Donor Whisperer GDPR Policy (August 1st 2020)


At The Donor Whisperer we adhere to the EU’s General Data Protection Regulations (GDPR).

This policy explains how we collect and treat any information you give us. You won’t find any complicated legal terms or endless passages that don't make any sense. We want to make sure you know exactly what you are agreeing to.

Our policy covers

  1. Why we value your privacy
  2. How we collect information
  3. What we use your information for
  4. Who’s responsible for information at the Donor Whisperer
  5. Who has access to information about you
  6. The steps we take to keep your information private
  7. How to get us to change or remove your data
  8. Your rights under GDPR
  9. How to complain
  10. Changes to the policy

1- Why we value your privacy

We value your privacy as much as we do our own, so we’re committed to keeping your personal and business information safe. 

We’ll never use your personal information for any reason other than why you gave it, and we’ll never give a third party access to it unless we’re forced to by a lawful court order.

2- How we collect information

  • When you contact Donor Whisperer via our website, we will ask for personal data which may include your name, email address and telephone number so that we can reply to your enquiry.
  • We use Facebook Tracking Pixel which builds profiles of your internet activity. Here is Facebook's GDPR Compliance.
  • Our online diary system is YouCanBookMe. Their GDPR policy is here.
  • We collect email when you sign up for our newsletters, freebies or other products. We use Kajabi and they have certified they are GDPR compliant.
  • Our customer and contact database is called Capsule CRM. They have certified they are GDPR compliant.
  • If you go on to be a customer, we will add you to our financial system, FreeAgent. Their GDPR policy is here.
  • If you are a customer you may chose to pay by card via Stripe. Their GDPR statement is here.
  • When we do online research interviews, these will be recorded on Zoom. Zoom’s GDPR compliance is here.
  • We store key documents, including interview transcripts, on Dropbox (we use two-factor authentication). Here is their privacy policy.
  • We sometimes ask extra questions of our potential clients to make sure that we are a good fit for your needs, or refer you elsewhere (only with your consent). We do this using Typeform, and their data security policy is here.
  • All our computers are password protected. We always use a second layer of authentication where this is available.

3- What we use your information for

We use your contact information to send you details of our products and services. When we do, you have the option to unsubscribe from these communications and we won’t send them to you again. We might also email or phone you about our products and services, but if you tell us not to, we won’t get in touch again. We will use your information to send you invoices, statements, or reminders. 

4- Who’s responsible for your information

Rachel, our founder, is responsible for the security of your information. You can contact her by email at [email protected] if you have any concerns about the information we store.

5- Who has access to information about you

When we store information in our own systems, only the people who need it have access. Our management team have access to everything you’ve provided, but individual employees have access to only what they need to do their job.

We stand against state surveillance. There may however be times when we are compelled by government or other state agencies to disclose information we hold. To date this has never happened.

We will only release your data on production of a lawful court order. In addition, we will, unless the court says we may not, let you know if your data is requested in this way.

6- The steps we take to keep your information private

Where we store your information in online services, we restrict access only to staff who need it.

Where it is offered, we use two-factor authentication for all online services.

Donor Whisperer’s own computers are all password protected and use external authentication.

7- How to get us to change or remove your data

We want to help. As it is your data, our starting presumption is that we will make the changes you need.

You can unsubscribe from our marketing at any time (at the bottom of every Kajabi email).

You have a right to see, and correct other data we hold on you. Please just contact [email protected]

8- Your rights under GDPR

The right to be informed – You have a right to know about our personal data protection and data processing activities, details of which are contained in this policy.

The right of access – You can make what is known as a Subject Access Request (“SAR”) to request information about the personal data we hold about you (free of charge). If you wish to make a SAR please contact [email protected]

The right to correction – Please inform us if information we hold about you is incomplete or inaccurate in any way and we will update our records as soon as possible, in any event within 24 working hours. We will take reasonable steps to communicate the change to any third parties to whom we have passed the same information.

The right to be forgotten – Please notify us if you no longer wish us to hold personal data about you (although in practice it is not possible to provide our Service without holding your personal data). Unless we have reasonable grounds to refuse the erasure, on receipt of such a request we will securely delete the personal data in question within 24 working hours. The data may continue to exist in certain backups, but we will take steps to ensure that it will not be accessible.We will communicate the erasure to any third parties to whom we have passed the same information.

The right to restrict processing – You can request that we no longer process your personal data in certain ways, whilst not requiring us to delete the same data.

The right to data portability – You have right to receive copies of personal data we hold about you in a commonly used and easily storable format (please let us know a format which suits you). You may also request that we transfer your personal data directly to third party (where technically possible).

The right to object – Unless we have overriding legitimate grounds for such processing, you may object to us using your personal data if you feel your fundamental rights and freedoms are impacted. You may also object if we use your personal data for direct marketing purposes (including profiling) or for research or statistical purposes. 

Rights around automated decision making – You have a right not to be subject to automated decision-making (including profiling) when those decisions have a legal (or similarly significant effect) on you. You are not entitled to this right when the automated processing is necessary for us to perform our obligations under a contract with you, it is permitted by law, or if you have given your explicit consent. At Donor Whisperer we do not use these sorts of techniques.

Right to withdraw consent – If we are relying on your consent as the basis on which we are processing your personal data, you have the right to withdraw your consent at any time. Even if you have not expressly given your consent to our processing, you also have the right to object (see above).

9- How to complain

We take complaints very seriously. If you’ve any reason to complain about the ways we handle your privacy, please contact [email protected]

10- Changes to the policy

If we change the contents of this policy, those changes will become effective the moment we publish them on our website.