PRIVACY NOTICE
Introduction
The Maclellan Giving Together Foundation is a registered Charity (number: 1212103), a registered company in England and Wales (company Number: 15903382), and is registered with the Information Commissioner’s Office (Registration number: ZB887369).
This privacy notice is issued on behalf of The Maclellan Giving Together Foundation, so when we mention The Maclellan Giving Together Foundation “we”, “us” or “our” in this privacy notice, we are referring to the organisation responsible for processing your data.
The Maclellan Giving Together Foundation values your privacy and is determined to protect your personal data. The purpose of this Privacy Notice is to inform you as to how we look after your personal data. We’ll also tell you about your privacy rights and how the data protection law protects you.
Our Site is owned and operated by The Maclellan Giving Together Foundation, whose registered address is:
22 St John Street
Newport Pagnell
Buckinghamshire
MK16 8HJ
The Trustees are the data controllers, and the leadership team is responsible for data protection and complaints arising concerning day-to-day matters.
Queries related to Data Protection should be directed to the Data Protection Lead (see the section “How to contact us”).
Purpose of this Privacy Notice
This privacy notice explains how we collect and process your personal data, whether you have provided it to us, we have obtained it, or we have collected it from third parties. It sets out:
What personal data we collect
How we use your data
Direct marketing
Lawful basis
How we store and how long we keep your data
How your information is protected
Who we share your information with
International transfers
Automatic collection and cookies
Summary of your rights
How to contact us
How to complain
This website is not intended for children, and we do not knowingly collect data relating to children.
Third-party links outside of our control
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
The personal data we collect
Personal data, or personal information, means any information about an individual from which that person can be identified. You can find out more about personal data from the Information Commissioner’s Office.
We may collect, use, store and transfer different kinds of personal data about you, which we have grouped as follows:
Identity Data, which includes first name, surname
Contact Data which includes telephone number/s, email address and home address
Technical Data includes IP address, browser type and version, location, operating system, and other technology on the devices you use to access this website
Usage Data includes information about how you use our website, products and services
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties, your communication preferences
Financial Data includes bank account number and sort code
Request a call back or enquiring our website
Otherwise interact with us or provide information to a third party to be referred to us
Special Category data, including allergies, intolerances, or health or medical conditions, including special needs
Compliments and complaints
We will collect data you give us when applying for a job, consulting or becoming a trustee with us, this may include:
Your bank account details and tax and residency status
References from previous employers or educational institutions
Contact details for you, and any next of kin
Qualifications
Information concerning your health and medical conditions
Information about your race, ethnicity, and sexual orientation
A full privacy statement for a job or trustee applicants is included in the recruitment pack.
Special category data
Where data processing relates to Special Categories of Data, the following processing conditions apply:
The data subject has given Explicit Consent
Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement
How we use your data
We use your data to provide the best possible products and services.
This includes:
Providing and managing your access to Our Site
To process credit and debit card payments you make
To send you marketing information
Personalising and tailoring your experience on Our Site
Supplying our products and services to you
Responding to communications from you
Analysing your use of Our Site and gathering feedback to enable us to improve Our Site and your user experience continually
Registering for a Knowledge Base meeting
To enable us to communicate with you ahead of your arrival at any of Our events with relevant news and updates
Administer feedback surveys
Third parties or publicly available sources
We may receive personal data about you from various third parties and public sources as set out below:
Analytics providers such as Google
Search information providers such as Google
Contact, Financial and Transaction Data from providers of technical and payment services
Identity and Contact Data from publicly available sources such as Experian
Social Media sites such as Facebook, Twitter, and LinkedIn
Direct marketing
Under the new Data (Use and Access) Act 2025 (DUAA), we can send you electronic mail (emails, texts, social media messages) about our charitable purposes and ways you can support us if you have previously shown interest or offered support to our charity.
Your choices and rights: When you provide your details, we will always give you a clear and straightforward way to say ‘no’ to marketing. Every message we send will also include an easy way to opt out (e.g., an unsubscribe link). You can stop receiving these communications at any time by following the opt-out instructions or contacting us.
We will not, however, send you any unsolicited marketing or spam, and we will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the DPA 2018, the GDPR, and the Privacy and Electronic Communications Regulations 2003.
Lawful basis
Under GDPR, we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following bases applies:
You have given consent and explicit consent to the processing of your personal data for one or more specific purposes as listed below:
Marketing material
Allergies or medical conditions when registering for an event
Registering for an event
Special Category data
Processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering a contract as listed below:
Employment including contracting and becoming a trustee
Processing is necessary for compliance with a legal obligation to which we are subject, as listed below:
Employment including contracting and becoming a trustee
Processing is necessary for our legitimate interests or those of a third party, except where those interests are overridden by the fundamental rights and freedoms of the data subject that require the protection of personal data.
We rely on our legitimate interests for the following reasons:
Keeping our records up to date
Communicating with you under the DUAA 2025
Running our websites and keeping them safe and secure
Measuring how you use our websites and improving their content and accessibility
Complying with legal and or regulatory requirements
To enable us to communicate with you ahead of your arrival at our events by answering queries and providing relevant news and updates
To help ensure you can feed back to us essential information about your experiences as our customer, so we can resolve challenges and improve our services
Meeting our charitable objectives
Processing complaints and enquiries
How we store and how long we keep your data
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Our retention of your personal data is linked to your actions. Unless a more extended retention period is required or permitted by law, we will only hold your Personal Information on our systems for the period necessary to fulfil the purposes outlined in this Notice, or until you request that the information be deleted (see the section “Summary of your rights”).
For a detailed list of our retention periods, please contact us (see the section on “How to contact us”).
Even if we delete your Personal Information, we reserve the right to retain your personal data where such retention is necessary for compliance with a Statutory obligation (for example, to maintain a copy for legal, tax or regulatory purposes). Still, in such an event, we will do so only as long as necessary to fulfil those Statutory obligations.
Data security
Data security is of great importance to us, and to protect your data, we have implemented appropriate physical, electronic, and managerial procedures to safeguard the data collected through Our Site.
All your data is stored electronically in a secure database or in a locked filing cabinet and can only be accessed by authorised people. All users of our system are trained in GDPR.
Where we engage third parties to process personal data on our behalf, they do so upon writing. They are contracted to implement appropriate technical and organisational measures to ensure data security.
Who we share your personal data with
We are committed to not sharing your data. We will only do this if it is in your legitimate interest to ensure we provide you with the support and information you need to make an informed decision about the service(s) or product(s).
We will not sell your data to any unconnected third parties.
We may contract with third parties to supply products and services to you on our behalf. These may include payment processing and search engine facilities.
We might share your information across different parts of our organisation for research and analysis.
In some cases, third parties may require access to some or all of your data. Where any of your data is necessary for such a purpose, we will take all reasonable steps to ensure that it is handled safely and securely, in accordance with your rights, our obligations, and the third party’s obligations under the law.
We currently contract with:
| Third-party name | Used to | Privacy notice |
|---|---|---|
| Mailchimp | Marketing E-mails | https://www.intuit.com/privacy/statement |
| MS 365 | Document storage | https://www.microsoft.com/en-gb/privacy/privacystatement |
| Beacon | CRM | https://www.beaconcrm.org/legal/privacy |
| Cognito Forms | Forms | https://www.cognitoforms.com/legal/privacy |
| Ticket Tailor | Forms | https://www.tickettailor.com/legal/privacy-policy |
We may have to share your personal data with the parties set out below for the purposes set out in the table above.
External Third Parties Service
Providers based in the UK who provide IT and system administration services
Professional advisers, including lawyers, bankers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services
HM Revenue & Customs, regulators and other authorities based in the UK who require reporting of processing activities in certain circumstances
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If there is a change to our business, the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes; they may process it only for specified purposes and in accordance with our instructions.
International transfers
We may need to transfer some personal data to third parties described above that are located outside the UK. In such cases, we will take appropriate measures to ensure your personal data remains protected. If the organisation is based outside the UK and in a country not covered by an adequacy decision (which provides an adequate level of data protection), we will implement appropriate safeguards, such as the ICO’s International Data Transfer Agreement (IDTA).
If you have any questions or need more information regarding international transfers of your personal data, please get in touch with us (see the section on “How to contact us”).
Automatic collection, cookies and aggregate information collected from our website
We automatically collect some data from visitors to our websites. This includes which pages you have viewed, how long you have viewed them, and where you go on our website.
We use cookies to store information about how you use our sites. A cookie is a piece of data stored on a user’s computer that remembers information about you and creates a profile of your viewing preferences. Your profile helps tailor your visit to our website, make navigation easier, and direct you to information that best matches your interests. We require your consent to place non-essential cookies on your device. You can change your cookie preferences by selecting the button in the bottom-left corner on any page of our website. View our cookie policy here.
Information is also collected about how you arrived at our websites. This includes the links or ads of ours you have viewed or clicked on to reach us, as well as any search terms you have used. Where you see an advert outside of our website, we may place a cookie on your browser. This is so that, when you access our website, we recognise that you have seen an Ours advert elsewhere. If you have logged in, your login details are included.
Aggregate information is collected from users using our own web tracker. This information includes users’ Anonymised Internet Protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time of visit, number of clicks, error pages, and number of unique visits. This information is not linked to personal profiles or personally identifiable information provided by users. We use the information to analyse visitor trends and website usage, to administer the website, and to gather broad demographic information about our website users.
We may use the information we receive and/or collect about you to:
Fulfil our obligations under any contract that we have entered into with you or with a Resident that you represent, and to provide you or the relevant Resident with information or services that you or the Resident has requested
Monitor website usage and provide statistics to third parties for the purposes of improving and developing the website and the services we provide via the website
Summary of your rights
As a data subject, you have several rights and control over how your data is used.
You can request access to, deletion of, or correction of, your personal data held by us
You can ask for a copy of the data you have given us
You can require us to amend or change incorrect or incomplete data
You can require us to delete or stop processing your data, where the data is no longer necessary for processing
You can object to the processing of your data where we are relying on its legitimate interests as the legal ground for processing
You can ask us to stop processing data for a period if the data is inaccurate or there is a dispute about whether or not your interests override the company’s legitimate grounds for processing data
To enforce any of the foregoing rights or if you have any other questions about Our Site or this Privacy Notice, please get in touch with us using the details set out in the section “How to contact us”.
No fee is required, except in some cases. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to confirm your identity and ensure your right to access your personal data (or to exercise any other rights). This is a security measure to ensure that personal data is not disclosed to anyone who does not have the right to receive it. We may also contact you to request further information regarding your request to expedite our response.
We try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made multiple requests. In this case, we will notify you and keep you updated.
How to contact us
If you have any questions about Our Site or this Privacy Notice, please get in touch with us by email at hello@givingtogether.gobal or by post to:
Data Protection
22 St John Street
Newport Pagnell
Buckinghamshire
MK16 8HJ
Please ensure that your query is clear, particularly if it is a request for information about the data that we hold about you.
How to complain
If you have any complaints about how we handle your data, please fill in the online complaints form or contact us as stated above.
If this does not resolve your complaint to your satisfaction, you have the right to complain to the Information Commissioner’s Office (ICO). The ICO is the supervisory body authorised by the Data Protection Act 2018 to regulate the handling of personal data within the United Kingdom. The contact details for the Information Commissioner’s Office are:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk/concerns
Changes to our Privacy Notice
We may change this Privacy Notice as we deem necessary from time to time, or as required by English law. Any changes will be immediately posted on Our Site, and you will be deemed to have accepted the terms of the Privacy Notice on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up to date.
Last updated April 2026