top of page

How to write a Privacy Policy for your charity website



Let's face it, privacy policies can be a bit of a snooze-fest. But for your charity website, it's a crucial for building trust with supporters and if you are based in the UK, a legal requirement. A clear and concise privacy policy shows your donors you take their information seriously.



What is a Privacy Policy?


Think of your privacy policy as a promise to your supporters. It explains what information you collect when they visit your website and how you'll use it. A strong privacy policy builds trust and lets your donors know you're committed to protecting their information. You can check mine out here.



Where to Find Your Privacy Policy


Your privacy policy should be easy for visitors to find. Most websites place it in the footer – that block of text at the bottom of the page. You might also see it linked on pages where visitors submit personal information, like donation forms or contact us pages.



UK GDPR and Your Charity Website


The UK General Data Protection Regulation (UK GDPR) is a law that sets ground rules for how organisations handle personal information. If your charity is based in the UK or you collect information from UK residents, you'll need to comply with UK GDPR.


Here's the good news, A well-crafted privacy policy is a big step towards GDPR compliance! By following the steps in this guide, you'll be on your way to a policy that meets the key requirements of UK GDPR.



Extra Considerations for Children's Data


Does your charity work with children or teenagers? If so, there are some extra things to consider when crafting your privacy policy. Here are a few key points:


  • Parental Consent: For children under 13, you'll typically need to get verifiable parental consent before collecting or using their personal information.

  • Limited Data Collection: Only collect the information you absolutely need to fulfil your mission.

  • Clear Language: Use language that is easy for children to understand. You might also want to consider a separate privacy policy specifically for children.


Now, let's get started on crafting your stellar privacy policy!

 


How to write a Privacy Policy

 

Step 1: Introduction & Website Scope

Start by introducing yourself – your charity's name, number and website address. Let everyone know this policy covers how you handle information collected through your website.



Step 2: What Information Do You Collect?

Donors won't trust a mystery box! Be upfront about what information you collect. This can include:


  • Personal details: Names, addresses, email addresses

  • Donation information: Transaction amounts, payment methods (but not full credit card numbers!)

  • Website usage data: This might include things like pages visited and browsing history (but not specific identities).



Step 3: How Do You Use This Information?

Here's where you show transparency. Explain how you use the information you collect. Here are some common reasons:


  • Process donations: Thank you notes, keeping track of giving history.

  • Send updates: Newsletters, information about your impact.

  • Improve your website: Understand what resonates with your supporters.



Step 4: Keeping Things Secure

Donors want to know their information is safe. Briefly explain your security measures, like using encryption and storing data securely. You don't need to get overly technical but assure them you take precautions.



Step 5: Sharing Information (or Not Sharing)

Will you share donor information with anyone else? Be clear about your policy. You might share with trusted partners who help with fundraising or mailing, but always get consent first.



Step 6: Keeping Control (Opt-Out & Access)

Let your supporters know they're in control. Explain how they can opt-out of receiving emails or how they can access and update their information.



Step 7: Keeping Up-to-Date

The digital world moves fast! Let everyone know you'll update your privacy policy if anything changes.

 


Step 8: Tell them their data protection rights

Tell people about their data protection rights which include:

Your right of access - You have the right to ask for copies of your personal information.


  • Your right to rectification - You have the right to ask to rectify personal information you think is inaccurate. You also have the right to ask to complete information you think is incomplete.

  • Your right to erasure - You have the right to ask to erase your personal information in certain circumstances.

  • Your right to restriction of processing - You have the right to ask to restrict the processing of your personal information in certain circumstances.

  • Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

  • Your right to data portability - You have the right to ask that the transfer of personal information you give to another organisation, or to you, in certain circumstances.

 


Step 9: how to complain

Don't forget to include a clear and accessible complaint procedure. This shows users you value their privacy and are committed to addressing any concerns. Explain how users can submit complaints, whether through a web form or email address. You should also outline the response timeframe and how users will be informed of the outcome.


You should also include the contact details and website of Information Commissioner’s Office:

 

The ICO’s address:           

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Helpline number: 0303 123 1113

 

 

Bonus Tip: Write in Plain English!


Skip the legalese. Use clear, concise language that everyone can understand. Your privacy policy doesn't have to be a dry document. Infuse it with the same warmth and passion that drives your charity's mission. Are you known for your light-hearted tone? Let it shine through! Do you emphasize the urgency of your cause? Weave that urgency into your policy.


By using your charity's unique voice, you can create a privacy policy that's both informative and engaging.


 

Feeling Stuck? Help is Available!


Crafting a privacy policy can feel overwhelming, but don't worry! There are a number of online privacy policy generators available that can help you get started. These tools can provide you with a template that you can customise to fit your charity's specific needs and it’s quick and simple to use.




How to write a Privacy Policy

Designing with Privacy in Mind: Building Trust from the Start


While a well-crafted privacy policy is essential, it's just the first step. To truly build trust with supporters, your website itself should be designed with privacy in mind. This means putting the principles outlined in your policy into action throughout the user experience. Here are some practical steps you can take:


Respecting data minimisation: 

Under the UK General Data Protection Regulation (GDPR), you can only collect supporter information that's necessary for your charitable purposes. Avoid asking for unnecessary details during registration, donations, or volunteer sign-ups.

 

Transparency is key: 

Add links to your privacy policy at points on your website where you collect data such as enquiry forms, registration pages or donation forms or explain what data you are collecting and why.

 

Privacy-first by default: 

Make privacy-protective options the standard setting. Supporters should have to actively choose to share their data, not opt-out of unwanted tracking.

 

Focus on ethical analytics: 

Minimise third-party tracking cookies and scripts that might collect supporter data for advertising purposes. Explore privacy-focused analytics tools that provide insights without compromising individual identities.

 

Secure connections: 

Ensure all communication between your website and supporters is encrypted using HTTPS. This safeguards sensitive information like donation details during online transactions.

 

By following these practices, you can design a website that respects supporter privacy and fosters trust. Remember, your privacy policy and website design should work together to create a transparent and supporter-centric experience. This not only builds trust but also aligns with your legal obligations under the GDPR.

 




Ready to build a website that earns donor trust?


At Made by Katie, I can help you craft a user-friendly websites that prioritise donor privacy. I understand the importance of safeguarding your supporters' information, and we design websites that are both secure and transparent.


I can help you implement privacy-focused analytics, design minimalist forms that request only essential data, and ensure respectful use of cookies. My websites are built to not only meet your fundraising goals but also to foster long-lasting relationships with your donors built on a foundation of trust.


Contact me today for a free consultation and let's discuss how we can design a website that reflects your charity's mission while respecting your donors' privacy.

 

159 views
  • Facebook
  • Instagram
  • Pinterest
  • LinkedIn
bottom of page