Switch to our child-friendly privacy policy
The Raspberry Pi Foundation (RPF) is a charitable foundation based in the United Kingdom with the mission to enable young people to realise their full potential through the power of computing and digital technologies. We collect your data to help us advance our mission, and we always consider and respect your privacy rights.
We want to be open about what we are doing and why. The purpose of this policy is to explain how the Raspberry Pi Foundation collects and uses the personal information you provide to us, whether it is shared online, via phone, via email, in letters, in any other correspondence, or by other people.
Notice to Parents and Guardians
We are committed to protecting the privacy of the young people that engage with us through our competitions, on our website, at events, and in the clubs that we support. We treat your child’s information in accordance with all applicable laws concerning the protection of personal information.
- Who are we
- What information we collect from you
- When we collect information from you
- What we use your information for
- How long do we keep your data for
- Anonymised data
- How we collect and store your information
- On what legal basis we use your information
- Who we share your information with
- Information about cookies
- Your rights
- How to contact us about your data
If you have any questions at any time about data privacy at the Raspberry Pi Foundation, please contact us at dataprotection@raspberrypi.org, or write to us at: Data Protection, Raspberry Pi Foundation, 37 Hills Road, Cambridge, CB2 1NT.
1. Who are we
The Raspberry Pi Foundation is a UK-based charity that works to enable young people to realise their full potential through the power of computing and digital technologies. We do this so that more people can harness the power of digital technologies for work, to solve problems that matter to them, and to express themselves creatively. Information about the Raspberry Pi Foundation Group is at the bottom of this page and each page of our website.
2. What information we collect from you
If you are a:
- Raspberry Pi account holder
- Volunteer, club leader or host
- Event or club attendee
- Competition entrant
- Survey participant
- Donor (individual)
- Contractor or supplier to RPF
- Job applicant
- Member of RPF
- Organisation awarding grants or gifting donations
- Partner organisation
- Visitor to our website
- Visitor to our offices
We may collect the following information:
- First name
- Last name
- Address
- Date of birth
- Gender
- Email address
- Occupation
- Phone number
- Social media ID
- Images (including audio and/or video)
- CCTV Image
- Internet Protocol (IP) Address
For teachers who work with us, we may also store the following information:
- Details of the school or education institution you work at
Fundraising and due diligence
As part of our fundraising, due diligence and anti-money laundering processes we undertake research and engage specialist agencies to gather information about donors and potential donors from publicly available sources (for example, UK Companies House, the Electoral Register, company websites, ‘rich lists’, social networks such as LinkedIn, political and property registers and news archives). The purpose of this research is for us to understand more about donors and potential donors and help provide them with an appropriate experience. If you would prefer us not to use your data in this way, please email dataprotection@raspberrypi.org.
When you visit our website, we may collect technical information relating to your use of our website, including your browser type or the IP address used to connect your computer to the internet. For more on this, see section 10, “Information about cookies”.
Special category data
In addition to the above personal data, we may collect the following special category data (as defined by the UK Data Protection Act 2018) if you have chosen to disclose it to us:
- Disability
- Health data (such as information about allergies)
- Personal data revealing racial or ethnic origin (only in circumstances where you have chosen to disclose this information to us expressly in response to a survey question)
Images
The Raspberry Pi Foundation uses images (including videos and audio-recording) to showcase the Foundation’s work. This increases engagement with current members of our community, as well as with potential new community members and supporters. We may process images of individuals from all of the categories of data subjects listed in section 2. We take the security and privacy of images seriously, and we provide guidelines for staff and volunteers.
Where images are processed using the lawful basis of legitimate interest or consent, the individuals featuring in those images have a number of rights that they can exercise over this data, such as the right to delete or rectify. You may “opt out” by withdrawing consent (where given) or challenge the legitimate interest that has been assessed. If you wish to do so please contact dataprotection@raspberrypi.org.
For larger scale or public events we may share images with the event sponsors. Attendees may choose to opt out of their images being taken and shared.
Please note that for images made available on the internet, the Raspberry Pi Foundation can cease to use your images, but it may still be possible to find them on the internet, and this is beyond our control. Where images have already been used in printed publications, it will not be possible for them to be withdrawn.
Code Editor For Education
Code Editor for Education is an integrated development environment designed to help make learning text-based programming simple and accessible for children aged 9 and up. It gives added classroom management functionality to educators who are Raspberry Pi Account holders. This means:
- Student Accounts within Code Editor For Education are accounts created and managed by teachers in a School (ie the school identified during the sign up process) on behalf of their students.
- RPF is not the data controller of any personal data associated with these accounts.
- The School is responsible for this data and decides how this data is used. The School may provide RPF with information about its students in order for us to maintain, manage, and store Student Accounts. This is governed by a data sharing agreement between the School and RPF agreed as part of the terms of use.
- To see what data is held and and how that data is processed and managed students should review their School’s privacy policy or contact them directly.
3. When we collect information from you
We collect your information:
- When you create and use your Raspberry Pi account or otherwise sign up to participate in any of our competitions, programmes or events
- When you apply to become a volunteer
- When you apply for a job with the Raspberry Pi Foundation Group
- When you or your organisation becomes one of our partners or suppliers or you otherwise enter into an agreement with us
- When you respond to our surveys
- When you support us by donating or signing up to gift aid
- As part of the process to become one of our Members
- When you visit our office
- When you visit our website
- When you receive email newsletters, blog updates or marketing emails from us (we may use tracking software to tell us if, when, and in what general geographic region you delete, open or forward our emails)
4. What we use your information for
We may use the information as follows:
- Provide you with information and services connected with the mission of the Raspberry Pi Foundation
- Ask you to participate in surveys
- In our annual review and Trustee report
- For research purposes
- Researching and due diligence of potential donors
- Thank you for a donation
- Send you newsletters (if you have opted in)
- Publish images in our magazines, websites, social media or blogs
- Respond to your queries
- Make sure we are sending out marketing emails and updates at the right time, to the right recipients, with relevant content
- Analyse activity on our website (section 10)
- Carry out debugging work (in the case of IP addresses)
- For safety, security and the prevention of crime (in the case of CCTV images)
- Enable you to access other products of ours that you navigate to, if you have a Raspberry Pi Account
If you want to understand more about why we collect your data, please contact us at dataprotection@raspberrypi.org.
5. How long do we keep your data for
We do not keep your information for any longer than we need to in order to fulfil the purpose or purposes for which it was collected, or for any longer than is required by law, if that is longer.
For determining when personal data should be erased we take into consideration: the amount of and sensitivity of the personal data we have; the amount of harm that could be caused by a data breach; the benefits of the purposes the data is being used for; and any legal requirements that we are bound by.
We review the data we hold, and erase or anonymise it as appropriate, according to the retention periods specified in the table below.
You may request that we erase your personal data at any time. In some cases where there is a relevant or legal reason that requires us to keep the data, we may opt to restrict the amount of processing to what is absolutely necessary. This will be in line with your legal rights in order to minimise the impact the processing will have and we will explain to you the reasons for our decision.
If you have any questions about how long we keep your information for, contact us at dataprotection@raspberrypi.org.
Table of retention periods
Data Subject | Retention |
---|---|
Competition entrant Event or club attendee Raspberry Pi account holder Survey participant or interviewee Potential donors | We will review your data 3 years after the last evidence of your engagement (e.g your last login or contact with us). We will then either anonymise, delete or retain the data if we have a legal justification for keeping it any longer, for example, for safeguarding reasons. If the information we have about you is considered part of RPF’s historical record, we will retain basic personal data, such as names, for 100 years. |
Raspberry Pi Account holders who are users of Code Editor for Education | Where a Raspberry Pi account holder is a user of Code Editor for Education, we will retain data created within the school account for as long as the school account is active. Records of any teacher–student communication and interactions that occurred via the platform will be retained indefinitely for legal and safeguarding reasons. This includes (but is not limited to) feedback and project content shared with Student Account Users. |
Club volunteer, leader or host | We will retain the following data indefinitely for safeguarding purposes:
|
Contractor or supplier | 6 years after the end of the year or accounting period in question (for legal and tax reasons). However, in the case of donors to RPF who are legators, personal data will be retained for 6 years after the accounting period in which the legacy was received. |
Emails received | Deleted automatically after a maximum of 10 years, unless separately preserved for other lawful reasons. |
Images/videos | As long as required. In some instances, 100-year retention is required to maintain RPF’s historical record. |
Members of RPF | In certain circumstances, we may retain relevant data for 10 years (Companies Act 2006). |
Visitor to our websites | The web service logs (containing IP addresses) are retained for 30 days of your visit, after which they are then archived for 1 year. |
Visitor to our office | CCTV images are kept for 31 days (unless retained for legal reasons) |
Unsuccessful job applicants | Application information kept for 1 year to defend against claims and for as long as necessary in the event of a claim. |
6. Anonymised data
By definition, anonymised data is data that does not contain any information that can be used to identify an individual. Once we have anonymised data we are lawfully allowed to retain it for as long as we need it, with no formal justification.
Anonymised data may be useful for analytical or statistical insight. We are most likely to retain anonymised data for research, analysis, and impact evaluation.
7. How we collect and store your information
We take appropriate technical and organisational measures to ensure that the information disclosed to us is kept secure, accurate, and up-to-date, and that it is kept only for as long as it is needed in order to fulfil the purpose or purposes for which it is used.
You should be aware that the use of the internet is not entirely secure, and although we will do our best to protect your personal data, we cannot guarantee the security or integrity of any personal information that is transferred from you or to you via the internet. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features such as encryption to try to prevent unauthorised access.
8. On what legal basis we use your information
Lawful bases may include:
- Where it is within our legitimate interests in order to further our charitable mission and objectives.
- We may rely on a legitimate interest as the basis to process data for purposes such as informing our fundraising activity, tailoring the experiences of our donors to better suit their interests, or making our fundraising efforts more efficient and cost effective.
- We have a heightened responsibility to keep your interests central and to make sure that your rights as a data subject override our legitimate interests. For this reason, we will conduct a Legitimate Interests Assessment whenever we rely on a legitimate interest as a basis for processing.
- Where we rely on legitimate interests we will where possible let you know how we will use the data, and give you the opportunity to object or exercise any rights as a data subject by contacting us.
- Where we need to comply with a legal obligation.
- Where processing is necessary for the performance of a contract to which you are a party. If you fail to provide this information, we may be unable to perform the contract.
- Where we have your consent to process your personal and special category data, where applicable.
The only special category data we may process about you is listed under the heading Special Category Data in section 2 above, which we only process if you have provided us with this information. Subject to Article 9 of EU General Data Protection Regulation 2016 (as referred to in the UK Data Protection Act 2018) we collect this data only when it has been provided by you, with your explicit consent to process and store.
We take additional measures to protect this data by storing it in our Customer Relation Management Platform only. We restrict access to this data and only provide access to certain staff groups who need to access this information, for example, the event lead for the particular event you are attending.
Student Accounts for Code Editor for Education
- Student Accounts are accounts created on an individual’s behalf and managed by teachers in their School.
- RPF is not the data controller of any personal data associated with or from these accounts.
- Your School is responsible and decides how your personal data is used. However, your School may provide us with information about you in order for us to maintain, manage, and store your Student Account.
- To see what data and how that data is processed and managed please review your School’s privacy policy or contact them directly.
9. Who we share your information with
We will never sell your information to any third party.
As the information we collect about you will be stored on our IT infrastructure, it may also be shared for operational reasons with data processors Google Workspace (email, document management and storage services), Heroku-managed AWS instance (database storage and management) and/or Salesforce (relationship management platform). The servers containing this information are located in the UK / EEA.
In some circumstances we may share limited personal information about you with other organisations, partners and sponsors with whom we are working on joint schemes, events, or products that you engage with. This is to make sure that the scheme, event or product is working as intended and that we are sticking to our agreements with our partner organisations. Where these third parties are not in the UK or European Economic Area, we make sure that it is safe to share your information with them, for example by including the EC’s Standard Contractual Clauses in our agreements with such third parties.
We will share your data if we are required to do so by law.
10. Information about cookies
A cookie is a small file which is stored by your web browser. Cookies provide core functionality (such as the ability to authenticate and log you in to an account), they also help store data on state and behaviour which can be used to analyse web traffic and visitors. Cookies allow web applications to respond to you as an individual, aiding them to tailor their operations to your needs, likes and dislikes by storing unique information about you.
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website, and allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them, please see our cookie policy.
We use Google Analytics software to collect information about how you use this website. We do this to help make sure that the site is meeting the needs of its users, and to help us make improvements. Google Analytics stores information about:
- The pages you visit on this site
- How long you spend on each page on this site
- How you got to the site
- What you click on while you’re visiting the site
These cookies do not collect or store your personal information (for example, your name or email address), so this information can’t be used to identify you. We do not allow Google to use or share our analytics data. You can opt out here.
11. Your rights
Right to be informed — you have the right to be informed about the collection and use of your personal data. In general we will do this no later than a month after the processing activity begins unless doing so is impossible, would involve disproportionate effort or render impossible or seriously impair the achievement of the objectives of that processing.
Right of access — you have a right to ask us to confirm whether we are processing information about you, and to request access to this information.
Right to rectification — you may ask us to rectify information you think is inaccurate, and you may also ask us to remove information which is inaccurate or incomplete. If you inform us that your personal data is inaccurate, we will inform relevant third parties with whom we have shared your data so that they may update their own records.
Right of portability — you have a right to obtain your personal data from us and reuse it for your own purposes.
Right to restricted processing — you have the right to request the restriction or suppression of your personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, we are permitted to store the personal data, but not use it.
Right to be forgotten — you have a right to seek the erasure of your data, for example where it is no longer necessary for us to continue holding or processing your personal data. This right is not absolute, as we may need to continue processing this information to comply with a legal obligation.
Right to restriction
You have a right to ask us to restrict our processing of your information if:
- You contest its accuracy and we need to verify whether it is accurate.
- We no longer need the information for the purpose of processing, but you need it to establish or defend legal claims.
- You have objected to processing and we are considering whether we have a legitimate interests to do so nevertheless. The restriction would apply while we carry out a balancing act between your rights and our legitimate interests. If you exercise your right to restrict processing, we would still need to process your information for the purpose of exercising or defending legal claims, for the purpose of protecting the rights of another person, or for public interest reasons.
- Your data has been unlawfully processed, but you object to us deleting your data and instead have requested the restriction of your data.
Exercising your rights
You can always unsubscribe from any mailing list you are included on by contacting us at dataprotection@raspberrypi.org.
If you would like to exercise any of your rights, please let us know by contacting dataprotection@raspberrypi.org. In responding to your request we will act in accordance with our legal obligations and there will be no charge. We may ask for your help in locating specific information, e.g. confirming your identity.
Our use of your data processed in the UK is regulated by the Information Commissioner. You have a right to report any of your concerns about our use of your data to the Information Commissioner’s Office. You can do so by contacting them on ico.org.uk/concerns or by calling their helpline at +44 303 123 1113.
About changes to our privacy policy
Any changes we may make to our privacy policy in the future will be posted here and, where appropriate, sent to you by email. Please check the website regularly to see any updates or changes to our privacy policy. By continuing to use our website, you will be deemed to have accepted such changes.
12. How to contact us about your data
Data rights are human rights and we are determined to honour yours fairly and fully. You can unsubscribe at any time, or get in touch with any questions, comments, or instructions regarding your information by writing to dataprotection@raspberrypi.org or to:
Data Protection
Raspberry Pi Foundation
37 Hills Road
Cambridge
CB2 1NT
Policy updated: September 2024