Privacy Policy

This privacy policy explains how and why Bond collects and uses your personal data when you visit our website, become a member, sign up to our events or training, partner with us or provide funding to us, or when you provide services to Bond or apply for a job with us.  

It is important that you read this privacy policy so that you are aware of how and why we use your personal data. You should read this policy together with our terms and conditions

This policy is updated from time to time and the latest version is published on this page. This policy was last updated on 30 September 2024.

If you have any questions about this policy, please email [email protected].

1. Who are we? 

When we refer to “we” or “us” in this privacy policy we are referring to the charity British Overseas NGOs for Development, or Bond for short. Our address is Regent’s Wharf, 8 All Saints Street, London N1 9RL, United Kingdom. 

We are a controller of your personal data, which means we are responsible for deciding how we hold and use personal data about you. We are registered with the Information Commissioner Office with registration number Z9211841. 

2. What do we mean by personal data? 

Personal data means any information from which you can be identified, such as your name, your home or email address, or your telephone number. Personal data does not include information where your identity has been removed (anonymous data). 

Special category data means any personal data about your race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation. These types of personal data require a higher level of protection. 

Criminal offence data means any personal data relating to criminal convictions and offences. It also covers related security measures, such as personal data about penalties and conditions or restrictions placed on an individual as part of the criminal justice process. Criminal offence data also requires a higher level of protection. 

3. How we collect and use your personal data 

Our website is not intended for children and we do not knowingly collect data relating to children. 

When you use our website, we may collect the following types of personal data: 

  • technical data such as your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the website; 
  • usage data including information about how you use our website and services; and 
  • any personal data that you provide when you fill in a form on our website.  

We collect this information through cookies, if your browser accepts them. To find out more about cookies and how we use them, see our Cookies page. 

We will only collect and use your personal data in this way if: 

you have given your consent; 

  • we need to comply with a legal obligation; or 
  • it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests – for example, to respond to a query that you send to us via the website. 

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites. 

If your organisation is a Bond member, we will ask the organisation to name someone as our main contact. We will collect and store the contact’s name, job title, email address and telephone number. We will also keep a record of that person’s contact preferences and copies of emails we’ve had with them. 

If any other people from a member organisation give us their details, we will also keep a record of their name, job title, email address and telephone number, as well as a copy of correspondence we’ve had with them. 

We rely on our legitimate interests to collect and use personal data in this way as it enables Bond to deliver our membership services to organisations, and to individual contacts at those organisations.  

CEOs of our member organisations will receive our CEO newsletters, unless you tell us that you don’t want to receive these. There is always an unsubscribe option on our newsletter communications, or CEOs can contact us at [email protected] to opt-out.  

We may also ask other contacts at our member organisations if you would like to receive our newsletter and email communications. We will only use your personal data to send you these types of communications if we have your consent. 

We keep details of contacts at our member organisations for the duration of the membership or until the person leaves the organisation, if sooner. If an organisation ceases to be a member of Bond, we keep contact details for 3 years in order to help us monitor membership engagement levels. 

When you sign up to attend our events  

If you sign up to attend a Bond event, we will ask you to give us your name, the organisation you work for and your job title, and your email address.  

We will use this personal data if it is either: 

  • necessary for us to enter into, or perform, a contract with you in relation an event booking; or 
  • because we have a legitimate interest to provide information about the event to you. 

For certain events, we may also ask you to provide additional information such as your gender, or any access or dietary requirements that you have. We will only ask for additional information if it is necessary and it is up to you whether you provide this information to us. If you choose to provide additional information, you consent to Bond using that personal data for the event, which may include sharing it with our event partners. You will always have the option to indicate that you would “prefer not to say” if you do not want to share additional information. We will delete any additional information that you provide 3 years after the event.  

We will sometimes ask you if you would like to hear from one of our partners, for example if we are putting on a joint event with another organisation. We will only use your personal data in this way if you give your consent. 

We will keep a record of the events that you have attended for 3 years after the date of the event. We use this information for monitoring purposes. 

If you apply for a role with Bond, we will ask you to provide the following personal data as part of your application: name; contact details (home address, telephone number, email address); age; and information in your CV, biography and/or cover letter such as your employment history and qualifications. 

If we ask you to attend an interview, we will keep a copy of information that you provide to us during the interview and copies of any tests that we set as part of the application process.  

We keep copies of all correspondence with you during the recruitment process. We will also collect and retain details of your referees and information provided in references. 

We carry out pre-employment checks, including right to work checks and (where applicable to the role) criminal record checks. We will keep a copy of your documents, such as your passport and visa, to evidence your right to work in the UK. We will also keep a record of any criminal record check that is carried out. 

We may collect and use special category data as part of a recruitment process, such as information about your race or ethnicity, religious beliefs, sexual orientation and political opinions or information about your health, including any medical condition. 

We collect the majority of this personal data directly from you during the recruitment process. We also collect additional personal data from third-parties including criminal records checks carried out through the Disclosure and Barring Service and information from your named referees. 

We use your personal data in this way if we have a legitimate interest to: 

  • assess your skills, qualifications, and suitability for the role; 
  • carry out background and reference checks; 
  • communicate with you about the recruitment process; and 
  • keep records related to our hiring processes. 

Sometimes we may need to use your personal data in a recruitment process if we need to comply with a legal or regulatory requirement – for example, to carry out certain pre-employment checks. 

If we use your special category data as part of a recruitment process, we will usually ask for your explicit written consent, except where we use criminal offence data or equalities monitoring information for reasons of substantial public interest. 

If you are unsuccessful in your application, we will keep your personal data for 6 months after we have communicated to you our decision about whether to appoint you. 

Bond receives funding from trusts, foundations and Government departments. We ask our funders to give us details of a contact at the organisation and we keep a record of that contact’s name, job title, email address and telephone number.  

We rely on our legitimate interests to collect and use personal data in this way as we only use these contact details to communicate with our funders about the support that they provide to us. 

We keep details of these contacts for the duration of the period that the funder provides support to Bond and for 7 years after funding comes to an end, so that we can get in touch if our auditors, accountants, or regulators ask us to provide additional information about funding that we have received.  

Bond works with a variety of corporate partners, including recruiters and directories. We keep a record of contacts at our corporate partners, including the contact’s name, job title, email address and telephone number.  

We also keep contact details of stakeholders, such as MPs or advocacy contacts. We keep a record of their name, email address, telephone number and social media handles.  

We rely on our legitimate interests to collect and use personal data in this way as it enables Bond to keep in touch with key partners and stakeholders about work that we are doing with them, and about opportunities that may be of interest to them.  

We sometimes ask contacts at our corporate partners if they would like to receive our newsletter and email communications. We only use personal data to send these types of communications if we have your consent. 

We keep details of contacts at our corporate partners for the duration of the time that we work with the organisation, or until the person leaves the organisation, if sooner. If we stop working with a corporate partner, we keep contact details for 3 years for internal monitoring and reporting purposes. 

When we work with third-party suppliers or consultant companies, we collect and store details of key contacts at those organisations including: name, job title, address, email address and telephone number. We also keep a record of correspondence that we have with those contacts. We rely on our legitimate interests to collect and use personal data in this way as it enables Bond to work effectively with our suppliers and consultant companies.  

When we work with individual consultants who provide services to us, we keep a record of their name, address, email address and telephone number. We also ask for bank account details for payment purposes. 

We keep details of suppliers and consultants for the duration of the period that we work together (or, in the case of suppliers or consultant companies, until the person leaves the organisation, if sooner). If we stop working with a supplier or consultant, we keep personal data 7 years. 

4. Sharing your personal data 

We only ever disclose your personal data to a third-party if we are satisfied that it is lawful and fair to do so. Examples of when we might share your personal data with someone outside of Bond include: 

  • when we work with consultants and service providers who assist Bond with our work;  
  • when we work with professional advisers, for example, our accountants, auditors, bankers, insurers and lawyers; 
  • if we are under a legal duty to disclose or share your personal data, for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime; 
  • where we need to share your personal information with a regulator, for example, making returns to HMRC or reports to the Charity Commission 
  • as part of a sale, transfer or merger of parts of our organisation or our assets. 

5. Data Security and international transfers 

5.1 Security 

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.  

Transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk.  

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. 

5.2 International transfers 

The personal data that we collect from you may be transferred to, and stored at, a destination outside the UK or the European Economic Area (EEA). For example, it may be used by one of our international suppliers.  

Whenever we transfer your personal data outside the UK, we put in place safeguards to ensure it continues to be protected. Please contact us if you have questions about international transfers of personal data.  

6. Data retention 

We will only keep your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of a legal claim connected to our relationship with you. 

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. 

7. Your rights 

You have the right to: 

  • Request access to your personal data (commonly known as a subject access request). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. 
  • Ask us to correct personal data that we hold about you which is incorrect, incomplete or inaccurate. 

In certain circumstances, you also have the right to: 

  • Ask us to erase your personal data from our files and systems where there is no good reason for us continuing to hold it. 
  • Object to us using your personal data to further our legitimate interests (or those of a third party) or where we are using your personal data for direct marketing purposes. 
  • Ask us to restrict or suspend the use of your personal data, for example, if you want us to establish its accuracy or our reasons for using it. 
  • Ask us to transfer your personal data to another person or organisation.  

You also have rights in relation to automated decision making which has a legal effect or otherwise significantly affects you. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces significant legal effects concerning you. 

If you have given your consent to us processing your personal information, you have the right to withdraw your consent at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information and, subject to our retention policy, we will dispose of your data securely. 

If you want to exercise any of these rights, please email [email protected].

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 

8. Queries or Complaints 

If you have any questions about this privacy notice or how we handle your personal data, please email [email protected].

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues – https://ico.org.uk/make-a-complaint/