top of page
Search

How to Write a Privacy Policy for Your Charity Website

  • kmunn87
  • Mar 18, 2024
  • 5 min read

Updated: May 23



Privacy policies are boring, right? Well, yes, but also incredibly important. Especially if you run a small UK charity and your website collects any kind of personal information (and it probably does). A clear, well-written privacy policy for your charity website builds trust, keeps you on the right side of UK GDPR, and shows you take data seriously. Plus, it's one of those must-haves that funders and partners are starting to look for.


So let’s make yours useful, friendly, and not a total snoozefest.



What is a Privacy Policy?


Think of your privacy policy as a promise to your supporters. It explains what information you collect when they visit your website and how you'll use it. A strong privacy policy builds trust and lets your donors know you're committed to protecting their information. You can check mine out here.



Where to Put your Privacy Policy on your Website


Don’t make people hunt for it. Pop it in the footer of every page, and link to it anywhere you collect personal information like your donation form or newsletter sign-up.



Why Charities Must Follow UK GDPR


The UK General Data Protection Regulation (UK GDPR) sets the rules on how you handle personal data. If your charity is based in the UK or collects data from UK residents (that’s almost all of you), you need to follow it.


The good news? A well-written privacy policy is a huge step toward compliance. Tick.



Do You Work with Children or Teens?


If your charity supports under-18s, there are extra hoops to jump through:


  • Parental consent: For children under 13, you’ll usually need consent from a parent or guardian.

  • Minimal data: Only collect what’s truly necessary.

  • Plain English: Keep it simple – or consider a separate child-friendly version of your policy.


Now, let's get started on crafting your stellar privacy policy!

 


How to write a Privacy Policy

How to Write Your Charity’s Privacy Policy


Break your privacy policy into clear, logical sections. Here's what to include: 


Step 1: Introduction & Website Scope


Start strong. Include:

  • Your charity’s name and registered number

  • Your website URL

  • A sentence explaining what the policy covers (i.e. how you handle data collected through your site)



Step 2: What Information Do You Collect?


Be transparent. Typical data might include:

  • Names, email addresses, and postal addresses

  • Donation info (amounts, not full card details)

  • Website usage data (e.g. page visits via Google Analytics)



Step 3: How Do You Use Data?


Supporters want to know how their data helps. Common uses include:

  • Processing donations and sending receipts

  • Emailing newsletters and updates

  • Improving your website experience



Step 4: How do you Keep it Safe?


Assure visitors that you take data security seriously. Mention:

  • Encryption

  • Secure storage

  • Staff training or limited access

No need to get overly technical just let them know it’s under control.



Step 5: Do You Share Data?


If you share data with third parties (e.g. fundraising platforms or email services), say so. Always explain:

  • Who you share with

  • Why

  • That consent will be obtained where required

If you don’t share data? Say that clearly. It builds trust.



Step 6: Let Supporters Stay in Control


Make it easy for people to:

  • Opt out of emails

  • Update their details

  • Request a copy of their data

Spell out how they can do this – usually by emailing your charity’s data contact or using a form on your site.



Step 7: Keeping Up-to-Date


Let people know your policy will be reviewed regularly and updated if needed. Include the date it was last updated.

 


Step 8: Tell them their data protection rights

Tell people about their data protection rights which include:

Your right of access - You have the right to ask for copies of your personal information.


  • Your right to rectification - You have the right to ask to rectify personal information you think is inaccurate. You also have the right to ask to complete information you think is incomplete.

  • Your right to erasure - You have the right to ask to erase your personal information in certain circumstances.

  • Your right to restriction of processing - You have the right to ask to restrict the processing of your personal information in certain circumstances.

  • Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

  • Your right to data portability - You have the right to ask that the transfer of personal information you give to another organisation, or to you, in certain circumstances.

 


Step 9: how to complain

Don't forget to include a clear and accessible complaint procedure. This shows users you value their privacy and are committed to addressing any concerns. Explain how users can submit complaints, whether through a web form or email address. You should also outline the response timeframe and how users will be informed of the outcome.


You should also include the contact details and website of Information Commissioner’s Office:

 

The ICO’s address:           

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Helpline number: 0303 123 1113

 

 

Bonus Tip: Write in Plain English!


Skip the legalese. Use clear, concise language that everyone can understand. Your privacy policy doesn't have to be a dry document. Infuse it with the same warmth and passion that drives your charity's mission. Are you known for your light-hearted tone? Let it shine through! Do you emphasize the urgency of your cause? Weave that urgency into your policy.


By using your charity's unique voice, you can create a privacy policy that's both informative and engaging.


 

How to write a Privacy Policy

Build Privacy into Your Website from the Start


A good privacy policy is just one piece of the puzzle. Your whole website should reflect your commitment to data protection. Here’s how:


Only collect what you need: Keep donation or contact forms simple. If you don’t need a phone number, don’t ask for it.

Be clear and honest: Add links to your privacy policy wherever you collect data. Tell people what you’re doing and why.

Use HTTPS: Secure your website with an SSL certificate. It encrypts data and builds trust.

Respect cookies: Don’t load up your site with trackers. Use cookie banners that give users proper control. Consider privacy-friendly analytics tools like Plausible or Fathom.




Need Help with a privacy policy for your charity website?


At Made by Katie, I specialise in websites for UK charities built with privacy and purpose in mind. I can help you:


  • Write a clear, legally compliant privacy policy

  • Create simple, respectful data collection forms

  • Implement ethical analytics tools

  • Design a site that supporters feel safe using


Get in touch for a free consultation and let’s create a website your donors trust and love.

 


  • Facebook
  • Instagram
  • Pinterest
  • LinkedIn
Made by Katie logo - web designer for charities
  • Pinterest
  • LinkedIn
  • Facebook
  • Instagram
decorative arrow

Let's talk 

Every project starts with a chat.
Drop me a message and lets make some magic.
hello@made-by-katie.com

Websites Made annimation

Privacy Policy   |   Terms of Use   |   I bet you won't click this link  |  Copyright © 2025 Made by Katie  |  In memory of Liz Chiassaro, my biggest fan

WHO I'VE WORKED WITH:

bottom of page