How we respect your data
Last Updated: April 2026
1. Introduction
This Privacy Notice relates to Sheldrick Wildlife Trust UK, a registered charity in England and Wales (registered charity number: 1103836) (company number: 04791958); The David Sheldrick Wildlife Trust (registered in Kenya, PIN: P051097749N); and Sheldrick Wildlife Trust USA (EIN: 30-0224549); Sheldrick Wildlife Trust Canada (registration number 739215754 RR 0001) (collectively, ‘SWT’, ‘we’, ‘us’ or ‘our’).
The SWT is committed to protecting and respecting your privacy. This Privacy Notice, together with any other documents referred to in it, explains how we will treat your personal data and sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. This includes information we collect through, or in association with, our website with a home page located at sheldrickwildlifetrust.org; enormouselephantrun.com; elephantorphans.com; daphnesheldrick.com; sheldrickbotanicals.com; theherdofhope.com; (the “Website”), our products and services that we may offer from time to time via our website, our related social media sites, or otherwise through your interactions with us (the website, products, services, and social media pages, collectively, the “Services”).
If you are a resident of the UK or EU, we are the data controller of any personal data you may provide to us in relation to Services we offer to individuals in the European Economic Area (“EEA”) pursuant to the UK General Data Protection Regulation (“UK GDPR”) and EU General Data Protection Regulation (“EU GDPR”) (together the “GDPR”).
Please read our Privacy Notice carefully to understand our practices regarding your personal data and how we use it. By using this website, and by providing us with any personal data, you acknowledge the use of your personal data as set out in this Privacy Notice.
2. How and when we collect personal data
We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal data”). In addition, we may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, and is not personal data. To the extent this data is stored or associated with personal data, it will be treated as personal data; otherwise, the data is not subject to this notice.
There are a number of ways that we collect your personal data;
· Most often we collect your personal data directly from you when you engage with us, for example, if you sign a petition on our website, make a donation by post, telephone or online, adopt an orphan animal in our care or correspond with us via email. You always have a choice about how we communicate with you.
· In some very limited circumstances, we gather data from publicly available sources to help us in our work with High-Net-Worth Individuals. Sometimes you will provide data to third parties who then pass it to us with your permission. For example, you may be raising money for the SWT through JustGiving, Crowdrise, Facebook, Instagram or other fundraising platforms. You can find out more about this in Section 4 about how we work with third parties. We do not buy lists of data for marketing purposes or share data with other charities or organisations for them to use for marketing purposes.
· Indirectly; we will usually collect information indirectly using the technologies explained in the section ‘Online privacy and cookies’ below.
3. What personal data do we collect and why do we collect it?
When you provide us with your personal data, we will process it in accordance with the stated purposes in this Privacy Notice and the GDPR. We are required by law to tell you what information we keep on file and what we use it for, and we will always make sure that we consider why we are processing your personal data and our legal basis for doing so.
The information we hold
We hold information that is necessary for the administration of your donations, including donations to adopt, and regular donations, including direct debits, such as:
Our lawful bases for processing
We process your personal data under the following lawful bases, depending on the context:
Legitimate interests
Examples where we process your personal data on the basis of our legitimate interests include where you request information about the work of the SWT, we have a legitimate interest to use your personal data to respond to you and in doing so, there is no overriding prejudice to you by using your data in this way; where you have made a donation to the SWT, we have a legitimate interest to inform you of how your support is making a difference; to update our database records to keep them accurate, such as amending an address where we receive returned mail; to contact former job applicants if a suitable role becomes available.
You have the right to object to us processing your data on the grounds of legitimate interests, and if you would like us to stop using your data on this basis, please contact us (contact details can be found at the end of the Privacy Notice and on our website).
The privacy of our supporters and donors is extremely important to us and all personal data we collect is held safely and securely.
4. How we share your personal data with third parties
The SWT does not sell personal data or supporter lists with any other organisations.
We sometimes share your personal data with the following categories of third parties:
Any personal data shared with such third parties is limited to the personal data required by them to perform the Services. Any use for other purposes is strictly prohibited. We only allow these third parties to handle your personal data if we are satisfied they take appropriate measures to protect your personal data, which are incorporated into an agreement between us and them.
Some third-party organisations collect data on our behalf, and share it with us, in accordance with their data protection policies and based on your consent. This could be where you have chosen to create a fundraising page with a third-party platform in order to secure sponsorship for the SWT. Examples of companies we work with include: JustGiving, Crowdrise, Facebook, Instagram, Enthuse, Charities Trust, Payroll Giving in Action, Active Network (Active Works).
In processing online donations, credit/debit card telephone donations, online direct debit and regular donations, and online merchandise orders, you will be directed to a payment gateway. In the case of telephone donations, the telephone operator will utilise a secure online payment gateway. Payment gateways use security features and encryption to keep your data safe, secure and encrypted. Credit/debit card donations are processed using PayPal, Braintree, CAF, DonorPerfect and Stripe. We do not store or manage any credit/debit card details.
We will share your data where we have a legal requirement to do so. Examples include providing audit information to HMRC for Gift Aid claims or if we are required by law enforcement officials, if we believe such action is necessary to prevent fraud or to protect the SWT website or the rights, property or personal safety of any person.
Access to the SWT’s data is secured and protected. It is restricted to a limited number of trained staff in the organisation.
5. How long we keep your data
We will not keep your personal data for longer than we need it for the purpose for which it is used. The SWT wants to ensure we have up-to-date records for you as long as you are actively supporting us, so for as long as you engage with us and take actions on our behalf, such as donate to us, adopt an orphan, sign a petition or correspond with us. If you are no longer an active supporter, we will keep your personal data for a set period of time.
In the case of financial donors, we will keep records for at least seven years after your last financial contribution to us, to meet our requirements for any Gift Aid audit from HM Revenue & Customs (UK) or general audit from the Inland Revenue Service (USA).
In the case of active supporters with no financial record, for example, those that requested to receive marketing emails from us, or requested any of our fundraising resources, we will keep records for at least 24 months after you corresponded with us or provided your consent to receive marketing communications. At that time, we will ask if you wish to continue to hear from us. If you do not renew your consent, we will remove your personal data.
If you are a legacy supporter, we will keep your personal data for seven years after your legacy case is closed. It is important that we ensure we have the records to administer any legacy gifts in the way you want.
If you have adopted an orphan animal in our care, we will keep your personal data for at least seven years from the date you made a financial donation to adopt. For multiple year adoptions, for example when you donate to adopt an orphan for four years at the outset, we will keep your personal details for at least four years after the end of your active adoption. Orphan animals are reliant on us for a long period of time before going wild and we want to ensure you can re-activate an expired adoption should you choose to while your adoptee remains in our care.
At the end of the time periods outlined above we will delete or anonymise your personal data. We keep records of how supporters interact with us, but not of who those supporters are. For example, we want to be able to identify how many supporters adopted a specific orphan, donated to an appeal and/or purchased different types of merchandise. This helps us understand the effectiveness of our actions and to be able to improve them so that we raise funds in the most effective way.
6. International data transfers
Where personal data is transferred outside the United Kingdom or European Economic Area (“EEA”), we will ensure that such transfers are carried out in accordance with applicable data protection laws.
In particular, we may rely on one or more of the following safeguards:
In addition, where required, we assess whether supplementary technical and organisational measures are necessary to ensure that personal data continues to be protected to a standard equivalent to that required under UK and EU data protection law.
Depending on your interaction with us, the relevant SWT entity may act as the data controller. In some cases, SWT entities may act as joint controllers where they jointly determine the purposes and means of processing, or as processors where one entity processes personal data on behalf of another.
Further details can be provided on request.
7. Online privacy and cookies
The SWT may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This information does not identify any individual and is statistical data about our users’ browsing actions and habits. It is used to help us identify popular and less popular content, to allow us to improve the content we make available to you on our website and offer you a good experience when you browse the website. Cookies can either be ‘persistent’ or ‘session’ cookies. A persistent cookie will be stored by a web browser and will remain valid until its expiry date, unless deleted by the user before the expiry date. A session cookie will expire at the end of a user session, when the web browser is closed.
We use Hotjar in order to better understand our web users’ needs and to optimise people's online experience with us. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our website with user and supporter feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a non-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymised user profile - this means that any personal data that was collected cannot be attributed to a specific person. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
We use Google reCAPTCHA on certain parts of our websites to help protect our websites, forms and services from spam, fraud, abuse and automated misuse. reCAPTCHA is a security tool that analyses information relating to your use of our websites in order to distinguish human users from automated activity.
In doing so, reCAPTCHA may collect and process personal data and related information such as your IP address, browser and device information, operating system, referring URL, date and time of your visit, and information about your interactions with the website, including mouse movements, clicks, scrolling and keystroke patterns. reCAPTCHA may also place or read cookies and similar technologies.
We use reCAPTCHA on the basis of our legitimate interests in protecting our websites, systems and users from malicious activity, fraudulent submissions and automated abuse.
Information collected through reCAPTCHA is transmitted to Google for processing on our behalf. This processing may take place on servers located outside the UK and/or EEA, including in countries whose data protection laws may differ from those in your country of residence. Where personal data is transferred internationally, we will ensure that appropriate safeguards are in place as required by applicable data protection law.
We use both essential and non-essential cookies. Non-essential cookies (including analytics and behavioural tools such as Hotjar and reCAPTCHA) will only be placed on your device where you have provided your consent via our cookie banner or preference centre. You may withdraw or manage your consent at any time.
For further details about the cookies and similar technologies we use, please see our Cookies Notice.
8. Security of personal data
The security of personal data is of great importance to us, and we have security measures in place to attempt to protect against loss, misuse and alteration of personal data in our control. We store all personal data you provide on secure servers. All electronic financial transactions entered through our websites are protected by encryption technology. If you use a password to access our websites, it is your responsibility to keep your password confidential and we will never ask you to reveal your password to us verbally or via email or post. You acknowledge that submission of information over the internet is never entirely secure. If you use a shared computer or computer in a public space to access our websites, or any websites, it is advisable to clear the browsing history in the browser and to close the browser when you have finished your user session to help ensure others do not access any personal data you shared in your session.
Any credit or debit card details provided via online payment systems remain with our payment partner(s) and do not reach us.
We limit access to your personal data to those who have a genuine need to access it.
9. Marketing, Fundraising and Campaigning
We may wish to contact you by phone, post, SMS, or email to update you on our work, campaigns, events, appeals or other activities related to the work of the SWT that we believe may be of interest to you. Please note that you may opt-out of receiving such communication at any time. We aim to make it easy for you to tell us if you would like to receive fundraising or campaigning communications from us and to hear about our work, and the ways in which you would like to hear from us: by phone, email, SMS, post, social media and Mobile APP direct messaging platforms. If you tell us that you do not want to receive fundraising or campaigning communications, we will remove you from our list and we will not send you any further materials, unless you change your mind at a later date and expressly request future communications.
We want to ensure we keep in touch with you when and how you want. Marketing communications we send you will outline how you can update your contact preferences and our marketing emails include an unsubscribe link.
We may rely on legitimate interests to communicate with you about our work where you have an existing relationship with us, and where this is permitted under applicable law. Where required, we will obtain your consent before sending marketing communications. If you do not want to receive certain communications from us, or no longer wish the SWT to contact you in any form, please tell us (contact details can be found at the end of the Privacy Notice and on our website). Donors that have active adoptions of orphan animals in our care will, as clearly stated in the fostering programme on sign up, receive monthly email updates on the Orphans’ Project, including information when available on the orphan adopted. These emails are part of adoption programme. As an active adopter, you have the right to ask us to stop sending you your monthly orphan updates, on the understanding that in doing so you are choosing not to be updated about our Orphans' Project. You can request for these orphan update and informational emails to re-commence at any time during your adoption.
10. Your GDPR rights
Under the GDPR, you have the following rights which you may exercise:
If you would like to exercise any of your rights, please email [email protected] or contact us at our address shown below. When contacting us please provide enough information to identify yourself and any additional identity information we may reasonably request from you and let us know which right(s) you want to exercise and the information to which your request relates.
We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on individuals.
For further information on your rights, you may find it helpful to refer to the guidance from the UK Information Commissioner on your rights under the GDPR.
11. Other Important Information
If you are located outside the UK or EEA, including in the United States or Canada, your local data protection laws may provide you with additional rights. While we primarily operate under UK and EU data protection law, we will endeavour to respond to all privacy-related requests in accordance with applicable legal requirements.
Collection of Personal Data from Children: Children under 16 years of age are not permitted to use the Services, and we do not knowingly collect information from children under the age of 16. By using the Services, you represent that you are 18 years of age or older, or are 16 years of age or older and have valid parental or guardian consent to do so.
Business Transfer: We may, in the future, sell or otherwise transfer some or all of our business, operations or assets to a third party, whether by merger, acquisition or otherwise. Personal data we obtain from or about you via the Services may be disclosed to any potential or actual third-party acquirers and may be among those assets transferred.
Do Not Track: We use analytics systems that process personal data about your online activities over time and across third-party websites or online services, and these systems may provide some of this information to us. We do not currently process or comply with any web browser’s “do not track” signal or similar mechanisms.
12. Third-party websites
Our websites may include hyperlinks to, and details of, other websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We have no control over, and are not responsible for, the privacy policies and practices of third parties and always advise you to read the Privacy Notice of any website you visit, to ensure you agree with the policy before actively using the website.
13. Changes to the Privacy Notice
We reserve the right to change this Privacy Notice from time to time. You will always be able to see when it was last updated at the top of this page. If we make significant changes, such as to how we process your personal data, we will publicise these changes or may contact you directly with more information. Your continued use of the Services following our posting of any revised Privacy Notice will constitute your acknowledgement of the amended Privacy Notice.
14. Contact
You can contact us at any time, at any of our locations. If you have any questions or comments about this Privacy Notice or about the use of your personal data, need to update your details, or you want to exercise your privacy rights, please direct these to: [email protected].
Post (UK): Sheldrick Wildlife Trust UK, 1 Oak Place, Rosier Business Park, Coneyhurst Road, Billingshurst, RH14 9DE
Post (USA): Sheldrick Wildlife Trust USA, 25283 Cabot Road, Suite 101, Laguna Hills, CA 92653
Post (Kenya): Sheldrick Wildlife Trust, PO Box 15555, Mbagathi, 00503, Nairobi
Post (Canada): Sheldrick Wildlife Trust Canada, 621 22 Ave SW, Calgary, AB T2S 0H7
15. Applicability of this Privacy Notice
This Privacy Notice governs your use of the Services. This Privacy Notice applies regardless of the means used to access or provide information through the Services.
This Privacy Notice does not apply to information from or about you processed by third parties for their own needs acting as data controllers (including via their services, applications, websites or advertisements) as part of or associated with the Services. The collection or receipt of your information by such third parties is subject to their own privacy policies, statements, and practices and under no circumstances are we responsible or liable for any third party’s compliance therewith.
16. Complaints
If you wish to raise a complaint on how we have handled your personal data, we would appreciate the opportunity to deal with your concerns in the first instance. Please contact us at [email protected] or on our address above. You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk).