top of page

Privacy Policy

​

 

Introduction

 

Esther Arise Global Trust is committed to protecting and respecting personal data. This Privacy Policy explains what personal information may be collected through the Esther Arise Global Trust website, how that information may be used, the lawful bases relied on, how long data may be kept, and the rights available to individuals under UK data protection law.

 

This policy is intended for visitors to the website, donors, supporters, volunteers, partner contacts, beneficiaries or referrers who contact the Trust through the website or related communications channels.

 

Who controls your data

 

Esther Arise Global Trust is the data controller for personal data collected through its website and related website enquiries, unless this policy states otherwise.

 

Website users should ensure that the website displays the Trust's current registered contact details, including its correspondence address and an email address for privacy queries. If a separate data protection contact is appointed, those details should also be displayed in the website footer or contact page and reflected in this policy.

 

Personal data that may be collected

 

Depending on how the website is used, Esther Arise Global Trust may collect and process the following categories of personal data:

 

- Identity and contact data, such as name, email address, telephone number, postal address, and organisation name.

- Enquiry data submitted through contact forms, email, or other website forms.

- Donation and supporter data, such as donation amount, Gift Aid information where relevant, communication preferences, and records of support.

- Volunteer, partner, or speaker enquiry data provided through forms or direct contact.

- Referral or beneficiary-related information that users choose to provide through the website. Special category or sensitive personal data should only be requested where genuinely necessary and handled with additional care.

- Technical and usage data, such as IP address, browser type, device information, pages visited, and cookie-related data where website analytics or similar tools are used.

 

How personal data may be collected

 

Personal data may be collected directly when an individual fills in a contact form, makes a donation, signs up for updates, submits an enquiry, volunteers interest, requests support information, or otherwise contacts the Trust through the website.

 

Some technical information may also be collected automatically through cookies, analytics tools, server logs, or similar website technologies, depending on how the website is configured.

 

If personal data about another person is submitted through the website, the person providing that information should ensure they are permitted to do so and that the individual understands their information may be shared with the Trust.

 

Purposes and lawful bases

 

UK privacy notices should explain both the purposes of processing and the lawful basis relied on for each purpose.

 

Where consent is relied on, it may be withdrawn at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

 

Sharing personal data

 

Personal data may be shared only where necessary and appropriate, for example with trusted service providers that support website hosting, email delivery, cloud storage, donation processing, form management, analytics, professional advisers, or regulatory and legal bodies where disclosure is required.

 

If the website uses third-party donation platforms, payment processors, embedded forms, or mailing tools, those providers may process personal data on the Trust's behalf or as independent controllers according to their own privacy notices.

 

Personal data may also be disclosed where necessary to comply with legal obligations, protect legal rights, prevent fraud, or respond to requests from regulators or law enforcement bodies.

 

International transfers

 

If website tools or service providers store or process personal data outside the United Kingdom, the Trust should ensure that appropriate safeguards are in place, such as adequacy regulations or approved contractual protections, before personal data is transferred internationally.

 

If the Trust works across the United Kingdom and Zimbabwe, cross-border handling of personal data should be limited to what is necessary for charitable delivery and supported by suitable safeguards and access controls.

 

Data retention

 

Privacy notices should explain how long personal data is kept, or the criteria used to decide this.

 

Esther Arise Global Trust should keep personal data only for as long as necessary for the purpose it was collected, including to meet legal, accounting, regulatory, safeguarding, or reporting requirements.

 

Typical retention examples may include:

 

- General enquiries: retained only for as long as needed to respond and keep an appropriate enquiry record.

- Donation and Gift Aid records: retained for the period required by financial, tax, and charity record-keeping obligations.

- Newsletter or update subscriptions: retained until the individual unsubscribes or the list is reviewed and cleaned.

- Website technical logs and analytics data: retained according to the website provider's settings and operational needs.

 

The Trust should adopt a retention schedule and update this policy where more specific periods are confirmed.

 

Cookies and website analytics

 

If the website uses cookies or similar technologies, users should be told what categories of cookies are used and whether they are essential or optional. Optional analytics, advertising, or preference cookies should normally be deployed only where valid consent has been obtained.

 

The website should include a cookie banner or cookie settings tool if non-essential cookies are used, together with a separate cookie notice if appropriate.

 

Data security

 

Esther Arise Global Trust should take appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures may include access controls, password protection, secure platforms, limited permissions, and careful supplier selection.

 

Individual rights

 

Under UK data protection law, individuals may have the right to request access to their personal data, ask for inaccurate data to be corrected, request erasure in some circumstances, restrict processing, object to processing, request transfer of certain data, and withdraw consent where consent is relied on.

 

Individuals also have the right to complain to the Information Commissioner's Office if they believe their personal data has been handled unlawfully or unfairly.

 

The ICO can be contacted through its website at [ico.org.uk](https://ico.org.uk/).

 

Children and safeguarding-related information

 

As Esther Arise Global Trust works in areas affecting girls and young women, the Trust should take particular care when handling children's data or safeguarding-related information. Only the minimum necessary information should be collected, and any safeguarding information should be handled with restricted access and appropriate confidentiality controls.

 

Where the website is not intended for children to use independently, this should be made clear, and forms should avoid requesting unnecessary sensitive information online.

 

Third-party links

 

The website may contain links to third-party websites, donation pages, or social media platforms. Those external services have their own privacy practices, and Esther Arise Global Trust is not responsible for their content or handling of personal data once a user leaves the Trust's website.

 

Changes to this policy

 

This Privacy Policy may be updated from time to time to reflect changes in legal requirements, website tools, or charity operations. The latest version should always be posted on the website with the most recent update date shown at the top of the page.

 

Contact

 

Questions, requests, or concerns about this Privacy Policy or the Trust's handling of personal data should be sent using the contact details published on the Esther Arise Global Trust website.

 

Before publishing, the Trust should replace any placeholder wording in this policy with its final contact email, postal address, donation platform details, cookie tools, and any confirmed retention periods or third-party providers actually used on the website.

bottom of page