º£½ÇÉçÇø

Privacy policy

Who we are

The HALO Trust ("HALO") is a charity whose mission is to lead the effort to protect lives and restore livelihoods for those threatened by landmines and the debris of war. We are a registered UK charity, registration number 1001813 and registered office at One Bartholomew Close, Barts Square, London EC1A 7BL. HALO is the controller for the personal information you provide or that we collect in connection with our activities.

Data protection

We are committed to protecting your personal information and privacy. This privacy policy describes the ways that we collect your personal information, and governs how we will deal with it. We aim to ensure that any personal information we obtain and use will always be held, used and transmitted in compliance with the UK General Data Protection Regulations (UK GDPR).

Please read this policy carefully, along with our terms of use and cookie policy, to understand how we collect, use and store your personal information.

If you have any questions regarding this privacy policy, please contact our Data Protection Officer (DPO): dataprotection@halotrust.org.

Changes to this policy

HALO may occasionally amend this privacy policy to reflect regulatory requirements and changes in our information collection and disclosure practices. Any updated privacy policy will be automatically effective when it is published on our website or issued to you directly. We encourage you to check this policy periodically to review the most current version for the latest information on our privacy practices in relation to your personal information. This privacy policy was last updated in July 2025.

What is personal information?

Personal information or personal data means any information about an individual from which that person can be identified directly or indirectly. It does not include data where the identity has been removed (anonymous data). 

What personal information do we collect?

We may collect and process the following types of personal information depending on your interaction with us:

  • contact details – name, address, email address and phone number
  • payment and donation information – bank account or payment card details
  • employment information – employment and educational history (for job applicants)
  • identification documents – passport or driving licence
  • online identifiers – IP address and cookies. 

Purposes

HALO may use your personal information to help us deliver our humanitarian mission. We will always try to be as transparent and honest as possible regarding how we collect, use and store your personal information. Below we have summarised the different ways we may use your personal information, and our purposes for doing so.

Fundraising and marketing

Like all major charities, HALO undertakes a variety of fundraising and marketing activities that are aimed at raising income and/or awareness of the charity and its mission.

Some of the channels we may use to market or fundraise are: advertising (digital, print, broadcast, phone and SMS), post and promotional materials. We may communicate with you using these methods to promote HALO appeals, campaigns, trading, sponsorship, events, or volunteering opportunities. We may also ask if you are able to provide Gift Aid on any of your donations.

Staff administration, including recruitment

HALO processes the personal information of all our staff for recruitment, staff administration, remuneration, pensions, and performance management purposes.

Sharing with third-parties

HALO will not sell your personal information to third parties. However, there are legitimate situations where it may be necessary for us to share personal information with a third-party. An example could be where we are required to submit your details in order to ensure a successful VISA application process.

We may also share your personal information with service providers who help us deliver our services such as email providers and payment processors. 

Any sharing of your personal information with trusted third-parties will be carried out in accordance with applicable data protection laws, and we will ensure that appropriate safeguards and contractual obligations are in place to protect your information.

We may also share your personal information where required to do so by law – for example, with regulatory bodies, government bodies and law enforcement agencies.

In all cases, we will only share the minimum amount of personal information necessary for the relevant purpose.

Lawful processing

HALO will only collect and use your personal information when there is a lawful basis to do so. The law allows for six legitimate ways to process an individual's personal information. However, only three of these ways to process an individual's personal information are relevant to charities for the types of purposes we have listed in this policy.

  • Information is processed on the basis of a person's consent.
  • Information is processed on the basis of a contractual relationship.
  • Information is processed on the basis of the "legitimate interests" of HALO.

Consent

HALO will only send you marketing and fundraising emails, and text messages, when we have your consent. We will only collect and use your personal information and in some cases sensitive personal information in the ways we have laid out in this privacy policy.

You can withdraw or update your consent at any time for any or all of our channels or activities by contacting us: dataprotection@halotrust.org.

Legitimate interest

When it may not be practical to get consent from an individual, HALO may still process personal information under legitimate interest. This is because the law allows personal information to be legally collected and used if it is in line with the legitimate business interest of the organisation. However, the processing of personal information still has to be carried out in a fair and balanced way that does not overly impact the rights of the individual concerned.

HALO's legitimate interests

Governance

  • The delivery of our mission as set out in our strategy
  • Internal and external audit for financial or for regulatory compliance purposes
  • Statutory reporting
  • Publicity and income generation.

Publicity and income generation

  • Conventional marketing, publicity, advertising and fundraising
  • Unsolicited commercial or non-commercial messages, such as campaigns or charitable fundraising
  • Tailoring and enhancing the supporter experience across our digital and postal communications
  • Exercising of the right to freedom of expression or information
  • Analysis, targeting and segmentation of data to help develop organisational strategy and improve marketing and fundraising communication efficiency
  • Processing for research purposes, such as marketing research
  • Using publicly available information to profile potentially important supporters.

Operational management

  • Monitoring and recording information on prospective and existing employees for the purpose of recruitment, safety, performance management and planning procedures
  • Provision and administration of staff benefits and learning and development opportunities
  • Physical security, IT and network security
  • Maintenance of suppression files
  • Processing data for historical, scientific or statistical purposes
  • Financial management and control
  • Processing of financial transactions and the maintenance of financial controls
  • Preventing fraud, the misuse of our services, or money laundering
  • Enforcing legal claims, including debt collection via out-of-court procedures.

Administrative purposes

  • Responding to any solicited enquiry from any of our supporters
  • Providing products, information and/or fundraising packs requested by a stakeholder
  • Communications designed to administer existing services that an individual has asked or registered for
  • Administrating Gift Aid
  • Thank you communications and receipts
  • Administrating existing financial transactions
  • Maintenance of "do not contact lists".

Marketing preferences

We only want to contact you with information that will be of genuine interest to you as well as being relevant and appropriate. Therefore, we will only send you marketing information by email, SMS or phone if you have given us clear and specific consent to do so. If at any time you change your contact preferences or withdraw your consent and opt out, then the most recent preference will be used.

You can withdraw or update your consent at any time for any or all of our channels or activities by contacting us: dataprotection@halotrust.org.

Digital marketing

We use social media advertising tools to help us reach new supporters who may share similar interests or characteristics with our existing supporters. If you've given us permission to contact you by email or SMS, we may share limited information such as your email address or phone number with social media platforms to help build a profile of our audience and show our content to people who are more likely to be interested in our work.

Third-party websites

Our website may include links to other sites, not owned or managed by us. Please note that when you click on one of these links, you are entering another site. We cannot be held responsible for the privacy of information collected by websites not managed by us and encourage you to read the privacy statements of these linked websites as their privacy policy may differ from ours.

Cookie policy

Like most websites, we use cookies to enhance your visitor experience.

Cookies are simple text files stored by your web browser that provide a method of distinguishing among visitors to the website. These do not contain personally identifiable information and do not compromise your privacy or security. Cookies allow us to gather anonymous information. Cookies also allow us to provide more relevant, targeted content. Read our cookie policy to find out more about how we use cookies.

Transferring data outside of the UK

Where possible, all data processing will take place within the UK. HALO will only transfer your personal information outside of the UK where such transfer is necessary and only in accordance with applicable data protection laws. 

In cases where your personal information needs to be transferred to a HALO programme or service providers outside the UK, including to countries without a UK adequacy decision, we will ensure that appropriate safeguards are in place. This may include:

  • UK International Data Transfer Agreements or Standard Contractual Clauses approved by the UK Information Commissioner's Office
  • binding corporate rules (where applicable)
  • supplementary measures (eg encryption, pseudonymisation) to ensure equivalent level of protection to that guaranteed in the UK.

Data retention

We will process, store and dispose of personal your personal information in line with our document control procedure, record retention procedure and information security management manual.

We will only retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including to satisfy legal, accounting or reporting requirements. 

Our retention periods are determined by best practice and/or legal requirements.

Security

We have implemented appropriate administrative, technical and organisational measures designed to protect your personal information from the risk of disclosure, destruction, loss or accidental, unlawful and unauthorised alteration, access and use.

Our security measures include encryption when transmitting your personal data, firewalls to prevent unauthorised access to your personal information, and access controls to restrict access to personal information to our employees, contractors and agents who need that personal information in order to process it. Anyone with this access is subject to confidentiality obligations and may be disciplined or terminated if they fail to meet such obligations.

Data protection rights

You have certain rights with respect to your personal information, including the following.

  • Right to be informed: You have the right to be told how your personal information will be used. This privacy policy is designed and intended to be a clear and transparent description of how your data may be used.
  • Right of access: You have the right to request a copy of the information that we hold about you.
  • Right to rectification: You have the right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to erasure: You have the right to have your personal information deleted when there is not any compelling reason for it to be processed.
  • Right to restrict processing: In certain situations you have the right to ask The HALO Trust to stop or suppress the processing of your personal information.
  • Right to data portability: You have the right to have the data we hold about you transferred to another organisation.
  • Right to object: You have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated decisions: In a situation where a data controller is using your personal information in a computerised model or algorithm to make decisions "that have a legal effect on you" without human intervention, you have the right to object.

Where we rely on your consent to process your personal information (eg for marketing), you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before your withdrawal. 

You also have the right to lodge a complaint before your national data protection authority. If you are located in the UK, this is the UK Information Commissioner's Office (ICO). 

To exercise any of your data protection rights, please contact us: dataprotection@halotrust.org

If you would like more information on your rights, see the .

Requesting information on the data we hold

At your request, HALO can confirm what information we hold about you and how it is processed. This is called a subject access request (SAR). If HALO does hold personal information about you, you can request copies of the information we hold from our Data Protection Officer.

You can request an SAR form (SAR02) from our DPO by emailing dataprotection@halotrust.org. While you do not need to complete the SAR02 form to lodge a subject access request, it will make processing easier.

You will also need to provide:

  • proof of identification showing a facial photograph – either a copy of a passport or driving licence
  • proof of address – either a copy of a bank statement, utility bill or TV licence from the last three months; or current vehicle registration document.

Your request should be emailed to our DPO: dataprotection@halotrust.org.

We will respond within one month of receipt. Complex or multiple requests may attract extensions of up to a further two months.

Complaints and contacts

In the event that you wish to make a complaint about how your personal data is being processed by HALO, or about how your complaint has been handled, you have the right to lodge a complaint with HALO's DPO: dataprotection@halotrust.org.