Privacy Policy

Who we are

Our website address is: http://ihsanrelief.org.

What personal data we collect and why we collect it

Introduction

At Ihsan Relief, we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and share your personal information, and your rights in relation to that information. We adhere to the principles of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By engaging with Ihsan Relief, whether through our website, donations, volunteering, or other interactions, you agree to the terms of this Privacy Policy.

The Data we collect about

We may collect, use, store, and transfer different kinds of personal data about you. The types of data we collect depend on how you interact with us. This may include:

Special Category Data (if applicable and with explicit consent): In some specific cases, and only where strictly necessary for our charitable activities (e.g., related to beneficiary support), we might collect information about your health, religious beliefs, or other sensitive personal data. This will always be with your explicit consent and clear explanation.

How We Collect Your Personal Data

We use different methods to collect data from and about you, including through:

• Direct interactions: You may give us your Identity, Contact, and Financial Data by filling in forms, making donations, corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you:
  • Make a donation.
  • Sign up for our newsletter or updates.
  • Apply for a volunteer position.
  • Participate in an event or campaign.
  • Contact us with an enquiry or feedback.
  • Leave comments on our website.
• Automated technologies or interactions: As you interact with our website, we may automatically collect Technical and Usage Data about your equipment, Browse actions, and patterns. We collect this personal data by using cookies and other similar technologies. Please see our Cookies Policy section below for more details.
• Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources, such as:
  • Analytics providers (e.g., Google Analytics).
  • Search information providers.
  • Technical, payment, and delivery service providers.
  • Publicly available sources like the Charity Commission register.

How and Why We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract we are about to enter into or have entered into with you (e.g., processing a donation).
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., for fundraising, administrative purposes, or improving our services).
• Where we need to comply with a legal or regulatory obligation (e.g., Gift Aid declarations, safeguarding duties).
• Where you have given us clear consent to do so.

Here’s how we use your data:

• To process donations and Gift Aid: We use your Financial and Identity Data to process your generous donations and claim Gift Aid where applicable.
• To manage your relationship with us: This includes sending you thank you messages, updates on how your support is making an impact, and responding to your enquiries.
• To send you communications: We may send you newsletters, appeals, event invitations, and other information about our work, where you have consented to receive such communications or where we have a legitimate interest to do so. You can opt-out at any time.
• For administrative purposes: This includes record-keeping, database management, and internal reporting.
• To improve our website and services: We use Usage and Technical Data to understand how our website is used and to make improvements.
• For security and fraud prevention: To protect our organisation and supporters from fraudulent activities.
• To comply with legal obligations: Such as financial reporting, regulatory compliance, and safeguarding responsibilities.

Comments

When visitors leave comments on our site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help with spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS)included. Visitors to the website can download and extract any location data from images on the website. This is a security and privacy risk for you.

Contact Forms

Information submitted through contact forms on our website is used to respond to your inquiries and for administrative purposes. We only collect the data necessary to fulfil your request.

Cookies Policy

Our website uses cookies to enhance your experience. Cookies are small text files stored on your device that help us remember your preferences, analyse website usage, and provide certain functionalities.

• Necessary Cookies: These are essential for the website to function correctly.
• Analytical/Performance Cookies: These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
• Functionality Cookies: These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences.
• Commenting Cookies: If you leave a comment on our site, you may opt-in to saving your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
• Login Cookies: If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
• Article Editing Cookies: If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Embedded Content from Other Websites

Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. We are not responsible for the privacy practices of these other websites.

Analytics

We use analytics services (such as Google Analytics) to collect information about how visitors use our website. This helps us understand website traffic and improve user experience. This data is aggregated and anonymised where possible, meaning it cannot be used to identify you personally.

Who We Share Your Data With

We may share your personal data with the following categories of third parties:

• Service Providers: We work with trusted third-party service providers who perform functions on our behalf, such as payment processing, IT and system administration services, email delivery, and marketing services. These providers are required to process your data only on our instructions and to keep it secure.
• Professional Advisers: This includes lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
• Regulators and Other Authorities: We may disclose your data to regulators, HMRC, and other authorities who require reporting of processing activities in certain circumstances.
• For Legal Reasons: If required to do so by law or in the good faith belief that such action is necessary to comply with legal processes or protect the rights, property, or safety of Ihsan Relief, our supporters, or the public.
• Automated Spam Detection Service: Visitor comments may be checked through an automated spam detection service.
• Password Reset: If you request a password reset, your IP address will be included in the reset email for security purposes.

We will never sell or rent your personal data to other organisations.

International Transfers

Where Ihsan Relief transfers personal information outside the UK, we have robust procedures in place to secure the integrity of the data. This includes ensuring transfers are to countries deemed to have an adequate level of data protection by the UK government, or by using specific contracts approved for use in the UK which give personal data the same protection it has in the UK (e.g., International Data Transfer Agreement or Addendum to EU Standard Contractual Clauses).

How Long We Retain Your Data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Comments: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
• Registered Users: For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
• Donation Records: Financial records, including donation history, are typically retained for six years plus the current financial year for tax and auditing purposes.
• Marketing Permissions: We retain your marketing preferences for as long as you wish to receive communications from us.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your Rights Over Your Data

Under UK GDPR, you have significant rights regarding your personal data. These include:

• The Right to Be Informed: To be informed about how your personal data is collected and used (as set out in this Privacy Policy).
• The Right of Access (Subject Access Request – SAR): You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request, free of charge.
• The Right to Rectification: You have the right to request that any inaccurate personal data we hold about you is corrected.
• The Right to Erasure (“Right to be Forgotten”): You have the right to request that we delete personal data we hold about you, in certain circumstances (e.g., where the data is no longer necessary for the purpose it was collected, or where you withdraw consent and there is no other legal basis for processing). This does not include any data we are obliged to keep for administrative, legal, or security purposes.
• The Right to Restrict Processing: You have the right to ask us to suspend the processing of your personal data in certain scenarios (e.g., if you want us to establish the data’s accuracy or the reason for processing it).
• The Right to Data Portability: You have the right to request that we transfer your personal data to another organisation or to you in a structured, commonly used, machine-readable format.
• The Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes, or where we are relying on a legitimate interest (and there is something about your particular situation which makes you want to object to processing on this ground).
• Rights in Relation to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless certain exceptions apply. Ihsan Relief does not currently engage in automated decision-making or profiling that would have such a significant effect on individuals.

If you wish to exercise any of these rights, please contact us using the details below. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

How We Protect Your Data

We are committed to ensuring the security of your personal data. We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These measures include:

• Encryption: Using SSL (Secure Sockets Layer) technology to encrypt data transmitted through our website.
• Access Controls: Limiting access to personal data to employees, volunteers, agents, contractors, and other third parties who have a legitimate business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
• Data Minimisation: Collecting only the personal data that is necessary for the stated purpose.
• Regular Security Reviews: Conducting regular assessments and updates to our security practices.
• Data Breach Procedures: We have procedures in place to identify, assess, investigate, and report any personal data breach as early as possible to affected individuals and the Information Commissioner’s Office (ICO) where legally required. Our procedures have been explained to all employees.

What Third Parties We Receive Data From

Currently, we primarily receive data directly from you or through automated collection via our website. If we receive data from other third parties (e.g., fundraising platforms, referrers), we ensure they comply with data protection laws and have a lawful basis for sharing your data with us.

Your Contact Information

If you have any questions about this Privacy Policy or our data protection practices, please contact us:

Email: [info@ihsanrelief.org]

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the updated policy on our website. Please check back regularly to review any updates.

This policy was last updated: June 2025