Privacy Policy

1. Who we are

Deen Trust International (“DTI”, “we”, “us”, “our”) is a charity registered in England & Wales under charity number 1190475, and a private company limited by guarantee registered in England & Wales under company number 12506348. Our registered office is at 73 Wynndale Drive, Nottingham NG5 1HD, United Kingdom. Our correspondence address is 209 Berridge Road, Forest Fields, Nottingham NG7 6HR, United Kingdom.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, DTI is the data controller of personal data you provide through donate.deentrust.org (the “Donate App”). We are registered with the UK Information Commissioner’s Office (ICO) under registration number ZC148239.

We are also registered with the Fundraising Regulator, the independent regulator of charitable fundraising in the UK, and we follow its Code of Fundraising Practice.

If you have any questions about this policy or want to exercise your rights, please contact us at [email protected].

2. What data we collect

When you make a donation or set up a pledge, we collect:

• Identity and contact data — your first name, last name, email address, mobile number, billing address and country.
• Donation data — the amount, currency, frequency (one-off or monthly), the fund or campaign you chose, and any operations contribution.
• Gift Aid data (if you make a Gift Aid declaration) — your name, home address (including postcode) and your declaration that you are a UK taxpayer. This is required by HMRC.
• Pledge data — if you submit a pledge, the same identity and contact data, plus the pledged amount and the event reference.
• Payment data — handled directly by Stripe Payments UK Ltd. We do not see or store your full card number, CVV or PIN. We receive a tokenised reference, the card brand, last four digits and the result of the transaction.
• Marketing preferences — your choices about how we keep in touch (email, SMS, post, telephone), the date you set them, and the version of our policy that applied when you did so.
• Technical data — your IP address, device, browser, language, and referring page (used for security, fraud prevention and, with your consent, anonymised analytics).
• Cookies and similar technologies — see Section 9.

We do not ask for special-category data (health, religion, ethnicity, etc.) and we do not target the Donate App at children. If you are under 16, please ask a parent or guardian to donate on your behalf.

3. Why we use your data and our legal basis

4. Who we share your data with

We share the minimum data needed with carefully selected providers:

• Stripe Payments UK Ltd — to process card payments. See the Stripe Privacy Policy.
• HMRC — to claim Gift Aid where you have made a declaration. We submit your name, address and the donation amount.
• The Charity Commission for England & Wales — for statutory reporting (in aggregate, not individual donors).
• Google Analytics (if you have given analytics-cookie consent) — anonymised usage data only; we have enabled IP anonymisation.
• Microsoft Clarity (if you have given analytics-cookie consent) — session insights and heatmaps to help us improve the form. Clarity may record how you interact with the page; sensitive content is masked so it does not capture what you type into fields such as your name, email, address or card details.
• Sentry (Functional Software, Inc.)— for error monitoring and diagnostics, using its EU data region. If the app encounters an error, Sentry may capture a diagnostic recording of the page at that moment, which can include information you had entered (such as your name, email, address and donation amount). It never captures your full card number, which is handled inside Stripe’s secure payment frame and cannot be recorded.
• Postcode and address-lookup providers — to help you complete your billing address quickly. We send the postcode or partial address you type; we do not share other identifying information.
• Email and SMS providers — to send your donation receipt and any marketing communications you have consented to.
• Our hosting and back-office providers — to store and process your data securely on our behalf, under written data-processing agreements.
• Professional advisers and auditors — where needed for legal, financial or audit purposes.
• Law enforcement, regulators and courts — where we are required to do so by law.

We do not sell your data and we do not share it with other charities for marketing purposes.

5. International transfers

Some of our providers (notably Stripe, Google and Microsoft) process data outside the UK; Sentry processes our error data in its EU region. Where data is processed outside the UK, we rely on UK adequacy decisions, the UK International Data Transfer Agreement, or Standard Contractual Clauses with appropriate safeguards, so that your data continues to receive equivalent protection.

6. How long we keep your data

• Donation and Gift Aid records — 6 years from the end of the tax year of the donation, in line with HMRC requirements.
• Accounting records — at least 6 years, as required by charity and company law.
• Marketing preferences — for as long as you wish to hear from us. If you opt out we keep a minimal suppression record so we don’t accidentally contact you again.
• Anonymous-analytics data — typically up to 14 months in Google Analytics; Microsoft Clarity session insights are retained for up to 30 days.
• Error and diagnostic data — held by our error-monitoring provider (Sentry) for a limited period (typically up to 90 days) and then deleted.
• Pledges that don’t convert to a donation — kept for 36 months for follow-up, then deleted.

7. Marketing communications

We will only send you marketing emails, SMS or telephone calls about our work where you have given us consent to do so. You can change your marketing preferences at any time:

• By using the preferences link at the bottom of any marketing email or SMS we send you.
• By emailing [email protected].
• By replying STOP to any marketing SMS.

Withdrawing your marketing consent does not affect our ability to send you transactional messages (such as receipts for your donations or notices required by law).

8. Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Rectify data that is inaccurate or incomplete.
• Erase your data in some circumstances (we may need to retain donation and Gift Aid records to meet legal obligations).
• Restrict or object to certain types of processing, including direct marketing and processing based on legitimate interests.
• Portability — receive a copy of the data you provided, in a structured, commonly-used format.
• Withdraw consent at any time where we rely on consent.
• Not be subject to a decision based solely on automated processing that produces legal effects (we don’t do this).

To exercise any of these rights please contact us at [email protected]. We will respond within one calendar month.

9. Cookies

The Donate App uses a small number of cookies and similar technologies. You will be asked for your consent on first visit; you can change your choices at any time using the “Cookie preferences” link in the footer.

• Strictly necessary (always on) — a first-party cookie that remembers your cookie choices, plus session storage used to recover your in-progress donation if your connection drops. Stripe also uses cookies that are essential for fraud detection on payments. We use Sentry for error monitoring: it does not set cookies, but it stores diagnostic data in your browser’s session storage and, if an error occurs, may record a diagnostic snapshot of the page (see Section 4).
• Analytics (consent required) — Google Analytics (configured with IP anonymisation) and Microsoft Clarity (session insights and heatmaps, with sensitive fields masked), to help us understand which funds and pages donors interact with so we can improve them. These set cookies such as _ga, _gid, _clck and _clsk. We do not use Google’s advertising features.
• Marketing (consent required) — currently not in use. If we add marketing or remarketing technologies in future they will only load with your consent.

10. Anonymous donations

If you choose to make an anonymous donation, your name will not be shown on any public donor wall, ticker or acknowledgement. We still hold your name and contact details internally for the reasons set out in Section 3 (receipt, Gift Aid, accounting, donor care). “Anonymous” here means “not publicly displayed”, not “not collected”.

11. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS), role-based access controls, hardened hosting and regular review. Card payments are PCI-DSS compliant via Stripe; we never see or store your full card number.

No system is perfectly secure. If we suspect a breach affecting your data, we will notify the ICO and (where required by law) you, in line with our breach-response procedure.

12. Children

The Donate App is not directed at children. If you are under 16 please ask a parent or guardian to donate on your behalf. If we become aware that we have collected data from a child without appropriate consent, we will delete it.

13. Complaints

If you have a concern about how we have handled your personal data, please contact us first at [email protected] so we can try to put things right.

You also have the right to complain to the UK Information Commissioner’s Office:

• Website: ico.org.uk/make-a-complaint
• Helpline: 0303 123 1113

Concerns specifically about our fundraising can also be referred to the Fundraising Regulator.

14. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top tells you when the current version took effect. Material changes affecting how we use your data will be highlighted on the Donate App.

15. Contact

For any questions about this policy or your personal data:

• Email: [email protected]
• Phone: +44 (0)300 180 0234
• Post: 209 Berridge Road, Forest Fields, Nottingham NG7 6HR, United Kingdom