DONATION

Privacy Policy

This Privacy Policy explains how Black & Minority Ethnic Community Partnership (BMECP) collects, uses, and protects personal data in line with the UK GDPR, the Data Protection Act 2018 and PECR.

UK GDPR / DPA 2018 / PECR Charity No. 1091127 Company No. 04180668 (England & Wales)

Last updated: February 2026

1. Who We Are (Data Controller)

Organisation:
Black & Minority Ethnic Community Partnership (BMECP)
Website:
https://bmecp.org.uk/
Email:
info@bmecp.org.uk
Registered address:
10A Fleet Street, Brighton, BN1 4ZE
Privacy contact:
[DPO/PRIVACY CONTACT NAME OR ROLE] • [PRIVACY EMAIL]

2. What Personal Data We Collect

We may collect and process the following categories of personal data, depending on how you interact with us:

  • Contact details (name, email, phone number, address) when you contact us or use online forms.
  • Service user information relevant to providing support, advice, programmes, training or events.
  • Website usage data (e.g., IP address, device type, pages visited) and cookie preferences.
  • Volunteer/employment information when you apply to work or volunteer with us (CV, references, eligibility to work, etc.).
  • Donation/payment information (if applicable), typically handled by payment providers (we do not store full card details).

Special category data

Because of the nature of our work, we may sometimes process special category data such as ethnicity, health information, or equality monitoring data where relevant and appropriate.

We only process special category data where we have a lawful condition under UK GDPR (e.g., explicit consent, vital interests, provision of support services, safeguarding, or substantial public interest), and we apply additional safeguards.

3. Our Lawful Bases for Processing

We rely on one or more of the following lawful bases (Article 6 UK GDPR):

  • Consent — where you have given clear permission (e.g., subscribing to communications).
  • Contract — where processing is needed to provide a service you request.
  • Legal obligation — where required by law (e.g., safeguarding, financial records).
  • Legitimate interests — to operate and improve our services and website, provided your rights are not overridden.
  • Public task / substantial public interest — where applicable to our charitable objectives and equalities work.

4. How We Use Personal Data

We use personal data to:

  • Respond to enquiries and provide information requested.
  • Deliver programmes, services, training, and events.
  • Manage safeguarding, where necessary.
  • Administer volunteers, staff recruitment, and HR-related processes.
  • Process donations (if applicable) and maintain financial records.
  • Improve our website, services, and reporting to funders (using anonymised or aggregated data wherever possible).

We do not sell your personal data.

5. Sharing Your Information

We may share personal data with trusted third parties where necessary, including:

  • Service providers (e.g., website hosting, IT support, email systems) acting as processors.
  • Partner organisations where needed to deliver joint services or referrals (with appropriate safeguards).
  • Funders for reporting purposes (typically anonymised/aggregated, unless otherwise required).
  • Regulators and authorities where required by law (e.g., safeguarding, law enforcement).

Where a third party acts as our processor, we ensure appropriate contracts are in place.

6. International Transfers

Some technology providers may process data outside the UK. Where this happens, we ensure appropriate safeguards, such as adequacy regulations or approved contractual protections.

7. Data Retention

We keep personal data only as long as necessary for the purposes it was collected, including legal and reporting requirements.

  • General enquiries: typically up to 12 months.
  • Service user records: typically up to 6 years (or longer if safeguarding requires).
  • HR and recruitment: in line with employment law and good practice.
  • Financial records: typically 6 years.

Retention may vary depending on safeguarding requirements, funder conditions, or statutory obligations.

8. Cookies and Website Tracking

Our website may use cookies and similar technologies. Non-essential cookies (e.g., analytics/marketing) will only be used with your consent.

You can manage your preferences using our cookie banner and by adjusting your browser settings. See our Cookie Policy for full details.

9. Security

We take appropriate technical and organisational measures to protect personal data, including:

  • Secure hosting and SSL/HTTPS encryption.
  • Access controls and role-based permissions.
  • Staff confidentiality expectations and training.
  • Policies for safeguarding and incident management.

10. Your Rights

Under UK GDPR you have rights including:

  • The right to be informed about how we use your data.
  • The right of access to your personal data.
  • The right to rectification (correction of inaccurate data).
  • The right to erasure (in certain circumstances).
  • The right to restrict processing (in certain circumstances).
  • The right to data portability (in certain circumstances).
  • The right to object (in certain circumstances).
  • The right to withdraw consent (where we rely on consent).

To exercise your rights, contact us at [PRIVACY EMAIL]. We aim to respond within one month.

11. Complaints

If you are unhappy with how we handle your data, please contact us first so we can try to resolve the issue.

You also have the right to complain to the Information Commissioner’s Office (ICO): https://ico.org.uk/

12. Children and Young People

Where our services involve children or young people, we take extra care to protect their data and comply with safeguarding requirements. We will obtain parental/guardian consent where appropriate.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be published on this page, with the “Last updated” date shown at the top.

Back to top ↑

Quick action: If you want to request access or deletion of your data, email [PRIVACY EMAIL].

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by