Skip to content

Privacy Policy

Last Updated: January 2026

As-Subah Outreach ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you interact with us online or offline.

We are a UK-registered charity and comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all relevant guidance issued by the ICO and Charity Commission.

1. Who We Are

As-Subah Outreach
Charity Registration Number: 1180159
Email: [email protected]

We act as the Data Controller for the personal information we collect.

2. Information We Collect

We may collect and process the following categories of personal information depending on how you interact with us:

a) Personal Identification Information

  • Full name
  • Email address
  • Phone number
  • Postal address

b) Donation & Financial Information

  • Donation amounts
  • Payment method and transaction details
  • Gift Aid declarations
  • Fundraiser page information

Note: We do not store full card details. All payments are processed securely by our payment provider (e.g., Stripe).

c) Communication & Preferences

  • Newsletter subscriptions
  • Fundraiser participation
  • Consent records

d) Website Data

Collected through cookies, server logs, and analytics tools:

  • IP address
  • Browser type
  • Device information
  • Pages visited and interaction behaviour

e) Additional Information Provided Voluntarily

  • Messages sent to us
  • Survey responses
  • Event registrations

3. How We Use Your Information

We use your information to:

a) Process Donations & Supporters' Requests

  • Process payments securely
  • Send receipts and donation confirmations
  • Manage Gift Aid claims

b) Communicate With You

  • Provide updates on our work
  • Share fundraising appeals (with your consent)
  • Respond to enquiries

c) Manage Our Website & Improve Services

  • Analyse usage patterns
  • Improve website experience
  • Prevent fraud and enhance security

d) Legal, Regulatory & Compliance Purposes

  • Maintain accurate records
  • Meet Charity Commission, HMRC, and financial reporting obligations
  • Respond to lawful data requests

We only use your personal data when we have a lawful basis, such as consent, legitimate interests, or legal obligation.

4. Legal Bases for Processing

Under UK GDPR, we rely on the following legal grounds:

  • Consent — for newsletters, campaign updates, and marketing
  • Contract — when processing donations or event registrations
  • Legal obligation — Gift Aid, HMRC reporting, financial records
  • Legitimate interests — ensuring effective charity operations, fraud prevention, and supporter engagement

You may withdraw consent at any time.

5. How We Store & Protect Your Data

We take appropriate technical and organisational measures to ensure your data is secured, including:

  • Encrypted payment processing via recognised providers
  • Secure servers and firewalls
  • Access controls and staff training
  • Regular security audits

Financial transactions are handled exclusively by secure third-party providers and not stored on our servers.

6. Data Sharing & Third-Party Providers

We may share information with trusted service providers who support our work, including:

  • Payment processors (e.g., Stripe)
  • Email and communication platforms
  • Website hosting & analytics tools
  • Gift Aid processing partners

These providers only access the data necessary to perform their functions and are required to protect your information.

We do not sell or rent personal data to any organisation.

7. Transfers Outside the UK

If any service providers process data outside the UK, we ensure appropriate safeguards are in place, such as:

  • UK GDPR-compliant contracts
  • Adequacy decisions
  • Standard Contractual Clauses

8. How Long We Keep Your Information

We retain personal data only as long as necessary, for example:

  • Donation records: 6 years (legal requirement)
  • Gift Aid declarations: 6 years
  • Mailing lists: until consent is withdrawn
  • General enquiries: as long as reasonably needed

Data no longer required is securely deleted.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify incorrect or incomplete data
  • Erase data (in certain circumstances)
  • Restrict processing
  • Object to processing based on legitimate interests
  • Withdraw consent at any time
  • Data portability (where applicable)
  • Complain to the Information Commissioner's Office (ICO)

To exercise your rights, contact us at: [email protected]

10. Cookies & Website Tracking

We use cookies to:

  • Improve site performance
  • Analyse user behaviour
  • Personalise content

You can manage cookie preferences through your browser settings.

11. Children's Data

We do not knowingly collect personal data from children under 16 without parental consent. If we are made aware such data exists, we will delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The latest version will always be available on our website.

Last updated: January 2026

13. Contact Us

If you have any questions about this policy or your personal data, please contact: [email protected]