Privacy Policy

Last Updated: 3 December 2025

People's Fundraising is committed to protecting your privacy and handling your personal data in a safe, ethical and lawful way. This Privacy Policy explains what data we collect, how we use it, how we keep it safe, and what rights you have in relation to your personal information.

Summary of key points

Who we are: People's Fundraising is operated by Golden Giving Limited, a company registered in England and Wales. We act as the "data controller" for your personal data and have appointed a dedicated Data Protection Officer (DPO) who you can contact about any privacy questions or requests.

Data we collect: We collect personal information you provide (such as your name, contact details, donations and fundraising activity) and data automatically gathered when you use our website (such as IP address, device and browser information, and cookies). We do not collect more data than we need and clearly indicate what is optional.

How we use data (and legal bases): We use your data to operate and improve our fundraising services, process donations (including Gift Aid), support events and campaigns, provide customer support, send communications (including marketing where permitted), secure the platform and meet legal and regulatory obligations. Each activity is supported by a lawful basis under UK GDPR (for example performance of a contract, consent, legal obligation or our legitimate interests).

Cookies & tracking: We use cookies and similar technologies to run our website and understand how people use it. Essential cookies are needed for things like login and security; optional analytics and marketing cookies are only used with your consent. You can manage cookies through our cookie banner, site settings or your browser at any time.

Data sharing: We do not sell your data. We share it only where necessary ‐ for example with payment processors, the charities or fundraisers you support, technology and security providers, or regulators and authorities where required by law. Whenever we share data, we put in place appropriate contracts and safeguards.

International transfers: We mainly store data in the UK and the European Economic Area (EEA). Where data is transferred outside these regions, we use UK-approved safeguards such as adequacy decisions or Standard Contractual Clauses (or equivalent mechanisms) to protect your data.

Data retention: We only keep personal data for as long as needed for the purposes described, or as required by law (for example, keeping donation records for around six years for tax purposes). Data that is no longer needed is anonymised or securely deleted.

Security: We apply strong security measures, including encryption, access controls, secure hosting, backups, vulnerability management and staff training. We also offer features such as two-factor authentication (2FA) to help protect your account.

Your rights: You have rights over your personal data, including the rights to be informed, access, rectification, erasure, restriction, objection, data portability and rights in relation to automated decision-making. You can also withdraw consent (such as for marketing) at any time.

No automated decisions: We do not rely on any fully automated decision-making (including profiling) that produces legal or similarly significant effects about you.

If there is a data breach: We have an incident response plan. Where a personal data breach risks your rights, we will notify the UK Information Commissioner's Office within 72 hours where required and, where there is a high risk to you, we will also contact you without undue delay.

Exercising rights and contact: You can contact our DPO at support@peoplesfundraising.com to exercise your rights or raise any concerns. We generally respond within one month. You also have the right to complain to the UK Information Commissioner's Office if you are not satisfied with our response.

Introduction and scope

People's Fundraising is committed to safeguarding personal data and handling information in a safe, ethical and lawful way. This unified Privacy Policy explains how we collect, use, retain, protect and share your personal data, in line with UK data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations.

This policy applies to all personal data processed by Golden Giving Limited (trading as People's Fundraising) in connection with our website and related services. It covers personal data about users, donors, fundraisers, charity partners, event participants and anyone who interacts with us. It also applies to staff, contractors and partners who handle personal data on our behalf, who are required to follow these practices.

By using our website or services, or by providing us with your information, you acknowledge that you have read this policy and agree to the practices described in it. We regularly review and update this policy to keep pace with legal requirements and best practice and to reflect how our services evolve.

Relationship with our Terms & Conditions

This Privacy Policy should be read together with our Terms & Conditions, which govern your use of our website and services. Together, these documents explain both your legal responsibilities and how we process your personal data when you use People's Fundraising.

For full details please refer to our Terms and Conditions .

Who we are (data controller)

Golden Giving Limited, trading as People's Fundraising, is the organisation responsible for your personal data. Golden Giving Limited is registered in England and Wales under company number 06688164, with its registered office at 85 Great Portland Street, London, W1W 7LT.

Within this policy, references to "we", "us" or "our" mean Golden Giving Limited/People's Fundraising.

We have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and compliance. You can contact our DPO with any questions, concerns or requests about your personal data using the details below:

  • Email: support@peoplesfundraising.com
  • Post: Data Protection Officer, Golden Giving Ltd (People's Fundraising), 85 Great Portland Street, London, W1W 7LT, UK

Information we collect

We collect personal data to provide our fundraising platform and related services and to comply with our legal obligations. We do not collect more information than we need and we clearly indicate when information is optional.

1. Information you provide to us

This is information you voluntarily give us when you interact with People's Fundraising, for example when you create an account, make a donation, set up or support a fundraising page, buy event tickets or contact us.

  • Account information: When you register, we collect your name, email address and login credentials (such as username and password). Passwords are stored in a one-way hashed or encrypted form and are never stored in plain text.
  • Contact details: If you choose to provide additional contact information, we may collect your postal address and telephone number, for example when you give a billing address for a donation or sign up for an event.
  • Donation and payment details: When you donate or make payments through our platform, we process information needed to complete the transaction, such as the donation amount, currency, date and time, and basic payment details. Full card or bank details are handled securely by our accredited payment providers (for example Stripe or PayPal) and are not stored in full on our systems. We may receive and store limited billing details and transaction references (such as the last four digits of your card, card type, expiry date or a transaction ID). If you claim Gift Aid, we also collect the information required for the Gift Aid declaration, such as your UK address and confirmation of taxpayer status.
  • Public fundraising page information: If you create a public fundraising page or join a campaign or event, we process the content you choose to publish, such as your story, fundraising target, updates, photos or videos. If you donate to a page, we record your donation. Unless you choose to donate anonymously, your name and any message you add may appear in public association with that page. Donors can choose anonymity options which we respect in what is displayed.
  • Communications and support: When you contact us (for example by email, through our contact form or via other communication channels), we collect the information you provide such as your name, email address and the contents of your message. We may also collect responses you give in surveys or feedback requests.
  • Preferences: We record your marketing and communication preferences, such as whether you have opted in or out of newsletters or how you wish to receive notifications.

2. Information we collect automatically

When you use our website, certain information is collected automatically, primarily to operate the service securely and improve your experience.

  • Usage and device data: We log technical details about your visit, such as your IP address, browser type and version, device type, operating system, the pages and features you access, dates and times of access, and the website or source that referred you to us. We use this information to monitor usage, diagnose technical issues and improve our services.
  • Cookies and similar technologies: We use cookies and other tracking technologies to support core functionality (such as keeping you logged in, remembering preferences and enabling security features) and, where you consent, to collect analytics and marketing information. Details are set out in the "Cookies & tracking technologies" section below.

3. Children's data

Our platform is intended for users aged 18 and over. If you are under 18, you may only use the Website to create a fundraising page or event under the direct supervision and consent of a parent or legal guardian, as described in our Terms and Conditions. We do not knowingly collect personal data from children under 13. If you are under 13, please do not provide personal information to us. If we become aware that we have collected personal data from a child under 13, we will take steps to delete it. If you are a parent or guardian and believe your child has provided personal data to us, please contact us so that we can remove it.

4. Limited use and data minimisation

We only collect personal data that is necessary for the purposes described in this policy. If you are simply browsing our site without registering or making a transaction, we only collect minimal data, such as basic logs and cookies needed to provide a secure connection and essential analytics. Providing personal data is generally voluntary, but some information is required to use particular features (for example we cannot process a donation without payment details, or create an account without an email address). Where information is optional, we aim to make this clear.

How we use your information (purposes and legal bases)

We process your personal data for specific, legitimate purposes in connection with operating People's Fundraising. Each use of your data has a lawful basis under UK GDPR, such as the performance of a contract, compliance with legal obligations, our legitimate interests or your consent.

Provide and manage our services (contractual necessity)

We use your information to create and manage your user account, enable you to set up and manage fundraising pages and events, and generally provide the features and functionality of the platform. For example, we authenticate you when you log in, display your fundraising pages, record donations and update totals. This processing is necessary to perform our contract with you when you use our services.

Process transactions and donations (contract and legal obligation)

We use your data to process donations, ticket purchases and other transactions that you initiate. This includes sending data to payment processors, confirming payments and issuing receipts. Where you claim Gift Aid, we use relevant information to prepare and submit Gift Aid claims to HM Revenue & Customs on behalf of the charity. We retain certain financial records to meet legal and tax obligations.

Communicate with you (contract and legitimate interests)

We use your contact details to send you service-related communications, such as donation confirmations, receipts, account notifications, security alerts, updates about pages you support and responses to your enquiries. These communications are considered an essential part of the service and are generally not optional while you continue to use the platform. In some cases we also send important notices about changes to our terms or policies where we have a legitimate interest in keeping you informed.

Marketing and newsletters (consent or legitimate interests)

With your consent, we may send you newsletters or information about new features, fundraising opportunities or events that may be of interest to you. You can opt in when creating an account or at a later point and you can withdraw consent at any time by using the unsubscribe link in emails or by updating your preferences in your account settings. For certain business contacts at partner charities, we may send occasional service updates based on our legitimate interests; recipients can opt out at any time.

Analytics and service improvement (legitimate interests and consent)

We use usage data and feedback to analyse how our platform is used and to improve performance and usability. We prefer to use aggregated or pseudonymised information where possible. Analytics tools such as Google Analytics may be used to understand trends and user journeys and to identify issues. Analytics cookies and similar technologies are only used with your consent, as described in the cookies section.

Security and fraud prevention (legitimate interests)

We process certain data to protect users, charities and the integrity of our platform. This includes monitoring for suspicious activity, preventing fraud and abuse, detecting unauthorised access and enforcing our terms. We may, for example, use IP addresses, login history and transaction patterns to detect fraud, temporarily suspend accounts while we investigate, or share necessary information with payment providers or authorities where required.

Legal compliance and record-keeping (legal obligation and legitimate interests)

We process and retain certain personal data in order to comply with laws and regulations, such as charity law, tax law, anti-money laundering and fraud prevention rules. We may be required to provide information to authorities such as HMRC, the Charity Commission, the Fundraising Regulator or law enforcement when legally obliged to do so. We also keep records of data protection requests and how we respond to them, to comply with accountability requirements.

We will not use your personal data for any purpose that is incompatible with those described in this policy unless permitted by law or you have given your consent. If we introduce any new processing purposes, we will update this Privacy Policy and, where appropriate, notify you and/or seek your consent.

Cookies & tracking technologies

Like most websites, People's Fundraising uses cookies and similar technologies to support our services, improve your experience and, where you agree, to help us understand how our site is used.

Cookies are small text files that are placed on your device when you visit a website. Related technologies include local storage and tracking pixels. Together we refer to these as "cookies" or "tracking technologies".

We use the following broad categories of cookies:

  • Essential cookies: These are necessary for our website to function properly. They enable core functions such as logging in, maintaining a secure session and protecting against fraud and malicious activity. You cannot opt out of these cookies via our consent tools, although you can disable them through your browser (which may impair the site).
  • Preference cookies: These remember your choices and settings, for example language preferences or display options, to make your experience more convenient.
  • Analytics cookies: With your consent, we use analytics tools to collect information about how visitors use our site, including page views, navigation patterns and time spent. This helps us improve content and design. We configure such tools to support privacy (for example by anonymising IP addresses).
  • Marketing cookies: We do not currently host third-party ads in the way that some commercial sites do, but we may use marketing-related tracking (for example social media pixels) to measure the effectiveness of our own campaigns or to promote fundraising content. These cookies are only used with your consent.

Some cookies are set by third parties such as analytics providers, payment processors or social networks when you interact with their embedded content or services. Those third parties are responsible for their own cookies and you should refer to their privacy and cookie policies for more information.

When you first visit our website, we present a cookie banner or consent tool that allows you to accept or reject non-essential cookies. You can also change your choices at any time using the cookie settings link on our site or by managing cookies via your browser settings. Please note that blocking or deleting cookies may affect the functionality of our website.

Third-party data sharing and disclosures

We do not sell your personal data. We share personal data only where necessary, with trusted third parties and under appropriate safeguards.

Categories of recipients include:

  • Payment processors and banking partners: To process donations and payments securely, we share necessary details with payment service providers and, where relevant, banks or financial institutions. These providers are typically independent controllers for the payment information you supply directly to them and are responsible for keeping that information secure.
  • Charitable organisations and fundraising page owners: When you donate or participate in a campaign, we share relevant donor information with the benefiting charity and, where applicable, the page creator (unless you have chosen to remain anonymous). This may include your name, email address, donation amount and any message you include. Once a charity or fundraiser receives your data, they become an independent controller for their own uses and are responsible for their own compliance.
  • Service providers and vendors: We use third parties to provide services such as hosting and infrastructure, email delivery, analytics and performance monitoring, security and fraud detection, and survey tools. These providers act as our data processors and may only process personal data in accordance with our instructions and for our specified purposes.
  • Regulators and authorities: We may disclose personal data to government bodies, regulators, law enforcement or other authorities where required by law or where necessary to protect our rights or the rights of others. We only provide the minimum information that is legally required and review requests carefully.
  • Business transfers: If Golden Giving Limited is involved in a merger, acquisition, reorganisation or sale of assets, personal data may be transferred as part of that transaction. Any new controller would be required to honour the commitments in this Privacy Policy or provide a policy with similar or stronger protections.

We require all service providers who process data on our behalf to enter into appropriate data processing agreements and to maintain adequate technical and organisational security measures. Where a provider is located outside the UK or EEA, we also put in place appropriate international transfer safeguards as described below.

International data transfers

We primarily store and process personal data in the United Kingdom and, in some cases, the European Economic Area. However, some of our service providers or partners may be located in, or process data in, other countries.

Whenever we transfer personal data outside the UK/EEA, we ensure there is a lawful basis and adequate protection in place. This may include:

  • transfers to countries deemed by the UK government (or EU, as applicable) to provide an adequate level of data protection (adequacy decisions);
  • Standard Contractual Clauses or the UK International Data Transfer Agreement, which are contractual safeguards approved for international transfers;
  • other lawful bases, such as transfers necessary for the performance of a contract in your interest, or in rare cases to protect vital interests or where you have given explicit consent.

No matter where your data is processed, we require recipients to protect it to standards that are essentially equivalent to those required under UK data protection law. If you would like more information about international transfers or copies of the relevant safeguards (where legally permitted), you can contact our DPO.

Data retention and disposal

We keep personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to meet any legal, accounting or reporting requirements. We have retention rules for different categories of data based on legal obligations and our operational needs.

Category Typical retention period Reason
Account and profile information For the life of the account and usually up to 12 months after account closure Account management, resolving disputes and fraud prevention
Donation and payment records (including Gift Aid) At least 6 years after the end of the financial year in which the transaction occurred Compliance with tax, accounting and HMRC Gift Aid requirements
Fundraising and event page content For the duration of the campaign and normally for a period afterwards for transparency and records Historical records of fundraising activity and transparency
Support and customer service communications Approximately 12‐36 months, longer if needed for legal reasons Customer support history, resolving complaints and legal claims
System and security logs Typically 12‐36 months Security monitoring, troubleshooting and incident investigations
Marketing consent and opt-out records Until you withdraw consent or opt out; minimal "do not contact" record retained afterwards Proof of consent and to respect your contact preferences
Aggregated or anonymised analytics Indefinitely, in anonymised form Service improvement and statistical analysis

At the end of the relevant retention period, or once we no longer have a lawful basis to keep certain data, we will either securely delete it or anonymise it so that it can no longer be linked to an identifiable individual. Secure deletion includes removing data from live systems and ensuring that it is overwritten or removed from backups once those backups roll over in the normal course of business.

In some situations (for example where there is a legal dispute or investigation) we may place a "legal hold" on certain data, meaning we retain it beyond the standard period until the matter is resolved. We limit such extended retention to what is strictly necessary.

Data security measures

We take the security of your personal data very seriously and implement a range of technical and organisational measures to protect it from unauthorised access, loss, misuse or alteration.

  • Encryption: Data transmitted between your browser and our servers is protected using HTTPS/TLS. Passwords are stored using strong, one-way hashing algorithms and sensitive data at rest may also be encrypted.
  • Access controls: Access to personal data is restricted to staff and service providers who need it to perform their duties. We use role-based access controls, strong authentication and audit logging for administrative access.
  • Secure infrastructure: Our website and databases are hosted on secure infrastructure with modern security practices, including firewalls, intrusion detection, physical security and redundancy.
  • Backups: We maintain regular encrypted backups of key data in order to restore services in the event of a failure or incident. Old backups are removed when they are no longer needed.
  • Vulnerability management: We keep software up to date, conduct security scans and, where appropriate, penetration testing. We promptly address identified vulnerabilities and follow secure coding practices.
  • Staff training and policies: Our team members receive regular training on data protection and security. We have internal policies covering secure handling of data, password practices, incident reporting and device security. Staff are bound by confidentiality obligations.
  • Vendor due diligence: We assess the security practices of third-party providers that process personal data on our behalf and put contractual safeguards in place.
  • User account protection: We offer features such as two-factor authentication (2FA) to help you secure your account and we encourage you to use strong, unique passwords and to keep your login details confidential.

While no system can be guaranteed as completely secure, we work continuously to maintain and improve our security controls in line with industry standards and evolving threats.

Incident response & data breach notification

We have procedures in place to detect, respond to and investigate potential personal data breaches. If we become aware of an incident involving personal data, we will:

  • act quickly to contain the incident, secure systems and prevent further unauthorised access;
  • investigate the cause, scope and impact of the incident;
  • take remedial action to address vulnerabilities and prevent recurrence; and
  • document the incident and our response.

Where required by law, we will notify the UK Information Commissioner's Office (ICO) of a personal data breach without undue delay and, where feasible, within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk to individuals' rights and freedoms. Where a breach is likely to result in a high risk to you, we will also inform you without undue delay, explaining what has happened, what data is involved, what steps we are taking and what steps you can take to protect yourself.

Your data protection rights

Under UK data protection law, you have a number of rights in relation to your personal data. These include:

  • Right to be informed: to receive clear information about how your data is used, which this Privacy Policy is intended to provide.
  • Right of access: to request confirmation of whether we process your personal data and, if so, to receive a copy of that data along with information about how it is used.
  • Right to rectification: to have inaccurate data corrected or incomplete data completed. You can often update your own details via your account settings.
  • Right to erasure: in certain circumstances, to request the deletion of your personal data (for example where it is no longer needed, where you withdraw consent, or where you successfully object to processing). This right may be limited where we need to retain data to comply with legal obligations or for legal claims.
  • Right to restrict processing: in certain situations, to request that we restrict the processing of your data (for example while accuracy is being verified, or where you have objected and we are considering that objection).
  • Right to data portability: for certain data you have provided to us, to receive it in a structured, commonly used, machine-readable format and/or to request that we transmit it directly to another controller where technically feasible.
  • Right to object: to object at any time to processing of your personal data that is based on our legitimate interests or for direct marketing. We will stop processing your data for direct marketing if you object.
  • Rights in relation to automated decision-making and profiling: to not be subject to a decision based solely on automated processing (including profiling) that has legal or similarly significant effects on you, except in limited circumstances permitted by law.

Exercising your rights & how to contact us

If you wish to exercise any of your rights or have any questions or concerns about how we process your personal data, you can contact our Data Protection Officer using the details below:

  • Email: support@peoplesfundraising.com
  • Post: Data Protection Officer, Golden Giving Ltd (People's Fundraising), 85 Great Portland Street, London, W1W 7LT, UK

To help us process your request, please provide enough information to identify you (for example the email address associated with your account) and specify what you would like us to do. In some cases we may need to request additional information to verify your identity, particularly where a request relates to sensitive data.

We aim to respond to all valid requests within one month. For complex or numerous requests, this period may be extended by up to two further months; if that happens, we will let you know and explain why. We do not normally charge a fee for handling rights requests, but we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, as permitted by law.

If you are not satisfied with how we have handled your personal data or responded to a request, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). Details of how to contact the ICO are available at www.ico.org.uk. We would encourage you to contact us first so that we have an opportunity to address your concerns.

Automated decision-making

We do not currently use automated decision-making, including profiling, that produces legal effects or similarly significant effects for individuals. While we may use automated tools to help identify potential fraud or to prioritise certain activities, any important decisions about users involve human review and judgment.

If we introduce automated decision-making processes in future that are likely to have significant effects on individuals, we will ensure they comply with legal requirements, update this Privacy Policy and provide any additional notices or rights required by law.

Data minimisation & accuracy

We follow the principles of data minimisation and accuracy in all our processing activities. This means we only collect and retain personal data that is necessary for the purposes described in this policy, and we take reasonable steps to ensure that data is accurate and kept up to date.

You can help us by keeping your account details current and letting us know if any of your information changes or is incorrect. Where we become aware that data is inaccurate, we will update or correct it without undue delay.

Start Fundraising
Donations
Raise funds through one-time or recurring donations, providing supporters with the opportunity to contribute to your cause.
In memory
Donate to honour or remember someone special - a heartfelt way to celebrate their life while supporting a cause that matters.
Fundraisers
Invite supporters to donate and help reach your fundraising target - every contribution brings you closer and makes a real difference.
Centralize all your teams fundraisers onto a single page, streamlining the process and maximizing collective efforts.
Raffles
Offer raffle tickets for sale, giving supporters the chance to win prizes through random selection, adding an element of excitement to your fundraising efforts.
Tombolas
Similar to raffles, tombolas provide instant wins through lucky dip-style ticket purchases, offering a fun and spontaneous way to support your cause.
Events
Sell tickets for various types of events, from galas to concerts, providing supporters with memorable experiences while contributing to your fundraising goals.
Memberships
Offer paid subscriptions with benefits in return, providing supporters with ongoing perks while generating recurring revenue for your organisation.
Auctions
Host live or silent auctions, offering supporters the excitement of competitive or discreet bidding — all while raising funds and awarding desirable items.
Lottery
Choose numbers for a chance to win prizes, offering a simple yet engaging way to raise funds for your cause.
Members lottery
Also known as a club 100 or 200 lottery, buy tickets for a chance to win regular prizes, making it a fun and engaging way to raise funds for your cause.
Gift vouchers
Purchase vouchers for friends and family to use towards any fundraising activity, offering a convenient way to support your cause.
Shops
Sell a diverse range of goods to support your cause, providing supporters with tangible products while contributing to your fundraising efforts.
Live Meetings
Host live meeting events to support your chosen cause, engaging supporters with interactive content whilst boosting your fundraising success.
Sign Up
Good causes
We welcome all types of not-for-profit and community organisations, including charities, CIOs, charitable companies, CICs, CASCs, trusts, unincorporated associations, schools, PTAs/PFAs, faith-based organisations, social enterprises, development and community trusts, housing and leisure trusts, arts and cultural bodies, and other community groups.
Individual fundraiser
Sign up to fundraise for your favourite cause or organisation with donations, events, raffles, auctions, and more.

See the terms and conditions.   See the privacy policy.

If you require assistance, please Get in Touch.

Sign In

If you don’t have an account yet, please Sign Up to get started.   If you’ve forgotten your password, you can Reset It.