Privacy Policy

Who are we?

The South East Rivers Trust is an environmental charity aiming to achieve healthy river ecosystems (for all) across the south east of England.

Your Privacy

We are committed to keeping your personal data safe. This Privacy Policy explains what data we collect, how and why we use it and how we keep it safe. It outlines your rights under the new EU General Data Protection Regulation legislation (GDPR), and how we will ensure that you remain in control of your personal data.

Why do we collect personal data?

We need to collect some types of personal data to help deliver our vision of healthy ecosystems for all across the south east of England. In line with GDPR, we will only collect, store and use your personal data when we have identified a clear purpose and reason to do so, e.g. you have asked us to contact you about volunteering opportunities. This is known as our lawful basis for processing data.

The reasons we may collect personal data are outlined below:

1. To send you information about our work

We have a South East Rivers Trust Mailing List which we use to send subscribers information about the work we do and events they might be interested in attending. The mailing list is opt-in only, meaning you will have given us your consent to contact you via email.

We have a School Education Mailing List which we use to promote our school education programme. As a local school, you might be interested in what we can offer you and your students and therefore our lawful basis for processing your data here is Legitimate Interest. We will only ever contact you using the school’s business details which are in the public domain and you are able to opt-out at any time.

For both mailing lists, we respect your right to update the information we hold about you, or your right to be removed from the list and your details forgotten at any time. Should you want to remove yourself from either list, please contact us at, or click the ‘unsubscribe’ button at the footer of one of our campaign emails. If you appear inactive for over three years, such as not opening our emails, we will remove you from our database.

You may be a partner or landowner working with us on one of our projects. In this case, we would only send you relevant information on project progress, key updates and to gather information for reporting and monitoring purposes. The lawful basis for this contact would be legitimate interest or contractual.

2. To enable you to volunteer with us at events and on specific projects

If you are signed up to our South East Rivers Trust Mailing List, you will receive information about our upcoming events.  You will have given us permission to be included on this Mailing List and therefore our lawful basis for sending this information is consent.

If you sign up to join us at an event or training sessions, we will store your name and email address so we can share details of the event with you. This may be via direct email or on EventBrite. You will have given us your permission to collect this data and therefore our lawful basis for sending this information is consent. These details will be deleted 90 days after the event if you decide not to continue as part of one of our volunteer projects.

If you join one of our volunteer projects (such as River Guardians, Riverfly, River Rangers etc), you will have given us your permission to contact you about the project, store your contact details and bank information if we are reimbursing you for expenses. All of this will have been covered in your training and we will have asked you to give us consent to hold this information. The information is stored securely within the Trust’s database and only shared with relevant staff working on the project. If we need to share your details with other volunteers we will only do so with your consent.

3. To respond to your enquiries

If you have got in touch with us to make an enquiry (via the telephone, email, letter, Social Media or our website contact form), we will use the information you have provided to us to respond.

What personal data do we collect and how?

1. Basic Information
  • Your name, email, telephone number
  • Your postal address for specific projects
  • Your bank details if you are donating to us or claiming expenses

This information will have been collected directly from you.

2. Additional information about you
  • A record of the events you have attended and activities you have been involved in
  • How much time you have spent volunteering with us and on which activities
  • Photos of you at our events

This information will be gathered at our events and through our website. There will always be a clear Privacy Notice stating what we are collecting from you and why.

4. Using our website


A cookie is a small file which asks permission to be placed on your computer’s hard drive (or smart phone, tablet or other device) and are used to improve your online experience.

It is important to understand how cookies work, what they are for and when they are being used.

Once you agree, the cookie file is added to your computer and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

At SERT, we use cookies for a variety of reasons, such as to monitor how many people have visited our website. More information about cookies can be found at

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. The cookies we use in no way give us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

5. Sensitive Personal Data

There are some circumstances where we will need to gather information which is classified as sensitive personal data. For example, if you volunteer with us on certain projects, we may collect:

  • references
  • criminal records checks
  • details of emergency contacts
  • medical conditions.

When we do so, we will be very clear as to why we are collecting such information, and we will only do so with your consent.

To abide by the Health & Safety Act (1974), we may also collect sensitive personal data in case of an accident on our premises or at one of our events. This information will be recorded in our Accident Report folder and will be retained for three years for legal reasons. The information will be anonymised into a report for the Trust to help improve the safety of our work and events. This is kept on file indefinitely but cannot be attributed to an individual.

6. Children and young people

We will not collect, store or process your personal details if you are under 13 years old, unless we have the permission of your parent or guardian to do so.

How do we store the data?

1. Security

If your personal data is electronic, it will be stored on a secure Trust computer. Personal data stored physically will be kept securely on our premises. For both, we control who has access to information.

Our staff have received in-house data protection training on our policies and we have a set of data protection procedures which staff are required to follow when handling personal data.

All of the personal data we process is processed by our staff in the UK, however for the purposes of IT hosting, or reporting to external funders, your information may be situated outside of the European Economic Area (EEA).

For example, we use the following cloud-based technology to store and process some data and, where we have your consent to do so, we use photos on our social media accounts to promote what we do.

We have checked that the software below is GDPR compliant and have provided links to their relevant Privacy Policies.

How long will we keep your data for?

We will only keep your data as long as necessary. For each data category, we have assessed how long we need to keep it to ensure we protect your individual rights but also abide by relevant laws and best practice. If you want to find out more about how long we keep data for, please get in touch.

Your rights

Under GDPR, you have rights as an individual.

  • The right to be informed: Our Privacy Policy outlines how we capture your data, how we store it and how we use it. If you have any questions about this, please get in touch.
  • The right of access: You are entitled to know what data we hold on you. If you would like to see a record of what we hold, you can send a Subject Access Request to us for no charge, and we will respond within one month.  Please request a Subject Request Form from us by emailing
  • The right to rectification: We will update any information we hold on you that is inaccurate or incomplete.
  • The right to erase: You can ask us to remove or anonymise the information we hold on you.
  • The right to restrict processing: You can ask us to stop using your personal data at any time.
  • The right to data portability: You can ask to obtain your personal data from us for your own purposes.
  • The right to object: You can ask to be excluded from any marketing activity.
  • Rights in relation to automated decision making and profiling: We will not subject you to a decision that is based on automated processing.

Making a complaint

Overall responsibility for this policy and its implementation lies with the Boards of Trustees.  While we endeavour to protect your privacy, you are entitled to make a complaint if you feel we have failed to do so. You can make a complaint directly to us. If you do so, it will be treated confidentially. If you feel we have not handled your complaint properly, you can get in touch with the Information Commissioner’s Office directly.

For further assistance with complaints regarding your data, please contact the Information Commissioner’s Office, whose remit covers the UK.

  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
  • Telephone: 0303 123 1113         
  • Email:

Leaving our website

If you leave our website, by clicking a link to an external site, we are not responsible for the privacy practices of any of these other websites.  If you have followed a link from this website to another website you may be supplying information to a third party.

Get in touch

Should you wish to find out more about the information we hold about you, or about our Privacy Policy, please contact us:

  • Address: Trust Administrator, The South East Rivers Trust, Connect House, Kingston Road, Leatherhead, KT22 7LTG.
  • Telephone: 0845 092 0110
  • Email:
  • Our office hours are Monday – Friday, 9am – 5pm.