Privacy Notice

Introduction


We at the Access Group understand the importance of protecting your personal data. This Privacy Notice explains how we collect and process your personal data when visiting our Charity of the Year website at the Access Group, and/or making a charitable donation.

This notice was last updated: 26th June 2025

About Us
The “Access Group” is a group of legal entities that are wholly owned subsidiaries of The Access Technology Group Limited (company registration 05575609).

The Access Group includes Access UK Ltd (company registration 2343760), with registered address at The Armstrong Building, 10 Oakwood Drive, Loughborough, LE11 3QF, United Kingdom.

Access UK Ltd is the primary trading entity and the controller of your personal data for processing described in this privacy notice.

Our Group Data Protection Officer is Danielle Hefford. To contact us regarding our use of personal data, you may email us at [email protected].

We have appointed Access Workspace Ireland (registration number: 91755) as our EU representative under Article 27, EU GDPR. Our representative can be contacted by email at [email protected].

Why We Have Your Information

We process personal data for the purpose of:

·       facilitating and securely processing your donation to the relevant charity of the year;

·       keeping in touch with you (e.g., to keep you posted about our news, activities and how you can help in other ways); and

·       analysis (e.g., donor relationship management, fundraising effectiveness, impact assessments etc.,).

 

We obtain your personal data directly from you when you choose to make a donation throughout charity of the year website.

The following describes the information we seek to collect from you to process your donation:

Reason for donation, full name, email address, card number, expiry date, security code, billing address, gift aid eligibility.

We also collect some of your personal data through the use of cookies. More about cookies can be found here.

If you’re making a donation to our charities in the following regions, you will be directed to the charities own sites to make a contribution directly:

·       Malaysia

·       Romania

·       Singapore

·       Sri Lanka

·       USA

·       Vietnam

In these cases, we will not seek to collect your card number, expiry date, security code or billing address (as this is not needed).


On What Legal Basis We Have Your Information
To process your donation, our lawful basis is performance of a contract.

To process your information for the purposes of keeping in touch and or analysis, our lawful basis is legitimate interests.

The legitimate interests pursued are to keep you informed about our news, activities, and how you can help the charity in other ways; it’s also to effectively manage the relationship with you as a donor.

Sharing Your Personal Data
We do not share your personal data with any third party, except for:

1)         our service providers (table 1) who process your personal data on our behalf. We have appropriate contracts in place with these service providers to protect your personal data;

2)         other legal entities within the Access Group, as appropriate (e.g., when they may have a need to know);

3)          the relevant charity or charities you are fundraising for or have made a donation to.

Storage and Disposal of Your Personal Data
We will delete your personal data within 12 months of the last donation you make. Unless we have a lawful reason to retain the information for longer.

Your rights

We will process your personal data in accordance the Principles - external link and Individuals’ Rights - external link of The General Data Protection Regulation (both the EU version (2016/679/EU) and UK retained version thereof).

Your data protection rights

Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

To exercise any of these rights, please submit your request at Individual Rights Request.

Where we rely on consent as a lawful basis of processing, you may withdraw your consent at any time by emailing us at [email protected]

Important note

If you feel we have not processed your data in accordance with the Principles and Rights of the individual under GDPR (EU or UK), please contact [email protected] (or our EU representative, [email protected]) for our complaints procedure, or you may raise a complaint with the Information Commissioners Office - external link (or other relevant supervisory authority) but we would like the opportunity to resolve any issues first.

Service Providers

Table 1

 

Provider

Purpose

Safeguards

Microsoft Azure

Cloud Hosting Services

Contract inclusive of Standard Contractual Clauses and the UK’s International Data Processing Addendum

Access Workspace Malaysia

Support, Technical Support

Intra-group data processing agreement (inclusive of recognised transfer safeguards)

Stripe

Payment Card Processing

 

Standard Contractual Clauses and the UK’s International Data Processing Addendum

 

Published:

Updated:

Author:

Share this page
Manage Cookie Preferences