Privacy Policy

This document explains to you how The Gwiddle Foundation stores, uses, and shares the data you provide us. We have written this document in a way that makes sure that anybody can understand it. It is very important that you read and understand this document so you know what your rights are.

The Data Controller

Your data is held and processed as per this privacy notice by The Gwiddle Foundation. You can contact us by email at if you have any questions or requests to make in regards to your personal information.

When you are using our secure online donation pages, your donation is processed by DonorBox, a service operated by Rebel Idealist LLC, who processes payments via PayPal, who specialise in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us.

Purpose of Processing

There are a number of purposes for the processing of your data, which include:

We will only process your data to provide our services to you - it will not be sold or made available to other organisations.

Transfers to third countries

Your data is held solely within the United Kingdom or in a country within the European Union.

Retention Period

Your rights

Under the Data Protection Act, you have certain rights in regards to how we process your data.

You have:

Subject Access Requests

You may make a Subject Access Request (SAR) to us. In this instance we will, within 40 days, provide you with the following:

Please be aware that we reserve the right to ask for proof of identification before we can disclose this data to you.

You can make a SAR by contacting us by email at

Withdrawing Consent

If you would like to withdraw your consent of our processing or storage of your personal data, you can do this at any time by contacting us by email at, requesting the deletion of all of your personal data.

* This does not apply to complaints, which we have a legal obligation to retain for a period of 12 months, or indefinitely in the case of complaints concerning the safety of a child.

Children aged under 13

We have a legal obligation to obtain consent from a parent or guardian before we can process data from a child aged under 13. At registration time, a declaration is made that the registrant is over the age of 13. If the registrant is later found to be under the age of 13, the data will be removed immediately.