Privacy policy
Who are we
Age UK Plymouth is committed to protecting and respecting the privacy and personal data of individuals who interact with us. This Privacy Policy outlines how we collect, process, store and protect your personal information in accordance with UK General Data Protection Regulations (UK GDPR), the Data Protection Act 2018, and other relevant legislation.
By using our website and engaging with our services, you agree to the terms of this policy. This policy may be updated periodically; we encourage you to review it regularly.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. Age UK Plymouth is a registered charity (charity number 281820) and company limited by guarantee (company number 1499927). The registered address is The William & Patricia Venton Centre, Astor Drive, Mount Gould, Plymouth, PL4 9RD.
If you have any questions around this privacy policy, please contact Age UK Plymouth on (01752) 256020.
How do we collect information from you?
We may collect personal information through the following means:
- Information you provide directly, such as when making a donation, accessing services, attending events, or contacting us via telephone, email or post.
- Information collected automatically through your use of our website, including IP address, browser type, and pages accessed (via cookies or analytical tools).
- Information received from third parties (e.g. partner agencies or referral organisations), where you have provided consent for them to share this with us.
What type of information is collected from you?
We may collect and process the following categories of personal data:
- Name
- Address and postcode
- Email address
- Telephone number
- Date of birth
- IP address and website usage
In certain circumstances, we may also collect sensitive personal data, such as information relating to health, disability, or safeguarding. Where applicable, this information will only be processed with your explicit consent or in line with relevant obligations.
How is your information used?
We process personal data for the following purposes:
- To process donations, service payments or Gift Aid Claims
- To deliver services, activities and events, and support tailored to individual needs
- To respond to enquiries, feedback or complaints
- To monitor and evaluate the impact of our services
- To comply with legal and regulatory obligations
- To send relevant updates, newsletters or promotional material where consent has been provided
Who has access to your information?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
It may be necessary to pass your information to a third party in order to process a service (e.g. when you make a donation), but we will only share the personal information necessary to deliver the service.
Lawful basis for processing
Under UK GDPR, we rely on the following lawful bases to process personal data:
- Consent (e.g. for email marketing)
- Contractual necessity (e.g. provision of services)
- Legal obligation (e.g. financial records, safeguarding)
- Vital interests (e.g. to protect life or prevent harm)
- Legitimate interests (e.g. improving service delivery or organisational efficiency)
Data retention
We will retain personal data only for as long as necessary:
- Client data is retained for six years following the conclusion of service. After this, paper records are securely destroyed, and digital records anonymised.
- Supporter data is retained for up to two years after the last donation, unless consent is withdrawn earlier. Gift Aid records are retained for six years in accordance with HMRC guidance.
Sharing of information
We do not sell or rent personal data to third parties. We do not share data for marketing purposes.
In certain cases, data may be shared with trusted parties or contractors solely for the purpose of delivering services (e.g. secure payment processing). All third parties are required to adhere to strict data protection standards.
Data security
We take appropriate technical organisational measures to protect personal data from unauthorised access, loss, or misuse.
Data is stored securely on password protected systems. Where data is held by third party providers (such as Dizions Ltd) we ensure their compliance with UK data protection legislation.
Payment card details submitted online are handled securely by accredited providers using SSL encryption and 128-bit secure servers.
Your rights
Under UK GDPR, you have the right to the following:
- The right to be informed
- The right to access personal data
- The right to rectification of inaccurate data
- The right to erasure (‘right to be forgotten’)
- The right to restrict processing
- The right to data portability
- The right to object processing
To exercise your rights or submit a Subject Access Request, please contact (01752) 256020 or email enquiries@ageukplymouth.org.uk. We aim to respond within 30 calendar days.
Use of cookies
Our website uses cookies to enhance user experience and analyse website traffic. Click here for more information.
Children and young people
If you are aged 16 or under, please ensure you have obtained consent from a parent or guardian before providing any personal information.
International transfers
We do not currently transfer data outside the UK or European Economic Area (EEA). If this changes in the future, appropriate safeguards will be put in place.
Complaints
If you have any concerns regarding the handling of your personal data, please contact us directly on (01752) 256020 or enquiries@ageukplymouth.org.uk.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk
Compliments, Complaints and Comments can also be made by filling out and returning our Have Your Say form below:
Policy review
This Privacy Policy was last reviewed 16 July 2025. We review our policies regularly and will update this notice when necessary to reflect changes in law or organisational practice.