1. Introduction

Hayat Foundation Limited ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you interact with us, including through our website, marketing campaigns, donation platforms, events, and communications.

This policy applies to all personal data we process, whether you are a donor, volunteer, event attendee, service user, or website visitor.

      Our Commitment: We operate under a 100% Donation Policy, ensuring your contributions go directly to our charitable work. We apply the same integrity to protecting your personal information.
    

Charity Information:

Organization Name: Hayat Foundation Limited
Registered Address: 14 Mayfair Road, Oxford, OX4 3SR, United Kingdom
Contact Email: info@hayatfoundation.uk
Phone: +44 7587 522140

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when you:

Make a donation or set up recurring giving
Register for events, workshops, or retreats
Sign up for our newsletter or Ramadan campaign updates
Submit volunteer applications
Contact us via email, phone, or social media
Fill out forms on our website or landing pages
Participate in fundraising campaigns
Request funeral services or Zakat calculations

Types of personal information collected:

Full name
Email address
Phone number (mobile and/or landline)
Postal address
Payment information (processed securely by third parties)
Gift Aid declaration details (UK taxpayers)
Date of birth (where required for specific services)
Gender (optional, for event planning)
Communication preferences
Donation history and amounts
Event attendance records

2.2 Information Collected Automatically

When you visit our website or interact with our digital campaigns, we automatically collect:

IP address and location data
Browser type and version
Device information
Pages visited and time spent
Referring website
Cookies and similar tracking technologies
Email open rates and click-through rates

2.3 Information from Third Parties

We may receive information from:

Payment processors (Square, PayPal, bank transfers)
Social media platforms (Facebook, Instagram, Twitter)
Email marketing platforms (Mailchimp, etc.)
Event management platforms
Gift Aid verification services (HMRC)

3. How We Use Your Information

We process your personal data for the following purposes:

3.1 Processing Donations

To process your donation securely
To send donation receipts and acknowledgments
To process Gift Aid claims (with your consent)
To manage recurring donations
To provide updates on how your donation is being used

3.2 Marketing Communications

      Your Consent Matters: We will only send you marketing communications if you have opted in to receive them. You can withdraw consent at any time.
    

With your consent, we may send you:

Email newsletters about our work and campaigns
Ramadan appeal updates and fundraising campaigns
Event invitations and community updates
Emergency relief appeals (Gaza, Afghanistan, etc.)
SMS messages about urgent appeals or events
WhatsApp messages (if you've opted in)
Phone calls about campaigns or events
Automated marketing messages

3.3 Event Management

To register you for events, retreats, and workshops
To send event confirmations and reminders
To manage event logistics and catering
To collect feedback after events

3.4 Service Delivery

To provide funeral services (when requested)
To assist with Zakat calculations
To coordinate volunteer activities
To distribute Marefat publications and books

3.5 Analytics and Improvement

To understand how our website and campaigns perform
To improve donor experience and engagement
To analyze fundraising effectiveness
To make data-driven decisions about our programs

3.6 Legal Compliance

To comply with charity law and regulations
To maintain accurate financial records
To respond to legal requests
To prevent fraud and protect our organization

4. Legal Basis for Processing

Under UK GDPR, we process your data based on the following legal grounds:

Purpose	Legal Basis
Processing donations	Contract / Legitimate Interest
Marketing communications	Consent
Event registration	Contract / Legitimate Interest
Gift Aid claims	Legal Obligation
Financial records	Legal Obligation
Analytics and improvement	Legitimate Interest
Fraud prevention	Legitimate Interest

Important: Where we rely on consent, you have the right to withdraw it at any time by contacting us or using the unsubscribe link in our emails.

5. Marketing Communications & Your Choices

5.1 How We Contact You

We may contact you through the following channels (with your consent):

Email: Newsletters, campaign updates, event invitations
SMS/Text Messages: Urgent appeals, event reminders
Phone Calls: Campaign updates, thank you calls (manually dialed)
WhatsApp: Community updates, event information (opt-in only)
Post: Annual reports, Ramadan campaign materials
Social Media: Posts and targeted ads on Facebook, Instagram, Twitter

5.2 Automated Communications

      Automated Messaging: We use automated systems to send emails, SMS, and WhatsApp messages. By providing your contact information and opting in, you consent to receive these automated communications.
    

Our automated communications include:

Donation receipts and thank you emails
Event registration confirmations
Campaign updates during Ramadan
Emergency appeal notifications
Newsletter distributions
Birthday or Ramadan greetings (if opted in)

5.3 Opting Out

You can opt out of marketing communications at any time by:

Clicking the "unsubscribe" link in any email
Replying "STOP" to any SMS message
Contacting us at [email protected]
Calling +44 7587 522140
Writing to us at 14 Mayfair Road, Oxford, OX4 3SR

Note: Opting out of marketing will not stop essential service communications related to your donations or event bookings.

5.4 Message and Data Rates

Standard message and data rates may apply when you receive SMS or WhatsApp messages from us. Please check with your mobile carrier for details.

6. How We Share Your Information

We do not sell, rent, or trade your personal information. We only share data with trusted third parties as follows:

6.1 Service Providers

We work with carefully selected organizations who process data on our behalf:

Payment Processors: Square, PayPal, Lloyds Bank (for secure donation processing)
Email Marketing: Mailchimp or similar platforms (for newsletters)
Website Hosting: Yawar ICT Solutions
Analytics: Google Analytics, Facebook Pixel
Event Management: Event booking platforms
SMS Services: SMS gateway providers

6.2 Legal Requirements

We may share information when required by law or to:

Comply with legal obligations
Respond to lawful requests from authorities
Submit Gift Aid claims to HMRC
Protect our rights and property
Prevent fraud or illegal activity

6.3 Partners and Collaborators

We may share limited information with partner charities or organizations when delivering joint programs in Afghanistan or the UK, always with appropriate safeguards.

      Data Processing Agreements: All third-party processors are bound by data processing agreements ensuring your information is protected to the same standards we apply.
    

7. International Data Transfers

As we operate relief programs in Afghanistan and work with international partners, your data may be transferred outside the UK and European Economic Area (EEA).

When we transfer data internationally, we ensure appropriate safeguards are in place:

Standard Contractual Clauses approved by the UK ICO
Adequate security measures
Limited data transfer (only what's necessary)
Encryption during transfer

Countries we may transfer data to include: Afghanistan (for relief program delivery)

8. How Long We Keep Your Data

We retain personal data only for as long as necessary:

Data Type	Retention Period
Donation records	7 years (UK tax and charity law requirement)
Gift Aid declarations	7 years after last donation
Marketing consents	Until withdrawn or 3 years of inactivity
Event registrations	3 years after event
Website analytics	26 months (Google Analytics default)
Email communications	Until unsubscribe or 3 years of inactivity
Volunteer records	Duration of volunteering + 2 years

After retention periods expire, we securely delete or anonymize your data.

9. Your Data Protection Rights

Under UK GDPR, you have the following rights:

9.1 Right to Access

You can request a copy of the personal data we hold about you (Subject Access Request).

9.2 Right to Rectification

You can ask us to correct inaccurate or incomplete information.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your data, subject to legal obligations (e.g., financial records).

9.4 Right to Restrict Processing

You can ask us to limit how we use your data in certain circumstances.

9.5 Right to Data Portability

You can request your data in a portable format to transfer to another organization.

9.6 Right to Object

You can object to processing based on legitimate interests, including direct marketing.

9.7 Right to Withdraw Consent

Where we rely on consent, you can withdraw it at any time.

9.8 Right to Lodge a Complaint

You can complain to the Information Commissioner's Office (ICO) if you believe we've mishandled your data:

ICO Website: www.ico.org.uk
ICO Helpline: 0303 123 1113

Exercising Your Rights: To exercise any of these rights, contact us at [email protected]. We will respond within one month.

10. Data Security

We take the security of your personal information seriously and implement appropriate measures:

Technical Measures

SSL/TLS encryption on our website
Secure payment processing (PCI-DSS compliant)
Regular security updates and patches
Firewall and anti-malware protection
Encrypted data backups
Two-factor authentication for staff access

Organizational Measures

Limited access to personal data (need-to-know basis)
Staff training on data protection
Confidentiality agreements with all staff and volunteers
Regular privacy audits
Incident response procedures

Data Breach Notification: In the unlikely event of a data breach affecting your rights, we will notify you and the ICO within 72 hours as required by law.

11. Cookies and Tracking Technologies

Our website uses cookies to improve your experience. For detailed information, please see our Cookie Policy.

Essential Cookies

Required for website functionality (cannot be disabled):

Session management
Security features
Donation form functionality

Analytics Cookies (Opt-in)

Google Analytics (website traffic and behavior)
Facebook Pixel (campaign performance)
Hotjar (user experience insights)

Marketing Cookies (Opt-in)

Facebook advertising
Google Ads retargeting
Social media integration

Managing Cookies: You can control cookies through your browser settings or our cookie consent banner.

12. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal information from children.

If a parent or guardian believes we have collected information from a child, please contact us immediately so we can delete it.

For youth programs and events, we obtain parental consent before collecting any information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

When we make significant changes, we will:

Update the "Last Updated" date at the bottom of this page
Notify you via email (if you're subscribed to our communications)
Display a prominent notice on our website

We encourage you to review this policy periodically.

Privacy Policy