Skip to content

Privacy Policy

1. Introduction /​Scope

The Plan Vivo Foundation (“we”, us”, our”) is committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018 and other applicable laws. This notice describes how we collect, use, disclose and protect your personal data when you use our Site and services. This notice applies where we act as controller.

2. Who we are and contact details

Plan Vivo Foundation
Charity No: SC040151
Data protection contact: info@​planvivofoundation.​org (Data Protection Officer or data contact)
Postal address: 4 Gayfield Place Lane, Edinburgh, EH7 5GU, UK.

3. Personal data we collect

We collect:

  • Identity & contact data: name, email, postal address, organisation name, phone (from account registration, donations, contact forms, event sign-ups).
  • Transaction data: donation and purchase records, payment transaction IDs (we do not store full card details).
  • Technical & usage data: IP address, device and browser information, pages visited, cookies and similar tracking technologies.
  • Communications: messages we exchange (email, support tickets).
  • Marketing preferences: newsletter consent and opt-in preferences.

We may also collect other information you choose to provide (CVs, application materials).

4. How we collect personal data

We collect data directly from you (forms, account registration, donations, newsletters), from your device via cookies and analytics, and from third parties where relevant (payment processors, identity verification providers).

5. Legal bases for processing (UK GDPR)

We rely on the following legal bases:

  • Contract: to process donations, purchases, and fulfil requests (e.g., registrations, services).
  • Legal obligation: to comply with accounting, charity regulation and tax /​anti-fraud obligations.
  • Consent: where you opt in (newsletters, non-essential cookies). You can withdraw consent at any time.
  • Legitimate interests: for admin, fraud prevention, improving services, and marketing where we balance our interests against your rights (we inform you and allow opt-out).

(For examples and guidance, see ICO material on privacy notices and lawful bases).

6. Purposes of processing & what we do with the data

We use personal data to:

  • Provide and operate the Site, make accounts available and process donations/​purchases.
  • Communicate with you (respond to enquiries, send transactional messages).
  • Send marketing or newsletters where you have opted in (or where we can rely on legitimate interests, with opt-out).
  • Maintain security, prevent fraud, and manage access.
  • Analyse Site usage to improve our services and content.
  • Comply with legal, regulatory and audit requirements.

7. Cookies and tracking

We use essential cookies required for the Site to function. Non-essential cookies (analytics and marketing) are used only with your consent via our cookie control. You can manage cookie preferences at any time. For guidance on cookie notices see ICO guidance. 

8. Third-party processors and hosting

8.1 Hosting /​CMS: The Site is operated and hosted on Craft Pro. Craft Pro provides hosting services and offers a Data Processing Addendum (DPA) for customers; we maintain contractual protections (DPA or equivalent) with our hosting provider to ensure appropriate safeguards where personal data are processed on our behalf. 

8.2 Payment processors: Payment transactions are processed by third-party payment service providers (PSPs). Their terms, privacy policies and security practices apply to the payment processing they provide.

8.3 Other processors: We use analytics and email marketing providers. Where third parties process data on our behalf we will use contracts requiring them to protect personal data, only process for specified purposes, and provide appropriate technical and organisational measures.

9. International transfers

If personal data are transferred outside the UK/​EEA (for example to processors with servers elsewhere), we will ensure safeguards such as adequacy decisions, Standard Contractual Clauses, or other permitted mechanisms are in place. If you want details of safeguards, contact info@​planvivofoundation.​org.

10. Data retention

We retain personal data only as long as necessary for the purpose collected, to meet legal obligations (e.g., accounting/​tax) or as otherwise required by law. Typical retention periods:

  • Transaction/​donation records: 7 years (accounting/​tax and audit purposes).
  • Account data: retained while account is active and for a limited period after (for dormant account handling).
  • Marketing preferences: until consent is withdrawn.
  • Logs and analytics: anonymised or retained for [12 – 36 months], as appropriate.

(Adjust specific retention periods to match your organisation’s policy and legal requirements.)

11. Data subject rights

You have rights under UK GDPR, subject to legal exceptions:

  • Right to be informed (this notice).
  • Right of access (subject access request).
  • Right to rectification.
  • Right to erasure (where applicable).
  • Right to restrict processing.
  • Right to data portability (where applicable).
  • Right to object (including to direct marketing).
  • Rights in relation to automated decision-making and profiling (where applicable).

To exercise rights contact: info@​planvivofoundation.​org. If unsatisfied you can complain to the UK Information Commissioner’s Office (ICO).

12. Security

We use reasonable administrative, technical and organisational measures to protect personal data. Hosting provider protections include firewalling, backups, DDoS protection and other controls depending on our hosting plan; we maintain contractual security obligations with the hosting provider. (Craft Pro hosting provides enterprise-grade protections when used.)

13. Children

The Site is not directed at children under 13. If we learn we have collected personal data about a child without parental consent we will delete it unless retention is lawful.

14. Changes to this policy

We may update this policy; changes will be published on the Site with an updated Last updated” date.

15. Contact & complaints

Contact for privacy or data protection matters: info@​planvivofoundation.​org or 4 Gayfield Place Lane, Edinburgh, EH7 5GU. You may complain to the ICO if you are unhappy with our handling of your personal data.

Last updated: 18th December 2025

Subscribe to our newsletter

Name

Your data will be processed by Plan Vivo and MailChimp for the purposes of sending you updates about our work, in accordance with our privacy policy.