The Raspberry Pi Foundation (RPF) is a charitable foundation based in the United Kingdom with the mission to enable young people to realise their full potential through the power of computing and digital technologies. We collect your data to help us advance our mission, and we always consider and respect your privacy rights.
We want to be open about what we are doing and why. The purpose of this policy is to explain how the Raspberry Pi Foundation collects and uses the personal information you provide to us, whether it is shared online, via phone, via email, in letters, in any other correspondence, or by other people.
Notice to Parents and Guardians
We are committed to protecting the privacy of the young people that engage with us through our competitions, on our website, at events, and in the clubs that we support. We treat your child’s information in accordance with all applicable laws concerning the protection of personal information.
- Who are we
- What information we collect from you
- When we collect information from you
- What we use your information for
- How long do we keep your data for
- Anonymised data
- How we collect and store your information
- On what legal basis we use your information
- Who we share your information with
- Information about cookies
- Your rights
- How to contact us about your data
If you have any questions at any time about data privacy at the Raspberry Pi Foundation, please contact us at firstname.lastname@example.org, or write to us at: Data Protection, Raspberry Pi Foundation, 37 Hills Road, Cambridge, CB2 1NT.
1. Who are we
The Raspberry Pi Foundation is a UK-based charity that works to enable young people to realise their full potential through the power of computing and digital technologies. We do this so that more people can harness the power of digital technologies for work, to solve problems that matter to them, and to express themselves creatively. Information about the Raspberry Pi Foundation Group is at the bottom of this page and each page of our website.
2. What information we collect from you
If you are a:
- Raspberry Pi account holder
- Volunteer, club leader or host
- Event or club attendee
- Competition entrant
- Survey participant
- Donor (individual)
- Contractor or supplier to RPF
- Job applicant
- Member of RPF
- Organisation awarding grants or gifting donations
- Partner organisation
- Visitor to our website
- Visitor to our offices
We may collect the following information:
- First name
- Last name
- Date of birth
- Email address
- Phone number
- Social media ID
- Images (including audio and/or video)
- CCTV Image
- Internet Protocol (IP) Address
For teachers who work with us, we may also store the following information:
- Details of the school or education institution you work at
Fundraising and due diligence
As part of our fundraising, due diligence and anti-money laundering processes we undertake research and engage specialist agencies to gather information about donors and potential donors from publicly available sources (for example, UK Companies House, the Electoral Register, company websites, ‘rich lists’, social networks such as LinkedIn, political and property registers and news archives). The purpose of this research is for us to understand more about donors and potential donors and help provide them with an appropriate experience. If you would prefer us not to use your data in this way, please email email@example.com.
When you visit our website, we may collect technical information relating to your use of our website, including your browser type or the IP address used to connect your computer to the internet. For more on this, see section 10, “Information about cookies”.
Special category data
In addition to the above personal data, we may collect the following special category data (as defined by the UK Data Protection Act 2018) if you have chosen to disclose it to us:
- Health data (such as information about allergies)
- Personal data revealing racial or ethnic origin (only in circumstances where you have chosen to disclose this information to us expressly in response to a survey question)
The Raspberry Pi Foundation uses images (including videos and audio-recording) to showcase the Foundation’s work. This increases engagement with current members of our community, as well as with potential new community members and supporters. We may process images of individuals from all of the categories of data subjects listed in section 2. We take the security and privacy of images seriously, and we provide guidelines for staff and volunteers.
Where images are processed using the lawful basis of legitimate interest or consent, the individuals featuring in those images have a number of rights that they can exercise over this data, such as the right to delete or rectify. You may “opt out” by withdrawing consent (where given) or challenge the legitimate interest that has been assessed. If you wish to do so please contact firstname.lastname@example.org.
Please note that for images made available on the internet, the Raspberry Pi Foundation can cease to use your images, but it may still be possible to find them on the internet, and this is beyond our control. Where images have already been used in printed publications, it will not be possible for them to be withdrawn.
3. When we collect information from you
We collect your information:
- When you create and use your Raspberry Pi account or otherwise sign up to participate in any of our competitions, programmes or events
- When you apply to become a volunteer
- When you apply for a job with the Raspberry Pi Foundation Group
- When you or your organisation becomes one of our partners or suppliers
- When you respond to our surveys
- When you support us by donating or signing up to gift aid
- As part of the process to become one of our Members
- When you visit our office
- When you visit our website
- When you receive email newsletters, blog updates or marketing emails from us (we may use tracking software to tell us if, when, and in what general geographic region you delete, open or forward our emails)
4. What we use your information for
We may use the information as follows:
- Provide you with information and services connected with the mission of the Raspberry Pi Foundation
- Ask you to participate in surveys
- In our annual review and Trustee report
- For research purposes
- Research potential donors
- Thank you for a donation
- Send you newsletters (if you have opted in)
- Publish images in our magazines, websites, social media or blogs
- Respond to your queries
- Make sure we are sending out marketing emails and updates at the right time, to the right recipients, with relevant content
- Analyse activity on our website (section 10)
- Carry out debugging work (in the case of IP addresses)
- For safety, security and the prevention of crime (in the case of CCTV images)
If you want to understand more about why we collect your data, please contact us at email@example.com.
5. How long do we keep your data for
We do not keep your information for any longer than we need to in order to fulfil the purpose or purposes for which it was collected, or for any longer than is required by law, if that is longer.
For determining when personal data should be erased we take into consideration: the amount of and sensitivity of the personal data we have; the amount of harm that could be caused by a data breach; the benefits of the purposes the data is being used for; and any legal requirements that we are bound by.
We review the data we hold, and erase or anonymise it as appropriate, according to the retention periods specified in the table below.
You may request that we erase your personal data at any time. In some cases where there is a relevant or legal reason that requires us to keep the data, we may opt to restrict the amount of processing to what is absolutely necessary. This will be in line with your legal rights in order to minimise the impact the processing will have and we will explain to you the reasons for our decision.
If you have any questions about how long we keep your information for, contact us at firstname.lastname@example.org.
Table of retention periods
|Data Subject||Data Type||Retention|
Event or club attendee
Raspberry Pi account holder
Volunteer, leader or host
|Personal Data & Special Category Data (see above)||Reviewed 3 years after the last evidence of involvement. Then we will either anonymise, delete or retain the data if we have a legal justification for keeping it any longer, for example, for safeguarding reasons.
Where we know a club is no longer running then any remaining volunteer information will be deleted after 6 years if there is no other evidence of engagement with us.
If the information we have about you is considered part of RPF’s historical record, we will retain basic personal data, such as names, for 100 years.
|Contractor or supplier
Organisations awarding grants or gifting donations
|Personal Data||6 years after the end of the year or accounting period, in question (for legal and tax reasons)|
|Emails received||Personal Data||Deleted automatically after a maximum of 10 years, unless separately preserved for other lawful reasons.|
|Images/videos||Personal Data||As long as required. In some instances, 100-year retention is required to maintain RPF’s historical record.|
|Members of RPF||Personal Data||In certain circumstances, we may retain relevant data for 10 years (Companies Act 2006)|
|Visitor to our websites||Personal Data||The web service logs (containing IP addresses) are retained for 30 days of your visit, after which they are then archived for 1 year|
|Visitor to our office||Personal Data||CCTV images are kept for 31 days (unless retained for legal reasons)|
|Unsuccessful job applicants||Personal Data||Application information kept for 1 year to defend against claims and for as long as necessary in the event of a claim.|
6. Anonymised data
By definition, anonymised data is data that does not contain any information that can be used to identify an individual.
Once we have anonymised data we are lawfully allowed to retain it for as long as we need it, with no formal justification.
Anonymised data may be useful for analytical or statistical insight. We are most likely to retain anonymised data for research, analysis, and impact evaluation.
7. How we collect and store your information
We take appropriate technical and organisational measures to ensure that the information disclosed to us is kept secure, accurate, and up-to-date, and that it is kept only for as long as it is needed in order to fulfil the purpose or purposes for which it is used.
You should be aware that the use of the internet is not entirely secure, and although we will do our best to protect your personal data, we cannot guarantee the security or integrity of any personal information that is transferred from you or to you via the internet. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features such as encryption to try to prevent unauthorised access.
8. On what legal basis we use your information
Lawful bases may include:
- Where it is within our legitimate interests in order to further our charitable objectives.
- We have a legitimate interest to process data for the purpose of informing our fundraising activity, tailoring the experiences of our donors to better suit their interests, or making our fundraising efforts more efficient and cost effective. This is necessary in order for us to operate and carry out our charitable objectives.
- We have a heightened responsibility to keep your interests central and to make sure that your rights as a data subject override our legitimate interests.
- Where we need to comply with a legal obligation.
- Where processing is necessary for the performance of a contract to which you are a party. If you fail to provide this information, we may be unable to perform the contract.
- Where we have your consent to process your personal and special category data, where applicable.
The only special category data we may process about you is listed under the heading Special Category Data in section 2 above, which we only process if you have provided us with this information. Subject to Article 9 of EU General Data Protection Regulation 2016 (as referred to in the UK Data Protection Act 2018) we collect this data only when it has been provided by you, with your explicit consent to process and store.
We take additional measures to protect this data by storing it in our Customer Relation Management Platform only. We restrict access to this data and only provide access to certain staff groups who need to access this information, for example, the event lead for the particular event you are attending.
9. Who we share your information with
We will never sell your information to any third party.
As the information we collect about you will be stored on our IT infrastructure, it may also be shared for operational reasons with data processors Google Workspace (email, document management and storage services) and/or Salesforce (relationship management platform). The servers containing this information are located in the UK / EEA.
In some circumstances we may share limited personal information about you with other organisations and partners we are working with on joint schemes, events, or products that you engage with. This is to make sure that the scheme, event or product is working as intended and that we are sticking to our agreements with our partner organisations. Where these third parties are not in the UK or European Economic Area, we make sure that it is safe to share your information with them, for example by including the EC’s Standard Contractual Clauses in our agreements with such third parties.
We will share your data if we are required to do so by law.
10. Information about cookies
A cookie is a small file which is stored by your web browser. Cookies provide core functionality (such as the ability to authenticate and log you in to an account), they also help store data on state and behaviour which can be used to analyse web traffic and visitors. Cookies allow web applications to respond to you as an individual, aiding them to tailor their operations to your needs, likes and dislikes by storing unique information about you.
We use Google Analytics software to collect information about how you use this website. We do this to help make sure that the site is meeting the needs of its users, and to help us make improvements. Google Analytics stores information about:
- The pages you visit on this site
- How long you spend on each page on this site
- How you got to the site
- What you click on while you’re visiting the site
These cookies do not collect or store your personal information (for example, your name or email address), so this information can’t be used to identify you. We do not allow Google to use or share our analytics data. You can opt out here.
11. Your rights
Right to be informed — you have the right to be informed about the collection and use of your personal data. In general we will do this no later than a month after the processing activity begins unless doing so is impossible, would involve disproportionate effort or render impossible or seriously impair the achievement of the objectives of that processing.
Right of access — you have a right to ask us to confirm whether we are processing information about you, and to request access to this information.
Right to rectification — you may ask us to rectify information you think is inaccurate, and you may also ask us to remove information which is inaccurate or incomplete. If you inform us that your personal data is inaccurate, we will inform relevant third parties with whom we have shared your data so that they may update their own records.
Right of portability — you have a right to obtain your personal data from us and reuse it for your own purposes.
Right to restricted processing — you have the right to request the restriction or suppression of your personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, we are permitted to store the personal data, but not use it.
Right to be forgotten — you have a right to seek the erasure of your data, for example where it is no longer necessary for us to continue holding or processing your personal data. This right is not absolute, as we may need to continue processing this information to comply with a legal obligation.
Right to restriction
You have a right to ask us to restrict our processing of your information if:
- You contest its accuracy and we need to verify whether it is accurate.
- You ask us to restrict use of it instead of deleting it.
- We no longer need the information for the purpose of processing, but you need it to establish or defend legal claims.
- You have objected to processing of your information being necessary for the purposes of our legitimate interests. The restriction would apply while we carry out a balancing act between your rights and our legitimate interests. If you exercise your right to restrict processing, we would still need to process your information for the purpose of exercising or defending legal claims, for the purpose of protecting the rights of another person, or for public interest reasons.
Exercising your rights
You can always unsubscribe from any mailing list you are included on by contacting us at email@example.com.
If you would like to exercise any of your rights, please let us know by contacting firstname.lastname@example.org. In responding to your request we will act in accordance with our legal obligations and there will be no charge. We may ask for your help in locating specific information, e.g. confirming your identity.
Our use of your data processed in the UK is regulated by the Information Commissioner. You have a right to report any of your concerns about our use of your data to the Information Commissioner’s Office. You can do so by contacting them on ico.org.uk/concerns or by calling their helpline at +44 303 123 1113.
12. How to contact us about your data
Data rights are human rights and we are determined to honour yours fairly and fully. You can unsubscribe at any time, or get in touch with any questions, comments, or instructions regarding your information by writing to email@example.com or to:
Raspberry Pi Foundation
37 Hills Road
Policy updated: December 2022