Donate Now
Get help now Make a donation
Donate Now
Reading Time: 3 minutes

Privacy Policy

Date: 14/12/2025
Next Review: Annually

1. Purpose of this Policy

This Privacy Policy explains how Amelia’s Light collects, uses, stores, and protects personal data. It aims to:

  • Ensure compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018
  • Be transparent about how personal information is handled
  • Protect the privacy, dignity, and rights of children, families, donors, staff, and volunteers
  • Maintain trust with those who engage with the charity

2. Scope

This policy applies to:

  • Anyone whose personal data is processed by Amelia’s Light, including:
    • Families and carers applying for emergency grants or support
    • Children and adults at risk (via parents or carers)
    • Donors, fundraisers, and supporters
    • Staff, volunteers, and trustees
  • All methods of data collection, including:
    • Website forms, email, phone, text, and social media
    • Paper records and electronic systems
    • Third-party platforms used for donations or communications

3. Responsibilities

  • Trustees
    • Ensure the charity complies with data protection law
    • Approve and review this Privacy Policy
  • Founder / Data Protection Lead
    • Oversee day-to-day data protection compliance
    • Act as the main contact for privacy queries or concerns
    • Ensure appropriate safeguards are in place
  • Staff and Volunteers
    • Handle personal data responsibly and confidentially
    • Follow this policy and related GDPR and Confidentiality policies
    • Report any data breaches or concerns immediately

4. What Data We Collect

We may collect the following types of personal data:

  • Families and beneficiaries
    • Names, contact details
    • Information about hospital stays or urgent circumstances
    • Limited health or wellbeing information (only where necessary to provide support)
  • Donors and supporters
    • Names, contact details, donation history
    • Gift Aid declarations (where applicable)
  • Staff and volunteers
    • Contact details
    • Role-related and safeguarding information

We only collect data that is necessary, relevant, and proportionate.

5. How We Use Personal Data

Personal data is used to:

  • Process emergency grant applications and provide support
  • Communicate with families about wellbeing packs or emotional support
  • Signpost families to specialist services
  • Process donations and manage Gift Aid
  • Meet legal, regulatory, and safeguarding obligations

We will never sell personal data or use it for purposes unrelated to our charitable aims.

6. Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Consent – where individuals have given clear permission
  • Legal obligation – e.g. financial reporting or safeguarding
  • Vital interests – where necessary to protect someone’s life or wellbeing
  • Legitimate interests – to carry out the charity’s work responsibly

Special category data (e.g. health information) is handled with additional care and safeguards.

7. Data Sharing

We may share personal data only when necessary and appropriate, for example:

  • With hospitals or professionals to verify urgent need
  • With statutory services where safeguarding concerns arise
  • With trusted service providers (e.g. donation platforms)

All sharing is:

  • Limited to the minimum necessary information
  • Documented and lawful
  • Carried out with appropriate safeguards in place

8. Data Storage and Security

  • Electronic data is stored on secure, password-protected systems
  • Paper records are kept in locked storage
  • Access to data is restricted to authorised individuals only
  • Data is retained only for as long as necessary

Example retention periods:

  • Grant and financial records: 6 years
  • Gift Aid records: 7 years
  • Safeguarding records: in line with safeguarding guidance

9. Individual Rights

Individuals have the right to:

  • Access their personal data
  • Request correction of inaccurate data
  • Request deletion where appropriate
  • Withdraw consent at any time
  • Raise a concern or complaint

Requests should be made in writing to the Data Protection Lead.

10. Data Breaches

  • Any actual or suspected data breach will be investigated promptly
  • Serious breaches will be reported to the Information Commissioner’s Office (ICO) within 72 hours where required
  • Affected individuals will be informed where there is a risk of harm

11. Record-Keeping

We maintain records of:

  • Data processing activities
  • Consents obtained
  • Data sharing decisions
  • Any data breaches and actions taken

All records are stored securely and retained in line with legal requirements.

12. Review and Update

  • This policy will be reviewed annually by the trustees
  • It will be updated sooner if:
    • Legislation changes
    • The charity’s activities change
    • A data protection incident occurs

All updates will be communicated appropriately.