By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept

Privacy policy and cookies

Terrence Higgins Trust is committed to protecting your privacy. This privacy statement sets out how we use and protect any personal data that you provide to us, or that we collect from you.

Privacy policy

This policy is designed to ensure that Terrence Higgins Trust complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Terrence Higgins Trust is committed to protecting your privacy. This privacy policy sets out how we use and protect any personal data that you provide to us, or that we collect from you.

The Terrence Higgins Trust privacy and cookies policy may change to reflect legislative and best practice updates so please remember to check back from time to time.

Scope

All personal information processed by Terrence Higgins Trust.

Policy statement

The following privacy and cookies policy will be displayed on all Terrence Higgins Trust websites and made available to all users of Terrence Higgins Trust services on request. Individuals will be made aware of its existence by the use of posters or leaflets in all Terrence Higgins Trust offices which summarise the policy and signpost users to the full notice.

1. Who we are

Here at Terrence Higgins Trust we make every effort to ensure that your personal information is processed in a fair, open and transparent manner.

We are a 'data controller' for the purposes of the UK General Data Protection Regulation and Data Protection Act 2019 ('Data Protection Law'). This means that we are responsible for, and control the processing of, your personal information.

For further information about our privacy practices, please contact us by:

  • Writing to the Data Protection Officer at Terrence Higgins Trust, 439 Caledonian Road, London, N7 9BG.
  • Calling us on 020 7812 1600.
  • Emailing the Data Protection Officer at info.gov@tht.org.uk.

2. How we collect information about you

We collect information from you in the following ways:

When you interact with us directly: This could be if you use one of our services, ask us about our activities, register with us for an event, make a donation to us, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This includes when you phone us, visit our website, or get in touch through the post, or in person.

When you interact with us through third parties: This could be if you provide a donation through a third party such as JustGiving or one of the other third parties that we work with and provide your consent for your personal information to be shared with us.

When you visit our website: We gather general information which might include which pages you visit most often and which services, events or information is of most interest to you. We may also track which pages you visit when you click on links in emails from us. We also use cookies to help our site run effectively. There are more details below – see 'Cookies'.

We will use this information to personalise the way our website is presented when you visit to make improvements and to ensure we provide the best service and experience for you. Wherever possible we use anonymous information which does not identify individual visitors to our website.

From other information that is available to the public: In order to tailor our communications with you to your background and interests we may collect information about you from publicly available sources or through third-party subscription services or service providers (we have provided further details about this below – see ' Making our work relevant to you').

3. Information we collect and why we use it

Personal information

Personal information we collect may include details such as your name, date of birth, email address, postal address, telephone number and credit/debit card details (if you are making a purchase or donation), as well as information you provide in any communications between us. You will have given us this information whilst making a donation, using our services, registering for an event, placing an order on our website or any of the other ways you interact with us.

We will use this information:

  • To provide good quality sexual and reproductive health and HIV services.
  • For monitoring, evaluation and audit of service provision.
  • For marketing, fundraising, campaigning and membership services.
  • To process your donations or other payments, to claim Gift Aid on your donations and verify any financial transactions.
  • To provide the services or goods that you have requested.
  • To update you with important administrative messages about your donation, an event or services you have requested.
  • To keep a record of your relationship with us.
  • Where you volunteer with us, to administer the volunteering arrangement.
  • To invite you to participate in surveys or research.

In order for us to undertake the above we need to collect personal data from you for either correspondence purposes or detailed service provision, depending on the service you are accessing.

Our aim is not to be intrusive and we undertake not to ask irrelevant or unnecessary questions.

We may pass your personal data on to other service providers who are contracted to us in the course of dealing with you or information may be collected by other service providers on our behalf. Our contractors are obliged to keep your details securely, and use them only to fulfil the service they provide for you on our behalf. If you would like further information on this please do not hesitate to ask. Once your service need has been satisfied your details will be disposed of securely in line with our procedures set out in clause 9 of this policy.

Special category data as defined within the UK GDPR

Special category data is defined as the following data types:

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • genetics
  • biometrics
  • health
  • sex life
  • sexual orientation

Should we need to share any of the above data on to any other third parties we will only do so where there is a service need to do so, once we have obtained your consent or unless we are legally required to do so, for example to comply with the law, or a court order or where there is a clear safety risk to you or to someone else. If this is the case, we will always try to inform you.

4. Making our work more relevant to you

We want to improve how we communicate with you and to personalise the information we provide you through our website, services, products and information. To do this we sometimes acquire third-party data so that we can better understand your preferences and needs so as to provide a better experience for you.

We may carry out targeted fundraising activities using these techniques based on the information that we hold about you. We also work with third-party organisations who provide additional insight by providing them with limited personal supporter data. This insight allows us to effectively and efficiently fundraise by better understanding our supporters.

Research and profiling

Our work is only made possible thanks to the generosity of our supporters. By developing a better understanding of our supporters through researching them using publicly available sources we can tailor our fundraising communications to those most likely to be interested in them. This allows us to be more efficient and cost-effective with our resources, and also reduces the risk of someone receiving information that they might find irrelevant, or intrusive.

In order to do this we use information we hold about our supporters and potential supporters to research their potential to be a significant donor and collect additional details relating to their employment and any philanthropic activity. We may also estimate their gift capacity, based on their visible assets, history of charitable giving and how connected they are to Terrence Higgins Trust.

What information we collect

We use data which has been provided directly to Terrence Higgins Trust and combine this with information from publicly available sources such as charity websites and annual reviews, corporate websites, public social media accounts, the electoral register and Companies House in order to create a fuller understanding of someone’s interests and support and we do not use information sources which have not been made public.

Wealth screening

Wealth screening is a process employed by organisations to understand the potential numbers of individuals who could make a major gift. In order to do this, a third party company will screen a selection of records against publicly available sources and/or socioeconomic data to identify those supporters who may be able to make a significant donation.

You can of course opt out of this activity at any time by enforcing your right to object to profiling based activities. To do this, email SupporterCare@tht.org.uk or contact us at Terrence Higgins Trust, 439 Caledonian Road, London, N7 9BG or by phone on 020 7812 1612.

5. Legal basis for using your information

Where consent is the appropriate legal basis for using your personal information, we will use this only once we have your consent for the specific service we are fulfilling for you.

There are other lawful reasons that allow us to process your personal information and one of those is called 'legitimate interests'. This means that the reason that we are processing information is because there is a legitimate interest for Terrence Higgins Trust to process your information.

Whenever we process your personal information under the ‘legitimate interest' lawful basis we make sure that we take into account your rights and interests and will not process your personal information using this legal basis if we feel that there is an imbalance.

Some examples of where we have a legitimate interest to process your personal information are where we contact you about our work via post, use your personal information for data analytics, or for conducting research to better understand who our supporters are, improving our services, or for our legal purposes (for example, dealing with complaints and claims).

6. Marketing

We will only contact you about our work and how you can support Terrence Higgins Trust by email or text message if you have agreed for us to contact you in this manner.

However, if you have provided us with your postal address and/or telephone number we may contact you with information about our work and how you can support Terrence Higgins Trust by mail or phone unless you have told us that you would prefer not to hear from us in that way.

You can update your choices or stop us sending you these communications at any time by contacting the supporter care team via email at SupporterCare@tht.org.uk or by writing to the Supporter Care team at the following address:

Terrence Higgins Trust
439 Caledonian Road
London
N7 9BG

For email communications, you can also unsubscribe using the link at the bottom of the relevant communication.

7. Sharing your Information

The personal information we collect about you will be used by our staff (and volunteers) at Terrence Higgins Trust so that they can support you.

We will never sell individual information and your details are never given out except where there is a service need to do so. Where this is the case you will have agreed to this as part of the service being offered (e.g. housing, welfare). You have the right to prevent this and to opt-out in accordance with the NHS national data opt-out policy but it may affect the services that we are able to offer you.

Terrence Higgins Trust may however share your information with our partners and suppliers who work with us on or on our behalf to deliver our services. In the contracts with our service providers we require that they use and store the data securely, delete it when they no longer need it and never use it for any other purposes. Some examples of where we may share your information are with our fulfilment partners who help to create and send information to you to reduce our costs, or with our partners who help us to process donations and claim Gift Aid.

We may also use information to produce anonymous reports to our funders and stakeholders

Legal disclosure

We may disclose your information if required to do so by law. (For example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority).

8. Keeping your information safe

We will take all reasonable steps to make sure that your data is treated securely and in accordance with this privacy policy however we receive this information e.g. by post, e-mail or through accessing our website.

The information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure as part of our information security management system.

Your personal information is accessed only by those who are authorised to access it while carrying out their duties.

Details relating to any transactions entered into through the Terrence Higgins Trust websites will be encrypted in transit to ensure their safety. The transmission of any information from you to Terrence Higgins Trust via website or e-mail is not completely secure, however, the transmission of such data is at your own risk.

Third party links

Terrence Higgins Trust websites contain links to third-party websites. These websites should have their own privacy policies but we do not accept any responsibility or liability for their policies.

9. How long we hold your information

We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. Once you no longer need our services we are legally required to keep records for a certain amount of time depending on the type of data that we hold. After this time we will securely destroy it according to our records retention and disposal procedures. Please contact us for further information on our retention periods.

10. Your rights

You have various rights in respect of the personal information we hold about you – these are set out in more detail below. If you wish to exercise any of these rights or make a complaint, you can do so by contacting us at Terrence Higgins Trust, 439 Caledonian Road, London, N7 9BG, by email at info.gov@tht.org.uk and by phone on 020 7812 1600. You can also make a complaint to the data protection supervisory authority, the Information Commissioner's Office, https://ico.org.uk/

  • Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge.
  • Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection.
  • Consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
  • Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
  • Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
  • Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
  • Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
  • No automated-decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making.

Please note, some of these rights only apply in certain circumstances. We may also ask you to provide a copy of your ID so that we can evidence it is in fact you making the request.

Cookies

A cookie is a small file placed on your computer's hard drive. Cookies can be used to provide core functionality for a website (e.g. logins), for website traffic reporting or for marketing purposes.

A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

We sometimes use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to user needs. We only use this information for statistical analysis purposes.

To minimise the intrusiveness of our website statistics, we use digital fingerprinting in preference to cookies.

We use session cookies on our e-recruitment site. These cookies are automatically set by the system solely for the purposes of enabling you to be able to page through search results and to log in and apply for jobs. Once the browser has been closed, they are destroyed.

Types of cookies

Necessary cookies are cookies essential to ensure our websites work for you.

Performance cookies are cookies which help us optimise the performance of our websites. They tell us which pages are most popular, how people navigate our website and how many new users have viewed a page. We also sometimes use cookies to test different versions of a website page to see which work best. They don't identify you individually.

Functional cookies are cookies which allow our websites to remember the choices you make in order to give you a more personal experience. This is anonymous and can't track your activity on other websites.

Advertising cookies are used to deliver adverts relevant to you. They are also used to limit the number of times you see an advert and help measure how effective an advert is. They can also be used to choose the advertisements that are displayed to you on other websites.

First party cookies are set by the website you're visiting and only Terrence Higgins Trust can read them.

Third party cookies are not set by us and can be read by the owner of those cookies. They may be used by tools that we have on our websites, such as when we include a form, map or video. Usually we can't control what information they collect but we can tell you the cookies we use.

Session cookies are temporary cookies files that are removed when you close your browser.

Persistent cookies stay in one of your browser's folders until you or your browser deletes them. They are used so you can be recognised when you come back to our website, such as your log-in details.

Disabling cookies on your browser

If you don’t want to receive cookies, you can modify your browser so that it notifies you when cookies are sent to it or you can refuse cookies altogether. You can also delete cookies that have already been set.

If you wish to restrict or block web browser cookies that are set on your device, you can do this through your browser settings – the Help function within your browser should tell you how. Alternatively, you may wish to visit KnowCookies.com, which contains information on how to do this on a variety of web browsers.

Here are the cookies we set for each of our websites:

Terrence Higgins Trust

Session cookie (SSESS*)
Expires - 23 days
Purpose - To authenticate a logged-in user

__cfduid
Expires - 1 year
Purpose - Part of our security firewall Cloudflare (e.g. identifying trusted users).

__stripe_mid
Expires - 1 year
Purpose - Part of our card payment provider, Stripe.

__stripe_sid
Expires - 30 minutes
Purpose - Part of our card payment provider, Stripe.

Stripe and Cloudflare may update the cookies they use from time to time.

_hjIncludedInSessionSample
Expires - End of session
Purpose - This cookie is set in relation to Hotjar tracking.

_hjFirstSeen
Expires - End of session
Purpose - Set by Hotjar for performance and analytics purposes.

_hjIncludedInPageviewSample
Expires - End of session
Purpose - Set by Hotjar for performance and analytics purposes.

_hjSessionUser_******
Expires - End of session
Purpose - Hotjar cookie that is set when a user first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.

_hjSession_*****
Expires - End of session
Purpose - Holds the current session data. This ensues that subsequent requests within the session window will be  attributed to the same Hotjar session.

cookiefirst-consent
Expires - 12months
Purpose - Saves your cookie preferences for this website. You can change these or withdraw your consent easily.

cookiefirst-consent

Expires - Persistent
Purpose - Saves your cookie preferences for this website. You can change these or withdraw your consent easily.

cookiefirst-id
Expires - Persistent

Purpose - Contains your unique ID so CookieFirst can identify unique visitors to this website.

Social media

On our main website, we use the Meta pixel and API within our donation and Take Action sections. These use first-party and third-party cookie data to enable us to reach more people on Meta, to be more accurate in measuring and reporting on our adverts and to ensure our adverts are cost effective.

You can view your Meta ads settings and update your preferences at any time.

_fbp
Expires - End of session
Purpose - Used by Facebook for advertising purposes and conversion tracking.

fr
Expires - End of session
Purpose - The gathered information is used in Meta advertising products, for example real time bidding from third party advertisers.

Occasionally, we embed tweets in news stories. See Twitter's privacy policy and how you can manage Twitter for Web data:

Where we embed YouTube videos, these may also set cookies. We are working towards replacing these with YouTube's 'privacy-enhanced' version.

We do not use remarketing on sites providing health information about HIV and STIs – this includes www.tht.org.uk. Find out about Google Analytics' currently available opt-outs.

My Community Forum

PHPSESSID
Expires - When the browsing session ends.
Purpose - Session management.

mybbuser
Expires - When the browsing session ends.
Purpose - Session management.

sid
Expires - When the browsing session ends.
Purpose - Session management.

loginattempts
Expires - 1 year
Purpose - Managing repeated login attempts.

mybb[lastactive], mybb[lastvisit]
Expires - 1 year
Purpose - Forum user data.

arrowchat_hide_lists
Expires - 1 year
Purpose - Storing live chat preference.

sparrow_id, sparrow_init, gates_cohorts, cf_use_ob
Expires - When the browsing session ends.
Purpose - Part of our security firewall Cloudflare.

__cfduid, __cf_logged_in
Expires - 1 month/31 days
Purpose - Part of our security firewall Cloudflare (e.g. identifying trusted users)

__zlcmid
Expires - 1 year
Purpose - Part of our security firewall Cloudflare

_ga
Expires - 2 years
Purpose - Part of our security firewall Cloudflare

editables, unique_id, POWR_PRODUCTION, __utmc, JSESSIONID, YSC
Expires - When the browsing session ends
Purpose - Embedded Twitter feed from powr.io

ahoy_visit, ahoy_unique_*
Expires - 12 hours
Purpose - Embedded Twitter feed from powr.io

src
Expires - 1 month
Purpose - Embedded Twitter feed from powr.io

VISITOR_INFO1_LIVE
Expires - 6 months
Purpose - Embedded Twitter feed from powr.io

ahoy_visitor
Expires - 2 years
Purpose - Embedded Twitter feed from powr.io

Cookies may also be set by user-embedded content such as YouTube videos.

myHIV forum

.YAFNET_Authentication
Expires - 1 month
Purpose - Maintaining login to the forum.

ASP.NET_SessionId
Expires - When the browsing session ends.
Purpose - Session management.

PreviousVisit
Expires - 6 months
Purpose - Forum functionality.

ScrollPosition
Expires - When the browsing session ends.
Purpose - Forum functionality.

panelstate_* cookies
Expires - 1 year
Purpose - Forum functionality

cf_use_ob
Expires - When the browsing session ends.
Purpose - Part of our security firewall Cloudflare.

__cfduid
Expires - 1 year
Purpose - Part of our security firewall Cloudflare (e.g. identifying trusted users)

Self testing (test.tht.org.uk)

PHPSESSID
Expires - When the browsing session ends
Purpose - Session management

billingIsNotShipping, collectPoint, isHubBoxOrder
Expires - When the browsing session ends
Purpose - Selection of HubBox collection point for Click and Collect

__stripe_mid
Expires - 1 year
Purpose - Part of our card payment provider, Stripe.

__stripe_sid
Expires - 30 minutes
Purpose - Part of our card payment provider, Stripe.

__cfduid
Expires - 1 year
Purpose - Part of our security firewall Cloudflare (e.g. identifying trusted users).

It Starts With Me

player
Expires - 1 year
vuid
Expires - 2 years
Purpose - Vimeo is a video content visualisation service provided by Vimeo, LLC that allows this Website to incorporate content of this kind on its pages.

_ga: Expires - 2 years
_gac*: Expires - 3 months
_gat: Expires - 1 minute
_gid: Expires - 1 day
_ga_*: Expires - 2 years
_gac_gb_*: Expires - 3 months
Purpose - Distinguish users in Google Analytics. Measure traffic and analyse user behaviour with the goal of improving the service.

Other microsites

PHPSESSID
Expires - When the browsing session ends
Purpose - Session management

_ga
Expires - 3 years
Purpose - Distinguish users in Google Analytics.

_gid
Expires - 24 hours
Purpose - Distinguish users in Google Analytics.

_gat
Expires - 1 minute
Purpose - Throttle requests in Google Analytics.

AMP_TOKEN
Expires - 30 seconds to 1 year
Purpose - Link AMP Clinet ID to Google Analytics.

_gac_*
Expires - 90 days
Purpose - Link Google AdWords to Google Analytics.

__cfduid
Expires - 1 year
Purpose - Part of our security firewall Cloudflare (e.g. identifying trusted users).

wp*, wordpress*
Purpose - Various cookies to deliver the functionality of WordPress.

3rd party cookies
Doubleclick - Used for Google Analytics demographics and interest reporting
More about Google Advertising cookies.

PRODUCED BY TERRENCE HIGGINS TRUST FOR
Our informationAccessibilityTerms and conditionsPrivacy and cookies

This resource is being developed over a period of time. We plan to review each new section within three years of its publication. If you have any questions about this resource, or would like information on the evidence used to produce it, please email feedback@tht.org.uk

Our information production process

Copyright © 2023 Terrence Higgins Trust is a registered charity in England and Wales (reg. no. 288527) Company reg. no. 1778149 and a registered charity in Scotland (reg. no. SCO39986). Registered office: 437 & 439 Caledonian Road, London, N7 9BG.