Our privacy policy

Switch to our child-friendly privacy policy


The Raspberry Pi Foundation (RPF) is a charitable foundation based in the United Kingdom with the mission to enable young people to realise their full potential through the power of computing and digital technologies. We collect your data to help us advance our mission, and we always consider and respect your privacy rights.

We want to be open about what we are doing and why. The purpose of this policy is to explain how the Raspberry Pi Foundation collects and uses the personal information you provide to us, whether it is shared online, via phone, via email, in letters, in any other correspondence, or by other people.

Notice to Parents and Guardians

We are committed to protecting the privacy of the young people that engage with us through our competitions, on our website, at events, and in the clubs that we support. We treat your child’s information in accordance with all applicable laws concerning the protection of personal information.

Contents of Policy

  1. Who are we
  2. What information we collect from you
  3. When we collect information from you
  4. What we use your information for
  5. How do we store your data and how long do we keep your data for
  6. Anonymised data
  7. On what legal basis we use your information
  8. Who we share your information with
  9. Experience CS and Code Editor for Education
  10. Cookies and similar technologies
  11. Your rights
  12. How to contact us about your data

If you have any questions at any time about data privacy at the Raspberry Pi Foundation, please contact us at dataprotection@raspberrypi.org, or write to us at: Data Protection, Raspberry Pi Foundation, 37 Hills Road, Cambridge, CB2 1NT.

1. Who are we

The Raspberry Pi Foundation is a UK-based charity that works to enable young people to realise their full potential through the power of computing and digital technologies. We do this so that more people can harness the power of digital technologies for work, to solve problems that matter to them, and to express themselves creatively. Information about the Raspberry Pi Foundation Group is at the bottom of this page and each page of our website.

2. What information we collect from you

If you are a:

  • Raspberry Pi account holder
  • Volunteer, club leader or host
  • Event or club attendee
  • Competition entrant
  • Survey participant
  • Donor (individual)
  • Contractor or supplier to RPF
  • Job applicant
  • Member of RPF
  • Organisation awarding grants or gifting donations
  • Partner organisation
  • Visitor to our website
  • Visitor to our offices

We may collect the following information:

  • First name
  • Last name
  • Address
  • Date of birth
  • Gender
  • Email address
  • Occupation
  • Country
  • Diversity, equity, and inclusion data
  • Identification, right to work and visa documentation (for job applicants)
  • Phone number
  • Social media ID
  • Images (including audio and/or video)
  • CCTV Image
  • Internet Protocol (IP) Address
  • Google ID

For teachers who work with us, we may also store the following information:

  • Details of the school or education institution you work at

Fundraising and due diligence

As part of our fundraising, due diligence and anti-money laundering processes we undertake research and engage specialist agencies to gather information about donors and potential donors from publicly available sources (for example, UK Companies House, the Electoral Register, company websites, ‘rich lists’, social networks such as LinkedIn, political and property registers and news archives). The purpose of this research is for us to understand more about donors and potential donors and help provide them with an appropriate experience. If you would prefer us not to use your data in this way, please email dataprotection@raspberrypi.org.

Website visitors

When you visit our website, we may collect technical information relating to your use of our website, including your browser type or the IP address used to connect your computer to the internet. For more on this, see section 10, “Information about cookies”.

Special category data

In addition to the above personal data, we may collect the following special category data (as defined by the UK Data Protection Act 2018) if you have chosen to disclose it to us:

  • Disability
  • Health data (such as information about allergies)
  • Personal data revealing racial or ethnic origin (only in circumstances where you have chosen to disclose this information to us expressly in response to a survey question)

Images

The Raspberry Pi Foundation uses images (including videos and audio-recording) to showcase the Foundation’s work. This increases engagement with current members of our community, as well as with potential new community members and supporters. We may process images of individuals from all of the categories of data subjects listed in section 2. We take the security and privacy of images seriously, and we provide guidelines for staff and volunteers.

Where images are processed using the lawful basis of legitimate interest or consent, the individuals featuring in those images have a number of rights that they can exercise over this data, such as the right to delete or rectify. You may “opt out” by withdrawing consent (where given) or challenge the legitimate interest that has been assessed. If you wish to do so please contact dataprotection@raspberrypi.org.

For larger scale or public events we may share images with the event sponsors. Attendees may choose to opt out of their images being taken and shared.

Please note that for images made available on the internet, the Raspberry Pi Foundation can cease to use your images, but it may still be possible to find them on the internet, and this is beyond our control. Where images have already been used in printed publications, it will not be possible for them to be withdrawn.

Code Editor For Education

Code Editor for Education is an integrated development environment designed to help make learning text-based programming simple and accessible for children aged 9 and up. It gives added classroom management functionality to educators who are Raspberry Pi Account holders. This means:

  • Student Accounts within Code Editor For Education are accounts created and managed by teachers in a School (ie the school identified during the sign up process) on behalf of their students.
  • RPF is not the data controller of any personal data associated with these accounts.
  • The School is responsible for this data and decides how this data is used. The School may provide RPF with information about its students in order for us to maintain, manage, and store Student Accounts. This is governed by a data sharing agreement between the School and RPF agreed as part of the terms of use.
  • To see what data is held and and how that data is processed and managed students should review their School’s privacy policy or contact them directly.

3. When we collect information from you

We collect your information:

  • When you create and use your Raspberry Pi account or otherwise sign up to participate in any of our competitions, programmes or events
  • When you choose to create an account or log in using Google Single Sign-On (SSO)
  • When you apply to become a volunteer
  • When you apply for a job with the Raspberry Pi Foundation Group
  • When you or your organisation becomes one of our partners or suppliers or you otherwise enter into an agreement with us
  • When you respond to our surveys
  • When you support us by donating or signing up to gift aid
  • As part of the process to become one of our Members
  • When you visit our office
  • When you visit our website
  • When you receive email newsletters, blog updates or marketing emails from us (we may use tracking software to tell us if, when, and in what general geographic region you delete, open or forward our emails)
  • When you contact us, or opt to receive communications from us, via WhatsApp Business

4. What we use your information for

We may use the information as follows:

  • Provide you with information and services connected with the mission of the Raspberry Pi Foundation
  • Ask you to participate in surveys or user research opportunities
  • In our annual review and Trustee report
  • For research purposes
  • Researching and due diligence of potential donors
  • Thank you for a donation
  • Send you newsletters and magazines (if you have opted in)
  • Publish images in our magazines, websites, social media or blogs
  • Respond to your queries
  • Make sure we are sending out marketing emails and updates at the right time, to the right recipients, with relevant content
  • Analyse activity on our website (section 10)
  • Carry out debugging work (in the case of IP addresses)
  • For safety, security and the prevention of crime (in the case of CCTV images)
  • Enable you to access other products of ours that you navigate to, if you have a Raspberry Pi Account
  • To enable you to log in to your Raspberry Pi account using Google Single Sign-On (SSO) and to simplify the account creation process.

5. How do we store your data and how long do we keep your data for

The Raspberry Pi Foundation securely stores your data with the utmost care and takes all necessary technical and organisational measures to protect it from unauthorised access, alteration, disclosure, or destruction. We use secure servers, encryption, access controls, and regular security audits.

We will keep your personal data for as long as is necessary for the purpose for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider:

  • The amount, nature, and sensitivity of the personal data.
  • The potential risk of harm from unauthorised use or disclosure of your personal data.
  • The purposes for which we process your personal data and whether we can achieve those purposes through other means.
  • Applicable legal requirements (e.g., tax, safeguarding, charity law).

At the end of the retention period, your data will be securely deleted or anonymised. For example:

  • Account data: Kept as long as your account is active and for a period thereafter to allow for re-engagement or to meet legal obligations.
  • Donation data: Kept for six years after the transaction for tax and accounting purposes.
  • Job applicant data: Kept for a reasonable period after the recruitment process, unless you are hired.

Educational program data (especially student data): Retention periods are carefully managed in line with agreements with schools and applicable laws (e.g., UK GDPR, COPPA, FERPA, FIPPA). Anonymised performance data may be retained indefinitely for research and evaluation.

Safeguarding and Child Protection: The Raspberry Pi Foundation is committed to safeguarding children and young people. Our privacy practices support our safeguarding policies by:

  • Ensuring appropriate data handling and storage procedures for any sensitive information related to child welfare.
  • Training staff on data protection and safeguarding responsibilities.
  • Having clear procedures for reporting, responding to, and recording concerns.

Details of any retention period applicable to your personal data are available upon request.

6. Anonymised data

By definition, anonymised data is data that does not contain any information that can be used to identify an individual. Once we have anonymised data we are lawfully allowed to retain it for as long as we need it, with no formal justification.

Anonymised data may be useful for analytical or statistical insight. We are most likely to retain anonymised data for research, analysis, and impact evaluation.

7. On what legal basis we use your information

Lawful bases may include:

  • Where it is within our legitimate interests in order to further our charitable mission and objectives.
    • We may rely on our legitimate interest to promote our products, programmes and resources where we think these may be relevant, or of interest, to you based on our previous interactions with you. You can ask us to stop sending you this information at any time by following the opt-out links on any marketing e-mails sent to you.
    • We may rely on a legitimate interest as the basis to process data for purposes such as informing our fundraising activity, tailoring the experiences of our donors to better suit their interests, or making our fundraising efforts more efficient and cost effective.
    • We have a heightened responsibility to keep your interests central and to make sure that your rights as a data subject override our legitimate interests. For this reason, we will conduct a Legitimate Interests Assessment whenever we rely on a legitimate interest as a basis for processing.
    • Where we rely on legitimate interests we will where possible let you know how we will use the data, and give you the opportunity to object or exercise any rights as a data subject by contacting us.
  • Where we need to comply with a legal obligation.
  • Where processing is necessary for the performance of a contract to which you are a party. If you fail to provide this information, we may be unable to perform the contract.
  • Where we have your consent to process your personal and special category data, where applicable.

The only special category data we may process about you is listed under the heading Special Category Data in section 2 above, which we only process if you have provided us with this information. Subject to Article 9 of EU General Data Protection Regulation 2016 (as referred to in the UK Data Protection Act 2018) we collect this data only when it has been provided by you, with your explicit consent to process and store.

We take additional measures to protect this data by storing it in our Customer Relation Management Platform only. We restrict access to this data and only provide access to certain staff groups who need to access this information, for example, the event lead for the particular event you are attending.

Student Accounts for Code Editor for Education

  • Student Accounts are accounts created on an individual’s behalf and managed by teachers in their School. 
  • RPF is not the data controller of any personal data associated with or from these accounts.
  • Your School is responsible and decides how your personal data is used. However, your School may provide us with information about you in order for us to maintain, manage, and store your Student Account.
  • To see what data and how that data is processed and managed please review your School’s privacy policy or contact them directly.

9. Who we share your information with

The Raspberry Pi Foundation is committed to protecting your data and will only share it when necessary and with appropriate safeguards in place. We may share your data with:

  • Service Providers: Third-party companies that provide services on our behalf, such as website hosting, data analytics, email delivery, payment processing, customer support, and IT infrastructure. These providers are contractually obligated to protect your data and only use it for the purposes we specify.
  • Educational Partners: In the context of specific educational programs (e.g., Experience CS), we may share limited, aggregated, or anonymised data with partner schools, districts, or educational organisations for reporting, evaluation, and program improvement purposes. Individual student personal data is only shared with explicit consent from the school/parent/guardian, or as required by law.
  • Research Partners: For academic research and evaluation of our programs, we may share anonymised or aggregated data with research institutions.
  • Law Enforcement or Regulatory Authorities: When legally required to do so, or to protect our rights, property, or safety, or the safety of others.
  • Subsidiaries and Affiliates: Data may be shared within the Raspberry Pi family of organisations (e.g., between Raspberry Pi Foundation (UK) and Raspberry Pi Foundation Europe (Ireland)) where necessary for operational purposes and consistent with this privacy policy.

International Data Transfers:

If you are a UK or EEA resident, where we transfer your personal data outside the UK or the European Economic Area (EEA), we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government or European Commission.
  • Where we use certain service providers, we may use specific contracts approved for use in the UK or EEA which give personal data the same protection it has in the UK/EEA (e.g., Standard Contractual Clauses).
  • Where we use providers based in the US, we may transfer data to them if they are part of a framework that provides adequate protection for personal data (e.g., the EU-US Data Privacy Framework or UK Extension to the EU-US Data Privacy Framework, if applicable).

Google Single Sign-On (SSO):

When you use Google SSO to create or log in to your Raspberry Pi Account, you are interacting directly with Google to authenticate your account. We receive information from Google, but we do not share your Raspberry Pi account information back with Google, other than as necessary to facilitate the login process.

9. Experience CS and Code Editor for Education

The Raspberry Pi Foundation is committed to protecting the privacy of children and students, especially in our educational programs of Experience CS and Code Editor for Education. We adhere to stringent data protection principles and comply with relevant laws, including the UK GDPR and, where applicable, US K-12 student privacy laws such as COPPA and FERPA and Canadian K-12 student privacy laws such as FIPPA.

Experience CS, Code Editor for Education and Student Data:

Experience CS is designed with privacy in mind. Our approach to student data in Experience CS and similar programs includes:

  • Data Minimisation: We collect only the personal data absolutely necessary for students to participate in and benefit from the program. This typically involves minimal identifying information (e.g., first name, last initial, or a unique ID provided by the school).
  • Purpose Limitation: Student data is used solely for educational purposes, such as tracking progress, providing feedback, and improving the learning experience within the program. We do not use student data for commercial advertising or profiling.
  • School as Primary Controller: For students participating in Experience CS through a school, the school typically acts as the primary data controller, and the Raspberry Pi Foundation acts as a data processor. We enter into data processing agreements with schools to ensure compliance with their obligations and our commitments.
  • Direct Notice to Schools/Parents/Guardians: We encourage schools to provide appropriate notice to parents/guardians about the use of Experience CS and any data collected.
  • Anonymisation/Pseudonymisation: Where possible, student performance and activity data are anonymised or pseudonymised for research, evaluation, and reporting purposes.
  • No Direct Marketing to Students: We do not directly market to students participating using our Experience CS and Code Editor for Education platforms.

Compliance with US K-12 Student Privacy Laws

For programs offered to schools in the United States, the Raspberry Pi Foundation is mindful of and strives to comply with the following federal laws:

  • Children’s Online Privacy Protection Act (COPPA):
    • COPPA applies to online services directed at children under 13. We either design our services to not collect personal information from children under 13 without verifiable parental consent, or we rely on the school to act as the agent of the parent and provide consent for the collection of personal information from students for educational purposes.
    • We do not require children under 13 to provide more personal information than is reasonably necessary to participate in an activity.
    • Parents/guardians have the right to review their child’s personal information, request its deletion, and refuse to permit its further collection or use. Such requests should typically be directed to the child’s school, which will then coordinate with us.
  • Family Educational Rights and Privacy Act (FERPA):
    • FERPA protects the privacy of student education records. When we receive student data from schools that is considered part of an “education record” under FERPA, we act as a “school official” with a legitimate educational interest.
    • We use such data only for the purposes for which the school has engaged us, and we maintain the confidentiality of these records in accordance with FERPA.
    • We do not disclose student education records to third parties without the consent of the parent or eligible student, except as permitted by FERPA (e.g., to other school officials, for health and safety emergencies, or for studies conducted on behalf of the school).
  • State Student Privacy Laws:
    • In addition to federal laws, many individual U.S. states have enacted their own student privacy laws.
    • The Foundation is committed to adhering to all applicable federal and state student privacy laws when providing educational services and platforms to K-12 schools and districts

Compliance with Canadian K-12 Student Privacy Laws:

For programs offered to schools in Canada, the Raspberry Pi Foundation strives to comply with the following provincial privacy law:

  • Freedom of Information and Protection of Privacy Act (FIPPA)
    • FIPPA governs how public bodies, including K-12 public schools collect, use, disclose, and manage Personal Information. 
    • FIPPA grants individuals the right to access their own personal information and request corrections.
    • We do not use personal information for commercial purposes, including targeted advertising to students or families.
    • We do not sell, rent or lease Personal Information
    • We do not create profiles of individuals for non-educational purposes.

10. Cookies and similar technologies

Cookies

A cookie is a small file which is stored by your web browser. Cookies provide core functionality (such as the ability to authenticate and log you in to an account), they also help store data on state and behaviour which can be used to analyse web traffic and visitors. Cookies allow web applications to respond to you as an individual, aiding them to tailor their operations to your needs, likes and dislikes by storing unique information about you.

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website, and allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them, please see our cookie policy.

Google Analytics

We use Google Analytics software to collect information about how you use this website. We do this to help make sure that the site is meeting the needs of its users, and to help us make improvements. Google Analytics stores information about:

  • The pages you visit on this site
  • How long you spend on each page on this site
  • How you got to the site
  • What you click on while you’re visiting the site

These cookies do not collect or store your personal information (for example, your name or email address), so this information can’t be used to identify you. We do not allow Google to use or share our analytics data. You can opt out here.

11. Your rights

Right to be informed you have the right to be informed about the collection and use of your personal data. In general we will do this no later than a month after the processing activity begins unless doing so is impossible, would involve disproportionate effort or render impossible or seriously impair the achievement of the objectives of that processing.
Right of access — you have a right to ask us to confirm whether we are processing information about you, and to request access to this information.
Right to rectification — you may ask us to rectify information you think is inaccurate, and you may also ask us to remove information which is inaccurate or incomplete. If you inform us that your personal data is inaccurate, we will inform relevant third parties with whom we have shared your data so that they may update their own records.
Right of portability — you have a right to obtain your personal data from us and reuse it for your own purposes.
Right to restricted processing — you have the right to request the restriction or suppression of your personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, we are permitted to store the personal data, but not use it.
Right to be forgotten — you have a right to seek the erasure of your data, for example where it is no longer necessary for us to continue holding or processing your personal data. This right is not absolute, as we may need to continue processing this information to comply with a legal obligation.

Right to restriction

You have a right to ask us to restrict our processing of your information if:

  • You contest its accuracy and we need to verify whether it is accurate.
  • We no longer need the information for the purpose of processing, but you need it to establish or defend legal claims.
  • You have objected to processing and we are considering whether we have a legitimate interests to do so nevertheless. The restriction would apply while we carry out a balancing act between your rights and our legitimate interests. If you exercise your right to restrict processing, we would still need to process your information for the purpose of exercising or defending legal claims, for the purpose of protecting the rights of another person, or for public interest reasons.
  • Your data has been unlawfully processed, but you object to us deleting your data and instead have requested the restriction of your data.

Exercising your rights

You can always unsubscribe from any mailing list you are included on by contacting us at dataprotection@raspberrypi.org.

If you would like to exercise any of your rights, please let us know by contacting  dataprotection@raspberrypi.org. In responding to your request we will act in accordance with our legal obligations and there will be no charge. We may ask for your help in locating specific information, e.g. confirming your identity.

Our use of your data processed in the UK is regulated by the Information Commissioner. You have a right to report any of your concerns about our use of your data to the Information Commissioner’s Office. You can do so by contacting them on ico.org.uk/concerns or by calling their helpline at +44 303 123 1113.

About changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted here and, where appropriate, sent to you by email. Please check the website regularly to see any updates or changes to our privacy policy. By continuing to use our website, you will be deemed to have accepted such changes.

12. How to contact us about your data

Data rights are human rights and we are determined to honour yours fairly and fully. You can unsubscribe at any time, or get in touch with any questions, comments, or instructions regarding your information by writing to dataprotection@raspberrypi.org or to:

Data Protection
Raspberry Pi Foundation
37 Hills Road
Cambridge
CB2 1NT

Policy updated: August 2025