Effective Date: 25/07/2025
Last Updated: 25/07/2025
Contact Email: support@volounteervoice.co.uk
This GDPR Policy outlines how VolunteerVoice collects, processes, stores, and protects personal data in compliance with the General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
VolunteerVoice is committed to safeguarding the privacy and rights of individuals, including volunteers, charity representatives, users, and website visitors.
VolunteerVoice acts as a Data Controller for personal data related to its users, charity representatives, and visitors.
VolunteerVoice acts as a Data Processor when processing information on behalf of subscribing charities (e.g., volunteer interaction data, account management).
Anonymous review content
Optional contact information if an account is created (email, encrypted password)
Technical data including IP address, device information, and browser type
Full name, job title, organisation, email address, and phone number
Organisation details (logo, mission statement, EDI policies, etc.)
Payment and billing information (processed securely via third-party providers)
Log data, cookies, browser information, device type, usage data
| Purpose | Legal Basis |
|---|---|
| Providing access to the platform | Contractual necessity |
| Managing subscriptions and payments | Contractual necessity |
| Displaying and moderating reviews | Legitimate interest / consent |
| Communication with users | Legitimate interest / contractual |
| Security, fraud prevention, and maintenance | Legitimate interest |
| Marketing (with opt-in consent) | Consent |
| Compliance with legal obligations | Legal obligation |
Under GDPR, individuals have the following rights:
Right to be informed about how their data is used
Right of access to their personal data
Right to rectification of inaccurate data
Right to erasure (“right to be forgotten”)
Right to restrict processing
Right to data portability
Right to object to processing
Rights regarding automated decision-making (Note: VolunteerVoice does not conduct automated decision-making or profiling)
Requests to exercise any of these rights should be sent to: support@volounteervoice.co.uk. We will respond within 30 days.
Data is stored securely on servers located in the United Kingdom or within the European Economic Area (EEA).
We employ encryption, access controls, and regular security monitoring to protect data.
Access to personal data is limited to authorised personnel only.
Volunteer reviews: retained indefinitely unless removed by the reviewer.
User and charity account data: retained for the duration of the account and for up to six years after termination for legal and financial compliance.
Technical data and logs: retained for security and troubleshooting, typically up to 12 months.
We do not sell personal data. Data may be shared with:
Payment processors (e.g., Stripe, GoCardless)
Hosting and IT service providers
Analytics and communication service providers
Legal authorities where required by law
If data is transferred outside the UK or EEA, it is done with appropriate safeguards, such as Standard Contractual Clauses (SCCs) or adequacy decisions.
We use cookies to:
Enhance site functionality
Track website usage (via Google Analytics or similar)
Manage login sessions
Users can manage cookie preferences via browser settings.
In the event of a data breach, we will:
Investigate immediately
Notify affected users if there is a high risk to their rights and freedoms
Notify the Information Commissioner’s Office (ICO) within 72 hours where legally required
If you have questions or concerns about this GDPR Policy or how your data is handled, contact:
Email: support@volounteervoice.co.uk
If you are not satisfied with our response, you have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk.