Welcome to our Privacy Policy
A digital rights-based website privacy policy with information about what and how site users details will be used, including by partners. Includes: user rights, text on organisational refusal to share personal data with authorities and how to have your data deleted.
Effective from 18.03.25
Information
Overview
This is a Privacy and Cookie Policy that has been adopted by Every Future Foundation in 2025, an organisation with less than 5 members of staff and a turnover of less than £250,000. This policy has been adapted from an original Privacy and Cookie Policy developed by the Open Rights Group, openly shared under a Creative Commons (CC BY-SA 4.0) licence and sourced on the RadHR.org Policy Library.
Policy details
Type: Policy
Used since: 2025
Policy areas: Data Protection
Security
Related policies: –
Known Legal issues: Yes
Organisation info
Name: Every Future Foundation
www.everyfuturefoundation.co.uk
Type: Anti-racism Education Charity
Structure: Hierarchy
People: 03–05
Turnover: £100k-£250k
Contents
- Introduction
- Who are Every Future Foundation?
- Data Controller
- The personal data we collect, how we use it and the legal basis for this
- Your data and third parties
- Cookies and tracking
- Social media links
- Jurisdiction
- Retention and deletion of your information
- The security of your information
- Your rights
- Contact us
- Changes to this policy
Policy
-
Introduction
Every Future Foundation strongly believes that you have the right to control the use of your personal information, and that your privacy must be respected. That is why we strictly limit the collection and processing of your personal data. We will not use personal data that you provide to us in a manner inconsistent with the purposes for which you provided it to us.
This privacy and cookie policy (“Policy”) describes how we will process any personal information that we may collect about you as a supporter or member, as a visitor to our website. We do not and will not sell, rent or lease personal data, nor send marketing on behalf of third parties.
This policy does not address other personal data processing operations, for example Every Future Foundation’s internal processing operations including, for example, human resources, logistics and administration. Information related to these processing operations is provided to data subjects at the point of data collection, or subsequently, as required by law.
-
Who are Every Future Foundation?
Every Future Foundation (“EFF”, “we”, “us”, “our”) is a charity that provides racial equity programmes that give young people and their educators a solid foundation of racial literacy combined with leadership skills and self-belief to trust that they can be “the change they want to see in the world”.
-
Data Controller
Every Future Foundation is the data controller for data processing in accordance with this policy.
We are a charitable incorporated organisation (UK registered charity number 1195211). Our registered offices are at Camden Collective, 5-7 Buck Street, London, NW1 8NJ.
If you have any questions about this Policy, our data processing practices, or your rights, you can contact us ([email protected]).
-
The personal data we collect, how we use it and the legal basis for this
Set out below is an explanation of the ways we collect and use, or “process” your data and the legal basis for this in accordance with applicable data protection laws.
If you browse our offer and book a service or make a donation via our website:
If you book an Every Future Foundation workshop, we collect the information you provide which may include your name, role, organisation, contact number, email address, postal address and payment information.
We collect information required for the provision of services, this may include information about the educational institution or local authority booking our services. For example, your address and contact details are necessary for us to process your request, process a booking or initiate any billing or receipt. The legal basis for this processing is your consent.
If you make an online, one-off or regular charitable donation to Every Future Foundation, you may be redirected to one of our charity banking partners or PayPal to facilitate the donation. When donating, we may collect information including your name, role, organisation, contact number, email address, postal address, payment information along with a declaration of whether you are a UK taxpayer for the purposes of claiming Gift Aid. The legal basis for this processing is entry into a contract with you to facilitate the donation and we retain this data on the basis of compliance with legal obligations related to taxation and that require us to maintain records of these transactions.
If you subscribe to our emails or newsletters:
We collect the information you provide – your name and email address – in order to send you updates about our work, when you sign-up online to receive emails from us. The legal basis for this processing is your consent, which you may withdraw at any time by unsubscribing to our emails.
If you contact us by phone, email or in writing:
If you exchange emails, telephone conversations or other electronic communications with our staff members, our systems will record details of those conversations, sometimes including their content. When you contact us, we may keep a record of the communication we have with you. The legal basis for this processing is our legitimate interests in operating, managing and developing our organisation and our work.
Work-related contacts:
In the course of our work, we collect information such as the names, contact details and work-related information about individuals and organisations we work with and who contact us. We keep this information in order to invite you to collaborate on and participate in relevant work-related activities.
This includes the details of those whose professional interests align closely with our own and individuals who participate directly in our activities, as well as those who we have current contractual obligations with or who we may in the future enter into an agreement with. We also keep the details of other professional contacts if you have consented to hearing from us for this purpose.
We collect this information through business cards, personal contact or occasionally recommendations from partners. The legal basis for this processing is our legitimate interests in operating, managing and developing our organisation and our work.
If you visit our website:
We collect some analytics data about the way you access and interact with our website using Google Analytics software. We determine which data is collected with the sole intention of helping us understand how website visitors are interacting with our site. The data collected to Google Analytics is never associated with you directly and any data collected is never transferred to any third party. The legal basis of this processing is our legitimate interest in providing you with a functional website, gauging unique site views and understanding the geographical reach of our content.
For transparency, the data we collect includes:
– the location a website visitor is searching from (city and country)
– the pages visited within our website
– the duration of a visitor’s browsing session
– how a visitor landed on our website
– the language a visitor is reading in
– the device a visitor is searching from
– the browser a visitor is searching from
If your web browser is configured to request that websites do not track you by sending a “Do Not Track” (DNT) request when loading webpages, Google Analytics will not collect any information from your system. More information about cookies is provided below.
If you respond to a survey from us:
From time to time we offer the option to engage in surveys to do with our work and advocacy. We conduct these surveys on the legal basis of your consent. We generally anonymise answers so that they cannot be linked back to individual respondents.
A full information notice is provided when you begin a survey and before your consent to engage in it is collected.
-
Your data and third parties
Every Future Foundation works with third party service providers who perform certain data processing tasks on our behalf. We strongly value data protection and we therefore very carefully select the third parties we work with and ensure that they share our values around data protection. All third parties that we work with are contractually obligated to act on our instructions and in accordance with current data protection legislation. We do not export data for processing outside the EU.
We will never sell, rent or trade your personal data. We will refuse to comply with law enforcement requests for access to personal data concerning users of our online services that we believe to be unwarranted, and unless legally prohibited or unable to do so, will notify the data subjects concerned. Third party service providers may also be compelled to disclose data for purposes other than which it was collected.
-
Cookies and analytics tracking
Google Analytics will use cookies on our website, which can detect information from a website visitor including their device’s operating system, browser type, IP address and browser language. Google Analytics (via google-analytics.com, google.com, googletagmanager.com) also tracks user engagement while on our website including which pages you visit and the duration spent browsing. This information is used to help us
understand the number of unique page visitors, where they are located and areas of the site that are visited most often.
You can opt out of the use of these cookies via your browser settings. Each browser is different, so check the Help or Settings menu of your particular browser to learn how to change your cookie preferences (see below list).
Google Chrome
<https://support.google.com/chrome/answer/95647?hl=en> Internet Explorer <https://windows.microsoft.com/en
US/windows7/Block-enable-or-allow-cookies>
Mozilla Firefox <https://support.mozilla.org/en-US/kb/cookies information-websites-store-on-your-computer>
Safari <https://support.apple.com/kb/HT1677>
Opera <https://www.opera.com/help/tutorials/security/privacy/>
We work with Woocommerce (via a plugin) as our ecommerce platform and utilise Stripe (as a payment portal) to facilitate payments and purchases made via our website shop. This requires us to set up third party data sharing with these companies in order to process these transactions.
WooCommerce Privacy Policy: https://woocommerce.com/document/marketplace-privacy/
Strip Privacy Policy:
-
Social media links
We use social media and social networking to increase the reach and impact of our work. Our social media pages are managed by EFF staff, volunteers and interns. Personal data processed by social media platforms is subject to the terms and conditions of those platforms, which may act as controllers of that data. Individuals who engage with our social media accounts should check the terms of the relevant platforms, which are subject to regular change, to understand how their data may be used.
EFF has accounts with the following social media platforms:
Facebook, see Facebook’s Data Policy
https://www.facebook.com/policy.php
YouTube, see YouTube Privacy Guidelines
https://www.youtube.com/intl/ALL_uk/howyoutubeworks/user-settings/privacy/
Instagram, see Instagram’s Privacy Policy
https://help.instagram.com/155833707900388
LinkedIn, see LinkedIn’s Privacy Policy
https://www.linkedin.com/legal/privacy-policy
-
Jurisdiction
Every Future Foundation is based in the United Kingdom and the data we collect is processed and stored within the UK and EU in accordance with applicable data protection laws. The UK currently remains subject to EU data protection laws.
-
Retention and deletion of your information
We keep your data as long as is necessary in connection with the purpose it is collected for. We do not keep data longer than required in connection with that purpose. We will delete the information we hold about you as soon as we no longer need it or, where actionable, at your request (see “Your rights” section below). For further specific information about our retention policies, please contact us on the details provided below.
-
The security of your information
We take the security of your information very seriously. We employ physical, electronic and organisational security measures to protect the information that we collect about you from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. For instance, we use SSL certificates on all websites we operate. SSL (Secure Sockets Layer) means that our website has a security certificate installed and that our users’ data is reliably protected.
Although we do our best to protect personal data, information transmitted over the internet remains vulnerable to unauthorised access – for this reason the transmission of any personal data to our websites or via email to us is therefore at the data subjects’ own risk.
-
Your rights
Individuals whose personal data is processed by Every Future Foundation have the following rights:
The right to be informed as to whether we hold data about the individual;
The right of access to that information;
The right to have inaccurate data corrected;
The right to have their data deleted;
The right to opt out of particular data processing operations;
The right to receive their data in a form that makes it“portable”;
The right to object to data processing;
The right to receive an explanation about any automated decision making and/or profiling and to challenge those decisions where appropriate.
You can update your preferences or unsubscribe from our mailing list at any time by clicking on the links in the newsletter, by emailing our [email protected].
You can also contact us to opt-out of or withdraw your consent to data processing we undertake, however in some cases we may need to retain data where it is kept in compliance with a legal obligation (e.g. records of donations must be kept).
You also have the right to bring concerns to your national data protection regulator if you feel that your personal data has been unlawfully processed. For example, data subjects covered by EU law may also be entitled to lodge complaints in regard to data processing or the handling of subject access requests with data protection supervisory authority in their country of residence.
Relevant supervisory authority names and contact details are listed here. The Data Protection Authority in the United Kingdom is the Information Commissioner’s Office (ICO). If you need any further information about your rights or want to lodge a concern or complaint, you may contact the ICO here.
-
Contact us
If you have a query regarding this Policy, or if you would like to exercise your rights as a data subject, please contact [email protected].
-
Changes to this policy
We keep this Privacy Policy under regular review and will place any updates on this page. This Privacy & Cookie Policy was last updated in March 2025.