Charity: NATIONAL SADAQA FOUNDATION (Charity No. 1206401)

Organisation type: Charitable Incorporated Organisation (CIO)

Version: v1.0

Status: Draft for Board approval

Date: 06 February 2026

Purpose

To explain how NSF handles personal data lawfully and securely, and to set standards for internal data governance.

1. Policy statement

• NSF processes personal data in accordance with UK data protection law, including the UK GDPR and Data Protection Act 2018.
• We collect only what we need, keep it secure, and respect individuals’ rights.

2. Data we may collect

• Donor details; Gift Aid declarations; volunteer applications; grant applications; communications; website analytics (where consented).

3. Lawful bases

• Consent (e.g., marketing opt-in); Contract (e.g., processing a donation); Legal obligation (e.g., Gift Aid); Legitimate interests (e.g., responding to enquiries) where appropriate.

4. Security and access

• Access is restricted to authorised people; secure passwords and MFA where possible; data is stored securely; devices are protected.

5. Retention

• NSF keeps data only as long as needed for its purpose and legal obligations, then deletes or anonymises it.

6. Sharing

• NSF shares data only where necessary (e.g., payment processors, HMRC for Gift Aid), and with appropriate safeguards.

7. Individuals’ rights

• Right of access; rectification; erasure (where applicable); restriction; objection; data portability (where applicable); and the right to complain to the ICO.

8. Data breaches

• Breaches are logged and assessed; the ICO and individuals are notified where required.

9. Cookies

• Cookie preferences are offered and can be updated; see the Cookie Policy for details.

10. Review

• Reviewed annually.

Appendix: Data Protection Lead (complete)

• Data Protection Lead: __Rayan Mahmud_________ Email: rayan@nsfuk.org