Key Points from Thomas’s Fund Privacy Policy

Our Privacy Policy aims to be in line with current, recommended, data protection procedures (and based on General Data Protection Regulation (GDPR) Guidelines (2018)). The Key Points below are for general information. Should you require further information there is a link, to our full policy, at the end. If, having read the policy, you have any additional questions (or find anything unclear), please contact us.

Please note that Thomas’s Fund’s Privacy Policy is reviewed annually (unless a marked change in national guidelines requires that the Fund reviews the Policy before that time). The policy was last updated in April 2020.


Whatever your connection with Thomas’s Fund, we want you to feel comfortable and confident to share your personal details with us if required. At Thomas’s Fund we will store personal details securely to the best of our ability and by following current advice. This is to protect the privacy of those who use our service; our freelance staff; our volunteers and those who support us. You might fall into more than one of these categories.

We also consider, carefully, what information we need to keep; why we might need to keep it and whether there might be any (exceptional) situation where we might be required to share it. We are aware that you will need to be informed about our approach to the above in order to trust us.

You have rights and choices relating to your personal data and we aim to honour these and to respect your privacy at all times.

The following, outlines what data we collect; where it is held and how it might be used. Thomas’s Fund is registered as a data controller with the Information Commissioner’s Office: number ZA445790

Our Music Therapists are all freelance but, whilst working for the Fund, are required to be registered with both the Health and Care Professions Council (HCPC) and the Information Commissioner’s Office (ICO).

What is ‘personal data’?

Your name, address, phone number and email address would be classed as ‘Personal Data’. This website does not ask for any personal data from you. However, some people might share personal data directly with us when requesting our service (or information about our service); when communicating with us about work that we are doing with a child/ young person; as a ‘Family’ or ‘Affiliate’ member; when donating; when supporting an event or volunteering; when making an enquiry about the Fund or if working directly with, or for, us.

Please note: If you decide to support Thomas’s Fund, certain sites, for example fundraising sites like ‘Just Giving’ and ‘Virgin Money’, might share your details with us indirectly, so long as you have given your consent for them to do so.

Who do we collect personal data and why?

In order to promote, fundraise and carry out our services as effectively and efficiently as possible, we need to keep some personal data about different groups of people such as:-

Those who have expressed an interest in the fund and request information For this group of people we will need to keep names and either all or some of the following:- postal addresses; email addresses and phone numbers (as preferred by the enquirer). This is so that we can get in contact to answer questions and tell these interested parties about our work, events and fundraising initiatives.

Financial supporters of the fund For this group of people we will need to keep names and either all or some of the following:- postal addresses; email addresses and phone numbers (as preferred by the supporter). When a contribution has been made, we will also need to keep any basic banking information that our treasurer and auditor will demand in order to conduct our finances properly and ethically. Alongside the requirements of effective accounting, this information allows us to contact and thank our generous supporters; tell them about how their donation has contributed to our work and keep them informed about events and fundraising initiatives (if consent has been given).

Users of services provided by Thomas’s Fund We need data about the children, young people and families that we work with, in order to provide the most effective service that we can. If you require more information about this please contact us or follow the link (at the end) to our full Privacy Policy.

Our promise

Any information that is shared with us (from the groups identified above), will only be used by the Fund. We will not share personal details with, or sell personal details to, anyone who is not directly involved with the Fund or an organisation that is working directly with us. We would, obviously, need to share personal details if an authority upholding the law absolutely requires us to do so.

We only keep essential information. We will not keep information longer than we need to (without informed consent) and will always try to follow recommendations from the relevant professional bodies (unless there is a compelling, overriding, reason not to do so).

We store any sensitive electronic information using Thomas’s Fund’s GDPR compliant secure cloud-based storage procedures. If information (such as mailing lists) need to be kept in any additional locations (for a specific reason) we will keep these to as few as possible and protect this information, to the best of our ability, with passwords and/or encryption. Any hard copies of information will be kept in even fewer locations and will be locked away.

It is the right of anyone, who has agreed for us to keep personal data, to see the information that we hold, should there be any concerns. We will respond to any requests within 28 days of receiving a request at

We feel that we have been as vigorous as possible with regard to the GDPR. However, should you have any concerns about Thomas’s Fund’s information rights practices, you should contact the Information Commissioner’s Office (ICO) helpline on 0303 123 1113 or follow the links on their website –

Online considerations

Although we do our very best to take as many precautions as possible with data, we do need to transfer data electronically from time to time. As stated above, we are implementing use of secure GDPR compliant cloud-based storage and, if required, encrypted email. Nevertheless, we have to accept that the ‘online world’ is not, as yet (and, most probably, never) completely secure. We need to point this out to you, even though we are sure that you will be very aware of this already.

Please, also, be aware that the promises above link specifically to our own work. Our website does not use cookies. We cannot guarantee the policies of social media providers (e.g. Facebook and Twitter) or third-party websites. Please ensure that you read the Privacy Policy of any social media channel or website before sharing data (and make use of the Privacy Settings and Reporting Mechanisms to control how your data is used).

Being contacted by Thomas’s Fund

At Thomas’s Fund, we aim to operate an ‘opt-in only’ communication policy. We will aim to send information only to people who have specifically agreed to us doing so, and only in the manner that they have agreed to. On contacting you, we will always aim to remind you of your right to request that contact ceases (or that the manner in which we contact you changes) and will respect your right to change your mind.

Opting ‘In’ or ‘Out’

If you wish to receive information about Thomas’s Fund but have not yet opted in, you can do so by emailing us at: or OR call us at 07395 962072.

If you would like to view Thomas’s Fund’s Privacy Policy in full, please click on this link.