Privacy Notice
Introduction
This policy explains how Save Our Newts collects, uses, stores, and protects personal data when you interact with us or use our services. It is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take personal data seriously and aim to minimise the amount of data we collect wherever possible. We do not sell personal data or share it for commercial purposes. Personal data is only shared where necessary to provide our services, comply with legal obligations, or where you have given consent.
Who We Are
Save Our Newts is the data controller for the purposes of this privacy policy. We are a campaign group based in the United Kingdom. Throughout this policy, Save Our Newts is referred to as “we”, “our”, “us”, or “SON”. We are responsible for determining how and why your personal data is processed.
Contact Details
If you need to contact us about your personal data, privacy requests, or to exercise your data protection rights, please fill out our contact form.
Enquiries are handled by Save Our Newts. We aim to respond to all data protection requests within one month, in accordance with UK GDPR. We may need to verify your identity to ensure that requests are made by the individual whose personal data we hold and to protect your information.
What Personal Data We Collect
Correspondence
When you contact us through any channel, including email, website forms, or messaging platforms, we may collect details visible in your correspondence, such as name, telephone number, or email address. We also collect the content of communications, attachments, and any other information you choose to disclose.
Website forms
When you contact us through website forms, we may collect name, email address, subject, message content, attachments, and any information you choose to provide.
Website data
When you visit our website, we may collect technical and usage data such as IP address, browser type, device and operating system information, referrer data, and website usage statistics through analytics and server logs.
Cookies and embedded content
We collect information through cookies and similar technologies, including essential and functional cookies and data collected via embedded third-party content, as described in the Cookies and Tracking Technologies section.
Derived, inferred, and internal data
We may generate internal records derived from the data above, such as anonymised statistics, internal notes, summaries, and administrative records. Where possible, such data is aggregated or anonymised and does not identify individuals.
How We Collect Personal Data
Directly from you
When you contact us, complete forms, participate in surveys, or communicate with us by email, or messaging platforms.
Automatically through our website
When you visit our website, we may collect technical and usage data through cookies, analytics tools, and server logs.
Through third-party services
When you interact with third-party platforms we use, such as donation sites, petition sites, mapping services, embedded media, or messaging platforms, which may collect information in accordance with their own privacy policies.
How We Use Your Personal Data
To communicate with individuals
Including responding to enquiries, providing information, sending updates, and communicating via email.
To administer and improve our website and services
Including monitoring website usage, managing website security, and improving functionality and content.
To comply with legal and regulatory obligations
Where required by law, regulation, safeguarding guidance, and similar.
Legal Basis for Processing
Legitimate interests
We process personal data where it is necessary for the operation and management of the organisation, including communications, record-keeping, and website administration. We ensure that our legitimate interests do not override the rights and freedoms of individuals.
Consent
We rely on consent where required, including for certain communications and where individuals have a genuine choice over the use of their personal data. Consent can be withdrawn at any time.
Legal obligation
We may process personal data where necessary to comply with legal or regulatory obligations and safeguarding responsibilities.
Vital interests and legal claims
We may process personal data where necessary to protect an individual’s vital interests or to establish, exercise, or defend legal claims.
How We Share Your Data
General approach to data sharing
We do not sell personal data or share it for commercial purposes. Personal data is only shared where necessary to operate the organisation, resolve issues, meet legal or safeguarding obligations, or where you have given consent.
Organisers
Personal data may be shared internally with organisers where necessary to manage communications, safety, and the day-to-day running of the organisation.
Service providers and processors
Personal data may be shared with trusted third-party service providers used to operate our website and activities. This may include website hosting providers, analytics services, and other technical or administrative services. These providers process personal data on our behalf and are required to handle it securely and in accordance with data protection law.
Legal and regulatory bodies
Personal data may be disclosed to legal, regulatory, or public authorities where required to comply with legal obligations, safeguarding duties, or lawful requests.
International Data Transfers
Some of the third-party services we use to operate our website, manage communications, donations, and petition signatures, may process personal data outside the United Kingdom. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place in accordance with UK GDPR. These safeguards may include transfers to countries recognised as providing an adequate level of data protection, or the use of approved contractual safeguards. Personal data processed by third-party platforms or services (such as messaging platforms, website analytics, mapping services, donation sites, petition sites, or external data repositories) is handled in accordance with their own privacy policies and data protection measures.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. This includes organisational, legal, safety, safeguarding, and regulatory requirements.
Communications and correspondence
Communications and correspondence, including emails, messages, website form submissions, and attachments, are retained for as long as necessary to manage enquiries, ongoing relationships, and follow-up actions.
Website data and analytics
Website usage data, analytics information, and technical logs are retained for limited periods and, where possible, anonymised or aggregated so that individuals are not identifiable.
Derived and internal records
Internal summaries, anonymised statistics, administrative notes, and other derived records are retained for planning, reporting, and organisational management purposes. Where possible, such data is aggregated or anonymised.
Secure disposal
When personal data is no longer required, it is securely deleted, anonymised, or destroyed using appropriate methods. This includes the secure disposal of physical records and the deletion or anonymisation of electronic records.
Cookies and Tracking Technologies
Purpose of cookies
We use cookies and similar technologies to ensure our website functions correctly and to understand how it is used, so that we can improve our content and services.
Essential and functional cookies
Essential and functional cookies are used to enable core website functionality. These cookies are necessary for the website to operate and do not require consent.
Analytics cookies
We use privacy-focused website analytics to understand general website usage, such as page views, referral sources, device and browser information, and approximate location (for example, country). Analytics data is processed in a way that does not intentionally identify individual users and is not used for marketing or advertising purposes.
Embedded content
Our website may include embedded third-party content, such as maps or videos. These services may use cookies or similar technologies in accordance with their own privacy policies. Where possible, we aim to limit tracking and avoid loading non-essential cookies unless a user chooses to interact with the embedded content.
External links
Our website contains links to external websites and platforms, including campaign and fundraising services such as Change.org and GoFundMe. If you choose to sign a petition or make a donation through these platforms, your personal data will be collected and processed by those services in accordance with their own privacy policies. We are not responsible for their content, practices, or how they handle your data. We encourage you to review their privacy policies before submitting any personal data.
Managing cookies
You can manage or disable cookies through your browser settings or through any cookie controls provided on our website.
Your Data Protection Rights
Under the UK General Data Protection Regulation (UK GDPR), you have the following rights in relation to your personal data:
The right of access
To request a copy of the personal data we hold about you.
The right to rectification
To request that inaccurate or incomplete personal data is corrected.
The right to erasure
To request that personal data is deleted, in certain circumstances.
The right to restrict processing
To request that the use of your personal data is limited, in certain circumstances.
The right to object
To object to the processing of your personal data where it is based on legitimate interests.
The right to data portability
To request that personal data you have provided is transferred to you or to another organisation, where applicable.
The right to withdraw consent
Where we rely on consent to process your personal data, you may withdraw that consent at any time.
These rights are not absolute and may be subject to legal limitations or exemptions under data protection law.
How to Exercise Your Rights
To exercise any of your data protection rights, please contact us using the contact details provided in this privacy policy. We may need to verify your identity before responding to a request, to ensure that personal data is protected and only disclosed to the correct individual. We aim to respond to all valid requests within one month, in accordance with UK GDPR. Requests are handled free of charge, unless they are manifestly unfounded or excessive.
Children’s Data
This website is not directed at children. We do not knowingly collect personal data from individuals under the age of 13. If you believe a child has submitted personal data through this site, please contact us and we will delete it promptly.
How We Protect Your Data
We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.
Access to personal data relating to contact details and organisational records is restricted to a limited number of organisers who require it for legitimate organisational purposes. Access to website analytics and similar systems is restricted to specific authorised individuals.
Where personal data is visible to others, this is limited to information individuals have chosen to make publicly available.
Communications are handled by designated organisers and may be shared with relevant parties only where appropriate and with consent.
We store personal data securely and use strong passwords, access controls, and two-factor authentication (2FA) where available. Digital platforms we use employ modern encryption and security measures in line with their own published standards. Where possible, we use end-to-end encrypted services for messaging and ensure that email communications are transmitted using secure, encrypted connections.
Website usage and analytics data is processed in a privacy-focused manner. Where possible, technical identifiers such as IP addresses are anonymised or pseudonymised (for example through hashing or aggregation) so that individuals cannot be readily identified from analytics data.
We take care when using third-party services on our website (such as mapping or video platforms) and aim to limit tracking and data collection where possible, for example by configuring embedded content to reduce tracking unless a user chooses to interact with it.
We regularly update our website, systems, and platforms to maintain security and apply updates where available. Access credentials are reviewed and updated periodically, and access is limited to those who require it.
When personal data is no longer required, it is disposed of securely. Electronic records are deleted or anonymised where appropriate.
Complaints
If you have any concerns about how we handle your personal data, we encourage you to contact us first using the details provided in this privacy policy so that we can try to resolve the issue.
You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK’s independent authority responsible for data protection. Further information about making a complaint can be found at https://ico.org.uk/make-a-complaint/ and you can also contact the ICO by telephone on 0303 123 1113.
Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our activities, services, legal requirements, or how we process personal data. Any updates will be published on our website, and the date of the most recent update will be shown at the end of this policy.
Last Updated
28 April 2026