Nordoff Robbins Privacy Policy

At Nordoff Robbins, we use music therapy to enrich the lives of those affected by life-limiting illness, disability and isolation. We provide our services through our own centres and in partnership with hundreds of organisations like schools, care homes, hospitals, mental health services, hospices and brain injury units. We are the largest independent music therapy charity in the UK and are a major training provider for music therapists. We receive no direct government funding so rely on the generosity of our supporters to make our work possible.

We are a charitable company limited by guarantee, with company number 1514616, and registered charity numbers 280960 (England and Wales) and SC048817 (Scotland).

We are also a Data Controller, registered with the Information Commissioner’s Office, Registration Number Z6045613.

Overview of this policy

Your personal information (such as your name and contact details, known as ‘personal data’) is protected by specific legislation:

  • Until 25 May 2018: The Data Protection Act 1998
  • 25 May 2018 onwards: General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)/Data Protection Act (2018)
  • Privacy and Electronic Communications (EC Directive) 2003

The laws in this area continue to develop quickly. We take our responsibilities around data very seriously, and it’s important to us that you understand how and why we ask for and work with your details. Your privacy is important to us and we have policies to ensure that we collect only the data that we need to carry out our business, and that we don’t keep it any longer than we need to.

At Nordoff Robbins, everything we do serves our goal of providing music therapy to those who need it most. We seek to develop a greater understanding of our supporters through their personal data in order to help us give them the best possible experience, fundraise more efficiently and help us change lives for good.

This policy explains how we collect, manage, use and protect your personal data, including how we work with third parties. We never sell or swap your details with any other organisation for their marketing purposes.

You can use the quick links below or scroll down to read the whole policy:

This policy was last updated in June 2019. From time to time, we may make changes to this policy and you will always be able to see here when it was last updated. If we make significant changes, such as in how or why we process your personal data, we will also publicise these changes on our website or may contact you directly with more information. Do revisit this policy each time you consider giving your personal data to Nordoff Robbins.


If you would like more information on anything in this policy, please contact us:


Understanding your rights

It is important that you understand your legal rights around your personal data and how we may use it.

Right to be informed

This privacy policy ensures that you are informed about how we will process your personal data. You might also see messages on some of our forms (or otherwise when we collect personal data from you) that explain why we ask for specific pieces of information from you.

Right of access

You have the right to access a copy of your personal data and receive certain information about what the data is and how and why we are processing it. Please note that we will require you to prove your identity before we disclose any information.

Right to rectification

If you feel that any of the information that we hold about you is incorrect, do let us know so that we can look into it.

Right to object

You have the right to object to the processing that we have outlined in this policy.

Right to erasure / to be forgotten

You have the right to request that we delete your information and can discuss this with us at any time.

You should know that there are some circumstances where we may need to keep your details, for example, if it is necessary to comply with a legal obligation on us. If this situation occurs, then we will explain and discuss these circumstances with you.

Right to restrict processing

You can request that we restrict processing of your data, as an alternative to deleting it – this means that we will keep the data but stop processing for most purposes. You may want to exercise this right if you feel that the data is inaccurate, that our processing of it is unlawful, whilst we progress a request from you to object to processing, or if we have no further need of the data, but you require us to keep it in relation to the establishment, exercise or defence of a legal claim.

Rights related to automated decision making

You have rights to avoid being subject to decisions based solely on automated processing which has a significant effect on you. At Nordoff Robbins we do not carry out any such processing.

Right to data portability

You have the right to request a copy of certain personal data to have it transferred to another organisation in certain circumstances.

You should know that there are some circumstances where these rights may not apply, but where this is the case we will always explain this to you. Please contact us if you have any questions or concerns about your rights and how we collect and use your personal data. You also have the right to make a complaint direct to the UK’s data protection authority, the Information Commissioner’s Office (ICO).

Back to top

Why we collect and use personal data

We collect personal data to help us to process your requests, keep in touch with you, to help us to interact with you in the most effective way and to run our services and charitable activities.

Examples of why we process your personal data include:

  • To deliver and administer music therapy in our centres and through our partners
  • To monitor and support the quality of music therapy delivered by our therapists
  • To provide services or information you have requested
  • To keep notes of conversations that you have with our team, as a reference if you want to revisit the conversation later
  • To notify you of changes to our policies when these affect you
  • If we need to do so to comply with a law, process or regulatory requirement
  • To check with you on how you want us to contact you, and record these preferences
  • To ensure that content from our website is presented in the most effective way for you and your computer
  • To help us publicise the work that we do
  • To keep you updated on our work and the impact of your support
  • To make sure you know about events that you can participate in as a Nordoff Robbins supporter
  • To invite you to participate in campaigns
  • To send you fundraising appeals
  • To process donations or other payments, and verify financial transactions to protect you from fraud
  • To process Gift Aid donations and Gift Aid Declarations
  • To process a legacy or gift that you leave in your will
  • To support you as a volunteer
  • To process your application for and manage your studies as an MMT, PhD or short course student
  • To process a job application you may make with us.

Back to top

The information we collect

The personal data that we collect about you will be based on how you interact with us, but we collect the following information from many of our supporters:

  • Your name
  • Your postal and email addresses
  • Your telephone number or numbers
  • Your date of birth (e.g. if you receive therapy from us or study on one of our degree courses)
  • Recordings made during music therapy sessions
  • Details of any correspondence that we have had with you. For example, if you call our fundraising team they may make a note of the conversation to help with your enquiry or our reception team may record your details to pass on to the relevant department
  • How you would like to hear from us, and when you told us this
  • Details of any donations that you have made to us or any fundraising appeals that you may have responded to
  • Whether or not you have signed up to the Gift Aid Scheme, and when you did so
  • Events that you have taken part in or enquired about.

There is also other information that we may collect and hold in specific circumstances. For example:

  • Your bank account details if you set up a direct debit with us or credit card details if used for donations
  • Health information that you or your health specialist may give us as part of a referral for music therapy
  • Health information that you give us if you are participating in an event to help us ensure your safety e.g. food allergies
  • Campaigning actions that you have taken on our behalf
  • If you are a volunteer or part of our local organiser campaigner network and have told us that you have a specific area of interest to receive training on
  • Our telephone system lists the numbers that have recently called or been dialled, but we do not link these to any supporter records.

Anonymous information: cookies

Like most websites, the Nordoff Robbins site uses cookies; small data files that are downloaded when you use a website, to make the site easier to use. The information that is gathered is totally anonymous to us, but it helps us to see how people use our site, so that we can provide a better user experience. You can find out all about cookies in our specific cookies policy.

Back to top

Sensitive data

Some personal data is legally considered to be sensitive and so is subject to additional safeguards – in data protection law this is known as ”special category” data. Data on the following matters is classed in this way:

  • Race
  • Ethnic origin
  • Political opinions
  • Religion or philosophical beliefs
  • Trade union membership
  • Genetics
  • Biometrics (where this is used for identification purposes)
  • Health
  • An individual’s sex life
  • Sexual orientation.

Similar protections apply to personal data relating to criminal convictions and offences.

We will only collect or use this type of data if there is a specific reason for doing so. We will always explain this reason to you when we ask for the data and will usually ask for your explicit consent to use it. For example, if you register to run a marathon on our behalf, we may ask to collect and store information on your health for your own protection and to make sure that we can provide you with appropriate facilities and support. We wouldn’t ask for consent if it is information that you have clearly made public, for example, your political views if you’re a political figure or candidate, or your religion if you’re working with us because you represent a faith group.

Age is not legally considered as a special category of data, but we will always treat it sensitively.

Back to top

Our legal basis for processing your information

We will always make sure that we consider why we are processing your personal data and identify our legal basis for doing so. In most cases this will be because you have given us your consent to hold and process information about you. We may also process your data where we are furthering our legitimate aims as a charity, trainer and provider of music therapy services and have assessed that the processing is not likely to be too intrusive, or unduly infringe on your rights and freedoms. In legal terms, this is called the “legitimate interests” basis.

You have the right to object to us processing your data on the grounds of our legitimate interests. If you would like us to stop using your data on this basis, please get in touch with our Fundraising Team. You will also see a ‘please do not contact me by post’ box on our communications where we are using the legitimate interest basis, and you can also tick this to ask us to stop sending these.

In some cases, we have a legal or statutory duty to process information, and we will always comply with any legal requirement. We may also process your personal data where it is necessary to carry out the terms of a contract which we have with you (or when we are in the process of forming that contract with you).

For a more detailed outline of how and when we use your data depending on your relationship with us, click on the quick links below or scroll down.

  • How and when we use your data if you’re accessing our music services
  • How we use your data if you’re applying for a job with us.

How we use your data if you’re accessing our music services

Most often we will collect data directly from you, for example when you are referred for music therapy at one of our centres or in a partner organisation. Whenever we ask for information from you, we will explain why we are asking for it (including by reference to this policy), and you will always be given a choice about how we communicate with you.

As a charity working in the therapeutic and social care spaces, there are specific types of personal data that we may process in order to deliver our services to you. We actively prioritise consent as the key basis upon which we collect personal data to do this. In addition to this, we recognise that our delivery practices as a charity offering music therapy requires processing of data which falls into the “special categories” (or sensitive personal data), such as medical information needed to deliver our services effectively and safely. We will only collect data necessary and relevant to your therapy and will use it to provide you with the best care and service.

The music therapist that you work with will need to know some information about you so that we can be sure they are delivering our service safely and appropriately. Our administrator and the service managers also need access to this data to make sure our music therapy service runs efficiently and effectively.

We use your personal data to:

  • help you decide which services are suitable for you such as an individual session or group work
  • help us to work with you to provide the services you receive
  • make sure we have up to date contact details for you
  • make sure the services you receive are safe and effective
  • work effectively with others who also provide care and support in your life.

Who has access to my personal data?

Other people within Nordoff Robbins will also need to use some of your personal data to:

  • check the quality of our services
  • help with planning new services
  • help investigate any worries or complaints you have about our services.


When we need to share information about you with external agencies providing care and support to you, we will agree this with you. We will not share your personal data, unless:

  • you ask us to
  • we ask and you give us permission, for example in fundraising and marketing campaigns
  • we have good reason to believe that not sharing the information would put you or someone else at risk particularly in cases of safeguarding.


Is my personal data confidential?

Personal data is kept confidential and is not disclosed inside or outside Nordoff Robbins without your agreement or a good reason. One such reason might be to assist the emergency services if someone is severely unwell or in danger. Another reason might be to help police in preventing or detecting a crime.

Is my personal data kept securely?

Nordoff Robbins has secure record keeping systems which can only be accessed by authorised people within the organisation.

Can I access my personal data?

You have the right to see or obtain copies of your personal data held by Nordoff Robbins. You may wish to ask us to update or correct certain details. If you wish to make an enquiry about your personal data, please write to us at:

Head of Music Services

Nordoff Robbins
2 Lissenden Gardens

Or email:

Can I ask for my data to be deleted?

You can ask for us to delete all information we hold on you at any time by contacting Nordoff Robbins. You should however be aware that we would no longer be able to provide a service for you if we are unable to hold your information. 

Will my personal data be used for public purposes such as fundraising, marketing and external teaching and conferences?

We would only use information about you including photos and videos if you have given explicit, additional consent for this in writing to us. We will also check with you if there are any exceptions such as not wanting your image on social media or only certain images being used. You can withdraw your consent at any time. To do so, please contact the communications team.

How long will Nordoff Robbins keep written records about me?

We will keep written records, securely stored electronically, about your music therapy with us for seven years after you stop using our services so that the information can be used for any follow-up activity that may be needed.

How long will Nordoff Robbins keep audio/visual recordings of me?

Unless you have given us explicit consent for us to use any film or audio recordings of your sessions publicly, the recordings will be deleted within six months of your music therapy coming to an end.

If you have given your consent for specific public use of your audio/visual recordings and we consider the materials to be of specific value for our educational and music therapy promotion purposes, we will keep them for up to 30 years. However, you can withdraw your consent at any time. To do so, please contact the communications team and we will then delete this content from our files.=

Will my music therapist take a copy of the recordings of my sessions when they leave Nordoff Robbins?

We would only allow your music therapist to take a copy of any recordings of you if you have given explicit, additional consent for this in writing to us. We would never let them take written records. When therapists leave Nordoff Robbins, we ask that they sign a leaving letter to confirm that they will store and keep all data they hold in line with Data Protection law/best practice.

Will my data be used by Nordoff Robbins to contact me about marketing and fundraising activity?

We have a duty to those who use our music therapy services to promote ourselves and our work; to responsibly raise as much money as possible to further our charitable aims; to update you on our progress; and to operate in an effective way. So we may further our legitimate interests by communicating with you about marketing and fundraising materials and products. We always pursue these interests in a respectful manner but you have the right to object to us processing your data for this purpose and can always ask not to receive such information. Just contact our Fundraising Team.

How and when we use your data if you’re supporting our work

If you are looking to support our work we will mainly process your data on the basis of your consent. Whenever we ask for information from you we will explain why we are asking for it and you will always be given a choice about how we communicate with you. Examples of this include:

  • To send you marketing by SMS (text message)
  • To send you direct messages through social media
  • To process health information that you give us if you are participating in an event, for example any food allergies you have.

When you give your consent for us to contact you, we do not treat this as valid indefinitely. However, we understand that our supporters want to continue to hear from us whilst they have an active relationship with us, and for a period afterwards. Here are some examples of what we mean by an active relationship:

  • If you make a donation or sponsorship payment to us, including regular gifts
  • If you fundraise on our behalf (for example by taking part in Ride London or organising a gig)
  • If you tell us that you have left us a gift in your will
  • If you take a campaign’s action for us, such as signing a petition
  • If you have an ongoing conversation with one of our fundraisers about our work
  • If you are actively engaging with our email communications.

We will consider your consent to be valid whilst you take these actions, and then for seven years afterwards, to enable us to keep you up to date with our work and to offer you other ways you might choose to support us. At the end of this time period then we will get in touch with you to re-confirm that you are happy to continue to hear from us.

You can withdraw your consent at any time. If you wish to do so, or have any questions on this, please contact us:


General marketing communications and fundraising activity

We will make it easy for you to tell us if you would like to receive marketing communications from us and hear more about our work, and the ways in which you would like to receive this information (post, email, SMS and phone). We want to make sure that we keep in touch with you when, and how you want. Every marketing communication that we send will outline how you can update us on your preferences, and all of our emails have an Unsubscribe link.

If you tell us that you do not want to receive marketing communications, we will remove you from our list and will not contact you further with marketing communications. We will ensure that our records are updated as soon as possible once we receive your instructions. For our postal communications, it can take up to 28 days for any change to take full effect because of the production times for our campaigns

You can opt into marketing communications, update your preferences or unsubscribe here:

There are some administrative messages that we legally must share with you, which are not affected by how you have told us you would like us to contact you for marketing materials. Examples of these are:

  • Confirming the details of any direct debit that you set up with us, including your bank account and payment details
  • Confirming where you have made a Gift Aid Declaration orally, so that we can give you the information on the tax implications of this.

If we send you one of these messages, we will only use it to share the detail that we have to legally provide you with and will not use it for marketing.


To further our legitimate interests as a charity we undertake a number of different activities that can be known as “profiling”. We use these to help us manage our resources effectively, so that we can understand your interests or your capacity to give and give you a truly tailored experience.

The most common form of profiling that we undertake is to segment and analyse our supporter data. In practice this means sorting our data to build reports to understand the characteristics of our supporters, and how they choose to interact with us. We also use segmentation to identify particular audiences for some of our communications: for example, to send information on running events to supporters who have previously enquired about or participated in these in the past. One part of segmentation is propensity modelling, where we look at different aspects of the data that we hold to determine how likely a supporter is to respond to communications that we send. Based on what you’ve done before, we will tailor any ask we make to you.

We may provide targeted social media advertising, which we believe will be of relevance to you given your specific interests. Please note, advertisement targeting is driven by the specific social media platform and your ability to opt-out of adverts that you feel are not relevant to you comes down to personal management and choices on your social media platforms.

You have the right to object to us processing your data in this way. If you would like us to stop using your data on this basis, get in touch with our Fundraising Team. You will also see a ‘please do not contact me by post’ box on our communications where we are using the legitimate interest basis, and you can also tick this to ask us to stop sending these.

Working with high net worth individuals

We value the opportunity to work with people, trusts, foundations and companies that are able to support our work through partnerships, networks and higher levels of giving (typically over £1,000 a year). This is a crucial area of fundraising for us so we use profiling to help us to identify other individuals who may also be able to give at this level and form mutually beneficial partnerships.

We analyse our database and use information on how supporters have engaged with us in the past to see if we believe that they would be interested in building a relationship with our major donor fundraisers. We then use publicly available sources of information to understand their philanthropic interests and capacity to give greater support and we may also identify other potential new supporters this way. Using this information means that we can tailor communications to areas of our work that we believe will be of interest to them, as we know that donors want information relevant to their motivations. It enables us to spend less money than we otherwise would to raise more funds, faster. It also allows us to ensure that we do not contact people inappropriately.

These external data sources include:

  • Official sources such as Companies House, Charity Commission and other registers, the Electoral Roll, Who’s Who and Debrett’s guides
  • Publicly available materials such as in newspapers, magazines and reputable websites
  • Information that individuals put into the public domain such as on company websites or biographies on professional networking sites
  • Geographic and demographic information based on postcode.

For the avoidance of doubt, we do not undertake what has traditionally been known as “wealth screening”, where an organisation asks a company to provide information that it holds on the wealth of specific named individuals.

For very high value donations we also have a responsibility (and often a legal duty) to understand the source of that money. We therefore also carry out some research on that basis, to assess and manage potential risks with regards to money laundering and other offences and ensure that there is no conflict with Nordoff Robbins’s aims and ideals.

How long we keep supporter data for
We want to make sure we have up to date records for as long as you are actively supporting Nordoff Robbins, such as participating in our campaigns, donating to us or corresponding with us. Once you are no longer an active supporter, we will keep your data for a set period of time, which we calculate depending on the information that you originally provided, and why you gave it to us. At the end of this time period, we will remove any personal details from our records of you to ensure that any information is entirely anonymous.

In general, we will keep records of financial donors for at least seven years after you were last actively engaged with us, to meet our requirements for any Gift Aid audit from HMRC. If we have asked for sensitive personal data specific to an event, we will dispose of this data within a month after the event.

The seven-year time period applies to most people, but you should be aware of the exceptions below:

  • If you have a relationship with our major donor, trusts or celebrity teams, or are a member of a community supporter group, we will keep your information for 30 years. These are special, very personal relationships and so it’s important that we have detailed records of past work if a supporter chooses to work with us again.
  • If you are a legacy supporter then we will keep your records for 10 years after your legacy case is closed. We want to make sure that we have the records we need to administer any legacy gifts in the way you want. Legacy records will always be deleted after 100 years at the absolute maximum.
  • If you have provided consent for us to use your case study for publicity purposes, we will keep this information for 30 years, unless we receive communication from you alerting us that you no longer want this information to be shared.
  • If you have taken campaigning actions for us we will keep your data for five years. We always report back to supporters who take part in campaigning activities, to update them on the success of that campaign. Some of our campaigns can take up to five years to be completed.

At the end of this time period, we will remove your personal details from our records, to ensure that they are entirely anonymous. We keep records on how our supporters have interacted with us, but not of who those supporters are. For example, we want to be able to see how many supporters donated to a particular appeal, told us that they took a campaign action or requested information from us. This helps us to understand how to use our resources in the future so that we can raise funds in the most effective way.

Your right to be forgotten

You have a right to be forgotten, which means that you can ask us to delete your personal details before the end of the time limits we’ve listed in the table above. You should know that there are some circumstances where we may need to keep your details, for example, in order to comply with a legal obligation. If this situation occurs then we will explain and discuss these circumstances with you.

If you would like to discuss or exercise this right, please do get in touch with our Fundraising Team:


Telephone: 020 7267 4496

Post: Fundraising, Nordoff Robbins Centre, 2 Lissenden Gardens, London NW5 1PQ

Back to top

How and when we use your data if you’re studying with us

In order to run our educational programmes and courses effectively, we need to process some of your information. We want to be completely transparent about why we collect and hold your personal details and how we will use them. We only collect information when you give it to us DIRECTLY: You may give us your details when you email us, book a place on one of our short courses, apply for the MMT course or PhD programme, or sign up to receive our email newsletter. With your consent, we will contact you to let you know about different education activities you might be interested in.

What details we ask for, why and how we use it
There are minimum levels of information we need to obtain from you for different purposes:

Short course participants
We always ask for your name and title, so we know how to talk to you. We also need to know how to contact you which is why we will ask for your email address and contact preferences. We may also ask for your house number and postcode so that we hold a valid postal address for you. Sometimes we will ask you for your date of birth and how you learned about us or your relationship to us – this is all for statistical purposes and to help us understand where our services are needed most and by whom.

We will mainly use your data to:

  • Provide you with the information you asked for
  • Book a place for you on one of our short courses and /or help you decide which programmes are suitable for you such as an individual or representative of an organisation
  • Keep a record of your relationship with us
  • Ensure we know how you prefer to be contacted
  • Understand how we can improve our educational provision across the country.


MMT/PhD Applicants

The application process to become a student on a validated programme at Nordoff Robbins involves the collection of a range of information that will allow us to shortlist applicants and offer places to new students in a fair and transparent way. We will mainly use your data to:

  • Shortlist applicants for auditions
  • Offer places on our Masters or PhD programmes to new students
  • Keep a record of your personal details and your next of kin details in order for us and Goldsmiths, our validating university, to contact you regarding administrative issues throughout your studies
  • Keep a record of your academic information (marks, submitted coursework and relevant assessment information) for your tutors to access and use throughout in order to support your academic journey with us.


Sharing data with our validating university
Students on our validated programmes (the Masters programme and the MPhil/PhD programme) need to register with Goldsmiths, University of London. To facilitate this, we pass to Goldsmiths the contact details of accepted students. Goldsmiths then collect data directly from the students and this is subject to their own data collection and retention policies. We share our aggregated and anonymised diversity monitoring data with Goldsmiths – this is not personally identifiable information.

When we will get in touch
When you give us your personal details – for example, when you sign up for a short course, book a place to attend one of our open evenings or sign up to receive our education e-newsletter – you may receive follow up information from us, including news and updates on Nordoff Robbins education activities and events. Alumni from our validated programmes are also invited to join our alumni mailing list: we send termly newsletters to members of this mailing list.

Where you consent to us sending you marketing information regarding education courses and programmes, you have a right to tell us to stop contacting you at any time.

How to stop or change how we communicate with you
If at any time you wish to stop or change how we communicate with you, ask us to remove you from our records or to update the information we hold, please do get in touch, using one of the following options:

  • Write to:Education department, Nordoff Robbins, 2 Lissenden Gardens, London NW5 1PQ
  • Call:020 7267 4496 and ask to be put through the education department


You can opt out of our emails by clicking on the unsubscribe link at the bottom of our e-newsletters.

Is my personal data kept securely?
Nordoff Robbins has secure record keeping systems which ensure that only people who really need access to your data will have access to it.

  • Participants on short courses: The information you give us is held by the Education Administrator and is accessible to the person who oversees our short courses. Your contact details are available to the person running your course.
  • Applicants to validated programmes (MMT and MPhil/PhD): The information you give us is held by the Education Administrator and is accessible to members of the selection panel for the relevant programme.
  • Students on validated programmes (MMT and MPhil/PhD): The information you give us is held by the Education Administrator and is accessible to tutors on the relevant programme.


How can I request that my information be removed from Nordoff Robbins’ records?
You can contact the Education Administrator at any time to request this.

Call 020 7267 4496 during our office hours
Write to us at Education department, Nordoff Robbins, 2 Lissenden Gardens, London NW5 1PQ

How and when we use your data if you’re applying for a job with us

We collect information from anyone who applies to work or volunteer at Nordoff Robbins. We only use this information for our recruitment or employment purposes and it is entirely separate to our supporter data. As an applicant or employee, you are entitled to the same rights as our supporters, as outlined in the ‘Understanding Your Rights’ section of this policy.


When you apply to work or volunteer at Nordoff Robbins we will ask for information about you and your work history to understand how your skills and past experience matches the requirements of a role.

There are two circumstances where we might disclose details outside of Nordoff Robbins as we process your application:

  1. We will ask for details of referees, and we will contact them to verify the information that you have given us – when we contact them, we will share your name and the role that you have applied for. We contact referees on the basis of our legitimate interests as an organisation to understand applicants and their suitability for the roles they apply for.
  2. Some roles also require us to obtain a disclosure from the Disclosure & Barring Service. This will be clearly marked in the advertisement and so we will not give you further notice before we apply for this disclosure.

All candidates applying to work or to volunteer at Nordoff Robbins will automatically have their application details saved and retained on our secure recruitment portal and in our Talent Bank for 12 months. We use our Talent Bank to identify candidates who were unsuccessful in their application, but who we feel may have an interest in and suitability for another role.

If you would like for us to remove your personal details from our system at any time before that, please write to: JobsUK@Nordoff

You should know that we always keep anonymous statistical information about applicants to develop our recruitment processes and for equality and diversity monitoring, but this does not contain any information that could be used to identify individual job applicants.


If you begin employment with us, we will put together a staff file, which will contain your information. We keep the information in this file secure and will only use it for matters that apply directly to your employment with Nordoff Robbins.

We provide all of our employees with an internal privacy notice, which explains exactly how we process their data as an employee, including how we use their personal data in case of emergency, and how long we retain all of this information for.

How we keep your information secure

Nordoff Robbins takes the care of your data very seriously and we use a combination of organisational and technological security measures to protect your personal information to the highest possible standards. This includes the use of secure cloud-based servers, firewalls, virus and malware protection, secure socket layer (SSL) encryption and secure file transfer protocol for our work with third parties. We follow payment card industry (PCI) security compliance guidelines when processing credit card payments.

Access to all Nordoff Robbins data is protected by complex passwords, including letters, numbers and characters: in some cases, more than one method of authentication is used. We make sure that only staff who need to access your personal data can do so. Any member of our staff who has access to your personal data is given training to make sure they understand the importance of keeping your information safe and secure at all times.

Whilst we take all of the measures that we’ve outlined above, unfortunately, the transmission of information using the internet is not completely secure. Although we will do our best to protect your personal data sent to us this way, we cannot guarantee the security of data transmitted to our site.

In the extremely unlikely event that we experience a data breach, our directors would immediately work with our information security team and the Information Commissioner’s Office if necessary to contact anybody directly impacted and to resolve the situation as quickly as possible.

Back to top

Working with third parties to process data

At Nordoff Robbins, we sometimes work with third parties. It’s important that you understand the circumstances where this might happen, and who we work with.

We never sell or swap your details with any other organisation for their marketing purposes.

These are some examples of how we work with third parties:

  • Where we work with other Nordoff Robbins centres, subsidiaries or affiliates.
  • Where we sign a contract with a third-party supplier to carry out services for us. These contracts will always hold a supplier to our own high standards of data protection, to ensure that they treat your information with the same care as we do.
  • Where you register to take part in an event (such as a marathon), and we have to provide your details to the event organiser to secure your place.
  • Where a company sends us data because you have given permission for them to share it, for example, where you set up an online giving fundraising page, sign up for an event via a third party or register with the Telephone or Fundraising Preference Services.
  • Where we use companies who can help us to enhance the information that we hold about you, for example, to help us to understand which parliamentary constituency you fall into, the size and composition of your household, or the demographic of people living in your postcode area.
  • Where we might use your phone number or email address to communicate with you on social media. This won’t be through direct, personal messages, but updates about our work and stories that we think you might be interested in, which might appear in the form of content on your newsfeed.
  • Where we legally have to share information. For example, if you make a Gift Aid declaration to enable us to claim Gift Aid on donations that you make, we have to share your name and address with HMRC so that they can audit our claim.

Third party suppliers
We may use companies to provide services and process your personal data on our behalf, where they have a specific expertise or can offer the most cost-effective solution for us. Some of the activities that third-party companies carry out for us are:

  • Packing and delivering postal mail
  • Making telephone calls to our supporters
  • Signing up new supporters for us in door to door, street or private site campaigns
  • Sending emails
  • Processing credit card payments
  • Auditors of financial accounts.

Whenever we work with a company in this way, we will always have a contract with them, to be certain that they treat your data with the same level of care and respect as we do. We will only send them the data that they need to carry out their specific service, and they are required to delete it or return it to us once they have completed this. Your data will only ever be passed to them for the services that they carry out on our behalf, it is never shared for their marketing purposes.

Event Organisers

Some events require us to pass your personal information to the event organisers to secure your place. We will always make this clear to you at the point of your registration, so you understand the information that we will transfer, and who will receive it.

Examples of companies we currently work with in this way are:

  • Virgin London Marathon: Marathon Events Limited
  • Ride London: Surrey Cycling Partnership
  • Tough Mudder: Tough Mudder
  • FirstHand Experiences : Different Travel

If you attend our clay shoot, golf event or day at the races we need to pass your details to the venue for security purposes.

If you have special dietary requirements and attend one of our fundraising events we will need to pass those details onto the venue.

Third Parties who send us data

Some third-party organisations collect data on our behalf, and share it with us, in accordance with their policies and procedures for data protection compliance. Some of these organisations are data management companies, which we use to ensure that data you have provided us with is up to date. We do not use this to add new contact data; so if we already have your address, we may update this, but if we do not have your telephone number we will not use one of these companies to find and record it. Whenever you give your data to any organisation, you should always make yourself aware of their data protection and privacy policies.

Here are some examples of organisations we currently receive this information from:

  • Online Giving Providers: BT MyDonate; JustGiving; Virgin Money Giving;
  • Events Companies: Action Challenge; Charity Challenge; Classic Tours; Discover Adventure; EventBrite; RealBuzz; Skyline; Tough Mudder.
  • Digital auction companies – Superstars, givergy, Eventech, D & G, FR Events
  • Payroll Giving Agencies: Hands on Payroll Giving, Payroll Giving in Action.
  • Online Petition Sites: Care2
  • Data Management Services: Telephone Preference Service, Fundraising Preference Service, National Change of Address Register (managed by Royal Mail), Mortascreen.
  • Ticketing agencies – Universe, Eventbrite, Global events
  • Companies who provide us with additional information

Understanding our supporters helps us to provide them with a really personalised experience and makes sure that we use our marketing budgets in the most efficient way. We may collect the following additional information about our supporters:

  • Information on the size and composition of your household
  • Your parliamentary constituency
  • Information about your interests and hobbies
  • The age band that you fall into.



Social media

Using social media is a great way for us to update you on our work so we may use your data to create targeted marketing campaigns on platforms such as: Facebook, Instagram and/ or Twitter. This means that these social media platforms will match interests, behaviour and demographics to create a new audience which closely matches our existing supporters. Using this method is the most efficient way for us to reach more people who are likely to take an interest in our work, meaning we use our funds most effectively.

In addition to this, we may use your data to create ‘lookalike’ audiences on Facebook and Instagram. This means that Facebook and Instagram will match interests, behaviour and demographics to create a new audience which closely matches our existing supporters. Using this method is the most efficient way for us to reach more people who are likely to take an interest in our work, meaning we use our funds most effectively.

If you don’t want us to use your data in this way, get in touch with our Fundraising team and we will make sure your details are not included.

Where we have a legal requirement

We will always share data where we have a legal requirement to do so. Examples of this include providing audit information to HMRC for our Gift Aid claims or if we are required to do so by law enforcement officials. If we were to merge with another charity or restructure, we may also share your personal details with other entities involved in the merger/restructure for that purpose.

Back to top

Where we keep your information and when it might be transferred outside of Europe

Nordoff Robbins is aware that countries outside of the European Economic Area have differing standards of data privacy. Much of our data is kept within Nordoff Robbins systems here in the UK, but there are a number of exceptions that you should be aware of:

Some countries (but not every country in which we work) have been determined by the European Commission to have “adequate” standards of data protection compliance. Organisations we work with who process data in the USA have verified that their data processing standards meet the standards in the EU-US Privacy Shield, which sets out clear safeguards and transparency responsibilities for US-based organisations processing data from EU citizens, or that they otherwise have proper safeguards in place.

Back to top