2.1. iDonatio platform with company house registration number 12722710 are the data controller. We are a limited company registered in England and Wales with the Company House. Our registered office is at 9, Chapel Place, London, United Kingdom, EC2A 3DQ. If you require more information about our privacy policy or information about the data and information we hold about you, contact us using the details below:

Privacy Officer
iDonatio UK Limited
9, Chapel Place,
London,
United Kingdom,
EC2A 3DQ
Email: info@idonatio.com

2.2. If you have a complaint about how we collected your data and information or/and how we are using your data and information, please contact us at the above address. If you are not satisfied with the way we handled your complaint, you can contact the - Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance

3.1. We collect and process personal and organisation data. The data we collect, and process include identity, contact, transactional, technical, profile, proof of identity, usage, password and, marketing and communications data as described below:

3.1.1 Personal Identity Data includes first name, last name, title or other identifier, gender, job title, date of birth, and images.

3.1.2 Organisation Identity Dataincludes organisation name, Charity Commission registration number, Companies House number, and trustee information (name, email address and date of birth).

3.1.3 Contact Data includes company registered address, private address, email addresses (including private and company) and telephone numbers.

3.1.4 Location Data is captured from your computer device during the registration process, and it is used for analytics.

3.1.5 Transaction Data includes details about donations received and given when you use our platform (website and mobile APP).

3.1.6 Financial Data Data includes bank account details. Even though you submit these data via our platform, we do not store these data. They are collected and stored by Stripe (our financial gateway). Please visit to see how they handle your financial data.

3.1.7 Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

3.1.8 Profile Dataincludes feedback and survey responses.

3.1.9 Proof of Identityas required by our Payment Processor.

3.1.10 Usage Dataincludes information about how you use our website, products, and services.

3.1.11 Passwordto gain secure access to your account in the future.

3.1.12 Marketing and Communications dataincludes your preferences in receiving marketing from us and our third parties and your communication preferences.

3.2. Please note that we may collect and/or process other personal data from time to time

3.3. We only collect data from you directly or via third parties.

3.4. Why do we ask for this information?

3.4.1 To ensure we can verify your charity’s registration and bank details.

3.4.2. To enable us to verify that the bank details provided to us are linked to you.

3.4.3. To ensure safe payout of your received donations by the Payment Processor.

3.4.4. To ensure you can successfully claim Gift Aid on eligible donations.

3.4.5. To allow iDonatio and the Payment Processor conduct due diligence on your account.

3.4.6. To contact you if required about your registration and any other matter relating to your registration and activities on the platform.

3.4.7. To enable iDonatio and Donees to identify and manage donations.

3.4.8. Job title, email address, address, date of birth and proof of identity are collected to enable iDonatio and the Payment Processor to verify that you represent the charity registering on the iDonatio platform.

3.4.9. To ensure you can access your iDonatio Donee account using your email via the web App.

3.4.10. To manage your account and keep you updated about the progress of your activities on the iDonatio platform.

3.4.11. To allow the iDonatio platform perform analytics on Donees receiving donations on premise and off premise.

3.4.12. To allow iDonatio and our partners send you marketing communications if you agreed to receive such communications.

3.4.13. To enable the iDonatio platform fulfil its requirements to all applicable laws (e.g., claiming Gift Aid) and where necessary for the purposes of Donees and iDonatio legitimate interests (i.e., ensuring the functioning of the iDonatio platform and effective administration of donations).

3.4.14. To ensure that our records about you that we hold are accurate and up to date.

3.5. Who Do We Share Your Information With? (Third Parties)

3.5.1 Stripe – They use your personal data to payout your received donations to your chosen bank account. They use appropriate technologies and procedures to protect personal information, and all personal and organisation information they hold are held on secure servers and are encrypted. For more information on how Stripe processes your personal information, please refer to .

3.5.2. HMRC when you are claiming Gift Aid on eligible donations.

3.5.3. As the personal information about you we collect could be used by Stripe and HMRC, please ensure you carefully read and understand their privacy policy and the way in which they will use your personal information. iDonatio is not responsible for the way Stripe and HMRC uses the information which it collects via the iDonatio platform.

3.5.4. We will not share your details with any third parties unrelated to iDonatio, except where we are under a legal obligation to do so or in order to enforce or apply our Donee Terms and Conditions

3.6. How to access the information we hold about you.

3.6.1. If you would like to know what information we hold about you or how your information has been processed, you have the right under the GDPR to submit a Subject Access Request by following the ICO guidance. Please send your request to info@idonatio.com. For further information on Subject Access Request, please visit: Your right of access | ICO.

3.7. How do we collect data about you?

3.7.1. Online Forms. We collect your Identity, Contact Details, Profile and Financial Data by filling out forms on our website when you:

a) Register to use our platform. b) Contact us. c) Request marketing information to be sent to you. d) Give us feedback.

3.7.2 Automatically. When you interact with our website, we may with your consent collect technical data about your equipment, browsing actions and patterns.

3.8. If you fail to provide personal and organisation data, we require.

3.8.1. Where we need to collect personal and organisation data by law, or under our terms and conditions, and you fail to provide that data when requested, you will not be able to use our platform. In this case, we may have to suspend or delete your account with us, but we will notify you if this is the case at the time.

3.9. How your data will be used. We use information held about you to:

3.9.1. Carry out our obligations arising from any contracts entered between you and us in relation to your receiving donations from Donors, claiming Giftaid where applicable, carryout feedback and research on our services, and notify you about changes to our services.

3.9.2. We never sell your data to third parties or allow third parties to contact you without your permission.

3.9.3. We may share your data with third parties where there is a legal obligation for us to do so or we have identified a valid lawful basis as set out in our terms and condition. We may process your personal and organisation data without your knowledge or consent where this is required or permitted by law.

3.10. Where you have indicated to us that you are happy for us to do so, we will also use your data:

3.10.1. To provide you with marketing information about other services we offer that are like those that you are already using with us; and

3.10.2. To provide you with information about campaigns or services that we feel may be of interest to you.

3.11. Please be aware that where you have indicated to us that you are happy for us to disclose your information to our partners (Stripe and HMRC), you should check their privacy policy. We do our best to ensure our partners use your data in the way you have instructed, where your instructions were given directly to us. However, once we have passed that information to them, they will be in control of your information and how they use it will be determined by them. If you have any concerns about how our partners are using your data, please contact them directly.

3.12. Processing your data - We will only process your data where we have identified a lawful basis to do this, as follows. This may include providing your data to a third party.

3.12.1 Contractual obligation - processing your data to comply with our Terms and Conditions. Where you have registered to use our services, we will use the personal data you provided to comply with these terms and conditions.

3.12.2 Legitimate Interest - in the interest of our business, to enable us to give you the best service and product, and a secure experience.

3.12.3 Consent - We will ask for your consent to process your data outside our contractual obligations (see above) unless we have identified a Legitimate Interest (see above).

3.12.4 Legal obligation - We may process your data where it is necessary for us to do so to comply with the law.

4.1.Your data is stored by us and processed by our processors on the AWS infrastructure. This is a cloud base infrastructure. We cannot guarantee that all your data will be stored on the AWS infrastructure based in the UK. We will endeavour to ensure that your data remains in the UK. Some of our partners are based outside the UK, if we transfer your personal data out of the UK, we will ensure the security of your data.

5.1. The security of your information is extremely important to us. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties on a need-to-know basis. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

5.2. The personal data that we collect from you and that we, our Payment Processor, and our third-party service providers process, may be transferred to, and stored at, a destination outside the United Kingdom. It may also be processed by staff operating outside the UK. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this privacy policy, irrespective of the standards in the country where your personal data may be transferred to or processed. This may include entering into data transfer agreements with our Payment Processor and service requiring them to adopt standards that ensure an equivalent level of protection for data as those we adopt.

5.3. Our internet based platform cannot be made 100% secure so, we cannot be held responsible for unauthorised or unintended access that are beyond our control.

6.1. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

6.2 3.7.1. Online Forms. We collect your Identity, Contact Details, Profile and Financial Data by filling out forms on our website when you:

a) If you have received donations, all your personal identifiable data and organisation data will be retained as long as it is required by law and regulations.
b) If you have not received any donations, all your personal identifiable data and organisation data will be completely removed from our system.
c) We will instruct our Gateway (Stripe) to remove your personal identifiable data and organisation data registered against iDonatio form their system. We cannot guarantee how they handle our request. You may wish to contact Stripe to confirm your data has been deleted. For more information visit: Stripe: Help & Support

6.3. Information that needs to be kept by law.

Information	Retention Period
Gift Aid declaration	6 years after the end of the tax year they relate to
Donation record	6 years after the end of the tax year they relate to for a charity that is not a company. Or 3 years after the end of the tax year they relate to for a company charity.

6.4. Reviewing data held by iDonatio.
In line with best practice recommended by the ICO, we will undertake a full review of all personal and organisation data held by the iDonatio platform every 2 years. This will include:

6.4.1 Reviewing the purposes for which we hold personal and organisation data against the original purposes for which it was obtained – if these do not align or the information is no longer needed or it is out-of-date, it will be archived or securely deleted (depending on if there are any legal requirements to retain the information).

6.4.2 Where necessary, we will inform any third parties we share the information with of the data being deleted. For example, our payments processor for out-of-date charity data.

7.1. Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. Further information about Google’s privacy policy may be obtained from: