§ Legal · 02

Privacy Policy.

Effective5 May 2026 Version3.0 FrameworkUK GDPR & Data Protection Act 2018

How CAMUK collects, uses, and protects information about you. Plain English. No tricks. The shortest version we could write while still being honest.

The short version

We collect only what we need to run the community well. We never sell your data. You can ask to see, correct, or delete it at any time.

N° 01

Who we are.

CAMUK is the data controller for personal information collected through this website and our community activities. You can reach our privacy team at info@camuk.net.

We're a community organisation, not a corporation — but we still take this seriously. The same law that applies to a global tech company applies to us.

N° 02

What we collect.

We try to collect as little as possible, and only what we actually need.

CategoryExamplesSource
Identity & contact Name, email, city, optional phone, optional pronouns. Provided by you when you sign up, RSVP, or contact us.
Donation details Amount, date, Gift Aid eligibility, billing postcode. Stripe (full card details never reach us).
Event attendance Which events you booked or attended, accessibility needs, dietary notes. You, when booking.
Photos & video Group photographs from gatherings; video clips for our archive. Captured at events (we always announce when a photographer is on site).
Site usage Anonymous page views, device type, country, referrer. Privacy-respecting analytics — no cross-site tracking.
N° 03

Why we use it.

  • To send you updates about events, programmes, and the community — only if you've opted in.
  • To process and acknowledge donations, and to claim UK Gift Aid where eligible.
  • To match mentors with mentees and to deliver our welcome and support programmes.
  • To keep our services secure, prevent abuse, and improve the site over time.
  • To meet our legal obligations — for example, charity reporting and accounting.
N° 04

Lawful basis.

Under UK GDPR we rely on:

  • Consent — for marketing emails, optional photographs, and any sensitive data we ask about (such as accessibility needs).
  • Contract — when you donate, sign up to a paid event, or join a structured programme.
  • Legitimate interests — to run the community, communicate with members, and keep the site working. We've weighed our interests against your rights and freedoms; if you'd like to see that assessment, just ask.
  • Legal obligation — for HMRC, safeguarding, and statutory reporting.
N° 05

Sharing & processors.

We never sell your personal data. We share it only with trusted service providers ("processors") who help us operate, and only as needed.

ProcessorPurposeRegion
Stripe Payments UKDonation & ticket processingUK / EU / US (with adequacy or SCCs)
Email service providerMember newsletters & transactional emailUK / EU
Cloud hostingWebsite hosting & backupsUK / EU
Privacy-first analyticsAggregate site usageEU

We may also disclose information where required by law, by a court order, or to protect the safety of our members.

N° 06

How long we keep it.

  • Member records — for as long as you remain part of the community, plus 24 months.
  • Donation & financial records — at least 7 years, to meet HMRC and charity rules.
  • Event lists & attendance — 24 months after the event.
  • Photographs & video archive — kept indefinitely as a record of community life, with the right to be removed on request.
  • Marketing preferences — for as long as you're subscribed; we honour unsubscribes immediately.
N° 07

Your rights.

Under UK GDPR you have the right to:

  • Access a copy of the personal data we hold about you.
  • Rectify anything that's inaccurate or incomplete.
  • Erase your data, where there's no overriding reason for us to keep it.
  • Restrict or object to certain uses — including direct marketing, which you can opt out of at any time.
  • Portability — receive a structured copy of data you provided to us.
  • Withdraw consent at any time, where consent is the basis we rely on.
  • Complain to the Information Commissioner's Office at ico.org.uk.

To exercise any of these, write to info@camuk.net. We'll respond within 30 days.

N° 08

Security & transfers.

We use reasonable technical and organisational measures to protect your data: encrypted connections, access controls, regular reviews, and the principle of least privilege for our volunteers and staff. No system is perfectly secure; if a breach affects you, we'll notify you and the ICO promptly, as required by law.

Where data leaves the UK, we rely on an adequacy decision from the UK government or on Standard Contractual Clauses with appropriate safeguards.

N° 09

Cookies.

We use cookies sparingly and explain each one. You can change your choices any time on the Cookies Preferences page.

N° 10

Children.

Our services are designed for adults. We don't knowingly collect personal data from children under 16 without parental consent. If you believe a child has shared data with us, please write in and we'll remove it.

N° 11

Changes.

We may update this policy from time to time. The Effective date at the top reflects the latest version. For material changes we'll let members know by email — your inbox shouldn't have to do detective work.

Read next.

Terms of Use →  ·  Cookies Preferences →  ·  Accessibility →