Privacy Policy

Introduction

West Linton and Carlops Community Development Trust (“we”, “us”, or “our”) is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our fundraising dashboard and related services.

This policy applies to all committee members, volunteers, donors, and business contacts who interact with our platform. By using our services, you agree to the collection and use of information in accordance with this policy.

Data Controller

Information We Collect

Account Information

• Email address (required for account creation and authentication)
• Display name and profile information
• User role and permissions within the system
• Login timestamps and session data
• User preferences and dashboard settings

Grant and Fundraising Data

• Grant applications and research information
• Funding status and progress tracking
• Meeting notes and committee decisions
• Task assignments and project timelines

Business Contact Information

• Business names, addresses, and contact details
• Communication history and outreach efforts
• Donation records and sponsorship agreements
• Business sector and profile information

Technical Information

• IP addresses and browser information
• Usage analytics and system performance data
• Error logs and debugging information
• File uploads and document metadata

How We Use Your Information

Charitable Purposes

• Managing fundraising campaigns for community play park development
• Coordinating volunteer activities and committee tasks
• Maintaining relationships with donors and sponsors
• Reporting on fundraising progress to stakeholders

System Administration

• Providing access to authorised committee members
• Maintaining system security and preventing unauthorised access
• Troubleshooting technical issues and improving functionality
• Creating data backups and ensuring service continuity

Communication

• Sending system notifications and updates
• Coordinating meetings and committee activities
• Sharing fundraising progress and milestones
• Responding to enquiries and support requests

Legal Basis for Processing

We process personal data under the following legal bases as defined by UK GDPR:

• Legitimate Interests: Managing charitable activities and fundraising for community benefit
• Consent: Where you have explicitly agreed to provide information or receive communications
• Contractual Necessity: Fulfilling agreements with donors, sponsors, and service providers
• Legal Obligation: Compliance with charity law and financial reporting requirements

Data Sharing and Third Parties

Service Providers

We work with carefully selected third-party service providers who help us operate our platform:

• Supabase: Database hosting and user authentication
• Hostinger VPS: Web hosting and content delivery

Data Protection Measures

All third-party providers are bound by strict data processing agreements and must comply with UK GDPR requirements. We do not sell, rent, or trade personal information to third parties for commercial purposes.

Legal Disclosure

We may disclose personal information if required by law, court order, or to protect the rights, property, or safety of our organisation, committee members, or the public.

Data Security

We implement appropriate technical and organisational measures to protect your personal data:

• Encrypted data transmission using HTTPS/TLS protocols
• Secure cloud hosting with industry-standard security measures
• Access controls and user authentication systems
• Regular security audits and system monitoring
• Data backup and recovery procedures
• Committee member training on data protection practices

While we strive to protect your personal information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but maintain industry best practices.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy:

• User Accounts: Active accounts retained whilst you remain a committee member or volunteer
• Grant Records: 7 years from completion of grant activities (charity law requirement)
• Financial Data: 6 years from end of accounting period (legal requirement)
• Communication Records: 3 years from last contact for relationship management
• System Logs: 12 months for security and troubleshooting purposes

When retention periods expire, we securely delete or anonymise personal data unless we have a legal obligation to retain it longer.

Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month.

Cookies and Analytics

Our website uses essential cookies to provide core functionality:

• Authentication Cookies: Keep you logged in and maintain your session
• Preference Cookies: Remember your dashboard settings and preferences
• Security Cookies: Protect against unauthorised access and maintain system security

We do not use third-party tracking cookies or advertising analytics on this platform. All data collection is limited to what is necessary for the system to function effectively.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify committee members of any significant changes via email or through the dashboard. The “Last Updated” date at the top of this policy indicates when changes were last made.

Contact Us

If you have any questions about this Privacy Policy, your data rights, or our data practices, please contact us:

Regulatory Information

If you believe we have not handled your personal data correctly, you have the right to complain to the Information Commissioner’s Office (ICO), the UK’s data protection regulator: