LGBT Foundation is committed to protecting your privacy
Our Privacy Statement sets out how we use and protect any personal data that you give us, or that we collect from you.
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
We are the LGBT Foundation (“the charity” “we” or “us”). The LGBT Foundation is a registered charity under registration number 1070904, and our Company registration number is 03476576.
Our Contact Details are:
Postal address: Fairbairn House (2nd Floor), 72 Sackville Street, Manchester, M1 3NJ.
Email address: [email protected]
We are the a “data controller” under the data protection legislation, unless otherwise stated. This means that we are responsible for deciding how we hold and use personal data about you. Your information is gathered, shared, and used by us as set out in this Privacy Policy.
We are registered with the Information Commissioners Office (“ICO”) under reference: Z8069952
Changes to our Privacy Policy
We may need to update this Privacy Statement from time to time, any changes we make to our Privacy Statement will be posted on this page however, if there are any significant changes we will let you know and explain the changes.
You are also welcome to request a current copy by writing to us at the address above (Our Contact details) at any time.
Third-party links
Our websites may include links to third-party websites or links to other websites of interest, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our website, we encourage you to read the Privacy Statement of every website you visit.
Collection and use of personal data
Personal data means any information about you that can be used to identify you. This does not include data where your identity has been removed (such as anonymous data).
We collect, use, store, and transfer various kinds of personal data about you, these can be grouped as:
• Identity information: information which identifies you for example your name, date of birth
• Contact details: your postal, billing and / or delivery address, email address, and telephone number;
• Financial Information: includes bank account payment information and transaction history (payment card number, and other information necessary for identification and verification of payments, and records of payments, details of products or services purchased and associate billing history);
• Technical data or Cookies: internet protocol (IP) address or browsing actions and patterns (collected through cookies). For more information about how and why we use cookies, please look at our Cookie information;
• Feedback Data: responses to surveys, questionnaires, reviews, or other feedback mechanisms, including any comments or ratings you provide;
• Usage Data: includes information about how you use our website and services;
• Marketing and communication preferences: how you prefer to receive marketing messages and other communications from us; and
• Publicly available information: available on third party sites such as social media sites for example Facebook, Instagram.
This list is not exhaustive, and in specific instances, we may need to collect additional data for the purposes set out in this Privacy Statement.
Special Category Personal Data:
Where it is necessary for us to gather special categories of personal data we will only do when we have a lawful basis. Special Category personal data, includes information about your race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (where this is used for identification purposes), health data, and sex life.
We may process special categories of personal data in the following circumstances:
• In limited circumstances, with your explicit written consent.
• Where we need to carry out our legal obligations and in line with our data protection policy.
• Where it is needed in the public interest, such as for equal opportunities monitoring, and in line with our data protection policy.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
Where we collect special category data, we shall only do so in accordance with this Privacy Statement.
Children and Young People
LGBT Foundation provides services that may be accessed by children and young people. Where we collect and process personal data relating to individuals under 18, we do so with particular care and in line with data protection and safeguarding legislation. We will only collect the personal data that is necessary to provide support, respond to enquiries, or deliver services that a young person has chosen to engage with. Where required, and depending on the nature of the service, we may seek consent from a parent or legal guardian, or assess whether the young person has the capacity to provide their own consent.
In circumstances where safeguarding concerns arise, or where there is a risk of harm to a child or young person, we may share relevant information with statutory safeguarding partners, in line with our legal obligations and organisational safeguarding policies. We will always ensure that any information shared is proportionate, appropriate, and used only to protect the safety and wellbeing of the individual concerned.
Purpose of processing
We will only use your personal data when the data protection law allows us to do so.
We will collect your personal data (which may include special category personal data) for the main purpose of providing you with our services.
We use the information we collect from you to provide you with:
To help us do the above we have to collect personal data from you so we can stay connected or to help provide you with a support depending on the service you are accessing.
Please note that some personal data will be shared with LGBT Foundation staff and volunteers only unless otherwise stated.
Legal Basis
Data protection law sets out several varied reasons for which we may collect and process your personal data:
(scroll right on mobile to view the below table)
| Purpose of Processing | Categories of Personal Data | Lawful Basis (Article 6 UK GDPR) | Special Category Condition (Article 9 UK GDPR) | Typical Recipients / Systems |
|---|---|---|---|---|
| Health & wellbeing services | Identity, contact details, case notes | Contract (where the person is receiving a service) or Legitimate interests | Explicit consent, or Substantial public interest – safeguarding/equality monitoring | Case management platform, clinical supervisors, safeguarding partners |
| Training delivery | Identity, contact details, booking info, feedback | Contract or Legitimate interests | Usually not applicable; explicit consent if any special category data is collected | Staff delivering training, CRM/booking systems |
| Fundraising & campaigns | Identity, contact details, marketing preferences | Consent, or Legitimate interests (soft opt in where applicable) in where applicable) | Not applicable | Email service providers, fundraising systems |
| Communications / newsletters | Identity, contact details, marketing preferences | Consent or Legitimate interests | N/A | Email service provider |
| Recruitment (staff & volunteers) | Identity, contact details, CV/application, employment history, background checks | Legal obligation / Legitimate interests | Employment, social security & social protection law (e.g., safeguarding, righttowork) | HRIS, background check providers |
| Website usage, analytics & cookies | IP address, browsing behaviour, cookie identifiers | Consent (for nonessential cookies), Legitimate interests for essential functionality | Not applicable | Analytics providers, website hosting platform |
| Feedback, surveys & service improvement | Feedback responses, usability data | Legitimate interests (service improvement) | Explicit consent where special category data is captured | Internal teams analysing service quality |
| Safeguarding | Identity, contact, relevant case info (including special category data where required) | Legal obligation or Vital interests | Substantial public interest – safeguarding | Police, safeguarding boards, statutory partners |
| Legal, regulatory & compliance | Any relevant personal data required for compliance | Legal obligation | Legal claims, substantial public interest, or the data subject has made the information public | Regulators, legal advisors |
| Funding requirements & reporting | Aggregated or anonymised data; occasionally identifiable data when required | Legitimate interests or Legal obligation (depending on funder requirements) | Substantial public interest where reporting includes protected characteristic data | Funders, partner organisations |
| Service access & general enquiries | Identity, contact details, message content | Legitimate interests or Contract | Explicit consent if special category data is provided by the individual | Internal teams responding to queries |
How we collect your personal data
We use different methods to collect information from and about you.
We may collect personal data directly from you when you contact us, request services from us, attend events, or otherwise engage with us or our community.
We also collect personal data when you visit and / or contact us or you request information from the website. We also collect personal data when you register for services from us, and / or when you engage with us via social media.
We also receive personal data from third parties.
Keeping your personal data accurate:
It is important that the personal data that we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.
If you believe that any of your data that we process is incorrect or incomplete, please contact us using the above contact details and we will take reasonable steps to check its accuracy and correct it where necessary
Anonymised data
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you). This can be for research or statistical purposes; in which case we may use the anonymised information indefinitely without further notice to you.
We collect, use, and share anonymised and aggregated data such as statistical or demographic data for purposes including reporting. Anonymised and aggregated data could be derived from your personal data but will not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Statement.
Where Your Personal Data May Be Processed
We primarily store and process personal data within the UK, using systems that have appropriate technical and organisational security measures. Where any of our trusted thirdparty service providers transfer or access personal data outside the UK—for example, through cloudbased tools—we ensure that appropriate safeguards are in place in line with data protection legislation. These may include adequacy regulations, the UK International Data Transfer Agreement (IDTA) or Addendum, or standard contractual clauses. We only work with suppliers who can demonstrate strong data protection standards, and you may contact us for more information about the safeguards used for any specific transfer.
Do you share my data with other organisations?
We only ever share your personal data with trusted third parties.
Your personal data may be shared or disclosed to third parties in connection with the services we are providing to you or with another third-party organisation when we are working on joint projects with them.
We may also share information with a third party if it is required for funding purposes, however this is made explicit when the data is collected.
The reasons we may share your data with third parties are:
• If we are under a legal or regulatory duty to do so,
• if it is necessary to do so to enforce any of our terms and conditions or other contractual rights,
• it is necessary to provide you with the services requested,
• to lawfully assist the police or security services with the prevention and detection of crime or terrorist activity,
• where such disclosure is necessary to protect the safety or security of any persons or property, and/or
• otherwise as permitted under applicable law.
We may also share information with the police if there is a safeguarding risk that has arisen.
We may also share personal data with trusted third parties we may work with from time to time to help us with operating and improving our services.
We only provide third parties with the information they need to know to perform their specific services. Where personal data is shared with a managed service provider or other third-party supplier, we work closely with them to ensure that your personal data is secure and always protected.
Our contracts with third parties make it clear that they must hold personal data securely, abide by the principles and provisions of data protection rules, and only use information as we instruct them to. In all instances where we disclose your information to third parties, we will ensure that your information is appropriately protected. If we stop using their services, any of your personal data held by them will either be deleted or rendered anonymous.
In some circumstances, LGBT Foundation may process personal data jointly with another organisation—this is known as being joint controllers. Joint controllership may apply, for example, where we deliver a service, project, or programme collaboratively and both parties determine the purposes and means of processing personal data.
Where joint controllership applies, we will make this clear at the point your data is collected. We will explain each organisation’s responsibilities, including who is responsible for providing you with privacy information, responding to rights requests, and ensuring personal data is processed securely and lawfully. You may contact either organisation to exercise your data protection rights, and we will work together to ensure that your information is handled responsibly and transparently.
Data retention
We will retain your personal data only for as long as is necessary and to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, insurance, contractual or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Different laws and other requirements require us to keep different data for different periods of time.
Data Security
LGBT Foundation takes every reasonable step to safeguard the personal data we hold. This includes a combination of technical and organisational measures designed to protect information from loss, unauthorised access, alteration, or disclosure. These measures include secure systems with restricted, rolebased access; multifactor authentication where appropriate; encryption of data in transit; regular staff training on confidentiality and data protection; routine monitoring of systems; and contractual protections with all thirdparty suppliers who process data on our behalf. We also maintain an incident response process to assess and, where legally required, report data breaches promptly and transparently.
Marketing
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
Our email updates provide you with information about:
If you have given your consent to receive marketing emails, you can withdraw this at any time, or if we are relying on our charitable purpose soft opt in to send you marketing, you can object.
You can opt-out from receiving these at any time by clicking “unsubscribe” when you receive these communications from us or by contacting us at [email protected]
Where you have opted out of receiving marketing emails, this opts‑out does not affect essential communications necessary for us to deliver the services, nor any important notices relating to our service offering or changes to your existing services.
Cookies
When you visit our website, we may collect certain information by automated means, such as using cookies.
A cookie is a piece of data stored locally on your computer containing information about your activities on the Internet. Each website can send its own cookie to your web browser if your browser’s preferences allow it. Many websites do this whenever a user visits their website to track online traffic flows.
We use the following types of cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website or make use of services.
Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
If you use your browser settings to block all cookies (including necessary cookies) you may not be able to access all or parts of our website.
Third parties may also use cookies, over which we have no control. To deactivate the use of third-party advertising cookies, you may visit the consumer page to manage the use of these types of cookies.
Your Rights
You are also able to exercise your rights which include:
Your right to withdraw consent
You can withdraw your consent at any time where we rely on consent to process your personal data.
Withdrawal of consent will not affect the lawfulness of any processing carried out before your consent was withdrawn
Your Right to be Informed
We aim to be transparent within our Privacy Statement and provide you with information about how we use your personal data.
Your Right to Object
In some circumstances you can stop the processing of your personal data for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Where your details are used for marketing, you can opt out at any time. You can unsubscribe from marketing on each contact, or you can contact us to object to any processing.
Your Right to Rectification
You have the right to request the correction of your personal data when it is incorrect, out of date or incomplete. If you notify us that the personal data, we hold is complete or inaccurate we will correct or complete the information as soon as possible.
Your Right to Erasure or the Right to be Forgotten
You have the right to request that your personal data be deleted; including if we no longer need it for the purpose we collected it, you withdraw your consent or you object to its processing.
Following your request, we will erase your personal data without undue delay unless the continued retention is necessary and permitted by law. If we make the personal information public, we shall take reasonable steps to inform other data controllers processing about your erasure request.
Your Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data. This can be done in circumstances where we need to verify the accuracy of the information, if you do not wish to have the information erased or you have objected to the processing of the information, and we are considering this request. Once the processing is restricted, we will only continue to process your personal data if you consent, or we have another legal basis for doing so.
Your Right to Access
You have the right to access the personal data we hold about you. Any access request will usually be free of charge and responded to within one month. We will endeavour to provide information in the format requested, but we may charge you a reasonable fee for additional copies.
Your Right to Data Portability
You have the right to receive a copy of your personal data which you gave to us. The copy will be provided in a commonly used and machine-readable format. You can also have it transmitted directly from us to another data controller, where technically possible.
The right not to be subject to automated decision making and profiling.
Where we make significant decisions using automated processing, we ensure that appropriate safeguards are in place, including:
• providing you with information about the automated decision;
• enabling you to make representations about the decision;
• enabling you to request human intervention; and
• enabling you to challenge or contest the decision.
You have the right to not be subject to solely automatic decisions (i.e., decisions that are made about you by computer without any human input) using special category personal data in relation to any processes that have a legal or similarly significant effect on you.
You will be notified if we make a solely automated decision using special category personal data which produces a legal effect or significantly affects you.
When you request to exercise your rights
You will not have to pay a fee to exercise any of the rights listed above. However, we may charge a reasonable fee if your request is clearly unfounded or excessive, including where requests are repetitive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information or to exercise any of your other rights. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
How can we help?
If you have any questions about our use of your personal data or want further information about how your personal data has been handled, we kindly ask that you contact us.
If you wish to complain about how your personal data has been handled, this Privacy Statement or any of the procedures set out in it we kindly ask that you contact us in the first instance. To follow our complaints process, please contact us using this contact form so that we can investigate and respond in accordance with our procedures.
You also have the right to raise concerns with Information Commissioner’s Office, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.
This Privacy Statement was last updated in February 2026.
