Last Updated: 11 March 2026
I Heritage (“we”, “us”, “our”) is committed to protecting your personal information and your privacy rights. This Privacy Policy explains how we collect, use, store, and safeguard your personal data when you interact with us—whether you visit our website, donate to our cause, apply for housing, or partner with us.
We are a UK registered charity dedicated to providing safe, supported housing for vulnerable adults. We respect the trust you place in us when you share your personal information, and we are committed to being transparent and accountable in how we handle your data.
Who We Are:
Charity Name: I Heritage
For all data protection matters, you can contact us at [dataprotection@iheritage.org.uk] or using the contact details above.
We are registered with the Information Commissioner’s Office (ICO) as a data controller under reference [Your ICO Registration Number].
The type of personal information we collect depends on your relationship with us. We only collect information that is necessary for the purposes explained in this policy.
We may collect the following types of information:
| Category | Examples |
|---|---|
| Identity Information | Name, title, date of birth, gender |
| Contact Details | Address, email address, phone number |
| Financial Information | Bank account details, payment card information (for donations or rent) |
| Donation History | Amounts donated, Gift Aid status, date of donations |
| Tenancy Information | Housing history, support needs, tenancy agreements |
| Special Category Data | Health information, disability details, support requirements (only collected when necessary for providing appropriate housing and support) |
| Technical Information | IP address, browser type, pages visited on our website, cookie data |
| Correspondence | Emails, letters, and records of conversations with us |
If you are a resident or applicant for housing, we may need to collect information about your support needs to ensure we can provide appropriate accommodation. This may include health information, which is treated with particular care under data protection law.
We collect personal information in the following ways:
Directly from you: When you contact us, make a donation, apply for housing, sign a tenancy agreement, volunteer with us, or partner with us.
Via our website: When you use our website, we may collect technical information through cookies.
From third parties: When you are referred to us by local authorities, care providers, or support agencies.
From public sources: Occasionally, we may use publicly available information for due diligence purposes.
Under UK GDPR, we must have a valid legal reason to process your personal information. The table below explains how we use your data and which legal basis applies.
| Purpose of Processing | Legal Basis |
|---|---|
| To provide housing and tenancy support services | Performance of a contract – to fulfill our tenancy agreements with you |
| To process donations and claim Gift Aid | Legal obligation – HMRC requires us to maintain accurate financial records |
| To communicate with you about your tenancy or support | Performance of a contract – to manage your housing effectively |
| To send you fundraising appeals and newsletters | Legitimate interest or Consent (see Section 5 below) |
| To respond to enquiries and provide information | Legitimate interest – to answer your questions and help you |
| To safeguard vulnerable individuals | Vital interests – to protect someone’s life or safety |
| To comply with legal and regulatory requirements | Legal obligation – to meet our duties to regulators like the Charity Commission |
| To improve our website and services | Legitimate interest – to understand how people use our site and enhance their experience |
| To process job or volunteer applications | Performance of a contract (for employment) or legitimate interest (for volunteers) |
Special Category Data: When we process health information or other special category data (for example, to assess your housing support needs), we rely on an additional legal basis under Article 9 of the GDPR. This may include:
Explicit consent from you
Processing necessary for social protection law (e.g., safeguarding)
Processing carried out in the course of our legitimate activities with appropriate safeguards
We value your support and want to keep you informed about our work, fundraising appeals, and events. However, we respect your right to choose how we contact you.
Postal Communications:
We may send you fundraising appeals and updates by post based on legitimate interest, provided you have not objected to receiving such communications.
Email, Text, and Telephone Marketing:
Under the Privacy and Electronic Communications Regulations (PECR), we need your consent to send you marketing emails, texts, or make automated calls. We will only send these communications if you have explicitly agreed to receive them.
How to Opt Out:
You can change your marketing preferences at any time by:
Clicking the “unsubscribe” link in any marketing email
Emailing us at info@iheritage.uk
We will never sell or share your personal information with third parties for their own marketing purposes.
We only share your personal information when necessary and always in accordance with data protection law. We may share your data with:
| Recipient | Reason for Sharing |
|---|---|
| Local authorities and referral agencies | To manage housing referrals and placements |
| CQC-registered care providers | To ensure you receive appropriate care and support (we only share what is necessary) |
| HMRC and Charity Commission | To meet legal obligations regarding donations and charity governance |
| Professional advisors | Such as solicitors, accountants, or auditors when necessary |
| IT service providers | Who host our website or manage our databases (as data processors) |
| Payment processors | To process donations securely |
Where we share data with third parties who process information on our behalf (data processors), we have written contracts in place to ensure they protect your data and only act on our instructions.
We will never sell your personal information to third parties.
We primarily store your data within the UK and European Economic Area (EEA). If we ever need to transfer your information outside these areas (for example, using a cloud service provider with servers elsewhere), we will ensure appropriate safeguards are in place, such as standard contractual clauses approved by the UK.
We only keep your personal information for as long as necessary to fulfill the purposes we collected it for. After that, we securely delete or anonymise it.
| Type of Information | Retention Period |
|---|---|
| Donor records | 7 years after last donation (to comply with HMRC rules) |
| Tenancy records | 7 years after tenancy ends (for legal and insurance purposes) |
| Job applications | 6 months after recruitment decision |
| Enquiries | 2 years after last contact |
| Website visitor data | 26 months (via Google Analytics) |
These periods are reviewed regularly to ensure we are not keeping data longer than necessary.
Under data protection law, you have important rights. You can:
| Right | What This Means |
|---|---|
| Right to be informed | To know how your data is being used (this policy provides that information) |
| Right of access | To request a copy of the personal information we hold about you |
| Right to rectification | To ask us to correct inaccurate or incomplete information |
| Right to erasure | To ask us to delete your personal information in certain circumstances |
| Right to restrict processing | To ask us to limit how we use your data |
| Right to data portability | To receive your data in a structured, machine-readable format |
| Right to object | To object to processing based on legitimate interests (including direct marketing) |
| Rights related to automated decision-making | Not to be subject to decisions based solely on automated processing |
How to Exercise Your Rights:
To exercise any of these rights, please contact us at:
Email: info@iheritage.uk
We will respond to your request within one month. This may be extended by two months for complex requests.
There is no charge for exercising your rights, unless your request is clearly unfounded or excessive.
We take the security of your personal information seriously. We have implemented appropriate technical and organisational measures to protect your data from unauthorised access, loss, misuse, or alteration. These include:
Secure cloud storage with encryption
Password protection and two-factor authentication where possible
Restricted access to personal data on a “need to know” basis
Regular security reviews and updates
Staff training on data protection
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform you without delay.
Our website uses cookies to improve your browsing experience and understand how visitors use our site.
What are cookies? Small text files placed on your device when you visit a website.
Types of cookies we use:
Essential cookies: Necessary for the website to function
Analytics cookies: Help us understand how visitors interact with our site (e.g., Google Analytics)
You can control cookies through your browser settings. For more information, please see our separate cookie policy.
We do not knowingly collect personal information from children under 13 without parental consent. If you believe we have inadvertently collected such information, please contact us immediately.
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will notify you by email or through a notice on our website.
Please check this page occasionally to ensure you are happy with any changes.
If you have concerns about how we handle your personal information, please contact us first—we will do our best to resolve the issue.
You also have the right to complain to the Information Commissioner’s Office (ICO) , the UK regulator for data protection:
Website: www.ico.org.uk
Phone: 0303 123 1113
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would appreciate the opportunity to address your concerns before you contact the ICO, so please do reach out to us first.
If you have any questions about this Privacy Policy or how we handle your personal information, please contact our Data Protection Lead:
Email: info@iheritage.uk