Privacy & Data Protection Policy
Privacy & Data Protection Policy
How we respect privacy when we deal with personal information collected by our organisation
FFLAG is a charity registered in England & Wales (No. 1079918) that offers practical support to families with lesbian, gay, bisexual, non-binary or transgender members. FFLAG aims to bring about a world free from ignorance and prejudice about sexuality and gender identity in which LGBT+ people are valued and respected.
This Privacy Policy applies to information we (FFLAG) collect about individuals who interact with our charity. It explains what personal information we collect and how we use it. We will never disclose your personal data to any other organisations for any purpose you have not authorised unless compelled to do so by law.
The FFLAG Chair (or nominated Trustee) is the Data Controller for this information.
If you have any comments or questions about this Policy, please contact us by emailing: [email protected]
Personal data that we process
The following table explains the types of data we collect and the legal basis, under current data protection legislation, on which this data is processed aligned to the 6 bases for UK GDPR data use – consent, contract, legal obligation, vital interests, public tasks or legitimate interest.
Purpose | Data (key elements) | Basis |
Enquiring about our organisation and its work | Name, email, message | Legitimate interests – it is necessary for us to read and store your message so that we can respond in the way that you would expect. |
Requesting physical copies of booklets and other resources | Name, email, postal address to be used | Legitimate interests – it is necessary for us to read and store your message or letter so that we can respond in the way that you would expect. |
Subscribing to email updates about our work | Name, email | Consent – you have given your active consent. |
Making an online donation | Name, email, address, payment information | Legitimate interests – this information is necessary for us to fulfil your intention of donating money and your expectation of receiving a confirmation message. |
Â
Purpose | Data (key elements) | Basis |
Enabling us to recover Gift Aid on your donation | Home address | Legal obligation – HM Revenue & Customs require us to record this information for Gift Aid donations. |
Volunteering for FFLAG | Name, email, home address, telephone number(s), date of birth, skills offered, relevant experience and qualifications | Legitimate interests – it is necessary for us to ask you to supply this information so that we can respond in the way that you would expect. |
Attending certain ticketed events | Names of your guests and a physical address for ticket delivery | Legitimate interests – some venues (such as Parliament) require physical tickets for entry and the names of all visitors to be known to them in advance. |
Endorsing FFLAG’s work | Images and/or videos in which you can be recognised | Consent – you have given your active consent, or your consent is implied by your actions. |
Website functionality | Website activity collected through cookies | Legitimate interests – it is necessary for us to store a small amount of information, usually through cookies, to deliver functionality that you would expect, such as remembering the contents of your order before you have fully completed the process. |
Â
How we use your data
We will only use your data in a manner that is appropriate considering the basis on which that data was collected, as set out in the table in paragraph 1 above.
For example, we may use your personal information to:
- reply to enquiries you send to us;
- handle donations or other transactions that you initiate;
- where you have specifically agreed to this, send you marketing communications by email relating to our work which we think may be of interest to you.
When considering how we use data we are guided by the principles of a Legitimate Interests Assessment (LIA). This involves a three-part test: the purpose test, necessity test, and balancing test. The purpose test asks if there’s a legitimate reason for processing the data, the necessity test whether the processing is truly needed, and the balancing test if the charity’s interest outweighs the individual’s rights. Examples include direct marketing to existing donors (balancing test considers previous donation and lack of objection) and sharing data with partner organisations to better serve beneficiaries.
When we share your data
We will only pass your data to third parties in the following circumstances:
- you have provided your explicit consent for us to pass data to a named third party (for example, to enable a local parent group organiser to contact you);
- we are using a third party purely for the purposes of processing data on our behalf and we have in place a data processing agreement with that third party that fulfils our legal obligations in relation to the use of third party data processors; or
- we are required by law to share your data.
In addition, we will only pass data to third parties outside of the UK where appropriate safeguards are in place as defined by Article 46 of the General Data Protection Regulation.
How long we keep your data
We take the principles of data minimisation and removal seriously and have internal policies in place to ensure that we only ever ask for the minimum amount of data for the associated purpose and delete that data promptly once it is no longer required in order to provide services or information to you.
Rights you have over your data
You have a range of rights over your data, which include the following:
- Where data processing is based on consent, you may revoke this consent at any time and we will make it as easy as possible for you to do this (for example by putting ‘unsubscribe’ links at the bottom of all our marketing emails).
- You have the right to ask for rectification and/or deletion of your information.
- You have the right of access to your information.
- You have the right to lodge a complaint with the Information Commissioner if you feel your rights have been infringed.
A full summary of your legal rights over your data can be found on the Information Commissioner’s website here: https://ico.org.uk/
If you would like to have access to the rights listed above, or any other legal rights you have over your data under current legislation, please get in touch with us at [email protected]. Privacy enquiries are handled on a weekly basis so there may be a short delay before we reply.
Please note that relying on some of these rights, such as the right to delete your data, will make it impossible for us to continue to deliver some services to you. However, where possible we will always try to allow the maximum access to your rights while continuing to deliver as many services to you as possible.
How we protect your data
We apply proportionate technical and organisational measures— including role-based access controls— to protect your information. We will consider how we protect data in the event of any major changes within the charity or new services being offered.
If we identify a breach that is likely to result in a risk to you, we will notify the Information Commissioner’s Office and, where relevant, the Charity Commission within 72 hours, and we will contact you without undue delay.
- 7
. Cookies & usage tracking
A cookie is a small file of letters and numbers that is downloaded onto your computer when you visit a website. Cookies are used by many websites and can do a number of things, such as remembering your preferences, recording what you have put in your shopping basket, and counting the number of people looking at a website.
Where cookies are used to collect personal data, we list these purposes in section 1 above, along with other personal data that we collect. However, we also use some cookies that do not collect personal information but that help us collect anonymous information about how people use our website. We use Google Analytics for this purpose.  Google Analytics generates statistical and other information about website usage by means of cookies, which are stored on users’ computers. The information collected by Google Analytics about usage of our website is not personally identifiable. The data is collected anonymously, stored by Google and used by us to create reports about website usage. Google’s privacy policy is available at http://www.google.com/privacypolicy.html. Please also see FFLAG’s Cookie Policy at https://www.fflag.org.uk/cookie-policy/.
Modifications
We may modify this Privacy Policy from time to time and will publish the most current version on our website. If a modification meaningfully reduces your rights, we’ll notify people whose personal data we hold and are affected.
Approved by the Board: August 2025Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Next review: 2030
Join Our Mission
Together, we can support families and allies, encouraging love, acceptance, and pride for all LGBT+ individuals.