Privacy Policy

See also

About Us

  1. This Privacy Policy applies to the Thomson Reuters Foundation and its associated entities: Reuters Foundation Consultants Limited and Thomson Reuters Foundation Europe (collectively referred to as ‘We’, ‘Us’, or ‘Our’).
  2. Please read this privacy policy carefully before you start to use https://www.trust.org/ (our website), as it sets out how and why we process your personal data, and what to expect from us. We reserve the right to amend this privacy policy from time to time.
  3. We take your privacy very seriously and we ask that you read this Privacy Policy carefully as it contains important information on:
    • Your Rights
    • The personal data we collect about you and why we collect the data;
    • What we do with your data; and
    • Who your information will be shared with.

How you can contact us

In case of any questions regarding our privacy practices, if you would like to execute your rights or would like to submit a complaint, please contact [email protected]. You may also use the form available on our website to reach out to us with any questions, concerns or comments.

Changes to the Privacy Policy

We may change this Privacy Policy from time to time. You should check this Privacy Policy occasionally to ensure you are aware of the most recent version.

Useful words and phrases

Some word or phrases have particular meanings under Data Protection Laws and are used throughout this Privacy Policy:

  1. Data Protection Laws: the laws and regulations which govern the handling of data applicable including the UK Data Protection Act 2018, the General Data Protection Regulations,  the Privacy and Electronic Communications Regulations and the EU General Data Protection Regulation (Regulation (EU) 2016/679).
  2. Personal Data: Any information about an identifiable individual that we can use to identify them either directly or indirectly from that information alone or in combination with other information we possess or can reasonably possess. Personal Data includes but is not limited to names, addresses, email addresses, phone numbers, and identification numbers.
  3. Processing: any operations performed on Personal Data, including collection, recording, organisation, storage, adaptation, retrieval, use, transmission, restriction, erasure or destruction.
  4. Sensitive Personal Data: Information about an identifiable individual revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.

Information we collect

Personal data provided by you

We  collect and process the following types of personal data about you:

  1. Contact Data: This is information such as your name, email address which we collect when you sign up for our events, contact us by email, subscribe to any of our newsletters, use our services or provide such information through our surveys.
  2. Profile Data: This is information such as the organisation you work for, your job title and role, and your area of expertise which we collect when you sign-up to use any of our services or apply for job opportunities.
  3. Financial data: such as payment related/ billing information.
  4. Video images/photographs/audio: in connection with the trainings we provide, events we host and remote meetings we hold.
  5. Location data: This is information such as your country of residence or the country in which you work which we may collect when you register for our events, respond to a tender opportunity, or apply for job opportunities.

Aggregated Data

We will also collect analytics data where you accept certain cookies, we may collect information on how you use our website and services. This may include Aggregated Data such as statistical or demographic data. Aggregated Data will be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.

Special category personal data

To help us understand the diversity of our applicants, you may voluntarily provide certain special category personal data in connection with job applications such as information about your race/ ethnicity, gender identity, sexuality. Such special category data will be processed in an aggregated form that does not contain identifiable information and is used solely for the purpose of monitoring diversity among applicants in accordance with relevant data protection laws. We may need to process your special categories of personal data if processing is necessary to comply with laws that apply to us in relation to anti-money laundering or counter-terrorist financing obligations or the prevention, detection or prosecution of any crime when conducting due diligence on programme/ project partners as required by charity laws.

Personal data provided by third parties

At times, we will also collect personal information from third parties such as: organisations with whom you have dealings including recruitment agencies, referrers, your company/organisation; individuals who may reach out to us directly for purposes of providing you with legal assistance (in the case of journalists facing certain legal risks who are referred to us); third-party donation platforms which provide us with your personal information when you make a donation through these them which we use for financial reporting purposes; and from publicly available records including company websites, LinkedIn profiles, and official corporate filings.

Personal Data Uses And Lawful Bases

Purpose of processing Personal Data

Delivery of our Services including – trainings, mentorships and fellowship programmes, pro-bono legal support through our TrustLaw and Legal Network for Journalists at Risk (LNJAR) networks, events such as Trust Conference, provision of non-public and public workforce disclosure data and disclosure scorecards through the Workforce Disclosure Initiative (WDI) platform.

  1. Delivery of our products and services including – trainings, mentorships and fellowship programmes, pro-bono legal support through our TrustLaw and Legal Network for Journalists at Risk (LNJAR) networks, maps and analyses of the global pro-bono landscape through the Global Pro-Bono Survey, Strategic Organisational Needs & Capacity Assessment (SONCA) for independent media through a secure, modern web experience, events such as Trust Conference, provision of non-public and public workforce disclosure data and disclosure scorecards through the Workforce Disclosure Initiative (WDI) platform and providing comprehensive global datasets on corporate AI adoption to drive responsible AI practices through AI Company Data Initiative (AICDI).
  2. Comply with our Legal and Regulatory obligations such as – establishing your identity in order to comply with legal and regulatory obligations under charity law which may require us to conduct due diligence on partners by ascertaining name, address, financial information, criminal history of persons with significant control.
  3. Administration – Maintain internal records, which will include the collection of names, addresses, employment information of members, service providers and other stakeholders; to maintain and develop our relationship with you; to create and maintain a database of stakeholders including but not limited to donors, partners, event participants, alumni, consultants and recruitment candidates;  to carry out recruitment activities if you are applying for a job; to process tender applications submitted by you; to maintain and update our records; manage communications with you based on the feedback you may opt to provide in surveys.
  4. Development and use of internal tools including – AI technologies such as FrameFinder, to analyse audiovisual materials for internal purpose.
  5. Manage Claims – pursue available remedies or limit any damages that we or our clients may sustain and to respond to any feedback or complaints that we may receive.
  6. To monitor our website usage to improve our services – please see our which explains what cookies are and why we use them.

Lawful Bases of Processing your data

Under the Data Protection Laws, the lawful bases we rely on for processing your personal data are::

Consent

By signing up for Our newsletters or to join any of Our stakeholder pools or by completing any of Our surveys, You are giving clear consent to process Your personal data for the specified purposes.

Contract

We may process your personal information when it is necessary to fulfil our contractual obligations under any agreement, we have entered into with you. These agreements may pertain to:

  1. The provision of agreed upon services.
  2. Engaging you as a consultant, participant, fellow, trainee or mentee of one of our events or programmes.
  3. Engaging you in your capacity as a representative of a donor, investor signatory, reporting company or partner in our projects and initiatives.

We may process your personal information before entering into any formal contractual arrangements with you. This could occur during due diligence checks on new partners and individuals we plan to engage for services, or when we request for quotes or proposals from potential service providers..

Legitimate Interest

Where processing this data is necessary for Our legitimate interests which are not overridden by your data protection interests or fundamental rights and freedoms. The following are examples of the purposes for which we will process your Personal Data on this basis:

  1. Maintaining internal records
  2. To permit us to pursue our rights and remedies
  3. To permit us to manage and respond to any enquiries or complaints
  4. To develop, train and improve FrameFinder using legacy audiovisual footage.
  5. Ensuring we understand how you interact with our website and optimise your experience.
  6. You as a client or in our own right.
  7. Social media & professional outreach: We process professional contact data to facilitate the WDI and AICDI. This includes: (i) direct outreach where we contact corporate representatives to invite participation in the WDI and AICDI disclosure cycles and providing updates on data transparency and scoring; and (ii) professional targeting where we use professional attributes (such as job titles) to show relevant WDI and AICDI content and advertisements on platforms like LinkedIn to expand our signatory and participant network.

Legal Obligation

Where We are required to comply with obligations as may be prescribed by applicable laws from time to time. These obligations pertain to: 

  1. conducting due diligence checks on you to verify your identity in compliance with UK charity laws before engaging you as a donor, partner, consultant or service provider.
  2. retaining records in relation to financial audits for a period of 7 yearsfrom the end of the last company financial year in compliance with UK tax laws.

Access, Storage And Transfer Of Personal Data

Who will have access to your personal data?

We only share your personal data with third parties with your consent or other lawful basis for doing so, in accordance with this Policy. Specifically, in relation to your relationship with us:

  1. We may share your personal data with third party service providers whom we engage to provide services including web development, trainings and mentorships, consultancy services, donor project evaluations, ticketing, technology, insurance, recruiting and employment processes and legal advisory service providers.
  2. We may share your personal information with our donors and partners whom we collaborate with on projects, or events.
  3. Legal and or regulatory authorities including courts or public authorities who may compel disclosure, such as HMRC and the Information Commissioner’s Office.
  4. For targeted advertising campaigns on third-party platforms such as LinkedIn, we and these third-party platforms act as Joint Controllers. We are responsible for the criteria used to target our ads, while the third-party platforms responsible for the technical delivery and for providing you with information on how they process your data.

International Transfers of Personal Data

  1. We securely store your Personal Data at a destination outside the United Kingdom (“UK”). It may also be processed by staff operating outside the UK and EU who work for us.
  2. In the event that your personal data is processed outside of the UK or the EU, you should know that some countries do not have the same data protection laws as these jurisdictions. In particular, countries that operate outside the European Economic Area (EEA)  may not provide the same degree of protection for your personal data, may not give you the same rights in relation to your personal data and may not have a data protection supervisory authority to help you if you have any concerns about the processing of your personal data.
  3. However, whenever we transfer your personal data out of the UK or the EU, we ensure that a similar degree of protection is afforded to your Personal Data by having a lawful basis for transferring your Personal Data and implementing appropriate safeguards and taking all reasonable technical and organisational steps in accordance with this policy and Data Protection Laws.
  4. When transferring your personal data to countries outside the UK or the EEA, we will ensure that, where required by applicable law, at least one of the following safeguards is implemented:
    • a) Adequacy decisions:
    • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government and/or the European Commission.
    • b) Model clauses:
    • Where we use certain service providers, we may use specific clauses approved by the European Commission and UK Government which give personal data the same protection it has in the EU and the UK.

How we keep your data secure

We employ both encryption in transit and encryption at rest to ensure the confidentiality of your data. When you complete a form or questionnaire on one of our platforms, the information you submit is encrypted by HTTPS as it is transferred to TRF systems and remains encrypted the whole time it is stored. This mitigates the risks involved in either physical attacks (e.g. theft of hardware from data centres) or “man-in-the-middle” attacks where data is intercepted.

When we delete your data

We retain personal data in line with our internal policies, contractual terms and where necessary for us to meet our legal, regulatory and professional obligations. Our default retention periods will differ, depending on the circumstances. In any case, the criteria that we apply is to delete data when it is no longer necessary for us to hold it.

Your Rights

As a data subject, you have the following rights under the Data Protection Laws:

You have the right to:

  1. Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  2. Request correction of the personal data that we hold about you.
  3. Request erasure of your personal data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  4. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
  5. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  6. Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  7. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Complaints to the regulator

You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

March 2026