) to collect some of this information. Our use of Tracking Technologies is discussed in more detail in Tracking Technologies and Advertising and Analytics Services in the section below.

We (or our partners) may use Tracking Technologies to automatically collect the information described below:

Device Information: We may collect certain information about the device you use to access the Services, including but not limited to IP addresses for your devices, unique device identifiers, browser types, and browser language.
User History: We may log certain usage information about your use of our website, which may include a history of the pages you view.
Mobile/Location Information: We may collect additional information from you if you access the website through a mobile device, for example we may collect your unique device identifier, your device’s operating system, mobile carrier, or your location when you opt in for us to do so. However the degree to which your location can be identified depends on the device you are using (e.g. laptop, smartphone, tablet) and how you are connected to the internet (e.g. via cable broadband connection, Wi-Fi, etc.).
We use this information to personalise and improve your experience and deliver content or features that match your profile and interests, including to show you targeted advertising as described in Tracking Technologies and Advertising and Analytics Services



Targeted Advertising: We and our third party partners and vendors may use Tracking Technologies, such as cookies, pixels, and web beacons and collect and store information about you when you use or interact with us, marketing communications, advertising content and/or third party websites, in order to provide you with targeted advertising based on your browsing activities and interests. These third parties automatically receive your IP address or mobile device identifier when you access the Services or third party websites. They may also use Tracking Technologies to measure the effectiveness of advertisements, to personalise the advertising content, and to serve you advertisements that are relevant to your regional location.
Analytics and Ad Serving: When you access our website, our third-party vendors, including Google, use third-party cookies (such as the Google DoubleClick cookie) to serve you ads based on your previous visit to our website and other websites.

For more details on the our cookie policy and a description of the cookies we use please see our cookie policy. 

On occasion, we will use the information you provide us to target our digital and social media advertising effectively. This could include securely providing contact details such as your name and email address to digital advertising networks or social media companies such as Facebook, Google and Twitter. For example, we may use your information to enable us to display adverts to you, or to potential supporters who have similar characteristics to you.

Any information we share with social media companies will be shared in an encrypted format and will not be used for their own purposes. You can stop your information being used for this by contacting us.

Where you have asked us not to use your information for targeted digital advertising, you may still see adverts related to Crisis. This is because the social media site or advertising network may select you based on information they hold, such as your age and location, or websites you have visited, without using information that has been provided by us.

You can control the kind of advertising which you see through the relevant social media site:


This privacy policy may change from time to time. For example, we will continue to update it to reflect new legal requirements. Please visit this website page to keep up-to-date with the changes to our Privacy Policy. This policy was last updated on 5 November 2018. 

In the first instance, please talk to us directly so we can help resolve any problems or queries. Our supporter services team can help on 08000 38 48 38, or you can contact our Data Protection Officer using this email address

You can also register with the:  

  • Fundraising Preference Service (FPS). This service is run by the Fundraising Regulator and allows you to stop email, telephone, addressed post, and/or text messages from a selected charity. Use the link above, or you can call them on 0300 303 3517. Once you have made a request through the FPS, we will ensure that your new preferences take effect within 28 days.  

You also have the right to contact the Information Commissioners Office (ICO) if you have any concerns about how your information has been handled. You can use the link above or call them on 0303 123 1113.