The Raspberry Pi Foundation (RPF) is a charitable foundation based in the United Kingdom with the mission to put the power of computing and digital making into the hands of people all over the world. We collect your data to help us advance our mission, and we always consider and respect your privacy rights.
We want to be open about what we are doing and why. The purpose of this policy is to explain how the Raspberry Pi Foundation collects and uses the personal information you provide to us, whether it is shared online, via phone, via email, in letters, in any other correspondence, or by other people.
Notice to Parents and Guardians
We are committed to protecting the privacy of the young people that engage with us through our competitions, on our website, at events, and in the clubs that we support. We treat your child’s information in accordance with all applicable laws concerning the protection of personal information.
- Who are we
- What information we collect from you
- When we collect information from you
- What we use your information for
- How long do we keep your data for
- Anonymised data
- How we collect and store your information
- On what legal basis we use your information
- Who we share your information with
- Information about cookies
- Your rights
- How to contact us about your data
If you have any questions at any time about data privacy at the Raspberry Pi Foundation, please contact us at firstname.lastname@example.org, or write to us at: Data Protection, Raspberry Pi Foundation, 37 Hills Road, Cambridge, CB2 1NT.
1. Who are we
The Raspberry Pi Foundation is a UK-based charity that works to put the power of computing and digital making into the hands of people all over the world. We do this so that more people can harness the power of digital technologies for work, to solve problems that matter to them, and to express themselves creatively.
2. What information we collect from you
We aim to limit the information we collect about you to only what we think is required for the purpose for which we collect it.
When you visit our website, we may collect technical information relating to your use of our website, including your browser type or the Internet Protocol (IP) address used to connect your computer to the internet. For more on this, see section 10, “Information about cookies”.
As the information we collect about you will be stored on our IT infrastructure, it may also be shared with our data processors who provide email, anonymous analytics, document management, and storage services to us. We aim to limit the information we collect about you to only what we think is required for the purpose or purposes for which we collect it.
If you are a:
- Club attendee
- Contractor or supplier to RPF
- Competition entrant
- Donor (individual)
- Event applicant or attendee
- Job applicant
- Member of RPF
- Organisations awarding grants or gifting donations
- Partner organisations
- Training applicant or attendee
- Raspberry Pi or CoderDojo account holder
- Survey participant
- Visitor to our websites
- Visitor to our offices
- Volunteer, Leader or Host
We may collect the following information:
- First name
- Last name
- Date of birth
- Email address
- Phone number
- Social media ID
- Images (including video)
- CCTV Image
- IP Address
For teachers who work with us, we may also store the following information:
- Details of the School or education institution you work at
We will also use or collate information from publicly available sources to inform our fundraising activity. This helps us identify and understand potential donors.
Special category data
In addition to the above personal data, we may collect the following special category data (as defined by the GDPR / Data Protection Act 2018) if you have chosen to disclose it to us:
- Health data (such as information about allergies)
- Personal data revealing racial or ethnic origin (only in circumstances where you have chosen to disclose this information to us expressly in response to a survey question)
The Raspberry Pi Foundation uses images (including videos and audio-recording) to showcase the Foundation’s work, which increases engagement with current members of our community, as well as with potential community members and supporters. We may process images of individuals from all of the categories of data subjects listed in section 2. We take the security and privacy of images seriously, and we provide guidelines for staff and volunteers.
Where images are processed using the lawful basis of legitimate interest or consent, the individuals featuring in those images have a number of rights that they can exercise over this data, such as the right to delete or rectify. The data subject is able to withdraw their consent, where given, or challenge the legitimate interest that has been assessed; this is commonly known as ‘opt-out’. If you wish to ‘opt out’, please contact email@example.com.
Please note that for images made available on the internet, the Raspberry Pi Foundation can cease to use your images, but it may still be possible to find them on the internet, and this is beyond our control. Where images have already been used in printed publications, it will not be possible for them to be withdrawn.
3. When we collect information from you
We collect your information:
- When you apply for a job with the Raspberry Pi Foundation Group
- When you or your organisation becomes one of our partners or suppliers
- When you sign up to participate in any of our competitions, programmes or events
- When you apply to become a volunteer
- As part of the process to become one of our Members
- When you contribute to surveys that we undertake
- When you visit one of our office locations
- When you visit our websites
- When you receive email newsletters, blog updates or marketing emails from us (we may use tracking software to tell us if, when, and in what general geographic region you delete, open or forward our emails)
- When you create and use your Raspberry Pi account
- When you support us by:
- Signing up to gift aid
- Giving us a donation
4. What we use your information for
We collect your data on the occasions listed in When we collect information from you above.
We may use the information that we have collected to:
- Provide you with information and services connected with the mission of the Raspberry Pi Foundation
- Ask you to participate in surveys
- In our annual review and Trustee reports
- Use anonymised data for research purposes
- Thank you for a donation
- Send you newsletters (if you have opted in)
- Publish images in our magazines, websites, social media or blogs
- Respond to your queries
- Make sure we are sending out marketing emails and updates at the right time, to the right recipients, with relevant content
- Analyse activity on our website (section 10)
- Carry out debugging work (in the case of IP addresses)
Where we have a lawful basis to do so, we may use your image in our materials, on our website, at events, and for other promotional purposes.
If you want to understand more about why we collect your data, please contact us at firstname.lastname@example.org.
5. How long do we keep your data for
We do not keep your information for any longer than we need to in order to fulfil the purpose or purposes for which it was collected, or for any longer than is required by law, if that is longer (for example, in order to comply with HMRC requirements).
For determining when personal data should be erased we take into consideration: the amount of and sensitivity of the personal data we have; the amount of harm that could be caused by a data breach; the benefits of the purposes the data is being used for; and any legal requirements that we are bound by.
We review the data we hold, and erase or anonymise it as appropriate, according to the retention periods specified in the table below.
You may request that we erase your personal data at any time. In some cases where there is a relevant or legal reason that requires us to keep the data, we may opt to restrict the amount of processing being conducted to what is absolutely necessary. This will be in line with your legal rights in order to minimise the impact the processing will have and we will explain to you the reasons for our decision.
If you have any questions about how long we keep your information for, contact us at email@example.com.
|Data Subject||Data Type||Retention|
Event applicant or attendee
Training applicant or attendee
Raspberry Pi or CoderDojo account holder
Volunteer, leader or host
Information about potential donors
|Personal Data & Special Category Data (see above)||We will review your data 3 years from last event attendance, account login, survey response or volunteer/host/leader activity. We will then either anonymise, delete or retain the data if we have a legal justification for keeping it any longer, for example, for safeguarding reasons.
If the information we have about you is considered part of RPF’s historical record, we will retain basic personal data, such as names, for 100 years.
|Contractor or Supplier to RPF
Donors to RPF
Organisations awarding grants or gifting donations
|Personal Data||6 years after the end of the year or accounting period, from the end data of the contract/last donation/grant (Limitation Act 1980 and HMRC/VAT requirements)|
|Emails to @raspberrypi.org addresses||Personal Data||Emails will be deleted automatically after a maximum of 10 years, unless separately preserved for other lawful reasons.|
|All data subjects – Images (including videos)||Personal Data||In some instances, 100-year retention is required to maintain RPF’s historical record.|
|Members of RPF||Personal Data||In certain circumstances, we may retain relevant data for 10 years (Companies Act 2006)|
|Visitor to our websites||Personal Data||The web service logs (containing IP addresses) are retained for 1 week of your visit, after which they are then archived for 1 year|
|Visitor to our Hills Road Office||Personal Data||We use CCTV cameras for crime prevention and security purposes. Images will be kept for 31 days from the date of the image.|
|Unsuccessful applicants who have applied for a job at the Raspberry Pi Foundation||Personal Data||Unsuccessful candidates will have their application including CV and cover letter and interview notes stored for 1 year from interview date to defend against tribunals, or county or high court claims and for as long as necessary in the event of a claim.|
6. Anonymised data
By definition, anonymised data is data that does not contain any information that can be used to identify an individual.
Once we have anonymised data we are lawfully allowed to retain it for as long as we need it, with no formal justification.
Anonymised data may be useful for analytical or statistical insight. We are most likely to retain anonymised data for research, analysis, and impact evaluation.
7. How we collect and store your information
We take appropriate technical and organisational measures to ensure that the information disclosed to us is kept secure, accurate, and up-to-date, and that it is kept only for as long as it is needed in order to fulfil the purpose or purposes for which it is used.
You should be aware that the use of the internet is not entirely secure, and although we will do our best to protect your personal data, we cannot guarantee the security or integrity of any personal information that is transferred from you or to you via the internet. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features such as encryption to try to prevent unauthorised access.
8. On what legal basis we use your information
Lawful bases may include:
- Where it is within our legitimate interests to process your information to further our mission to put the power of computing and digital making into the hands of people all over the world.
- We have a legitimate interest to process data for the purpose of informing our fundraising activity, tailoring the experiences of our donors to better suit their interests, or making our fundraising efforts more efficient and cost effective. This is necessary in order for us to operate and carry out our charitable objectives.
- We know that under this lawful basis for processing, we have a heightened responsibility to keep your interests central and to make sure that your rights as a data subject override our legitimate interests.
- Where we need to comply with a legal obligation.
- Where processing is necessary for the performance of a contract to which you are a party. If you fail to provide this information, we may be unable to perform the contract.
- Where we have your consent to process your personal and special category data, where applicable.
The only special category data we may process about you is listed under the heading Special Category Data in section 2 above, which we only process if you have provided us with this information. Subject to Article 9 of the Data Protection Act 2018, we only collect this data when it has been provided by you, with your explicit consent to process and store.
We take additional measures to protect this data by storing it in our Customer Relation Management System. We restrict access to this data and only provide access to certain staff groups who need to access this information, for example, the event lead for the particular event you are attending.
9. Who we share your information with
We will never sell your information to any third party.
We occasionally use third parties outside of the Raspberry Pi Foundation to process your personal data on our behalf. Where these third parties are not in the UK or European Economic Area, we make sure that it is safe to share your information with them.
As the information we collect about you will be stored on our IT infrastructure, it may also be shared with the data processors who provide us with email, relationship management, anonymous analytics, document management, and storage services.
In some circumstances we may share limited personal information about you with other organisations and partners we are working with on joint schemes, events, or products that you engage with. Where we are sharing information in this way it will be used to make sure that the scheme, event or product is working as intended and that we are sticking to our agreements with our partner Organisations.
We will share your data if we are required to do so by law.
10. Information about cookies
A cookie is a small file which is stored by your web browser. Cookies provide core functionality (such as the ability to authenticate and log you in to an account), they also help store data on state and behaviour which can be used to analyse web traffic and visitors. Cookies allow web applications to respond to you as an individual, aiding them to tailor their operations to your needs, likes and dislikes by storing unique information about you.
We use Google Analytics software to collect information about how you use this website. We do this to help make sure that the site is meeting the needs of its users, and to help us make improvements. Google Analytics stores information about:
- The pages you visit on this site
- How long you spend on each page on this site
- How you got to the site
- What you click on while you’re visiting the site
These cookies do not collect or store your personal information (for example, your name or email address), so this information can’t be used to identify you. We do not allow Google to use or share our analytics data. You can opt out here.
11. Your rights
Right to be informed — you have the right to be informed about the collection and use of your personal data. In general we will do this no later than a month after the processing activity begins unless doing so is impossible, would involve disproportionate effort or render impossible or seriously impair the achievement of the objectives of that processing.
Right of access — you have a right to ask us to confirm whether we are processing information about you, and to request access to this information.
Right to rectification — you may ask us to rectify information you think is inaccurate, and you may also ask us to remove information which is inaccurate or incomplete. If you inform us that your personal data is inaccurate, we will inform relevant third parties with whom we have shared your data so that they may update their own records.
Right of portability — you have a right to obtain your personal data from us and reuse it for your own purposes.
Right to restricted processing — you have the right to request the restriction or suppression of your personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, we are permitted to store the personal data, but not use it.
Right to be forgotten — you have a right to seek the erasure of your data, for example where it is no longer necessary for us to continue holding or processing your personal data. This right is not absolute, as we may need to continue processing this information to comply with a legal obligation.
Right to restriction — you have a right to ask us to restrict our processing of your information if:
- You contest its accuracy and we need to verify whether it is accurate.
- You ask us to restrict use of it instead of deleting it.
- We no longer need the information for the purpose of processing, but you need it to establish or defend legal claims.
- You have objected to processing of your information being necessary for the purposes of our legitimate interests. The restriction would apply while we carry out a balancing act between your rights and our legitimate interests. If you exercise your right to restrict processing, we would still need to process your information for the purpose of exercising or defending legal claims, for the purpose of protecting the rights of another person, or for public interest reasons.
You can always unsubscribe from any mailing list you are included on or ask us to delete any comments on our blog. You can do so by contacting us at firstname.lastname@example.org.
We may ask for your help in locating specific information, e.g. in confirming your identity.
If you would like to exercise any of your rights, please let us know by writing to email@example.com. We will act in accordance with your instructions as soon as reasonably possible, and there will be no charge.
Our use of your data processed in the UK is regulated by the Information Commissioner. You have a right to report any of your concerns about our use of your data to the Information Commissioner’s Office. You can do so by contacting them on ico.org.uk/concerns or by calling their helpline at +44 303 123 1113. The data protection supervisory authority for Ireland is the Data Protection Commission who can be contacted here.
12. How to contact us about your data
Data rights are human rights and we are determined to honour yours fairly and fully. You can unsubscribe at any time, or get in touch with any questions, comments, or instructions regarding your information by writing to firstname.lastname@example.org or to:
Raspberry Pi Foundation
37 Hills Road
Policy updated: March 2022