John Fricker's Charity EST · 1696 · Salisbury Make a gift

Privacy notice · Last updated: 21 May 2026

A plain-English account of what we do with your personal data, and what your rights are.

This notice describes how John Fricker's Charity of 1696 (charity number 220019) handles personal information under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We keep only what we need, for only as long as we need it, and we do not sell, swap, or share donor information.

A bound minute book and a sealed envelope on the Trustees' Clerk desk, soft natural light.
Records kept in a locked cabinet · St Martin's Church House

In short

  • We are the data controller. Our charity number is 220019.
  • We collect only the personal data we need to do our work — names, emails, donation amounts, and a small amount of analytics data.
  • We rely on legitimate interest, consent, and contractual necessity, depending on the activity.
  • We share data with our payment processor, our email platform (when we use it), and the Charity Commission, where required by statute.
  • We keep donor records for seven years, enquiry messages for twenty-four months, and analytics data for fourteen months.
  • You have the right to access, correct, delete, restrict, port, and object to the use of your data. Write to [email protected].
  • You can complain to the Information Commissioner's Office at ico.org.uk or on 0303 123 1113.

Who we are

The data controller is John Fricker's Charity of 1696, a charity registered in England and Wales with charity number 220019. Our registered office is at c/o The Trustees' Clerk, St Martin's Church House, St Martin's Church Street, Salisbury, Wiltshire, SP1 2HW. Day-to-day responsibility for data protection rests with the Trustees' Clerk, supervised by Robert John Lewis, trustee and Secretary.

What personal data we collect

  • If you donate — your name, postal address, email address, the amount you have given, the date, and (if applicable) a Gift Aid declaration.
  • If you fill in any enquiry form on our site — your name, email address, and the contents of your message.
  • If you apply to volunteer — the information you give us in the volunteer enquiry form, and (if we proceed) the information needed to run an enhanced DBS check.
  • If you apply for a grant through a partner — your name, address, household composition, and the description of need that the partner has compiled with you.
  • If you visit the website — anonymised analytics about which pages you visited, how you arrived, and what browser you used. We do not use cross-site tracking.

Why we collect it, and our lawful basis

  • To process donations and recover Gift Aid — lawful basis: contractual necessity (UK GDPR Article 6(1)(b)) and legal obligation (HMRC Gift Aid requirements).
  • To send you our quarterly dispatch — lawful basis: consent (UK GDPR Article 6(1)(a)). You can withdraw consent at any time.
  • To run our grant-making process — lawful basis: legitimate interest in fulfilling our charitable purposes (UK GDPR Article 6(1)(f)), with appropriate safeguards.
  • To reply to a contact form enquiry — lawful basis: legitimate interest in responding to people who have asked us to.
  • To run anonymous analytics — lawful basis: legitimate interest in understanding which parts of our site help us serve the public.

Who we share data with

We share personal data only with the following processors and only where necessary:

  • Stripe Payments UK Ltd — processes our card donations. Stripe operates under its own UK GDPR privacy notice and never shares card data with us.
  • Lloyds Bank plc — holds our charity bank account.
  • Mailchimp (Intuit Inc.) — currently used to send our quarterly dispatch. Email addresses are stored in their UK/EU data region. We will move provider if Mailchimp ceases to offer adequate protections.
  • Cloudflare Pages — our static hosting provider.
  • The Charity Commission for England and Wales — where statutory reporting requires it.
  • HMRC — for Gift Aid claims.

We do not sell, swap, or rent any personal data. We do not pass data to any other charity.

How long we keep your data

  • Donor records: seven years from the date of last donation, to satisfy HMRC Gift Aid retention requirements.
  • Enquiries (contact form, partnership, volunteer): twenty-four months from the date of the last correspondence on a given enquiry.
  • Grant case files: seven years from the date of the last grant, then destroyed; a summary line is retained in the trustees' minute book in perpetuity (this contains household initials only, never full names).
  • Newsletter subscribers: until you unsubscribe.
  • Website analytics: fourteen months.

Your rights under UK GDPR

You have the right to:

  • Ask us what data we hold about you (right of access).
  • Have inaccurate data corrected (rectification).
  • Have your data deleted, where there is no lawful reason for us to keep it (erasure).
  • Restrict the use we make of your data while we resolve a question.
  • Receive a copy of your data in a portable form (portability).
  • Object to our use of your data on the grounds of legitimate interest.

To exercise any of these rights, write to [email protected]. We will respond within one calendar month.

Cookies

We use a small number of cookies. The full cookie policy is on our cookies page. In short: a strictly necessary session cookie for the dismissal of the cookie banner, and a single anonymous analytics cookie. We do not use marketing or third-party advertising cookies.

Children

The Charity occasionally helps households that include children, but we do not market to anyone, and we never market to under-13s. Our Sunday Doors programme runs only with adults. Where a school welfare officer refers a household to us, the school holds the relationship with the parent or guardian, and we hold the relationship with the household adult.

Our safeguarding policy, written by trustee Michael Snell, covers the protection of children and vulnerable adults in our work. It is available on the resources page.

International transfers

Where any of our processors store data outside the UK or the EEA (chiefly Mailchimp's parent company in the United States, and Cloudflare's global infrastructure), we rely on the UK International Data Transfer Agreement and the EU–US Data Privacy Framework. We will move provider if these protections cease to be considered adequate.

Changes to this policy

We review this notice each May. The current version was last updated on 21 May 2026. If we make a material change, we will post the new version here and date it accordingly.

How to complain

If you are unhappy with how we have handled your data, write to us first at [email protected]. We will reply within five working days. You also have the right to complain to the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Online: ico.org.uk

We use a small number of cookies for essential site behaviour and anonymous analytics. Read our cookie policy.