Homepage
Donate

Privacy Policy

The purpose of this privacy statement is to explain, in general terms, how Premier Foundation Limited (the Foundation) processes your personal data from the moment it is collected to the point it is deleted or destroyed. It applies to anyone signing up to hear more about our work or making a donation through our website.

Our Role

Premier Foundation is a data controller, determining the purposes and use of the personal data we collect. Once received, it becomes the responsibility of our Privacy Officer (PO) to ensure it is processed in accordance with UK legislation.

Contact the Privacy Officer at [email protected] or write to:
The Privacy Officer, Premier Foundation Ltd, Church Road, Shropham, Attleborough, NR17 1EJ.

Data We Collect

We only process basic contact information such as your name and email address (to send you newsletters, if you have consented). If you make a donation, this will be processed by a third-party website, and we will not store any donation details ourselves.

How We Collect Your Data

Your personal data is collected directly from you when you make an enquiry through:

  • Our website contact form
  • A direct call
  • Email
  • Social media

Confidentiality & Safeguarding

Premier Foundation staff and volunteers treat all personal data in confidence. We use reasonable technical and organisational measures to safeguard it, with access strictly limited to those who need it.

Third-Party Support

We may share your data with trusted third parties (e.g. HR, finance, marketing, IT consultants, contractors). All are bound by confidentiality and, when applicable, a data processing agreement.

Lawful Basis for Processing

  • With your consent (e.g. to send newsletters)
  • To comply with legal obligations

We will never sell your personal data. Disclosure only happens when strictly necessary, to vetted third parties who meet our confidentiality standards.

Where Your Data Is Stored

Data is processed in the UK and backed up using Microsoft Azure (UK). This website is hosted in a UK data centre. For marketing, we use HubSpot (US), which complies with the UK-extended EU-US Data Privacy Framework.

Data Retention

We follow a retention schedule:

  • Contact details are kept until you withdraw consent.

By exception, some records may be kept longer if we have a legitimate interest or legal obligation. After expiry, data will be securely deleted, anonymised, or put beyond operational use (within 3 months).

Cookies

Our website uses cookies (with your permission where required).

Your Rights

Under the UK GDPR, you have rights including:

  • Right to be informed (via this statement)
  • Right of access (via a Data Subject Access Request)
  • Right to rectification (if data is inaccurate)
  • Right to erasure (when no lawful basis remains)
  • Right to restrict processing (data paused until resolved)
  • Right to data portability (machine-readable copy)
  • Right to object (to non-legal/contractual processing)
  • Rights regarding automated decision-making (not used by us)
  • Right to withdraw consent at any time

For details, see the Information Commissioner’s Office (ICO).

Exercising Your Rights

To exercise your rights, contact the Privacy Officer. We may need to verify your identity with supporting documentation. If concerns remain, you can contact the ICO directly.

Business Changes

In the event of a takeover or acquisition, your personal data will transfer as part of the organisation’s assets, but only used for the same or similar purpose. We will notify you if this happens.

Review

This privacy statement is reviewed every 12 months, or sooner if UK legislation changes significantly.