Privacy Policy

FearFree Charity Limited (hereafter referred to as "the Company", "we", or "us") is committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible manner. 

This privacy notice sets out the data processing practices of FearFree Charity Limited. We are a charity (1064764) and company limited by guarantee, registered in England (3360057). The registered office is at Oak House, Epsom Square, White Horse Business Park, Trowbridge, Wiltshire, BA14 0XG. 

All data captured will be processed and held in accordance with the requirements of the Data Protection Act 2018 and UK GDPR.  

FearFree Charity Limited is registered with the Information Commissioner’s Office (ICO) as a Data Controller – registration number Z8493529. 

FearFree Charity Limited is also a Data Processor on behalf of other registered Data Controllers. 

Data Controller  Registration Number  Purpose  Valid until 
NHS Devon Integrated Care Board  ZB516111  Provision of domestic abuse services.  2028 
NHS BSW Integrated Care Board  ZB524371  Provision of sexual violence services.  2029 
Gloucestershire County Council   

Z7334901 

 Provision of domestic abuse perpetrator services.  2026 
Wiltshire Council   

Z1668953 

 Provision of domestic abuse services.   2028 

 

  1. What we do

FearFree Charity Limited is a charity providing support to families and individuals affected by domestic abuse, sexual violence and stalking. We operate in the southwest of England, with offices in Devon, Gloucestershire and Wiltshire. 

 

  1. How to contact us about your personal data

If you have any requests about your personal data or queries with regard to how we handle your data you can write to us at Data Protection Officer, FearFree Charity Limited, Oak House, Epsom Square, White Horse Business Park, Trowbridge BA14 0XG, or email at dpo@fearfree.org.uk   

 

  1. Why we process personal data

The Company collects and processes personal data to support our operations and ensure we can deliver our services effectively and responsibly. Specifically, we collect personal data for the following purposes: 

  • To Provide Services: To deliver and manage the services and support we offer to our service users. 
  • For Employment and Human Resources: To recruit, manage, and support our employees and ensure compliance with employment law and best practices. 
  • To Manage Volunteers: To recruit, train, and support volunteers, and to communicate with them about their roles and responsibilities. 
  • For Fundraising and Donations: To process donations, manage donor relationships, and comply with relevant legal and regulatory obligations related to fundraising. 
  • For Marketing and Communications: To promote our work, share updates, and inform individuals about events, campaigns, and opportunities to support us—always in accordance with applicable laws and consent preferences. 

We ensure that personal data is collected and used only where necessary. 

 

  1. The legal basis on which we process personal data

The Company relies upon the different legal basis for processing personal data according to the relationship and purpose for which it is collected, as explained below. Where we are collecting personal data about you for the provision of one of the purposes outlined in this privacy notice, we rely upon: 

  • Consent - The data subject (you) has given consent to the processing activity taking place. 
  • Contract - The processing is necessary for the performance of a contract.  
  • Legal Obligation - The processing is necessary for compliance with a legal obligation.  
  • Vital Interests – The processing is necessary to protect someone’s life. 
  • Public Task – The processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law. 
  • Legitimate Interests – The processing is necessary for the purposes of the Company’s legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. 

Personal data that is collected for any of the purposes outlined in this notice is never used for direct marketing purposes without consent and is not sold on to any other third parties. 

 

  1. 6. What information we collect and where from

The Company collects personal information from you, for example, if you register to our newsletter, make a donation, work for us or receive support through our services. The categories of personal information that we may collect, store and use about you include: 

  • Name, home address, telephone number, email. 
  • Your country of birth, nationality. 
  • Date of birth and gender. 
  • Passport details, national insurance number.  

Special Category Data 

  • Health data including disabilities.  
  • Racial or ethnic original. 
  • Religious or philosophical beliefs. 
  • Data concerning sex life or sexual orientation. 

Criminal Category Data 

  • Disclosure and Barring Service (DBS) check outcomes.  
  • Any other criminal data shared with the Company.  

 

We will only process special category data where we have an Article 9 (UK GDPR) exception allowing us to do so, in this case, this is: 

(a) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes.  

(b) Processing is necessary for employment and social protection law (e.g. monitoring equal opportunities or managing health and safety). 

(d) Processing necessary for the provision of health or social care. 

We will only process criminal data where we have a Schedule 1 of Data Protection Act 2018 exception allowing us to do so, in this case, this is: 

(a) Employment, social security, and social protection law (e.g. to carry out background checks for safeguarding purposes).  

(b) Substantial public interest (e.g. for the prevention of fraud or safeguarding of children and vulnerable individuals). 

(d) Consent (only where appropriate and valid under UK law). 

 

  1. Recipients of personal data for processing on our behalf

In carrying out our services we use specialist sub-contractors who may process, on our behalf, the personal data we hold. These are: 

Infinity8   

Purpose: Service User Database Supplier 

Website: infinity8 - Home 

Clifton IT Limited 

Purpose: IT Support and Microsoft 365 account management 

Website: Clifton IT - IT Support (Bristol, Bath, Exeter, Plymouth) 

Beacon  

Purpose: Fundraising Database Supplier 

Website: Beacon CRM | Transform how your charity works 

BrightHR  

Purpose: HR Database Supplier 

Website: BrightHR: Award-Winning HR Solutions for SMEs 

We will ensure that all the suppliers that we work with respect to your privacy and abide by all UK data protection laws. 

 

  1. Retention periods

We pride ourselves in ensuring that your personal data is only retained for the period that we need it for, or in accordance with laws, regulations and professional obligations that we are subject to. All personal information collected has a defined retention period, which is in-line with our retention policy.  

  1. Retention periods

We pride ourselves in ensuring that your personal data is only retained for the period that we need it for, or in accordance with laws, regulations and professional obligations that we are subject to. All personal information collected has a defined retention period, which is in-line with our retention policy.  

Relationship  Retention period 
Service users  Up to 25 years after closure of support.  
Employees  Up to 6 years following the end of employment.  
Volunteers  Up to 6 years following the end of volunteering.  
Funders  Up to 6 years following the end of the financial year of donation made.  
Marketing  Until consent is withdrawn or at the expiration of the marketing campaign.  
Recruitment  Unsuccessful applicant data 6 months after appointment of a successful candidate.  
FearFree Business – Partner Organisations.   Up to 2 years following the end of partnership.  

 

  1. Children’s Information

The Company provides services directly to children and will make reasonable efforts, taking into consideration available technology, to verify consent is given by someone with parental responsibility over the child when the child is 16 years of age or younger. As well as gaining consent directly from the child if they are deemed to be Gillick competent.  

 

  1. Data Subject’s Rights

You have the following rights in respect of your personal data.  In order for you to exercise these rights, we may need to confirm your identity through a form of ID such as a passport or driving licence so that we can verify that you are the data subject before releasing data to you. 

10.1. The Right to be Informed 

You have the right to be told about the collection and use of the personal data you provide. This privacy notice sets out the purpose for which we process your personal data, how long we will keep your data and with whom we will share your data. If you want to know more about this right, the ICO has more guidance on their website. 

10.2. Right of Access 

You have the right to know whether we are processing your personal data, and to a copy of that data. We would need as much information as possible to enable us to locate your data. We will respond to your request within 30 days of receipt of your request. If you want to know more about this right, the ICO has more guidance on their website. 

10.3. Right to Rectification 

You have the right to have any incorrect personal data corrected or completed if it is incomplete. You can make this request verbally or in writing. We will need as much information as possible to enable us to locate your data. We will look at any request and inform you of our decision within 30 days of receiving the request. If you want to know more about this right, the ICO has more guidance on their website. 

10.4. Right to Erasure 

This right, often referred to as the right to be forgotten, allows you to ask us to erase personal data where there is no valid reason for us to keep it. We will look at any request and inform you of our decision within 30 days of receiving the request. If you want to know more about this right, the ICO has more guidance on their website. 

10.5. Right to Restrict Processing 

You have the right to ask us to restrict the processing of your data. We will look at any request and inform you of our decision within 30 days of receiving the request.  If you want to know more about this right, the ICO has more guidance on their website. 

10.6. Right to Data Portability 

You have the right to move, copy or transfer your personal data from one IT environment to another. This right applies to data that you have provided to us and that we are processing on the legal basis of consent or in the performance of a contract and where that processing is by automated means. We will respond to your request within 30 days of receipt of your request. If you want to know more about this right, the ICO has more guidance on their website. 

10.7. Right to Object 

You have the right to object to our processing of your personal data based on (i) legitimate interests, or for the performance of a task in the public interests/exercise of official authority (including profiling); (ii) direct marketing (including profiling); and (iii) for purposes of scientific/historical research and statistics. 

  • Legitimate interests/legal task – your objection should be based on your particular situation. We can continue to process the data if we can demonstrate compelling legitimate grounds which override your interests. 
  • Direct marketing – you have an absolute right to ask us to stop processing for the purposes of direct marketing. We will action your request as soon as possible. 
  • Scientific/historical research and statistics – your objection should be based on your particular situation. If we are conducting research where the processing is necessary for the performance of a public task, we can refuse to comply with your objection. 

If you want to know more about this right, the ICO has more guidance on their website. 

10.8. Rights relating to Automated Decision-Making including Profiling 

You have rights in respect of automated decision making, including profiling. The Company does not use automated decision-making tools. If you want to know more about this right, the ICO has more guidance on their website. 

To exercise any of your rights, please contact dpo@fearfree.org.uk 

 

  1. Processing based on consent

Where you have given consent for processing, or explicit consent in relation to the processing of special category data, you have the right to withdraw this consent at any time, but this will not affect the lawfulness of processing based on consent before its withdrawal. To opt-out please contact dpo@fearfree.org.uk 

 

  1. Cookies

Our website uses cookies. Please see our cookies policy for full details of the cookies used. 

 

  1. 13. Third-party websites

Our website may contain links to other websites that are outside our control and are not covered by this privacy notice. If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours. 

 

  1. 14. Security of your personal data

The Company protects the personal data that it holds with technical and organisational security measures. Our cyber security arrangements and framework of data protection policies, procedures and training are kept under regular review to ensure that we keep the data we hold secure. 

 

  1. 15. Transfers outside of the UK or EEA

The Company does not process or transfer any personal data outside of the UK.  

 

  1. 16. Complaints

The Right to Lodge a Complaint to a Supervisory Authority 

If you have any comments, queries or complaints about this privacy notice or the processing of your personal data please contact our Data Protection Officer. dpo@fearfree.org.uk 

Alternatively, if you are not satisfied with the way that the Company is handling your personal data, you are entitled to appeal to the Information Commissioners Office (ICO). The Information Commissioners Office enforces and oversees the Data Protection Regulations. 

16.1. Information Commissioner’s Office 

Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF 

Email: casework@ico.org.uk 

 

  1. 17. Changes to the privacy notice

This privacy notice was first published on 25 May 2018. This privacy notice was last updated in June 2025. If we use your personal data for any new purposes, updates will be made to the privacy notice and changes communicated, where necessary in accordance with current data protection legislation.  

Any queries relating to this privacy notice please contact the Data Protection Officer dpo@fearfree.org.uk It is reviewed and updated when necessary. 

Last Updated: August 2025 

Next review: August 2026 

 

 

Quick exit
Scroll to Top