Privacy Policy

Effective: 11/02/2020

1. Introduction

Holocaust Educational Trust (“HET”)  (referred to as “We, “Our” or “Us”), is committed to protecting the privacy and security of your personal data.  HET is a registered charity in England and Wales (1092892) and in Scotland (SC042996).

We have developed this privacy policy to inform you of the data we collect, what we do with your data, what we do to keep it secure as well as the rights and choices you have over your personal data.

Throughout this document we refer to Data Protection Legislation means the Data Protection Act 2018 (DPA 2018), United Kingdom General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation. Where personal data comprises of people in the European Union it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.

HET is the data controller for the personal data we process, unless otherwise stated.

We are registered  with the Information Commissioner’s Office (the ICO) with registration number Z5371798

You can contact us either by phone, email or post.

Our Data Protection Officer is:

The DPO Centre Ltd.

50 Liverpool Street



Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Phone: 0203 797 1289


2. The Data We Collect & Lawful Basis

We only collect personal data that we know we will genuinely use and in accordance with Data Protection Legislation.  The type of personal data that we will collect on you, and you voluntarily provide to us on this  may include some or all of the following:

  • Name and job title.
  • Contact information, including home address, postcode and email address.
  • Only if registering for Lessons from Auschwitz: date of birth, passport details.
  • Only if purchasing items or making a donation: bank card details.
  • Job applicant details if applying for a role with us which can involve criminal background checks (please refer to our recruitment privacy notice for more details)
  • As detailed in other HET privacy policies

The lawful basis for processing your data is based on:

  • Consent
  • Performance of a contract
  • Compliance with a legal obligation
  • Vital interests
  • Our legitimate interests

3. Other HET Privacy Policies

We have created separate departmental privacy policies to ensure you have a greater understanding and awareness of how we process your personal data across our organisation and are available on our website.

We also have a recruitment privacy notice to help give you more information and transparency to how we process your personal data in line with our recruitment process which is also available on our website.

These policies are regulary reviewed and updated to ensure accuracy and transparency and we encourage you to review them to see how they may process your personal data along with their lawful basis to help justify the processing.

4. How We Use Your Data

  • For our own internal records.
  • To monitor website usage.
  • To send registered users emails about our resources, programmes and events.
  • To fulfil orders for tickets for events or to process any donations made to the Trust.
  • As detailed in separate departmental privacy policies
  • As detailed in our recruitment privacy notice

5. Who We Might Share Your Data With

We may share your personal data with other organisations in the following circumstances:

  • If the law or a public authority says we must share the personal data;
  • If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk); or
  • From time to time, employ the services of other parties for dealing with certain processes necessary for the operation of our Website. However, all the information we share will be collected and anonymised, so neither you nor any of your devices can be identified from it.
  • Airline, taxi and hotel companies in order to arrange appropriate transport, flights and hotels for our Lessons from Aushwitz programme.
  • As detailed in separate departmental privacy policies
  • As detailed in our recruitment privacy notice
  • We do not store credit card details nor do we share customer details with any 3rd parties.

6. Transfers of Personal Data Out of the UK

Due to the nature of our organisation there may be instances where we may need to transfer your data outside the UK. We may need to share your data with other companies who are in the European Economic Area (The EU member states, Norway, Iceland and Liechtenstein), in an adequate listed country or in other third countries who may not have similar data protection laws to the UK. If we need to transfer your information outside the UK we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected. For more information you can contact us using our details below.

7. Marketing Communications

We will send you relevant offers and news about HET in a number of ways including by email, but only if you have previously consented to receive these marketing communications. When you register with us we will ask if you would like to receive marketing communications, and you can change your marketing choices online, over the phone or in writing at any time.

If you wish to amend your marketing preferences (including opting out) you can do so by contacting our Public Affairs Manager by emailing This email address is being protected from spambots. You need JavaScript enabled to view it.

Please note other departments within HET may also do their own marketing campaigns and more information can be found within their own privacy policies on our website.

8. Links

This website contains links to other websites, which are clearly marked as such. Please note that we have no control over external websites and are not responsible for the protection and privacy of any information which you may provide to them. Please refer to a website’s privacy policy when using it.

9. Cookies

Please refer to our separate Cookie policy for how we use Cookies on our website and to change your consent.

10. Your rights over your information

10.1.1. The right to be informed about our collection and use of personal data;

You have the right to be informed about the collection and use of your personal data. We ensure we do this with our internal data protection policies and through our external website policy. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.

10.1.2. Right to Access Your Personal Information

You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Data Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 30 days from when your identity has been confirmed.

We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.

If you would like to exercise this right, please contact us as set out below.

10.1.3. Right to Correction Your Personal Information

If any of the personal information we hold about you is inaccurate, incomplete or out of date, you may ask us to correct it.

If you would like to exercise this right, please contact us as set out below.

10.1.4. Right to Stop or Limit Our Processing of Your Data

You have the right to object to us processing your personal information for particular purposes, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.

If you would like to exercise this right, please contact us as set out below.

10.1.5. Right to Erasure

You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. 

If you would like to exercise this right, please contact us as set out below.

10.1.6. For more information about your privacy rights

The Information Commissioner's Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here . If you are based elsewhere within the European Economic Area a list of supervisory authorities can be found here

You can make a complaint to the ICO (or other supervisory authority) at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have. To make a complaint directly to us, please see our contact details below.

You can submit a complaint directly to the ICO via this link

11. Data Retention

We retain personal data in accordance with the Data Protection Legislation requirements and for as long as necessary. If you have any questions or concerns to our data retention practices you can contact us directly using our details below.

12. Giving Your Reviews and Sharing Your Thoughts

You may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our Services. When doing this, your personal data (e.g. your name, email address, profile photo etc) may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them.

13. Security

Data security is of great importance to HET and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.  We store your data on our secure servers based in the UK.

We take security measures to protect your information including:

  • Limiting access to our buildings to those that we have determined are entitled to be there;
  • Implementing access controls to our information technology;
  • We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and stores.
  • Never asking you for your passwords;
  • Advising you never to enter your account number or password into an email or after following a link from an email.

14. Cyber essentials

As well as the above security measures HET has also achieved Cyber Essentials certification which is reviewed annually. Copies of our certification is available if requested by contacting us below.

15. Changes to Our Privacy Policy

We may change this Privacy Policy from time to time (for example, if the law changes). We recommend that you check this policy regularly to keep up-to-date.

16. How to Contact Us

If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:

By email: This email address is being protected from spambots. You need JavaScript enabled to view it.
By telephone: +44 (0)20 7222 6822
By post: BCM Box 7892, London, WC1N 3XX