Privacy & Cookie Policy 

This privacy statement describes how Thomson Foundation collects and uses the personal information you provide on our websites. For these purposes, Thomson Foundation is the data controller of any personal data we collect.   

Thomson Foundation (UK registered charity number 313750) (“TF”, “we”, “us”, “our”), is committed to protecting your privacy. At all times we aim to respect any personal information you share with us, or that we receive from other organisations, and keep it safe. This Privacy Notice (“Notice”) sets out our data processing practices and your rights and options regarding the ways in which your personal information is collected (including through our website – www.thomsonfoundation.org) and used. 

The provision of your personal information to us is voluntary. However, without providing us with your personal information, your use of our services or your interaction with us may be impaired. For example, you will be unable to sign up for training or to receive our email newsletter.   

The mobile applications are distributed via the Apple App Store and Google Play Store, each of which may collect and process data independently in accordance with their own privacy policies. 

Policy contents index

1. We collect personal information about you  
2. Tracking and Advertising Disclosure 
3. What personal information do we use?  
4. How and why will we use your personal information?  
5. Push Notifications 
6. Lawful bases  
7. Communications for marketing  
8. Children’s personal information  
9. How long do we keep your personal information?  
10. Will we share your personal information?  
11. Security/ storage of and access to your personal information  
12. International Data Transfers  
13. Use of Artificial Intelligence 
14. Exercising your Rights  
15. Changes to this Notice  
16. Links and third parties  
17. How to contact us  

1. We collect personal information about you:  

a. When you give it to us directly  

For example, personal information that you submit through our website by signing up for our email newsletter or to register for training, e-learning or our competitions, or personal information that you give to us when you communicate with us by email, phone or letter.  

b. When we obtain it indirectly  

For example, your personal information may be shared with us by third parties including, for example, our business partners; sub-contractors in technical, payment and delivery services; analytics providers and search information providers. To the extent we have not done so already, we will notify you when we receive personal information about you from them and tell you how and why we intend to use that personal information.  

c. When it is available publicly  

Your personal information may be available to us from external publicly available sources. For example, depending on your privacy settings for social media services, we may access information from those accounts or services (for example when you choose to interact with us through platforms such as Facebook, Instagram or Twitter).  

d. When you visit our website, we automatically collect certain technical information, including:  

  • IP address used to connect your device to the internet  
  • Browser type and version, time zone setting, browser plug-in types and versions, operating systems and platforms
  • Information about your visit, such as URL clickstream to and from the website (including date and time), services viewed or searched for, page response times, download errors, length of visits to certain pages, referral sources, page interaction information (such as scrolling and clicks), and methods used to browse away from the page

e. When you access our services via our mobile application, we may collect additional information specific to app usage, including: 

  • device information such as device model, operating system, app version and unique app instance identifiers; 
  • in‑app activity data, including pages or screens viewed, learning progress, interactions, and session duration; 
  • diagnostic and performance data, including crash reports and error logs. 

This information is used solely to operate, secure and improve the functionality and performance of the application. 

 
We use cookies for the following purposes:  

  • To keep track of your preferences and profile information  
  • To collect general usage and volume statistical information that does not include personal information  

Cookies help us improve website functionality and user experience. In general, we may combine your personal information from different sources for the purposes set out in this Notice.  

Managing cookies  

You can control and manage cookies through your browser settings. Most browsers allow you to:  

  • Accept or reject cookies  
  • Delete existing cookies  
  • Set preferences for certain websites  

Please note that disabling cookies may affect the functionality of our website and limit your ability to use certain features.  

2. Tracking and Advertising Disclosure 

Our mobile application does not use third‑party advertising, behavioural advertising, or cross‑app tracking technologies. 

We do not track users across apps or websites owned by other companies, and we do not sell personal data. 

Where analytics tools are used within the app, they are configured to collect aggregated, non‑identifying information solely for performance monitoring and service improvement.

3. What personal information do we use?  

We may collect, store and otherwise process the following kinds of personal information:  

  1. your name and contact details (including emergency contacts), including postal address, telephone number, email address and, where applicable, passport and social media identity; 
  2. your date of birth and gender;  
  3. your financial information, such as bank details and/ or credit/ debit card details, account holder name, sort code and account number;  
  4. information about your computer/ mobile device and your visits to and use of this website, including, for example, your IP address and geographical location;  
  5. details of your qualifications/ experience;  
  6. information about our services which you use/ which we consider may be of interest to you; and/ or
  7. any other personal information which you choose to share with us as per section.  
  8. The mobile application may request access to certain device features (such as notifications or local storage) where necessary for core functionality. You may manage or revoke app permissions at any time through your device settings. Disabling permissions may limit certain features but will not prevent general access to the Platform. 


Do we process special categories of data?  

The EU General Data Protection Regulation (“GDPR”) recognises certain categories of personal information as sensitive and therefore requiring more protection, for example information about your health, ethnicity and political opinions. 

 In certain situations, TF may collect and/or use these special categories of data (for example, we may need to know details of your medical conditions so that we can make reasonable adjustments to ensure equal access to our training courses.). We will only process these special categories of data if there is a valid reason for doing so and where the GDPR allows us to do so.  

4. How and why will we use your personal information?  

Your personal information, however provided to us, will be used for the purposes specified in this Notice. We may use your personal information:  

  1. to register you for our training courses and administer your participation;  
  2. to allow you to take our e-learning courses;  
  3. to allow you to enter our competitions;  
  4. to allow you to join our knowledge sharing platform;  
  5. to otherwise provide you with services, products or information you have requested;  
  6. to provide further information about our work, services, activities or products (where necessary, only where you have provided your consent to receive such information);  
  7. to process your payments;  
  8. to answer your questions/ requests and communicate with you in general;  
  9. to further our charitable aims in general, including to promote inclusivity in journalism and communications;  
  10. to analyse and improve our work, services, activities, products or information (including our website), or for our internal records;  
  11. to report on the impact and effectiveness of our work;  
  12. to run/ administer our website, keep it safe and secure and ensure that content is presented in the most effective manner for you and for your device;  
  13. to register, administer and personalise online accounts;  
  14. to register and administer your participation in events;  
  15. for purposes of publicity;  
  16. to audit and/ or administer our accounts;  
  17. to satisfy legal obligations which are binding on us, for example in relation to regulatory, government and/ or law enforcement bodies with whom we may work (for example requirements relating to the payment of tax or anti-money laundering);  
  18. for the prevention of fraud or misuse of services; and/or  
  19. for the establishment, defence and/ or enforcement of legal claims.  

5. Push Notifications 

If you enable push notifications, we may send service‑related messages such as learning reminders, account notifications or important platform updates. 

Push notifications are optional and can be disabled at any time through your device settings. We do not use push notifications for third‑party advertising or promotional tracking purposes. 

6. Lawful bases

The GDPR requires us to rely on one or more lawful bases to use your personal information. We consider the grounds listed below to be relevant:  

here you have provided your consent for us to use your personal information in a certain way (for example, we will ask for your consent to use your personal information to send you marketing or promotional material by email, and we may ask for your explicit consent to collect special categories of your personal information).  

  • Where necessary so that we can comply with a legal obligation to which we are subject (for example, where we are obliged to share your personal information with regulatory bodies which govern our work and services).  
  • Where necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract (for example, where you pay to attend for one of our training or e-learning courses).  
  • Where it is in your/ someone else’s vital interests (for example, in case of medical emergency suffered by an individual).  
  • Where there is a legitimate interest in us doing so.  


The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests (as long as that processing is fair, balanced and does not unduly impact on your rights).   

In broad terms, our “legitimate interests” means the interests of running TF as a charitable entity and pursuing our aims and ideals; for example improving standards of journalistic and communications training, providing skills-intensive training and improving audience engagement with different media.   When we process your personal information to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).  

7. Communications for marketing

We may use your contact details to provide you with information about our work, events, services and/ or products which we consider may be of interest to you (for example, about services you previously used, or updates about fundraising appeals and/or volunteering opportunities via our newsletter).  

Where we do this via email, SMS or telephone, we will not do so without your prior consent (unless allowed to do so via applicable law).  

Where you have provided us with your consent previously but do not wish to be contacted by us about our projects and/or services in the future, please let us know by email at enquiries@thomsonfoundation.org. You can opt out of receiving emails from the TF at any time by clicking the “unsubscribe” link at the bottom of our emails.

8. Children’s personal information 

Our Platform is intended for professional learning and educational purposes. We do not knowingly collect personal data from children under the age of 13 through our mobile application without appropriate authorisation. 

Where the Platform is accessed as part of an educational programme, data is processed solely for learning delivery and platform administration.

9. How long do we keep your personal information?

In general, unless still required in connection with the purpose(s) for which it was collected and/or processed, we remove your personal information from our records six years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure (please see Section 12 below), we will remove it from our records at the relevant time.  

If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted materials in the future.

10. Will we share your personal information?

We do not sell or rent your personal information to third parties for marketing purposes. However, in general we may disclose your personal information to selected third parties in order to achieve the purposes set out in this Notice.  

Non-exhaustively, those parties may include:  

1. suppliers and sub-contractors for the performance of any contract we enter into with them, for example IT service providers such as website hosts or cloud storage providers;  
2. Governments and entities in overseas countries if you are a consultant travelling to such place to provide training;  
3. insurers;  
4. banks;  
5. professional service providers such as accountants and lawyers;  
6. parties assisting us with research to monitor the impact/ effectiveness of our services;  
7. regulatory authorities, such as tax authorities; and/or  
8. analytics and search engine providers.  
9. mobile application service providers that support app hosting, analytics, crash diagnostics and notification delivery, strictly for the purpose of operating and improving the application and subject to contractual confidentiality and security obligations.  

In particular, we reserve the right to disclose your personal information to third parties:  

  • in the event that we sell or buy any business or assets, in which case we will disclose your personal information to the (prospective) seller or buyer of such business or assets;  
  • if substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets;  
  • if we are under any legal or regulatory duty to do so; and/or  
  • to protect the rights, property or safety of TF, its personnel, users, visitors or others.  

11. Security/ storage of and access to your personal information  

TF is committed to keeping your personal information safe and secure and we have appropriate and proportionate security policies and organisational and technical measures in place to help protect your information.  

Your personal information is only accessible by appropriately trained staff, volunteers and contractors, and stored on secure servers with features enacted to prevent unauthorised access.  

App‑related usage and diagnostic data is retained only for as long as necessary to maintain service quality, comply with legal obligations, or resolve technical issues, after which it is anonymised or securely deleted. 

12. International Data Transfers 

Given the nature of our work, we are involved in the transfer of personal information to countries outside the UK and the European Economic Area (“EEA”).  

This may be because we use agencies and/ or suppliers to process personal information on our behalf and they will transfer and store personal information in a location outside the EEA, for example the United States. Or it is because you are a consultant travelling overseas on an assignment which requires us to transfer your personal information to a government or entity based in that location (e.g. providing your passport details).  

Please note that some countries outside of the UK and the EEA have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. Where your personal information is transferred, stored and/or otherwise processed outside the UK or EEA in a country that does not offer an equivalent standard of protection to the UK or EEA, we will take all reasonable steps as far as possible to ensure that the recipient implements appropriate safeguards (such as by entering into European Commission-approved model contractual clauses) designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Notice. We may obtain your explicit consent to such transfers or, given that the transfer in these circumstances is limited in scope, is not repetitive and is necessary for compelling legitimate interests not overridden by your rights (since you voluntarily agree to be a consultant on an assignment), we may proceed with the transfer having considered all the circumstances surrounding the transfer and taken suitable safeguards.  

If you have any questions about the transfer of your personal information, please contact us using the details below.  

Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure – however, once we have received your personal information, we will use strict procedures and security features to try and prevent unauthorised access.  

13. Use of Artificial Intelligence

We may use artificial intelligence (AI) technologies to enhance our services, including: personalising content and recommendations, improving website functionality and user experience, detecting fraudulent or malicious activity, and analysing aggregated data for research and service improvement. AI systems will process personal information in accordance with applicable data protection laws, including GDPR. We do not use AI for fully automated decision-making that produces legal or similarly significant effects without human oversight.

14. Exercising your Rights

Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing or fundraising purposes or to unsubscribe from our email list at any time. You also have the following rights:  

1. Right of access – you can write to us to ask for confirmation of what personal information we hold on you and to request a copy of that personal information. Provided we are satisfied that you are entitled to see the personal information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exemptions that apply.  
2. Right of erasure – at your request we will delete your personal information from our records as far as we are required to do so. In many cases we will propose to suppress further communications with you, rather than delete it.  
3. Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated. You can also ask us to check the personal information we hold about you if you are unsure whether it is accurate/up to date.  
4. Right to restrict processing – you have the right to ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate usage.  
5. Right to object – you have the right to object to processing where we are (i) processing your personal information on the basis of the legitimate interests ground, (ii) using your personal information for direct marketing or (iii) using your information for statistical purposes.  
6. Right to data portability – to the extent required by the GDPR, where we are processing your personal information (that you have provided to us) either (i) by relying on your consent or (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contact, and in either case we are processing using automated means (i.e. with no human involvement), you may ask us to provide the personal information to you – or another service provider – in a machine-readable format.  
7. Rights related to automated decision-making – you have the right not to be subject to a decision based solely on automated processing of your personal information which produces legal effects on you or similarly significantly affects on you, unless such a decision (i) is necessary to enter into/ perform a contract between you and us/ another organisation; (ii) is authorised by EU or Member State law to which TF is subject (as long as that law offers you sufficient protection); or (iii) is based on your explicit consent.  
8. Where AI is used to process your personal information: you have the right to request information about how your data is processed by AI systems; you have the right not to be subject to decisions based solely on automated processing, unless necessary for a contract, authorized by law, or based on your explicit consent; and you may request human intervention, express your point of view, and contest decisions made through automated processing.   
9. We may ask you for additional information to confirm your identity and for security purposes, before disclosing personal information requested to you. Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you contact us using the details in section 17 below.   

You are further entitled to make a complaint about us or the way we have processed your personal information to the data protection supervisory authority in your home country. In the UK, the data protection authority is the Information Commissioner’s Office – www.ico.org.uk. For further information on how to exercise this right, please contact us using the details in section 17 below.  

15. Changes to this Notice 

We may update this Notice from time to time. We will notify you of significant changes by contacting you directly where reasonably possible for us to do so and by placing an update notice on our website. This Notice was last updated on May 1st 2026. 

16. Links and third parties 

We link our website directly to other sites. This Notice does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy notices of any external websites you visit via links on our website.  

For more information about how Apple or Google may process your data, please consult: 

Apple Privacy Policy: https://www.apple.com/legal/privacy/ 
Google Privacy Policy: https://policies.google.com/privacy 

17. How to contact us 

Please let us know if you have any questions or concerns about this Notice or about the way in which TF processes your personal information by contacting us at the following channels:  

Email: enquiries@thomsonfoundation.org  

Thomson Foundation  
6 Greenland Place  
London, NW1 0AP  
United Kingdom