top of page

Privacy Policy 


Arise Foundation (“Arise”, “the Charity”, “we”, “us”, “our(s)”) is a charity with a mission to build the strength, sustainability and direct impact of frontline groups working to prevent slavery and human trafficking. We are committed to protecting and respecting your privacy. Our registered office is at 169 Hammersmith Road, W6 8DB and our charity number is 1165248. 


We are registered with the Information Commissioner’s Office under registration number ZA800865. 

For the purposes of the UK General Data Protection Regulation (the UK GDPR) and the Data Protection Act (DPA) 2018, we are the controller of your personal data which means that we determine the purposes (the why) and the means (the how) of the processing of your personal data. 


This privacy notice sets out why we collect personal data, how we collect and use it and who it is shared with. It also explains the legal basis for the use of your personal data and the legal rights you have over the way it is used. 



We may collect your personal data in the following ways: 

  • Information you give us directly: for example, you may provide your details to us when you ask us for information or donate, attend our events or contact us for any other reason via our website, email, phone, or in person. 

  • Information shared by known third party organisations: we may receive information about you from third party partners, for example websites such as Virgin Money, JustGiving or Stripe when you donate. This may include information such as your name, contact information, and whether you are a taxpayer so we can claim gift aid. 

  • We may collect some personal data about you through third parties as a result of donations made through corporate donation platforms, e.g. BNY Mellon, Fidelity, etc. This information includes your email address and your postcode. 

  • Information collected when you use our website: when you use our website, some limited information about you is recorded and temporarily stored (please see our “Cookies” policy for more details). 

  • Information available publicly: for example, we may include in our newsletters some information obtained from social media or from articles/newsletters.

  • When you donate to us 

  • When you fundraise for us 

  • When you take part in our events or attend a meeting

  • When you subscribe to our newsletter or apply to volunteer/give your time 



The type and amount of personal data we collect depends on the purposes for which we will need to use it and will include: 

  • Information used to identify and keep in touch with you: Such as your name and contact details (address, email address, phone number). We collect this data to communicate effectively with you. 

  • If you are a supporter, for example, you want to donate, fundraise for us or sign up for our newsletter or event, in addition to asking for your name and contact details (your address, email address and your phone number), we may also ask for information about your professional qualifications, positions/roles and your reasons for supporting our work. 

  • We may need to ask for your financial data to process donations (including those by debit or credit card). 

  • Correspondence between us, for example, if you email or write to us. ● Images, audio and video recordings, e.g. if you attend an event we are hosting, and images captured on our CCTV system, e.g. if you attend our premises. 


Certain categories of personal information are regarded by data protection law as more sensitive than others. Known as ‘special category personal data’, this relates to information about your health, racial or ethnic origin, details of sexual life, sexual orientation, religious beliefs, political opinions or any genetic or biometric data that is used to identify you. This information, and any information about criminal offences or convictions, warrants a higher level of protection under data protection law. 


Given the nature of our work, the Charity may process special category data about you, including: 

  • Information relating to your health and wellbeing 

  • Information relating to your religious beliefs 



We will use your personal data for various purposes consistent with the legal basis we rely on to process your data. These purposes include: 

  • keeping you informed about the Charity’s work, developments within the policy community and general updates about contemporary slavery; 

  • providing you with the information or services you have asked for;

  • processing donations you make, including processing for gift aid purposes;

  • sending you communications with your consent that may be of interest, including marketing information about our services and activities, campaigns and appeals asking for donations and other fundraising activities and promotions for which we seek support; 

  • seeking your views on the services or activities we carry on so that we can make improvements; 

  • maintaining our organisational records and ensuring we know how you prefer to be contacted; 

  • offering you opportunities to become involved in the anti-slavery movement in other ways, for example through volunteering. 

We do not use your personal data in automated decision-making, including profiling (i.e. we do not make decisions about you by way of automated means without human involvement). 



Data protection law requires us to have a lawful basis for processing your personal data. Depending on the purposes for which we use your data, we may rely on one or more of the following lawful bases: 

  • Consent: Where you have provided your consent for us to use your personal data. For example, if you sign up to receive marketing communications from us. You may withdraw consent at any time. This will not affect the lawfulness of processing of your information prior to your withdrawal of consent being received and actioned. 

  • Performance of a contract: It may be necessary for us to use your information to carry out our obligations under a contract entered into with you or to take steps you ask us to take prior to entering into a contract. 

  • Vital interests: It may be necessary for us to use your information to protect the vital interests of you or another individual. For example, providing your details to a medical professional in the case of a medical emergency. 

  • Legal obligations: It may be necessary for us to use your information to comply with our legal obligations. For example, if we are legally required to hold transaction details for gift aid or accounting/tax purposes. 

  • Legitimate interests: It may be necessary for us to use your personal data for the purposes of “legitimate interests” pursued by the Charity or a third party (as long as those legitimate interests are not overridden by your rights and freedoms), for example: 

    • Sending direct marketing communications; 

    • Taking and using photos and/or films of individuals attending our events; o Administering events; 

    • The use of CCTV on our premises for the purposes of security and prevention and detection of crime; 


We will only process special category data where we have also identified an appropriate condition for doing so in accordance with Article 9 of the UK GDPR: 

  • You have provided explicit consent (such consent may be withdrawn at any time);

  • The processing is necessary in order to protect your or another person’s vital interests where that person is physically or legally incapable of giving consent (for example, providing your details to a medical professional in a medical emergency);

  • The processing relates to personal data which is manifestly made public by you (for example, where you publish information about yourself in the public domain);

  • The processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity (for example, providing information to a court where a claim has been made); 

  • The processing is necessary for reasons of substantial public interest, in accordance with Part 2, Schedule 1 of the DPA 2018 (for example, where this is necessary for the purposes of protecting the physical, mental or emotional wellbeing of an individual). 



We understand the importance of security of your personal data and take appropriate steps to safeguard it. 

We take your privacy seriously and we take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including encryption and password protection. 

We always ensure that only authorised persons have access to your personal data, which means only those members of our staff who need to access your data to fulfil their roles. Everyone who has access to personal data is appropriately trained and aware of their obligations to ensure confidentiality and security of your data. 

We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. 

Please note, we interact via the internet and email, and no external data transmission over the internet can be guaranteed to be 100% secure. So, while the Charity strives to safeguard your personal data, we cannot guarantee the security of any information you provide online and you do this at your own risk. 



When we collect personal data from you, we will make it clear whether you are required by law, or under a contract, to provide your personal data, and what will happen if you do not provide that data, for example we might not be able to offer some/all of our products or services to you. 


We will not share your personal data with third parties without your consent unless the law allows us to. We may disclose your personal data to the following third parties, to enable us to provide our services, fulfil our charitable objectives or comply with our legal obligations:

  • government departments, bodies and agencies (eg HMRC) 

  • law enforcement (eg the police) 

  • regulators (eg the Charity Commission) 

  • our professional advisers (eg accountants and solicitors) 

  • third party service providers (eg IT services, mailing and marketing services providers, event partners) 

  • third parties in connection with restructuring or reorganisation of our operations, for example if we merge with another charity. 


We select all third-party service providers with care and provide them with the minimum amount of information necessary to provide the service. We always require them to protect your personal data to the same standard as we do. 



We may transfer your information to countries or territories outside the UK, which are subject to different data protection laws. We may do this where for example, we use suppliers in a third country or data is stored on servers outside the UK. 

We meet the UK GDPR requirements by ensuring that personal data is protected as if it were being held in the UK. This will usually be because the country to which we transfer data either benefits from an adequacy regulation or we have entered into a contract with the third party which contains contractual clauses recognised as a valid data transfer mechanism in the UK. 

If you would like more information about how we protect your personal data if it is transferred outside the UK please contact our Data Protection Officer (DPO), Martin Foley at


We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for us to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled. 

Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise, withdraw your consent. We may retain your contact details (but without sending you direct marketing) for a period of three years after you have withdrawn your consent. This is so that we can more easily distinguish the people who have withdrawn consent. 



Data protection law provides individuals with various legal rights, which may be exercised in certain circumstances. You have the following legal rights over your personal data:

  • The right of access: This right enables you to obtain a copy of the personal data we hold about you as well as other information about how we are processing your personal data.

  • The right to rectification: This right enables you to require us to correct the personal data we hold about you if it is inaccurate or incomplete. 

  • The right to erasure: In certain circumstances, you have the right to request that personal information we hold about you is erased (such as where we no longer need your personal data for the purpose it was originally collected for). 

  • The right to restrict processing of your personal data: You may ask us to restrict the use of your personal data in certain circumstances (such as where you believe your personal data is incorrect and we need to verify the accuracy of the personal data we hold) 

  • The right to object: You may object to our processing of your personal data in certain circumstances, such as where we are processing your personal data on the basis of “legitimate interests”. Please note, you always have the right to object to processing of your personal data for direct marketing purposes.

  • The right to data portability: This right allows you to request that we transfer your personal data to you or another third party in a commonly used, machine-readable format. Please note, this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you. 

  • The right to withdraw consent: Where we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. If you decide to withdraw your consent, that does not mean that our use of your personal data before you withdrew your consent is against the law. 


Please note, some of your legal rights are subject to safeguards, limitations or exemptions. If you wish to exercise your rights, please contact us via and we will respond within the time limits set out in data protection law. 


If at any time you are not happy with how we are processing your personal information then you may raise the issue with the Date Protection Lead in the first instance. If you are not satisfied with the handling of your issue, you may raise a complaint with the Information Commissioner’s Office at or seek a remedy through the courts. 


If any of the personal data that you have provided to us changes or if you become aware we have any inaccurate personal data about you, please let us know by sending an email to We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us. 


We will update and change this Privacy Notice from time to time to reflect changes to the way we handle your personal data or changing legal requirements. Any changes we may make to our Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently for changes to this Privacy Notice and each time you give us your personal information.

bottom of page