Security and Privacy

As a responsible organisation, we comply with the Data Protection Act 1998 ('Act'). We are registered under the Act with registration number Z7071210.

Collecting Personal Information

We do not collect any personal information about you on our Website unless you choose to provide it to us voluntarily. If you register and confirm an order with us, we hold certain information to be able to process your order. Personal information is unique to you and will include your name, delivery address, credit/debit card number and expiration date, billing address, e-mail address, telephone number, etc. We also hold details of your transactions with us to ensure that we can answer any query you have with us.

Sometimes we will supply your name, address and contact details to a partner company to deliver the product you have ordered. Your information will not be used for any other purpose than confirming and delivering your order.

Any information we collect is stored and processed in the UK. Your personal information is not sold to or shared with third parties or used in any other way (other than described in this policy or as required by law) unless you agree. 

Where indicated - usually by a tick box asking for your permission - we use your personal information to create a profile of your interests and preferences. This information is not sold to or shared with other organisations. 

Opting Out

You have the right to ask us not to contact you for marketing purposes. If do not wish to receive marketing information from us you have the option of ‘opting out’. There are clear instructions on how to opt out of our e-newsletter which includes an option ‘To unsubscribe click here’. Alternatively, please let us know in writing.

Analytics

We want our website to be as user friendly as possible. To help us understand how well the website is working, and how we can improve it, we use third-party analytics tools such as Google Analytics and E-tracker.

Analytics tools help us collect information about how people in general use our websites. For instance, it helps us monitor how many people visit each page, how long people stay on each page, which search engines people use to find our website and which links are clicked on.

These cookies do not collect or store personal information about you. Analytics data cannot be used to identify you, or to tell us what you did on our website. It is completely anonymous.

Cookies

Cookies are small data files that are sent from a website to your computer or mobile phone. They are stored on the hard drive of your device. Some are stored just for the duration of your visit to the website, others are stored for much longer periods.

This page tells you about how RNIB uses cookies and how you can make choices about deleting and rejecting cookies. By using RNIB's websites, you consent to our use of cookies. If you'd like to learn more about cookies in general, we recommend the AboutCookies.org website.

How we use cookies

  • We use cookies to make our website work better for you
  • No official RNIB website uses cookies that give us access to any personal information about you

Profile management

Some RNIB websites allow you to login to an account. Some of these sites use a cookie in order to remember account information, like your password. This can be helpful, meaning you don't have to remember your password each time. These cookies don't give us access to your account or your personal details.

Usability and accessibility settings

Most RNIB websites allow you to resize text. If you use the resizing options, these settings are stored in a cookie so that your chosen text size follows you around the website. These cookies don't give us access to your personal information.

Third party cookies

Third-party cookies are ones that are not set directly by RNIB, but they may be dropped onto your computer by a third party when you use one of our websites, or do certain things on one of our websites. For instance:

  • we use Google Analytics and E-tracker to help us improve the website. These analytics tools use cookies that are not controlled by RNIB but which are active when you use many of our websites.
  • some RNIB websites have 'share' buttons that let you share pages with your friends through websites like Twitter and Facebook. These sites may set a cookie when you login to share things.

As third party cookies aren't set by us, we can't control how they work, but we can control which websites we choose to work with. We take your privacy seriously and we would never work with a website we don't trust.

Cookies: your choice

Our websites work better with cookies enabled. Our cookies don't give us or anyone else access to your personal data. We strongly advise you to keep cookies enabled when you use RNIB's websites. However, you can use your browser to delete and reject cookies. There are instructions on how to delete cookies and how to control cookies on the 'About Cookies' website.

The cookies we use

We use the following cookies on our website (none of which give us access to your personal information):

  • UTMA, UTMB, UTMC & UTMZ
  • GA active cookie
  • Has_JS
  • FBY_SITE cookie

Security Policy

PCI Compliance

RNIB uses Sage Pay as our payment  gateway for card processing and they are a fully approved Level 1 payment services provider, which is the highest level of PCI compliance

Transaction security

All transaction information passed between RNIB and Sage Pay’s systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted and any messages sent to our servers from Sage Pay are signed using MD5 hashing to prevent tampering. Nothing we pass to Sage Pay’s servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.

Encryption and Data Storage

Once on their systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign's Global Root certificate, making them all but impossible to extract. The data they hold is extremely secure and they are regularly audited by the banks and banking authorities to ensure it remains so.

System security

Sage Pay’s systems are scanned quarterly by Trustwave which are an independent Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the payment card brands.

Sage pay is also audited annually under the Payment Card Industry Data Security Standards (PCI DSS) and is a fully approved Level 1 payment services provider, which is the highest level of compliance. They are also active members of the PCI Security Standards Council (SSC) that defines card industry global regulation.