Privacy Policy

Introduction

UK Community Foundations, or UKCF (“we”, “us”, or “our”), is committed to protecting and respecting the personal data that we hold. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for the purposes described in this privacy statement or as made clear before collecting personal data.

Personal data is any information relating to an identified or identifiable living person. When collecting and using personal data, our policy is to be transparent about why and how we process personal data.

We process personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose are set out in the relevant sections below.

The personal data that is provided to us is provided either directly from the individual concerned, from a third party acting on behalf of an individual, or from publicly available sources (such as internet searches or using Companies House).

Where we receive personal data that relates to an individual from a third party, we request that this third party inform the individual of the necessary information regarding the use of their data. Where necessary, reference may be made to this privacy statement.

Security

We take the security of all the data we hold seriously. Staff are trained on data protection, confidentiality and security.

We have a framework of policies and procedures which ensure we regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

Any information you provide to us is stored on our secure servers.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Data that we hold

We do not currently provide website or public email subscriptions, and we do not store any form submission data from our contact form (the only online form visitors can use) on our website.

UKCF uses Google Analytics to collect information about your computer. This includes your IP address, browser type, and operating system. Google Analytics will also collect information about your behaviour on the UKCF website – such as the number of users viewing a webpage and how you use our website navigation.

This data does not identify you individually and will not be shared with any third party. The data is collected so that we understand how useful the UKCF website is and to help inform us of any changes we should make to the website to improve our services.

For more information on how Google Analytics data is stored, please read Google's Privacy and Terms. For detailed information on the purposes for which we use cookies, please see our Cookies Policy.

How long we hold data for

The maximum amount of time that Google Analytics will retain Google-signals data is 26 months, regardless of your settings. By default, Google signed-in data expires after 26 months. You can
learn more about Google data retention here.

We retain the data processed by Google Analytics for our own marketing records for as long as is considered necessary for the purpose(s) for which it was collected (including as required by applicable law or regulation, typically 6 years).

We do not store any other personal data from our website and only use the data collected by Google Analytics stated in the section above.

Sharing personal data

We only share personal data with third parties when legally permitted or asked to do so. When we share data with third parties, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.

Personal data held by us may be transferred to:

Third party organisations that provide applications/functionality, data processing or IT services to us.

Third party organisations that otherwise assist us in providing goods, services or information.

We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud-based software as service providers, website hosting and management, data analysis, data back-up, security and storage services.

Law enforcement or regulatory agencies or those required by law or regulations.

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data. This could be to check that we are complying with applicable law and regulation; to investigate an alleged crime; to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

Locations of processing

Where possible, personal data resides within the UK territory but may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. We will take all reasonable steps to ensure that your data is treated securely, in accordance with this privacy statement.

We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EU are done lawfully. Where we transfer personal data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for personal data, such transfers will be conducted under appropriate safeguards. These safeguards may include standard contractual clauses approved by the European Commission or the UK Government, or other legally-recognised mechanisms that ensure compliance with applicable data protection laws.

The individual's rights

Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights, as follows:

Individuals have the right to be informed about how we collect and use their personal data.

Where we process personal data based on consent, individuals may withdraw their consent at any time by contacting us or clicking on the unsubscribe link in an email
received from us.

Individuals may have other rights to restrict or object to our processing of personal data and the right to data portability.

Individuals may request information about, or human intervention into, any automated data processing that we may undertake.

If you wish to exercise any of these rights, please send an email to info@ukcommunityfoundations.org.

Complaints

We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to info@ukcommunityfoundations.org. We will investigate and respond to any complaints we receive in a timely manner.

You also have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner’s Office (ICO). For further information on your rights and how to complain to the ICO, please refer to the ICO website.

Data controller and contact information

If you have any questions about this privacy statement, or how and why we process personal data, please contact us at:

info@ukcommunityfoundations.org

or

Emma de Closset
UK Community Foundations
Northgate Business Centre
38-40 Northgate
Newark
NG24 1EZ

Changes to our privacy statement

This privacy statement is subject to change. If any changes are made, we will publish a new advised version on our website. This privacy statement was last updated in February 2026.