Privacy Policy

1. Introduction

  • FRÉA ("we", "us", "our") is committed to protecting and respecting your privacy.

  • We comply with UK GDPR and the Data Protection Act 2018 (cfg.org.uk).

  • Registered as a data controller with the Information Commissioner’s Office (ICO). Registration number: ZB077618

2. What Information We Collect

a. Personal data you provide:

  • Name, address, email, phone (e.g., for donations, event sign-up, volunteering)

  • Financial details (e.g., gift aid, bank account for direct debit)

  • Demographics (age, location, interests)

b. Data from website use:

  • IP addresses, device/browser info, cookies (see Section 9)

c. Special category data:

  • If applicable: health/disabilities for volunteers or event participants.

3. Lawful Basis for Processing

  • Consent: for marketing communications, newsletters, surveys.

  • Contractual necessity: processing donations and event services.

  • Legitimate interests: improving our services and communications.

  • Legal obligation: Gift Aid, record‑keeping.

  • Vital interests: in health & safety or safeguarding.

  • Public interest: promoting sustainable forestry/renewables and fulfilling charitable purpose.

4. How We Use Your Information

  • To process donations, gift aid, volunteer applications, event bookings

  • To communicate news, invites, volunteering roles—only where you’ve opted in; you can withdraw consent anytime

  • Legal and financial compliance (e.g., HMRC, Charity Commission)

  • Improving our work: monitoring website use, service delivery, and impact

5. Sharing Your Information

  • Service providers (e.g., payment processors, IT hosts) under contract

  • Regulators: e.g., HMRC, Charity Commission for compliance

  • External partners: only with consent, e.g., funders

  • Protective disclosures: if legally required, for safeguarding, or fraud prevention

6. Data Retention

  • We retain personal data only as long as necessary for the purpose collected. For instance:

    • Donation records: 7 years (per HMRC),

    • Volunteer/staff records: HR retention periods

    • Marketing data: until opt-out or 7 years after last interaction

7. Your Rights

Under UK GDPR, you have the rights to:

  • Access, rectify, or erase your personal data

  • Restrict or object to processing

  • Data portability

  • Withdraw consent (moves lawful basis to legitimate interest)

  • Lodge a complaint with the ICO

8. Security Measures

  • Uses appropriate technical/organisational measures (e.g., encrypted servers, secure backups)

  • Staff training and restricted access

  • Regular security reviews and data protection impact assessments for high-risk processing

9. Cookies & Website Tracking

  • We use essential, analytics, and functional cookies

  • Non-essential cookies are used only with your consent

  • You can control and delete cookies via browser settings

10. Data Transfers Outside the UK/EEA

  • Any international transfers (e.g., web hosting) are protected by adequacy decisions, Model Clauses, or other UK-approved safeguards.

11. Automated Decision-Making

  • We don’t use automated decision-making/profiling to make decisions that affect individuals.
    – If used in the future, we will notify and comply with transparency obligations.

12. Updates to This Policy

  • We may revise this policy periodically. Updates will appear here with a "Last revised" date.

  • Significant changes will be highlighted or notified directly.

13. Contact Us

  • For enquiries, complaints, and exercising your rights:

    • Email: info@frea.org.uk

    • Post: FRÉA, Broom Hill Centre, Nowell Court, Leeds, LS9 6TW

You can also lodge a complaint with the ICO at www.ico.org.uk