Read Easy Privacy Notice
We respect your privacy. This Privacy Notice explains how we collect, use, disclose and protect your personal data. Please review it carefully. It contains information about who we are, how and why we process your personal data, your rights and how to make a complaint.
Read Easy UK (“REUK”, “we”, “our”, “us”) is a charity registered under charity number 1151288 with the object of advancing education of the adult public in literacy. We are an umbrella organisation that works to promote and support locally-run, affiliated adult literacy groups (“Affiliated Groups”). Each Affiliated Group is legally and financially independent and, as part of a network of groups, provides one-to-one reading coaching for adults with reading difficulties, using trained, volunteer coaches.
This Privacy Notice applies to:
- individuals who use our services (“Readers”);
- visitors to our website (readeasy.org.uk) (“Website”);
- donors; and
- prospective volunteers and employees
(“Data Subjects”, “you”).
During the course of our activities it may be necessary for REUK and its Affiliated Groups (together, the “Organisations” and each “an Organisation”) to collect, store, use, process and be responsible for certain personal data about you.
When we do so, we are subject to UK data protection laws – in particular, the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.
For the purposes of those laws, we are a ‘controller’ of personal data – we determine when, the purposes for which and the manner in which personal data is processed. In relation to certain personal data, we may do so jointly with each Affiliated Group as joint-controllers.
Our contact details are:
Postal Address: Data Protection Compliance, Read Easy UK, The Old Post Office, Bell Lane, Blockley, Moreton-in-Marsh, Gloucestershire, GL56 9BB
Telephone: 01388 435021
Data Protection Manager: Faye Padfield (Head of Administration & Finance)
Our Data Protection Manager is responsible for overseeing questions relating to this Privacy Notice. Please contact her using the above details if you have any questions about this Privacy Notice, would like to request to exercise any of your legal rights (see Your Rights below) or wish to raise any concerns (see Complaints below).
Each Affiliated Group shall nominate a member of the Management Team to be its “Data Protection Champion” (the day-to-day contact who deals with data protection queries for that local group). If you are part of a local group, please contact your Data Protection Champion in the first instance, whose details you can obtain from your group’s Coordinator or Pioneer.
Our Web Site
Our Website is not intended for use by children (those under the age of 16) and we do not knowingly collect or use data relating to children.
This Privacy Notice informs you about how we look after your personal data when you visit the Website, your legal rights and how data privacy laws protect you.
Our Website may contain links to third party websites or you may have entered our Website via another website. Please be aware that REUK is not responsible for the privacy practices of such third party websites and we encourage users to read the privacy notice of every website that collects personal data.
Personal Data We Collect
We may collect, hold, use, store and transfer the following different types of personal data about you:
- “Identity data” includes first name, maiden name, last name, marital status, title, date of birth, age, title and gender;
- “Contact data” includes address, email address and telephone numbers, company or employer name and address;
- “Financial Data” includes bank account and payment card details;
- “Transaction Data” includes details about payments from you, including details of donations made by you to REUK;
- “Technical Data” includes internet protocol (IP) address, your log-in data, browser type and version, time zone setting and location, browser plug-in types and versions, operating systems and platform and other technology on the devices you use to access the Website;
- “Usage Data” includes information about how you use our Website and services;
- “Communications Data” includes your communications to us and preferences in receiving communications from us and our third parties; and
- “Sensitive Personal Data” includes any information you provide to us about your physical or mental health, race or ethnic origin, or criminal convictions.
We may also collect, hold, store use and transfer, for any purpose, “Aggregated Data” (such as statistical or demographic data), which may be derived from your personal data but does not reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. If we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data in accordance with this Privacy Notice.
We may require this personal data to provide our services, including to enable you to learn to read or donate to us and, if you do not provide it where requested, it may delay or prevent us providing such services.
How we collect your information
Direct Interactions and via the Website
You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you sign up to learn to read, request information, complete a survey or give us feedback.
Automated technologies or interactions
As you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our Cookies Policy for further details.
Third parties or publicly available sources
We may receive personal data about you from various third parties as set out below:
- Technical Data from analytics providers such as Google based outside the EU;
- Identity, Contact and Special Category Data from referrers; and
- Identity, Contact and Communications Data from online fundraising platforms in relation to donations you have made.
Why we collect your personal data and how we use it
REUK is committed to processing your personal data in accordance with applicable data privacy laws and with transparency and fairness.
We may only use your personal data if we have a lawful reason for doing so, such as:
- where necessary for us to comply with applicable laws or regulation;
- to take steps at your request before entering into a contract or where necessary for us to fulfil a contractual obligation;
- for our legitimate business interests or those of a third party, where we have a business or commercial reason to use your information, so long as they are not overridden by your own rights, interests or freedoms; and/or where you have provided your consent to the processing.
Special Category Data requires greater protection due to its sensitive nature and a further condition must be satisfied in order to process it. We can only process your Special Category Data where we have one of the lawful reasons set out above and you have given your explicit consent.
REUK may use your personal data in the ways and for the purposes and lawful reasons and retain it for the period set out in the table below:
|Purpose(s)||Type(s) of data||Lawful basis||Data retention|
|To register you as a new Reader (e.g. personal details, emergency contacts, criminal convictions) and to help you learn to read (e.g. reading history and records, safeguarding)||(a) Identity
(c) Sensitive Personal Data
|Necessary for our legitimate interests (to help people learn to read)
|6-7 years after you stop reading with us|
|To receive donations from you (e.g. personal details, contact details, gift aid declarations).||(a) Identity
|Necessary for our legitimate interests (to help people learn to read)||6-7 years after we receive your donation|
|To manage our relationship with you which will include: (a) Notifying you about changes to our terms or Privacy Notice; (b) Asking you to leave a review or take a survey; and (c) Responding to a message or communication.||(a) Identity
|Necessary to comply with a legal obligation
Necessary for our legitimate interests (to keep our records updated and to study how readers find our service)
|1-2 years after your last contact with us|
|To administer and protect our charity and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Identity
|Necessary for our legitimate interests (for running our charity, provision of administration and IT services, network security and to prevent fraud)
Necessary to comply with a legal obligation
|1-2 years after the data is collected for this purpose|
|To use data analytics to improve our website.||Technical||Necessary for our legitimate interests (to keep our website updated and relevant, to develop our charity)||1-2 years after the data is collected for this purpose|
|To contact you about your use of the Website
or our programs, services, products, activities, special events, or other news that may be of interest to you and for otherwise marketing our services to you
|Communication||Necessary for our legitimate interests (to develop our charity and promote our cause)||1-2 years after the data is collected for this purpose|
Generally, we do not rely on consent as a legal basis for processing your personal data, other than where required to do so by law, including where we process your Sensitive Personal Data.
Where consent is required, we will ask separately and clearly for it to be provided explicitly (affirmed by a very clear and specific (oral or written) statement). If you provide such consent, we must capture and record evidence of that consent. We will not use your personal data for a different and incompatible purpose which was not disclosed when you first consented.
You can easily withdraw consent to processing at any time and we will promptly honour your withdrawal.
Change of purpose
We will only process your personal data for the specific purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose.
If we need to process your personal data for a purpose unrelated to the original purpose, we will notify you and we will explain the legal basis which allows us to do so. We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How we share personal data with third parties
We will not sell, trade or rent any personal data to other parties in ways different from that disclosed in this Privacy Notice without first obtaining your consent.
We may provide Aggregated Data to third parties without your consent, such as information about your access to and use of the Website.
We may need to share your personal data, for the purposes set out at paragraph  above, to:
- The local Affiliated Group you are assigned to;
- External third parties, who process data on our behalf and at our instruction:
Service providers acting as processors based in the UK, who provide IT and system administration services.
Professional advisers acting as processors including lawyers, bankers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services.
- Third parties to whom we may choose to transfer or merge parts of our business or assets. If a change happens to our business, the new owners may use your personal data in the same way as set out in this Privacy Notice.
We will not share and Sensitive Personal Data with third parties without your consent.
We will not share your personal data with third parties for their direct marketing purposes.
We will not usually transfer your personal data internationally. If we should need to do so, we will ensure appropriate safeguarding measures are in place.
We will share personal data with law enforcement or other authorities if required by applicable law.
Any third party recipients of your personal data are contractually restricted from using it in any manner other than to help REUK provide its products and services.
How we protect your personal data
We are committed to maintaining data security, which means guaranteeing the confidentiality, integrity and availability of your personal data. We have implemented appropriate technical and organisational measures to ensure a level of security of your personal data, appropriate to potential risks, from the point of collection to the point of destruction, against unlawful or unauthorised processing and accidental loss, damage or destruction.We have put in place and maintain the following physical, electronic and procedural safeguards.
- To maintain confidentiality, access to your personal data is limited to those who have a business need to know it. Further, when dealing with telephone or email enquiries, we will be careful not to disclose any personal data about you without your consent. In particular, we will check the caller’s identity to ensure information is only given to those entitled to it and, if unverified, suggest the caller make a written request.
- To ensure your personal data remains accurate, the Data Protection Manager will ensure a yearly audit is carried out by each Data Protection Champion of all personal data stored by the Organisations.
- To ensure your personal data remains accurate, complete, up-to-date and relevant for the purpose for which it is processed, we and those processing data on our behalf shall check it at the point of collection and at regular intervals thereafter. Inaccuracies or outdated data shall be notified to us as soon as possible. To assist us, please notify your Data Protection Champion as soon as possible of any changes in your personal details.
- Your personal data will only be transferred to a third-party if they agree to comply with our procedures and policies or put in place adequate measures. They will only process your personal data on our instructions and only if they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator, including the Information Commissioner’s Office (ICO) and Charity Commission, of a breach where we are legally required to do so.
If you know or suspect that a personal data breach or a breach of this Privacy Notice has taken place, do not attempt to investigate the matter yourself. Please immediately contact your Data Protection Champion or our Data Protection Manager using the contact details above and preserve any evidence.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, reporting or contractual obligations.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorised use or disclosure of your personal data; the purposes for which we process your personal data and whether we can achieve those purposes through other means; and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are set out in the table in paragraph 3 above.
Some personal data, is required to be kept for 7 years after it is no longer needed for practical purposes. This period reflects legal advice REUK has received as to potential legal liabilities of the Organisations. Such personal data may be needed as evidence in an insurance or legal claim. Specifically, this includes:
- personal data of all Readers;
- reading Record Sheets of Readers with dates of reading sessions;
- Reader monitoring records;
- minutes of all Team Meetings;
- all safeguarding records; and
- financial data.
When an Affiliated Group closes, the Management Team should ensure that the information listed in paragraph  is retained and securely stored for at least seven years, and that REUK is informed of its whereabouts. Alternatively, REUK can store this information as a service to the Affiliated Group.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use it indefinitely without further notice to you.
When it is no longer necessary to retain your personal data, we will delete or anonymise it.
In relation to how we handle your Personal Data, as a Data Subject you have the rights (which you can exercise free of charge) to:
- Request access to (i.e. be provided with copies of) personal data we hold about you (usually exercised by submitting a ‘data subject access request’);
- Request correction of personal data we hold about you (though we may need to verify the accuracy of any new data you provide to us). It is important that the personal data we hold about you is accurate and current so please do let us know if your personal data changes during your relationship with us by emailing email@example.com;
- Request erasure of your personal data (i.e. ask us to remove or delete it) in certain circumstances (e.g. where there is no good reason for us to continue processing it). We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable;
- Object to processing of your personal data e.g. where we are relying on a legitimate interest (of our own or a third party) and you feel it impacts on your own interests (i.e. fundamental rights or freedoms); or
- Request restriction/suspension of processing of your personal data – e.g.:
- to ask us to establish the data’s accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- where you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party you have chosen in a structured, commonly used, machine-readable format. (This right only applies to automated information which you initially provided consent for us to use or where we used it to perform a contract with you);
Withdraw consent to our processing at any time (though this will not affect the lawfulness of any processing already carried out based on such consent). If you withdraw your consent, we may not be able to provide certain products or services to you – we will advise you if this is the case; and
Not be subject to automated individual decision making. This relates solely to automated processing (including profiling) that produces legal effects concerning you or similarly affects you.
You can obtain further information about these rights including the circumstances in which they apply via the UK ICO’s website.
Exercising your legal rights
If you wish to exercise any of the rights set out above, please:
- contact your Data Protection Champion or our Data Protection Manager using the details above;
- let us have enough information to identify you (e.g. your full name, address and date of birth);
- provide us with proof of your identity and address (a copy of your driving licence or passport or a recent utility or credit card bill); and
- let us know the information to which your request relates.
Monitoring and review of this Privacy Notice
We review this Privacy Notice annually. This version was last updated on 26th March 2021. Historic versions can be obtained by contacting our Data Protection Manager.
The Data Protection Champion of each Affiliated Group is responsible for ensuring compliance with applicable data protection laws and this Privacy Notice by their Affiliated Group. The Data Protection Manager has overall responsibility for our compliance with data protection laws and this Privacy Notice.
If you require further information on this Privacy Notice please speak to your Data Protection Champion or contact our Data Protection Manager.
You have the right under the UK data protection laws to make a complaint at any time to the supervisory authority for data protection issues in the country in which you work, normally live, or if any alleged infringement of relevant data protection laws occurred there.
The ICO is the relevant supervisory authority in the UK. You can contact the ICO by calling 0303 123 1113 or by visiting https://ico.org.uk/.
We would appreciate the chance to resolve any query or concerns you may have before you approach the relevant data protection authority, so please do contact your Data Protection Champion or us (using the contact details above) in the first instance.