Last Updated: December 2025

Girls Friendly Society (“GFS”, “we”, “our”, or “us”) is committed to protecting the privacy and personal data of our members, supporters, and website visitors. This policy explains how we collect, use, and safeguard your information when you interact with us online or offline.

GFS is the data controller for the personal data we process.

GFS process your personal data in accordance with UK Data Protection Law which includes, but not limited to, the UK General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications Regulation (PECR) and The Data Protection Act 2018.

How We Collect Information

We collect information in the following ways:

  • Directly from you: When you complete a form, register for an activity, donate, apply for a role, or contact us.
  • Automatically via cookies and similar technologies: We collect technical and usage data when you visit our website. This is managed through your cookie consent preferences. For more information, please see our Cookie Policy.
  • From third parties: We may receive information from trusted partners such as:
  • Fundraising platforms (e.g., Raisely)
  • Social media platforms (e.g., Facebook, LinkedIn)
  • Payment processors
  • Event or volunteer management systems

We only receive this information where you have given permission to those organisations.

Information We Collect

We may collect the following types of personal data:

  • Personal Information: Full name, contact details, date of birth, emergency contact details or other identifying details when you register, donate, engage with a services or fill out a contact form.
  • Technical Data: IP address, browser type, operating system, device information and similar data collected via cookies and analytics tools.
  • Usage Data: Pages visited, time spent, and interactions to help us improve our site and services.
  • Special Category Data: Where relevant to safeguarding or participation in activities (e.g., health information), collected only with appropriate safeguards and lawful bases.

How We Use Your Information

We use your data to:

  • Provide information about GFS activities, events, and services (legitimate interest)
  • Process donations and manage fundraising campaigns (contract)
  • Respond to enquiries and offer support (consent)
  • Improve our website experience and content (consent)
  • Comply with legal obligations (legal obligation or vital interest)
  • Fulfil financial, audit, and reporting requirements (legal obligation)
  • Send marketing communications (consent or legitimate interest)

Legitimate interest

Where we rely on legitimate interests, these include:

  • Furthering the charitable aims of GFS
  • Communicating with supporters about similar services or opportunities
  • Ensuring the security and performance of our website

We have conducted a Legitimate Interests Assessment (LIA) to ensure these interests do not override your rights.

Data Retention

We only keep your data for as long as necessary for the purpose it was collected.

  • Donation records: 6 years (legal requirement)
  • Volunteer and group attendee records: 3 years after your last interaction
  • Financial information: 7 years after the financial year end (legal requirement)
  • Job applicant data: 6 months after recruitment
  • Safeguarding records: In line with statutory requirements and internal safeguarding policies

Where retention periods differ due to legal obligations, we will follow the relevant legislation.

Cookies

Our website uses cookies to enhance your experience. These include:

  • Essential cookies for basic functionality
  • Performance cookies to track usage and optimise content
  • Statistical cookies to create statistics around content usage
  • Marketing cookies (if applicable) for targeted communication
  • Non‑essential cookies are only used with your consent.

You can control cookie settings via our cookie setting panel at any time at any time. For more information please see our full cookie policy here.

Sharing Your Data

We may share your information with trusted third‑party service providers who support our operations, including:

  • Payment processors
  • Email and marketing platforms
  • Cloud hosting and IT service providers
  • Fundraising and CRM platforms
  • Professional advisers (e.g., legal or financial)

All third parties are required to comply with data protection law and act only on our instructions.

Data Transfers Outside the UK and EU

Some of our service providers may transfer data outside the UK or EU.

Where this occurs, we ensure appropriate safeguards are in place, such as:

  • UK Addendum to Standard Contractual Clauses
  • Data Processing Agreements
  • Adequacy decisions

How We Protect Your Information

We use appropriate technical, organisational, and administrative measures to protect your data, including:

  • Secure servers
  • Access controls
  • Encryption
  • Staff training
  • Regular policy reviews

Children’s Privacy

As we work with children and young people, we handle their data with extra care.

We only collect children’s data:

  • With consent from a parent or guardian
  • For safeguarding, participation, or legal purposes
  • In line with our safeguarding policies

Your Rights

Under UK GDPR, you have the following rights:

  • Right to be informed
  • Right of access (we will respond within one month)
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to object
  • Right to data portability
  • Right to withdraw consent at any time
  • Right not to be subject to automated decision‑making
  • GFS does not use automated decision‑making tools.

To exercise your rights, contact us at info@gfs.org.uk.
We may request proof of identity before responding.

Social Media

If you engage with GFS on social media, your data is processed according to the privacy policy of the platform you use. We encourage you to review their policies.

Contact Us

For questions or concerns about this policy, please contact: GFS
3rd Floor
86-90 Paul Street
London
EC2A 4NE

Email: info@gfs.org.uk
Phone: 020 7837 9669

Complaints

We aim to resolve any concerns directly.
If you are unhappy with how we process your data, please contact us using the details above.

If you remain dissatisfied, you can contact the Information Commissioner’s Office (ICO):

0303 123 1113
www.ico.org.uk/concerns