Data Protection and Privacy Policy

Date ratified: 01/12/2024
Approved by: CEO and the Board of Trustees
Date last reviewed: 15/01/2026

1. Introduction

At MS Together, we are committed to protecting and respecting your privacy. This Data
Protection and Privacy Policy explains how we collect, use, store, and protect your
personal information in accordance with the General Data Protection Regulation
(GDPR) and other applicable data protection laws.

We take our responsibility to protect your personal data seriously and will ensure it is
used only for the purposes outlined in this policy. By interacting with us (through our
website, events, donations, online communities, CRM system, or other services), you
agree to the practices described in this policy.

2. Purpose of This Policy

This policy aims to:

  • Inform you about how we collect, store, and process your personal data
  • Ensure compliance with data protection laws, particularly GDPR
  • Outline your rights and how you can manage your data

3. Data We Collect

We may collect and process the following types of personal data:

  • Personal Identification Information: Name, address, email address, phone
    number, etc.
  • Donation Information: Details about donations you have made, including
    payment methods, amounts, and frequency
  • Event Participation Information: Registration and attendance details
  • Communication Preferences: How you prefer to be contacted (e.g., email, phone, postal mail)
  • Employment and Volunteering Information: Applications, CVs, and references
  • Website Usage Data: Cookies, IP addresses, and browsing behaviour
  • Online Community Data: WhatsApp phone numbers, Facebook profile
    information, and incident/moderation logs related to participation in our private
    groups
  • CRM Data: Records of interactions, engagement, and preferences to better
    understand our audience and improve services

4. How We Collect Your Data

  • Direct Interactions: Through donations, newsletter subscriptions, volunteering,
    event registration, online community participation, or website forms
  • Automated Technologies: Technical data collected via website usage (e.g.,
    cookies, IP addresses)
  • Third-Party Providers: Platforms for fundraising, events, or payments

5. How We Use Your Data

We use your personal data for the following purposes:

  • Processing Donations and Payments
  • Providing Services: Charitable work, events, support services, volunteer
    management
  • Communicating with You: Updates, newsletters, marketing (opt-in only)
  • Complying with Legal Obligations
  • Improving Services: Understanding audience behaviour and engagement
  • Online Community Management: Moderation, safeguarding, and safe
    participation in WhatsApp and Facebook groups
  • CRM System: Analysing engagement to tailor services, support, and
    communications

6. Sharing Your Data

We do not sell your personal data. We may share it with:

  • Service Providers: Payment processing, event registration, email marketing, IT
    support
  • Professional Advisors: Legal and financial compliance
  • Legal and Regulatory Authorities: Where required by law
  • Fundraising Platforms: According to their privacy policies
  • Online Community Moderation Staff: For safeguarding and safety purposes
    All third-party processors are required to protect your data according to GDPR.

7. Online Community Data and Consent

  • WhatsApp Groups: Members provide phone numbers and must explicitly
    consent to join.
  • Facebook Groups: Pinned messages inform members of privacy, rules, and
    moderation; no explicit form is required, but leaving the group is always an
    option.
  • Moderation and Incident Logs: Maintained to monitor safety, enforce rules, and
    protect members; stored securely.
  • Data Use: Only for community participation, communication, safeguarding, and
    support purposes.

8. CRM System and Audience Insights

  • Purpose: Store and analyse information about supporters, volunteers, and
    members to improve services, communications, and support.
  • Processing: Data is processed lawfully, stored securely, and used only for
    legitimate organisational purposes.
  • Safeguards: Access limited to authorised staff; GDPR compliance maintained.

9. Retention of Your Data

  • Donation Records: Minimum 7 years
  • Event and Volunteer Information: Duration of participation plus organisational
    need
  • Online Community Data: While a member, plus six months for moderation and
    safeguarding
  • CRM Data: As long as necessary for service delivery, communications, and legal
    obligations
  • Deletion: Data securely deleted or anonymised when no longer required

10. Your Rights

You have the following rights:

  • Access, Rectification, Erasure, Restriction, Portability, Object, Withdraw Consent
  • Withdraw WhatsApp consent by leaving the group
  • Request deletion of moderation logs or CRM data

To exercise these rights, contact hello@mstogether.org. We will respond within 30
days.

11. Security of Your Data

  • Technical Measures: Encryption of sensitive data, secure access
  • Staff Training: Data protection and online safeguarding
  • Monitoring: Incident logs and moderation records securely maintained

12. Cookies and Tracking Technologies

  • Cookies used to improve website experience and collect usage information
  • Users can control cookie settings via browser

13. Changes to This Policy

We may update this policy to reflect changes in law, technology, business practices, or
community management. Significant changes will be notified via website or email.

14. Contact Us

MS Together
Email: hello@mstogether.org
Postal Address: 8 City Road, Worsley, Manchester, M28 1BD

Approval and Review Table

Version
Date Ratified
Approved By
Next Review Date
Notes
1.0
01/12/2024
Board of Trustees
01/12/2025
Initial ratification
1.1
04/12/2025
Board of Trustees
01/12/2026
Latest review
1.2
15/01/2026
Board of Trustees
15/01/2027
Updated to include
online community
and CRM
information