Data Protection and Privacy Policy
Date ratified: 01/12/2024
Approved by: CEO and the Board of Trustees
Date last reviewed: 15/01/2026
1. Introduction
At MS Together, we are committed to protecting and respecting your privacy. This Data
Protection and Privacy Policy explains how we collect, use, store, and protect your
personal information in accordance with the General Data Protection Regulation
(GDPR) and other applicable data protection laws.
We take our responsibility to protect your personal data seriously and will ensure it is
used only for the purposes outlined in this policy. By interacting with us (through our
website, events, donations, online communities, CRM system, or other services), you
agree to the practices described in this policy.
2. Purpose of This Policy
This policy aims to:
- Inform you about how we collect, store, and process your personal data
- Ensure compliance with data protection laws, particularly GDPR
- Outline your rights and how you can manage your data
3. Data We Collect
We may collect and process the following types of personal data:
- Personal Identification Information: Name, address, email address, phone
number, etc. - Donation Information: Details about donations you have made, including
payment methods, amounts, and frequency - Event Participation Information: Registration and attendance details
- Communication Preferences: How you prefer to be contacted (e.g., email, phone, postal mail)
- Employment and Volunteering Information: Applications, CVs, and references
- Website Usage Data: Cookies, IP addresses, and browsing behaviour
- Online Community Data: WhatsApp phone numbers, Facebook profile
information, and incident/moderation logs related to participation in our private
groups - CRM Data: Records of interactions, engagement, and preferences to better
understand our audience and improve services
4. How We Collect Your Data
- Direct Interactions: Through donations, newsletter subscriptions, volunteering,
event registration, online community participation, or website forms - Automated Technologies: Technical data collected via website usage (e.g.,
cookies, IP addresses) - Third-Party Providers: Platforms for fundraising, events, or payments
5. How We Use Your Data
We use your personal data for the following purposes:
- Processing Donations and Payments
- Providing Services: Charitable work, events, support services, volunteer
management - Communicating with You: Updates, newsletters, marketing (opt-in only)
- Complying with Legal Obligations
- Improving Services: Understanding audience behaviour and engagement
- Online Community Management: Moderation, safeguarding, and safe
participation in WhatsApp and Facebook groups - CRM System: Analysing engagement to tailor services, support, and
communications
6. Sharing Your Data
We do not sell your personal data. We may share it with:
- Service Providers: Payment processing, event registration, email marketing, IT
support - Professional Advisors: Legal and financial compliance
- Legal and Regulatory Authorities: Where required by law
- Fundraising Platforms: According to their privacy policies
- Online Community Moderation Staff: For safeguarding and safety purposes
All third-party processors are required to protect your data according to GDPR.
7. Online Community Data and Consent
- WhatsApp Groups: Members provide phone numbers and must explicitly
consent to join. - Facebook Groups: Pinned messages inform members of privacy, rules, and
moderation; no explicit form is required, but leaving the group is always an
option. - Moderation and Incident Logs: Maintained to monitor safety, enforce rules, and
protect members; stored securely. - Data Use: Only for community participation, communication, safeguarding, and
support purposes.
8. CRM System and Audience Insights
- Purpose: Store and analyse information about supporters, volunteers, and
members to improve services, communications, and support. - Processing: Data is processed lawfully, stored securely, and used only for
legitimate organisational purposes. - Safeguards: Access limited to authorised staff; GDPR compliance maintained.
9. Retention of Your Data
- Donation Records: Minimum 7 years
- Event and Volunteer Information: Duration of participation plus organisational
need - Online Community Data: While a member, plus six months for moderation and
safeguarding - CRM Data: As long as necessary for service delivery, communications, and legal
obligations - Deletion: Data securely deleted or anonymised when no longer required
10. Your Rights
You have the following rights:
- Access, Rectification, Erasure, Restriction, Portability, Object, Withdraw Consent
- Withdraw WhatsApp consent by leaving the group
- Request deletion of moderation logs or CRM data
To exercise these rights, contact hello@mstogether.org. We will respond within 30
days.
11. Security of Your Data
- Technical Measures: Encryption of sensitive data, secure access
- Staff Training: Data protection and online safeguarding
- Monitoring: Incident logs and moderation records securely maintained
12. Cookies and Tracking Technologies
- Cookies used to improve website experience and collect usage information
- Users can control cookie settings via browser
13. Changes to This Policy
We may update this policy to reflect changes in law, technology, business practices, or
community management. Significant changes will be notified via website or email.
14. Contact Us
MS Together
Email: hello@mstogether.org
Postal Address: 8 City Road, Worsley, Manchester, M28 1BD
Approval and Review Table
online community
and CRM
information
.png)