Last updated: August 2024

Across Aid Limited (“we”, “us” or “our”) is committed to protecting the privacy and personal data of all individuals who interact with us, in compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This GDPR Compliance Statement outlines how we collect, use, store, and protect your personal data.

Data Controller

Across Aid Limited, registered in England and Wales with company number. 15299472, is the data controller responsible for your personal data. Our registered office is at 128 City Road, London, EC1V 2NX.

Legal Basis for Processing Personal Data

We process personal data based on the following legal grounds:

  • Consent: Where you have provided your explicit consent for us to process your personal data for specific purposes, such as subscribing to our newsletter.
  • Contractual Necessity: Where processing is necessary for the performance of a contract with you, such as processing donations.
  • Legal Obligation: Where processing is necessary to comply with a legal obligation to which we are subject.
  • Legitimate Interests: Where processing is necessary for our legitimate interests, such as improving our services or communicating with supporters, provided these interests are not overridden by your rights.

Data We Collect

We may collect the following types of personal data:

  • Personal Identification Information: Name, email address, and donation details.
  • Technical Data: IP address, browser type, and operating system.
  • Usage Data: Information about how you use our Website.
  • Communication Data: Any communication you send to us, including emails and messages.

How We Use Your Data

We use your personal data for the following purposes:

  • Processing Donations: To manage and process your donations, including issuing receipts and related communications.
  • Communications: To send you updates about our activities, campaigns, and newsletters, provided you have given your consent.
  • Website Improvement: To analyse how our Website is used and to improve its functionality and user experience.
  • Legal Compliance: To comply with legal obligations, such as financial reporting and regulatory requirements.

Sharing Your Data

We only share your personal data with third parties under the following circumstances:

  • Service Providers: We may share your data with service providers who assist us with operations, such as payment processors (e.g., GoCardless Ltd.). These service providers are bound by contracts to protect your data and only use it to provide the services we have contracted them to perform.
  • Legal Obligations: We may disclose your data if required to do so by law, such as in response to a court order or a legal process.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred to the acquiring entity.

Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to safeguard it from unauthorised access, disclosure, alteration, or destruction. These measures include:

  • Encryption: Data in transit and at rest is encrypted to protect your personal information.
  • Access Controls: Access to your personal data is restricted to authorised personnel who need it to perform their job functions.
  • Regular Audits: We conduct regular audits of our data processing activities to ensure compliance with our data protection policies and procedures.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. The retention period depends on the type of data and the purpose for which we process it:

  • Donation Records: Retained for 7 years to comply with financial and legal obligations.
  • Communication Data: Retained for 2 years after the last communication, unless you request its deletion sooner.
  • Technical Data: Retained for 1 year to assist with Website analysis and improvement.

Your Rights Under GDPR

As a data subject, you have the following rights under GDPR:

  • Right to Access: You have the right to request access to the personal data we hold about you.
  • Right to Rectification: You have the right to request the correction of inaccurate or incomplete data we hold about you.
  • Right to Erasure: You have the right to request the deletion of your data where there is no compelling reason for us to continue processing it.
  • Right to Restriction of Processing: You have the right to request that we limit the processing of your data in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another data controller.
  • Right to Object: You have the right to object to the processing of your data where we are relying on a legitimate interest, or where we are using your data for direct marketing purposes.
  • Right to Withdraw Consent: Where we are processing your data based on your consent, you have the right to withdraw that consent at any time.

How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact us at:

Email: [email protected] 

Postal Address: 128 City Road, London, EC1V 2NX

We will respond to your request within one month of receiving it. If we are unable to comply with your request within this timeframe, we will notify you of the delay and provide an explanation.