Privacy Policy



1       WHO WE ARE


RHI (“we”, “us”, or “our”) assists non-profit organisations in creating accountable, valued relationships with partners and donors to raise funds and thrive. Our clients are non-profit organizations that address human rights, social and environmental justice, democracy, transparency and accountability issues.  Our website address:

We are committed to protecting and respecting the personal data that we hold. This privacy policy describes why and how we collect and use personal data. RHI acts mostly as a Data Processor when processing personal data received from clients. RHI acts as a Data Controller only when collecting information through its website or from its contractors. By using RHI’s website, you consent to the collection and use of your personal information as set out in this privacy policy.

Personal data is any information relating to an identified or identifiable living person. When collecting and using personal data, our policy is to be transparent about why and how we process personal data.

The personal data that is provided to us is provided either directly from the individual concerned or from our clients, or from publicly available sources (such as internet searches). We process this data using third party software, which are GDPR compliant too.

2       Security

RHI is committed to safeguarding and protecting all forms of personal data. RHI complies with both the Data Protection Act 2018 (“DPA”) and with the General Data Protection Regulation (“GDPR”).

We take the security of all the data we hold seriously. All information you provide to us is stored securely.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

3       Data that we hold

3.1     Data Controller

As Data Controller, we hold some personal data on our contractors such as:

  • Biographies for bid and marketing purposes.
  • Contact information for business purposes.
  • Financial information for payments and tax purposes.

RHI as a Data Controller, does not process or store personal data in the form of a database for the purposes of its own research.

3.2 Data Processor

RHI undertakes research as a data processor for non-profit clients. This research is used by clients in their fundraising, as a way to understand and build better and more meaningful relationships with individuals, companies, trusts or other potential funders.

Any data RHI processes on behalf of its Clients (the Data Controllers) will consist of data stored and processed legally by the Data Controller or other data that is available in the public domain (which has either been released by the individual themselves or has been reported by reputable research & press sources).

It is the responsibility of clients to ensure they have collected personal data in a lawful and data regulation compliant way.

The personal data we process differs depending on the client and its business needs but usually includes: names, address, contact information. We also process data through third party software we obtain additional personal information such as wealth, donations, affiliations. We process this information to meet contractual obligations and have obtained consent from our clients to process this data. Additional information is obtained from publicly available sources.

RHI will ensure it processes, stores and transfer data in a secure manner and will delete all data past their retention period. All electronic file transfers between clients and RHI are carried out in a secure manner. 

RHI also ensures that any third party organisations it works with (third party processor) are GDPR compliant.

We encourage clients to use the research we provide in an ethical and responsible manner, and to reflect this in all their fundraising practices. We expect all data subjects to be treated lawfully as individuals and for clients to respect their wishes and expectations as relating to personal privacy, and to comply, at all times, with applicable data protection & GDPR guidelines and legislation.

We will only share personal data with others when we are legally permitted to do so.  We do not share data with any third party unless asked by our client or data subject or required to do so legally.

Client data is retained no longer than necessary. This means that, unless otherwise authorised by clients, client data will be deleted from our servers no later than 12 calendar months following project completion – or earlier/later if instructed and authorised by the client. RHI will not pass on, or disclose, any information contained within client data to a third party unless authorised to do so by the client (Data Controller) or if required to do so by law.

RHI will carry out its services as Data Processor and the client will remain Data Controller throughout the processing agreement.

All intellectual property in client data remains the property of the client and no client data is processed in any way other than that instructed by the client (Data Controller).

All data processing including other data management issues of which RHI are made aware (such as data breaches or Subject Access Requests etc.) will be managed in conjunction with the client (Data Controller).

4       Cookies Policy

When people visit our website, personal data is collected both through automated tracking and interacting with various forms on the website.

Our use of cookies helps us to provide you with a good experience of, and also allows us to improve, our website. When you first visit the website we will ask you whether you agree to our use of cookies; if you do not agree then you may continue to use the website but your browsing experience may be adversely affected. We may use the information supplied by you to engage with you, to administer or improve our site, for internal operations or as part of our efforts to keep our site safe and secure.

What data we collect and why

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded Content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

How long we retain your data

If you leave a comment on the website, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

How can you access your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

5       Individual’s Rights

Individuals have certain rights over their personal data and Data Controllers are responsible for fulfilling these rights as follows:

  • Individuals may request access to their personal data held by us as a Data Controller.
  • Individuals may request us to rectify personal data submitted to us or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which they registered.
  • Individuals may request that we erase their personal data
  • Where we process personal data based on consent, individuals may withdraw their consent at any time by contacting us or clicking on the unsubscribe link in an email received from us.
  • Individuals may have other rights to restrict or object to our processing of personal data and the right to data portability.
  • Individuals may request information about, or human intervention into, any automated data processing that we may undertake.

If you wish to exercise any of these rights, please send an email to We will look into and respond to any complaints we receive.