Single poppy in a wheat field

Our privacy policy and promise

At the Royal British Legion Group, we believe in being open and up front with people about how we use their personal data. 

The Royal British Legion Group includes:

  • Royal British Legion, the main charity 
  • Royal British Legion Trading Limited, running our Poppy Shop (retail outlets and website)
We are committed to upholding fundraising best practice and being as transparent as possible Charles Byrne, Director General at RBL

We have developed our privacy promise: a quick and simple summary explaining how we use and look after your information.


Our promise

The Royal British Legion Group takes your privacy very seriously, and we want to assure you that your personal information is safe with us and we will never sell your details. Our privacy policy covers how we treat your data and put you in control of what happens to it.

Who is the Royal British Legion?

We provide lifelong support for members of the Royal Navy, British Army, Royal Air Force, veterans and their families all year round. We also campaign to improve their lives, organise the Poppy Appeal and remember the fallen.

We will protect your data

We will never sell your data to third party organisations.

We will collect and use your personal information only if we have your permission, or we have justified business reasons for doing so, such as collecting enough information to manage memberships.

We will be clear at the point when we collect your information about how we will use it, and who we might share it with.

We will use your personal information within the appropriate lawful basis for which it was collected, and we will make sure we delete it securely once we longer need it.

You are in charge

We will contact you with your permission via methods of communication you have consented to, or where we have a legitimate interest to do so.

As a supporter, member or volunteer of The Royal British Legion Group, you can contact our Supporter Services, any time you wish, to change the way we contact you, including opting in to, or out of, future communications.

We are respectful

We will not put undue pressure on you to make a gift, and if you do not wish to donate we will respect your decision.

We are accountable

We do all we can to make sure fundraisers, volunteers and third party agencies working with us comply with this privacy policy.

We keep in touch

We will always provide easy ways for you to contact us, and our Supporter Services are on hand to help answer any queries you may have about your data.

If you are unhappy with anything we've done in relation to your data, please contact Supporter Services and we will look in to what’s happened straight away.

We have protocols in place to ensure your data protection, but in the event of a mistake, we will follow strict procedures to keep you informed and put things right.

If you have any questions please contact our Support Services via [email protected]  or call 0345 845 1945 and they will be happy to help.

Privacy policy

The Royal British Legion Group of charities takes the privacy of our beneficiaries, supporters, members and volunteers very seriously, and we are committed to protecting your privacy. This policy tells you how we collect your personal information, how we store it, how we use it and what your rights are in relation to your personal information.

The Royal British Legion Group includes:

  • Royal British Legion, the main charity
  • Royal British Legion Trading Limited, running our Poppy Shop (retail outlets and website)

This policy describes how the Royal British Legion Group collects and uses personal information about people who visit our websites and give us their information over the phone, face to face, and in writing. The terms of this policy may change to reflect our practices in what we do with your information. If we make significant changes to our Privacy Policy, we will highlight that there has been a change on our website and on communications for a discretionary period of time.

If you have any queries about this policy please contact us by post at The Data Protection Officer, Royal British Legion, Haig House, 199 Borough High Street, London SE1 1AA or via [email protected].

How we collect personal data

The Royal British Legion Group is the data controller of the personal information you provide to us, and we will determine and tell you about the purpose for which we are collecting your information and how we will use it. We collect your personal information in a number of ways:

  • When you provide it to us directly via telephone, letter, email, text / messaging service or the Royal British Legion Group forms or via an organisation working for us (eg a fundraising agency)
  • When you give other organisations consent to share it with us
  • When we collect it as you use our website or social media pages and apps
  • When you have consented to third parties sharing it with us; for example from our service providers or from a friend who wants to tell you about our websites or the assistance we may be able to provide or the fundraising activities we carry out

We will collect your personal information when you enquire about our activities, register with us, send an email, make a donation to us, ask a question about our services or otherwise provide us with personal information.

Third parties who collect your data

When browsing third party platforms [including social media], where the Royal British Legion maintains a presence, we will be joint-controllers of your data with the third party platform’s owner. The third party platform will process your data in line with their privacy and cookie policies. In such circumstances, you will be able to update your cookie preferences directly on the third party platform. You will not be able to update your preferences through The Royal British Legion.

For example, when you visit the Royal British Legion’s Facebook page, Facebook may drop a cookie on your computer subject to their privacy and cookie policies. You are able to control the settings of any non-essential cookies by logging into your Facebook account.

Currently, the Royal British Legion maintains a presence on and therefore is a joint-data controller with the following third party platforms:

What personal data do we collect?

The personal data we collect might include name, date of birth, email address, postal address, telephone number and bank, credit or debit card details if you are supporting us financially.

We may also collect special category data (previously referred to as ‘sensitive personal information’) such as information about your health if this is required for the purpose you have contacted the Royal British Legion Group. We will be very clear about the reasons we need this information and would only do so with your specific consent, for example if you are accessing any of our Welfare Services.

We also gather general information about the use of our websites, such as which pages users visit most often, and which services, events or facilities are of most interest. We may also track which pages users visit when they click on links in the Royal British Legion Group emails. We may use this information to personalise the way our websites are presented when users visit them, to make improvements to our websites and to ensure we provide the best service for users. Wherever possible we use aggregated or anonymous information which does not identify individual visitors to our websites. In addition, we may use the information to build profiles of people who would be interested in our services. Please see our Cookie Policy.

How we use this information?

We will use your personal information for one or more of the following purposes:

  • Dealing with your enquiries and requests
  • Providing information about products and services
  • Administering membership records
  • Administering volunteer records
  • Fundraising
  • Contacting you to promote our products and services. If we do not have your contact details such as your telephone number, e-mail address, or postal address, we may source this information via third party companies
  • Providing and personalising our services
  • Administering orders and accounts relating to our suppliers or customers
  • Conducting market research
  • Conducting research in to issues affecting the Armed Forces community
  • Profiling and segmentation so that we can offer supporters / members / volunteers products relevant to them
  • For administrative purposes

Where relevant, we may also assess your personal information for the purposes of fraud and credit risk reduction.

The Royal British Legion Group may analyse the personal data we collect to create a profile of your interests and preferences so that we can contact you in the most appropriate way, and with the most relevant information, to provide a better experience for you.

To do this, we may use additional external sources of data to increase and enhance the information we hold about you, such as Experian Mosaic. This may include obtaining details of changes of address, age data and other contact details and consumption and demographic data. It may also include information from public registers and other publicly available sources such as Companies House, newspapers and magazines. We regularly monitor our suppliers to ensure they meet our required standards and that they comply with current Data Protection legislation.

If you do not wish your data to be used in any of the ways listed above, or have questions about this, then please [email protected].

If you enter your contact details in one of our online registration forms, we may use this information to contact you even if you don't "send " or "submit "the form. We will only do this to see if we can help with any problems you might be experiencing with the form or with our websites.

We may need to share your information with our contracted service providers and agents for the purposes described above.

Our Supporter Care

If you contact our Supporter Care Team you may choose to provide details of a personal nature. If you telephone our Supporter Care Team, your call may be recorded and if it is it will be stored for six months and then securely deleted.

Only the Royal British Legion Group will receive your personal information, and it will only be used for the purposes of dealing with your enquiry, training, and quality monitoring or evaluating the services we provide. The Royal British Legion Group will not pass on your details to anyone else (unless they are acting on our behalf as an entity of the Royal British Legion Group or a supplier under agreement with the Royal British Legion Group) without your consent; except in exceptional circumstances such as to comply with the law. Examples of this might include people contacting the service reporting abuse, anyone reporting serious self-harm, anyone expressing the intention of harming someone else, or any matter regarding national security.

Your personal information and details of the enquiries received are stored on a secure database. If for any reason you wish to have your personal details amended or removed, please contact Supporter Services whose details are below.

Your choices

You have a choice about whether you want to receive information about our progress, fundraising activities, membership or campaigns. We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted. You can change your marketing preferences (such as email, phone, text or post at any time), by contacting us using the details below.

If you wish to change your preferences regarding participation in campaigns, please contact Supporter Care and your update will be passed to RBL's Public Affairs and Public Policy Team.

The lawful basis we use to process your data

We will process your personal data under one or more of the following lawful bases:

  • You have given us clear consent
  • You have entered into a contract with us
  • We have a legal obligation to process the data
  • The processing is necessary for your vital interests i.e. to protect your life
  • We have a genuine and legitimate reason and we are not harming any of your rights and interests

Where we ask for your consent to process your personal information, we will use clear plain language so you can fully understand what you are consenting to. We will tell you what we will be doing with the information, and explain your right to withdraw consent and how you can do that. We will only use your personal information you have provided for the purpose we have gained your consent for. We may also ask you to confirm that you still consent where a considerable period of time has lapsed since you last had any contact with the Royal British Legion Group.

Legitimate interests

We may process your personal data where we have a genuine and legitimate reason to do so, and we are not harming any of your rights and interests. Our legitimate interests will be in providing lifelong support for the armed forces community, fundraising, organising events and campaigning.

This means that we may use your personal data for direct marketing, fraud prevention, network and information security, crime prevention/detection and analytics so that we can improve our services to give you the most appropriate information and ensure our fundraising campaigns are effective.

Our legitimate interests are as follows:

  • Direct Marketing: We will send postal marketing and fundraising asks which further the aims and objectives of the Royal British Legion Group. We will also make sure our postal marketing is relevant for you, tailored to your interests.
  • Ordering online: In order for us to process an order, payment has to be taken and contact information collected, such as name, delivery address and telephone number provided. The record of the transaction is made by Royal British Legion Trading Limited, running our Poppy Shop (website).
  • Your best interest: Processing your information to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure.
  • Personalisation: Where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our supporters.
  • Analytics: To process your personal information for the purposes of customer analysis, assessment, profiling and direct marketing, on a personalised or aggregated basis, to help us with our activities and to provide you with the most relevant information as long as this does not harm any of your rights and interests.
  • Research: To determine the effectiveness of promotional campaigns and advertising, and to develop our products, services, systems and relationships with you.
  • Due Diligence: We may need to conduct investigations on supporters, potential customers and business partners to determine if those companies and individuals have been involved or convicted of offences such as fraud, bribery and corruption.

We will process your personal data for our legitimate interests in a way we consider you would reasonably expect, to be proportionate and with minimal impact on your privacy. We will carry out assessments to ensure that we consider whether the processing is necessary and by balancing it out with your rights and freedoms.

You have a right to object to your personal data being processed under legitimate interests if you do not consider we have compelling legitimate grounds for the processing. Please see the section below for more information.

Your rights

Under the General Data Protection Regulations (GDPR) you have the following rights:

  • Transparency over how we use your personal information (right to be informed)
  • Request a copy of the information we hold about you, which will be provided to you within one month (right of access)
  • Update or amend the information we hold about you if it is wrong (right of rectification)
  • Ask us to stop using your information (right to restrict processing)
  • Ask us to remove your personal information from our records (right to be 'forgotten')
  • Object to the processing of your information for marketing purposes (right to object)
  • Obtain and reuse your personal data for your own purposes (right to data portability)
  • Not be subject to a decision when it is based on automated processing (automated decision making and profiling)

If you would like to know more about your rights under the GDPR see the Information Commissioners Office website. If you would like to make a request for any of the above actions, please submit your request to us by post at The Data Protection Officer, Royal British Legion, Haig House, 199 Borough High Street, London SE1 1AA, or via [email protected]

Rights of accessing

You have the right to see what personal data we hold about you. We would ask that you submit your request for access to your personal data in writing. Please use our subject access request form to ensure you supply all the information we need to process your request. You can also use this form if you are requesting information on behalf of somebody else.

If you would like to make a request for any of the above actions, please submit your request to us by post at The Data Protection Officer, Royal British Legion, Haig House, 199 Borough High Street, London SE1 1AA, or via [email protected].

Transfer of information outside of the EEA

Given that the Internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data on an international basis. This means for instance that data you pass to us may be processed outside the European Economic Area (EEA) in certain specific situations. The data will always be held securely and we will take steps to ensure the organisation based outside of the EEA provides an adequate level of protection and we will put in place all necessary safeguards.

Children's data

Whilst the Information Commissioners Officers guidance states that children can, over the age of 13, give their own consent to marketing, the Royal British Legion Group is concerned to protect the privacy of children aged under 16.

Where appropriate, we will seek consent from a parent or guardian before collecting personal information about a child aged under 16. Therefore, if you're aged 16 or under, you must get your parent/guardian's permission before you provide any personal information to us.

We do have activities and events for those under 16 so we may ask your age. Before taking part please ensure you speak to your parent or guardian.

Our events have specific rules about whether children can participate and we'll make sure advertising for those events is age appropriate.

Please note that we will not knowingly market to or accept orders for goods or services from persons aged under 16 years.

As a parent or guardian we encourage you to be aware of the activities in which your children are participating, both offline and online. If your children voluntarily disclose information, this may encourage unsolicited messages. We suggest that you discourage your child from providing any information without your consent.

For our raffle and gaming products, due to Gambling Commission regulations, we cannot allow people under the age of 16 to take part.

How to protect personal information

All of our online forms are protected by encryption. We also use a secure server when you make a donation or payment via our websites. We take appropriate measures to ensure that the personal data disclosed to us is kept secure, accurate, and up to date.

We ensure that there are appropriate technical controls in place to protect your personal details. For example, our online forms are always encrypted and our network is protected and routinely monitored.

We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.

We use external companies to collect or process personal data on our behalf. We do comprehensive checks on these companies before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they have collected or have access to.

Some of our suppliers run their operations outside the European Economic Area (EEA). Although they may not be subject to same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.

We may need to disclose your details if required to the police, regulatory bodies or legal advisors.

We will only ever share your data in other circumstances if we have your explicit and informed consent.

How long will we keep your personal data?

We will ensure that your personal data is kept only for so long as is necessary for the purpose for which it was collected, and is securely destroyed in accordance with our retention schedule. Where possible we will inform you of how long we will retain the personal data you are providing to us.

Where you no longer wish for RBL to contact you we may have to keep some basic data about you to ensure that we do not contact you in future.

Will we disclose the information we collect to outside parties?

We do not share or sell supporter or member details with other charities or other third parties.

We will only disclose data when obliged to disclose personal data by law, or the disclosure is 'necessary' for purposes of national security, taxation and criminal investigation, or we have your consent.

We may share your personal data with one or more of the following:

  • Within the Royal British Legion Group, i.e. the Royal British Legion, the main charity and Royal British Legion Trading Limited, running our Poppy Shop (retail outlets and website)
  • Other entities within the Royal British Legion family of charities, including PoppyScotland and the National Memorial Arboretum
  • Suppliers we engage to process data on our behalf. In such cases information is only shared for the purpose of providing services on our behalf relating to communications, or agreements between yourself and the Royal British Legion Group. Such processing is conducted under relevant Data Processing Agreements
  • If we run an event in partnership with other organisations

Use of mobile phone data

The Royal British Legion Group values your support. We would like to keep you up to date with information and fundraising appeals on our charitable work via your mobile phone and also by writing to you. If you have texted us, we will retain a copy of your mobile phone number, together with any other personal details you have given us, such as your name and address.

If you would prefer us not to contact you by mobile phone, or if you would prefer us not to contact you by mail you may call Supporter Services on 0345 845 1945 or via [email protected] .

Personal changes

If your personal details change, please help us to keep your information up to date by notifying the relevant department.

If you are a supporter, member or volunteer and wish to update us of your information please contact us at the following address: Supporter Services, Royal British Legion, 199 Borough High Street, London SE1 1AA.

We may change the terms of this privacy policy from time to time. If we do so, we will list the changes at the end of this webpage, as part of an audit trail. By continuing to use our websites you will be deemed to have accepted such changes.

Data Protection Regulator

Further information and advice about data protection law and compliance is available from the Information Commissioners Office. You can contact them using the details below.

  • Address: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • Phone: +44 (0) 01625 545 745
  • Website:

Fundraising Preference Service

The Royal British Legion Group is committed to empowering our supporters to manage how we communicate with you. The Fundraising Preference Service (FPS) enables you to take control of your charitable giving and conversations, and we want to help you use the service effectively. Visit the FPS website, and remember to use our charity number 219279 to avoid confusion with similar sounding charities.

Changes to our Privacy Policy

Should we need to change our privacy policy we will share the changes here. Where the changes are significant, we may also choose to email all our registered supporters and members with the new details. Where required by law, will we obtain your consent to make these changes.

Not quite what you're looking for?

Our team are on hand to provide you with the support you need.
Get in touch
Back to top