The DofE’s Privacy Statement
The DofE’s Privacy Statement
The Duke of Edinburgh's Award (the DofE) appreciates the importance of keeping personal information private and protected for everyone associated with the Charity. This includes participants doing their DofE, the adults helping them, DofE employees and those who support the Charity.
You can be assured that we do our best to ensure that your personal information is secure so that your confidentiality is maintained. All of our data is held in accordance with ISO27001 (and independently audited by BSI ref. IS 566019), an Information Security standard to which the DofE is certified and audited against. As you would expect we adhere to the provisions of the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) that came into force on 25 May 2018, which gives you control over the information we store about you, and how we contact you in the future.
We will only use your information so we can communicate information to help you participate in a DofE programme, or support those who are participating; and to tell you about activities which may be of interest to you.
This statement explains how we achieve these goals and gives details of our privacy practices, including what information we collect about people through our website, eDofE (including mobile versions of the site) and across all our other services. It also outlines how the information will be used or disclosed, and rights with respect to our collection and use of personal data.
By using our services and providing us with your personal information you are accepting the practices described in this Privacy Statement.
In general - why we collect personal information
We collect your personal information because it helps us to support our Licensed Organisations, DofE centres, groups and participants undertaking their programmes. Additionally, it allows us to invite you to fundraising initiatives and to benefit from information and advice about expedition kit and special offers negotiated by the DofE Charity. It also enables us to give you convenient access to our online services and support mechanisms. In addition, personal information helps us to continue to develop and improve the way the DofE Charity operates and supports its network.
What information the DofE collects, why and how it is used
There are two types of information you provide us with when using our services:
- personal information provided when completing fields on our websites (e.g. in eDofE), and
- information collected by us as you interact with our services.
The information is used to provide you with a service that you have requested, to answer an enquiry or as part of our fundraising and commercial programmes. We negotiate special offers and opportunities relevant to all DofE stakeholders (including participants, leaders, volunteers and parents) – see DofE Offers section below. We may ask you to provide us with personal information on a voluntary basis in certain areas of our services. This information will be used for the purposes outlined at the time of collection.
We keep records of your activity on eDofE to help us understand how you use the system so that we can make it a more effective tool for you. You can update your unique username and password at any time on your eDofE profile. Information on ethnicity and disability are collected and used anonymously for statistical purposes by the DofE in order to make sure we are making the DofE accessible to all. We also collect the email address of the parents/carers of our participants to keep them up to date with information to help support their young person complete their DofE programme. We contact all parents/carers to obtain an opt in to this content, once opted in they can opt out at any time.
The DofE e-newsletters, magazine and other operational emails contain vital updates and useful programme information, so all participants, and the adults involved in delivering their programme will receive those appropriate to their roles.
Adults can determine the frequency of the notification emails sent out via eDofE through their eDofE account.
We may also send information about the programme and changes to eDofE and other programme-related services from time to time.
The DofE assumes that all the data entered into eDofE through a Leader recorded account or by any Leaders on behalf of a participant is dictated by participants and input directly onto eDofE. If, however, data is first collected and written down outside of eDofE, or taken from a system not owned or hosted by the DofE, then this should be kept safe and ultimately destroyed in accordance with your organisation’s own GDPR procedure and policies.
We have a range of specially negotiated offers – including branded merchandise, free prize draws, privilege discounts, expedition kit information and alumni opportunities - from the DofE and our partners to tell you about, which provide an income to the Charity.
In certain circumstances your identifiable personal information will be passed onto third parties to fulfil our obligation to you, for example a mailing company to dispatch your personalised DofE Card. In some circumstances unidentifiable personal information may be sent to an approved DofE supplier to enable a discount / benefit to be provided to you. An example of this is working with a driving insurance provider to offer DofE participants a reduced annual premium. Please see the section on ‘Who has access to your information’ below regarding how third parties use this information for more information on this.
Email communications relating to the above are not mandatory and you will need to opt into receiving this content. Once you have opted in, you can opt out at any time by the ‘unsubscribe’ function at the bottom of any email sent by us.
We may use some information that we hold about you, for example your age, what Award level you are doing, and whether you have opened and clicked through previous emails, to help us send the most relevant information to you.
For fundraising opportunities, we collect personal information when you ask about our activities over the phone, in person, by letter or in email, when you register with us for an event, make a donation, subscribe to our newsletter or otherwise give us your personal information. We use this information to provide you with the information, services or products you have asked for, process donations you have made, inform you of changes to our service and policies, claim your Gift Aid donation, send you communication that includes information about our campaigns, volunteering and fundraising activities and to detect and reduce fraud and credit risk. Whenever we call our supporters we always start by asking if they are happy to take the call. We strictly adhere to all fundraising legislation and guidelines and are registered with the Fundraising Regulator.
Through monitoring your interest in our range of products and services, we will create a profile of your preferences so that any contact we have with you is appropriate, relevant and timely. We may make use of additional information about you when it is available from external sources to help us to do this effectively. This activity is done to understand our audiences, and, for supporters, helps us to limit our communications only to those who are interested in our cause, and have the means to support us.
Who has access to your information?
The DofE will not provide any information collected that personally identifies you to any other company or organisation, unless it is required to do so by law, Court Order by other Government or law enforcement authorities or as described in this Privacy Statement.
Data collected on eDofE is shared with the relevant Licensed Organisation and DofE centre, as a necessity to enable young people to complete their DofE programme and achieve their Award and for DofE Leaders to manage programmes effectively. Participant personal information is never shared with other participants.
We may pass your information to our trusted third-party service providers and other associated organisations who are authorised to work on our behalf, for example to process donations and send you mailings such as our magazine. We disclose only the personal information that is necessary to deliver the service. In circumstances related to a certain product we will send your data to fulfillment houses; we have a written agreement with all fulfillment houses and all data is destroyed after use.
We do not store credit card details and we only share customer credit card details with our agencies involved in processing your donations/purchases.
If, however, you prefer not to enable cookies you can disable them on your PC and laptop. Please note that certain features of the DofE website and eDofE will not be available once cookies are disabled. In order to maintain the security of your session, by logging into eDofE you are giving implied consent that you are happy for cookies to be set.
As is true of most websites, we gather certain information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information, which does not identify individual users, to analyse trends, to administer the site, to track users' movements around the sites and to gather statistical information about our user base as a whole.
In some of our email messages we use a "click-through URL" linked to content. When a customer clicks one of these URLs, they pass through our web server before arriving at the destination web page. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our communications. If you prefer not to be tracked simply avoid clicking text or graphic links in the email or website.
All programme emails and information are compulsory for all participants undertaking their DofE programmes and for all adults supporting them. This is to ensure everyone receives consistent information at the same time. We will however contact you to ask for you to opt in to any other communications that are not programme related. Once you have done so you can still opt out at any time by visiting www.DofE.org/preferences. It can take up to 30 days for your preferences to be registered, therefore you may still receive email communications during this time. Please be aware that there are other instances when you may continue to receive email communications such as if you are a parent and your child has used your email address for their eDofE profile; participants receive programme emails as mandatory for their DofE programme. Please note, messages will still be posted within the eDofE messaging system, but you can choose not to receive promotional information from our partners to an external email account.
Although every reasonable effort has been made to ensure that the information the DofE provides is accurate at the time of publication, audiences who rely on any information do so at their own risk. The Duke of Edinburgh's Award does not warrant its accuracy and disclaims any liability to any third party anywhere in the world for any injury, damage, loss or inconvenience arising as a consequence of any use of or the inability to use any information on the DofE’s website and other communications to the fullest extent permitted at law.
Access and correction
You have a right to know about the personal information that the DofE holds about you and to receive a copy of that information on request. You also have a right to request corrections to, or deletion of, the information that the DofE holds about you. If you wish to exercise these rights please contact us by post or email at the address shown in the ‘Contact’ section below. We will send you a copy of all the personal data held about you. Please apply in writing to: Director of UK Services, The Duke of Edinburgh’s Award, Gulliver House, Madeira Walk, Windsor, Berkshire, SL4 1EU.
We build in safeguards to keep all your personal information as secure as is digitally possible. In addition to a rigorously enforced data handling policy, all our staff members are made aware of their obligations to keep the information for authorised use only. Of course no technology is foolproof, but we have made every reasonable effort to keep our systems up to date with the relevant protocols.
All personal data is accessible only to those who need to use it. We make that judgement based upon the sensitivity and value of the information in question; We always consider keeping personal data:
- in a lockable room with controlled access.
- in a locked drawer or filing cabinet.
- if data is computerised it is stored on network servers and on password-protected databases and not on local systems and have suitable security access levels determined, applied and monitored.
- particular care is taken of portable ICT equipment, memory sticks etc. which are password protected and encrypted to prevent unauthorised access.
- sensitive personal data is not kept on memory sticks or routinely taken from DofE premises on any form of removable media.
The security measures that we have put in place ensure that:
- only authorised people can access, alter, disclose or destroy personal data;
- those people only act within the scope of their authority; and
- if personal data is accidentally lost, altered or destroyed, it can be recovered to prevent any damage or distress to the individuals concerned.
We may need to update or modify this Privacy Statement at any time, and modifications are effective upon being posted on the DofE websites and in eDofE. You are responsible for reviewing this privacy statement periodically to ensure that you are aware of any changes to it.
Contacting the DofE
If you have any questions about this Privacy Statement, the privacy practices of the DofE or if you want to exercise any of the rights that you are given under this Privacy Statement you can contact:
- Email: [email protected]
- Post: Director of UK Services, The Duke of Edinburgh's Award, Gulliver House Madeira Walk, Windsor SL4 1EU