top of page

Privacy Policy

For this policy ‘The Charity’ referred to is b:friend (Registered Charity Number 1171148).

The Charity is committed to being transparent about how it collects and uses the personal data of all stakeholders, including beneficiaries, volunteers, referrers, employees, job applicants, contractors, online shop customers, and anyone who comes into contact with our charity. This policy outlines the Charity's commitment to data protection and the rights and obligations of individuals in relation to their personal data.

​

Definitions
​

  • Personal data: Any information that relates to a living individual who can be identified from that information. Processing includes collecting, storing, amending, disclosing, or destroying it.

  • Special categories of personal data: Information about an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, and biometric data.

  • Criminal records data: Information about an individual's criminal convictions and offences, and information relating to criminal allegations and proceedings.

  • Customer data: Information relating to individuals who purchase goods or services from the Charity’s online shop, including contact details, delivery addresses, order history, and payment information (processed securely by third-party providers).

​

Data Protection Principles
​

The Charity processes personal data in accordance with the following principles:

  • Processed lawfully, fairly, and transparently.

  • Collected only for specified, explicit, and legitimate purposes.

  • Adequate, relevant, and limited to what is necessary.

  • Accurate and kept up to date.

  • Kept only for as long as necessary.

  • Processed securely, protected against unauthorised or unlawful processing, accidental loss, destruction, or damage.

  • Individuals are informed of reasons for processing, the legal basis, and their rights through privacy notices.

​

Purposes of Processing
​

The Charity processes personal data for various reasons, including to manage employees, volunteers, beneficiaries, and supporters. In addition, the Charity processes personal data of online shop customers to:

​

  • Process and deliver online shop orders.

  • Handle payments, refunds, and returns.

  • Provide customer service and respond to enquiries.

  • Comply with financial and legal obligations (e.g. HMRC record-keeping).

  • Send marketing about similar shop products, where lawful consent or soft opt-in rules apply.

​

Lawful Basis
​

The Charity processes personal data on different lawful bases depending on the context:

​

  • Performance of a contract – to fulfil shop orders.

  • Legal obligations – such as tax and financial reporting requirements.

  • Consent – for electronic marketing communications.

  • Legitimate interests – for certain supporter communications, provided these are not overridden by individual rights.

​

Data Sharing
​

The Charity may share data with trusted third parties to support its work and shop operations, including:

​

  • Payment processors (e.g. Stripe, PayPal).

  • Courier and delivery services (e.g. Royal Mail, DPD).

  • E-commerce platform providers (e.g. Wix Commerce, Shopify, WooCommerce).

  • Mailing houses or IT service providers under strict data processing agreements.

​

Data Retention
​

Data is retained only as long as necessary. For example:

  • Donation and Gift Aid records – 6 years after the end of the financial year.

  • Employment and volunteer records – in line with statutory requirements.

  • Online shop order records – 6 years for accounting and tax purposes.

  • Customer service correspondence – only as long as needed to resolve queries.

​

Individual Rights
​

  • Access your data.

  • Rectify inaccurate data.

  • Erase data where it is no longer needed or where processing is unlawful.

  • Restrict or object to processing in certain cases.

  • Data portability – request a copy in a structured format.

  • Withdraw consent at any time, where consent is the basis for processing.

​

Online Shop Customers
​

If you purchase from our online shop, we will collect and process your personal data in order to fulfil your order and provide customer service. This may include your name, contact details, billing and delivery address, and payment information (processed securely by our payment providers — we do not store card details).

​

We use this information to:

​

  • Process and deliver your order.

  • Manage returns, refunds, and customer enquiries.

  • Comply with financial and tax obligations.

  • With your consent (or under the 'soft opt-in' rule), send you marketing about similar shop products.

​

We may share your data with trusted third parties who help us run the shop, such as payment processors, delivery companies, and e-commerce platform providers. These partners are contractually required to keep your data safe.

​

We keep order records for six years, as required by law.

Pairing older neighbours with volunteer befrienders in the community

  • Facebook
  • Instagram
  • LinkedIn
  • X

Store Policies

Get in touch

Xeinadin,
Sidings Court,

Doncaster,

DN4 5NU

United Kingdom

Copyright © b:friend, 2025

bottom of page