GDPR & Data Protection Policy

Our mission

1. Policy Statement

PFWCA UK Limited is committed to protecting the privacy and personal data of all individuals with whom it works, including beneficiaries, donors, volunteers, staff, contractors, and partners.

The organisation processes personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

PFWCA will ensure that personal information is handled lawfully, fairly, transparently, and securely.

2. Purpose

This policy sets out how PFWCA collects, uses, stores, protects, and disposes of personal data and outlines the responsibilities of everyone working with the organisation.

3. Scope

This policy applies to:

• Directors

• Employees

• Volunteers

• Contractors and consultants

• Partner organisations acting on behalf of PFWCA

4. Data Controller

PFWCA UK Limited is the Data Controller for the personal data it processes.

Contact Details
Email: info@pfwca.org.uk
Website: PFWCA UK

5. Types of Personal Data Processed

PFWCA may process:

• Names and contact details

• Donation and Gift Aid information

• Volunteer and staff records

• Beneficiary information

• Event registration details

• Website enquiry information

• Photographs and media content (with consent where appropriate)

Where health information is collected during outreach or screening activities, PFWCA will apply additional safeguards required for special category data.

6. Lawful Bases for Processing

PFWCA processes personal data under one or more lawful bases, including:

• Consent

• Contract

• Legal obligation

• Legitimate interests

• Vital interests

• Substantial public interest (where applicable)

7. Data Protection Principles

PFWCA will ensure personal data is:

1. Processed lawfully, fairly, and transparently

2. Collected for specified and legitimate purposes

3. Limited to what is necessary

4. Accurate and kept up to date

5. Retained only as long as necessary

6. Processed securely and confidentially

7. Managed in a way that demonstrates accountability

8. Data Security

PFWCA will implement appropriate technical and organisational measures to protect personal data, including:

• Password-protected systems

• Restricted access

• Secure storage

• Confidentiality obligations

• Safe disposal of records

9. Data Sharing

Personal data will only be shared when:

• There is a lawful basis to do so

• The individual has consented where required

• Sharing is necessary to safeguard individuals

• Disclosure is required by law

10. Data Retention

Personal data will be retained only for as long as necessary to fulfil operational, legal, safeguarding, and financial obligations.

11. Individual Rights

Individuals have rights under UK GDPR, including:

• Right to be informed

• Right of access

• Right to rectification

• Right to erasure

• Right to restrict processing

• Right to data portability

• Right to object

• Rights relating to automated decision-making

12. Data Breaches

Any suspected or actual personal data breach must be reported immediately to the Director or designated Data Protection Lead.

PFWCA will assess breaches promptly and, where required, report them to the Information Commissioner's Office.

13. Training and Awareness

All staff and volunteers handling personal data will receive appropriate guidance and training.

14. Complaints

Individuals who have concerns about how their personal data is handled should contact PFWCA in the first instance.

They also have the right to complain to the Information Commissioner's Office via ICO website.

15. Policy Review

This policy will be reviewed every two years or sooner if required by legal or operational changes.

16. Approval

Approved by: Board of Directors
Organisation: Precious Foundation for Women, Children and Adolescents (PFWCA) UK Limited
Effective Date: 14 May 2026
Review Date: 14 May 2028
Version: 1.0