Privacy Policy

Last updated: 20 March 2024

1. Who We Are

We are the Data Protection Foundation, CIC (the "DPF") and we exist to support consumers to assert their data rights. We do this through education, research and seeking legal redress. We are a non-profit community interest company and a company limited by guarantee (UK registered company number 12820041). Our registered offices are at Third Floor, 1 New Fetter Lane, London, United Kingdom, EC4A 1AN.

We campaign for and believe that you have the right to control the use of your personal information, and that your privacy must be respected. That is why we strictly limit the collection and processing of your personal data. We will not use personal data that you provide to us in a manner inconsistent with the purposes for which you provided it to us. Our website address is: https://dataprotectionfoundation.org.

We respect your rights over your personal data. We have designed this website to preserve your privacy and to act in strict accordance with the relevant laws, including the Privacy and Electronic Communications Regulations (2003), the General Data Protection Regulation and the UK's Data Protection Act (2018).

2. Data Controller

The Data Protection Foundation, CIC is the data controller for data processing in accordance with this policy and is registered with the Information Commissioner as a data controller (registration number C1470293).

If you have any questions about this Policy, our data processing practices, or your rights, you can contact us (details provided below). Set out below is an explanation of the purposes for which we collect and use, or "process" your data and the legal basis for this in accordance with applicable data protection laws.

3. Purposes

We process personal data for the following purposes:

Providing our website

Personal data category: Visitor Traffic Data

Purpose(s): to keep our website operational and secure.

Legal basis: our legitimate interest in being able to continue providing our website. This cannot be achieved if the website is not available or does not function properly.

Improving our Website

This website is designed to be simple and to preserve your privacy. We do not use any technologies to track or record your personal information or behaviour. We do not use cookies.

This website contains no third-party scripts, no tracking technologies, and no third-party cookies. We have built this site to practice what we preach - your privacy is protected when you visit us. All personal data collected for website functionality is anonymized and stored on our servers and not shared with any third parties.

Personal data category: Visitor Traffic Data

Purpose(s): monitoring the use of our website for the purpose of its further development.

Legal basis: our legitimate interest in being able to improve our website.

Communicating With You

Personal data category: Communication Data

Purpose(s): to (a) respond to your question, comment, request or complaint when you contact us, (b) to inform you of changes to this Policy.

Legal basis: (a) your consent (for example affirmative action by sending us an email), (b) performance of the agreement you entered into when joining the DPF as a member, (c) our legal obligation to inform you about changes in our policy, or in other cases, our legitimate interest to communicate with you.

Communication Data

We process the following personal data when you sign up as a member of the DPF, when we contact you, or when you contact us with a question, comment, request, or complaint ("Communication Data"):

  • Contact data: comprising name and email address;
  • Message body: Communication Data is used for communicating with you.

4. Data Security

We take the security of your information very seriously. We employ physical, electronic, and organisational security measures to protect the information that we collect about you from access by unauthorised persons and against unlawful processing, accidental loss, destruction, and damage. For instance, we use SSL certificates on this website.

Although we do our best to protect personal data, information transmitted over the internet remains vulnerable to unauthorized access – for this reason, the transmission of any personal data to our website or via email to us is therefore at the data subjects' own risk.

5. Retention And Deletion Of Data

We do not retain your personal data for longer than is necessary to achieve the purposes for which your data is processed. We keep your data as long as is necessary in connection with the purpose it is collected for. We do not keep data longer than required in connection with that purpose. We will delete the information we hold about you as soon as we no longer need it or, where actionable, at your request (see "Your rights" section below). For further specific information about our retention policies, please contact us.

6. Your Rights

If we process your personal data for the purposes outlined above, you have the following rights:

  • The right to be informed as to whether we hold data about you;
  • The right of access to that information;
  • The right to have inaccurate data about you corrected;
  • The right to have your data deleted;
  • The right to opt out of particular data processing operations;
  • The right to receive your data in a form that makes it "portable";
  • The right to object to our processing of your data;
  • The right to receive an explanation about any automated decision-making and/or profiling about you and to challenge those decisions where appropriate.

You can withdraw your decision to become a member of the DPF at any time by emailing hello@dataprotectionfoundation.org.

You can also contact us to opt-out of or withdraw your consent to data processing we undertake, however in some cases we may need to retain data where it is kept in compliance with a legal obligation (e.g. records of donations must be kept).

Relevant supervisory authority names and contact details are listed here. The Data Protection Authority in the United Kingdom is the Information Commissioner's Office (ICO). If you need any further information about your rights or want to lodge a concern or complaint, you may contact the ICO here.

7. Contact Us

If you have a query regarding this Policy, or if you would like to exercise your rights as a data subject, please contact hello@dataprotectionfoundation.org.

8. Changes To This Policy

We keep this Policy under regular review and will place any updates on this page. This Policy was last updated on 20 March 2024.

9. Jurisdiction

We are headquartered in the United Kingdom and the data we collect is process and stored within the UK and EU in accordance with applicable data protection laws. The UK currently remains subject to EU data protection laws, however as the UK has now left the EU, it may become subject to additional requirements around transfers of data into and out of the UK. Should this eventuate, these requirements will be met by us and this Policy will be updated accordingly.