top of page

Privacy Policy

Last Updated: 31-10-2025

Falcon Foundation (“we”, “us”, “our”) is committed to protecting your personal data and
respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect
your information in accordance with the UK General Data Protection Regulation (“UK
GDPR”), the Data Protection Act 2018, and other applicable laws.

1. Who We Are

Falcon Foundation is a registered charity (Charity No: 1210094) and a company limited by
guarantee (Company No: 15470891), with its registered office at Hangar 507, Churchill Way,
Biggin Hill, TN16 3BN, England.


We are the “data controller” for the purposes of the UK GDPR.

2. What Information We Collect

We may collect and process the following types of personal data:​

  • Identity Data: name, title, date of birth, gender.

  • Contact Data: address, email, phone number.

  • Donation & Payment Data: bank details, payment card information (processed
    securely via third-party providers).

  • Application Data: education details, CVs, references, bursary/scholarship
    applications.

  • Volunteer Data: skills, availability, references, safeguarding checks (where legally
    required).

  • Technical Data: IP address, browser type, cookies (see Section 9).

  • Communications Data: records of correspondence, consent preferences, marketing
    opt-ins.

3. How We Use Your Data

We process personal data for the following purposes:

  • To administer donations, grants, and scholarships.

  • To manage applications for support or volunteering.

  • To comply with legal, tax, and regulatory obligations.

  • To comply with any anti-money laundering and know your customer obligations.

  • To communicate updates, fundraising opportunities, and events (with consent).

  • To maintain our website and improve user experience.

  • To safeguard children and vulnerable adults where our work involves them.

4. Legal Bases for Processing

We rely on the following lawful bases:

  • Consent – where you have agreed to receive marketing communications;

  • Contract – to administer grants, scholarships, or agreements with donors/volunteers;

  • Legal Obligation – to meet regulatory, safeguarding, and financial reporting duties;

  • Legitimate Interests – to run our charity effectively and in order to safeguard our own
    and third party’s legitimate interests, provided your rights are not overridden;

  • AML/KYC – source of wealth and related matters and other necessary on‐boarding
    and ongoing credit checks, due diligence and verification requirements, general
    credit checks, credit analysis, compliance with sanctions procedures or rules, and tax
    reporting;

  • to inform you of our events or products which we believe may be of interest, including
    tailored offers to you;

  • to verify an individual’s identity and/or location;

  • to protect the security of accounts or Personal Data;

  • for information and relationship management purposes, including data analysis,
    audits, developing and improving events, offerings or services; and

  • for risk management and also compliance with our legal and regulatory obligations
    including for fraud detection, prevention and investigation.

5. Sharing Your Data

We do not sell your data. We may share it with:

  • Service providers (e.g. payment processors, IT support) under strict data processing
    agreements.

  • Regulatory bodies such as the Charity Commission or HMRC, where legally required.

  • Safeguarding and law enforcements authorities, to protect us and individuals at risk.

All third parties must comply with UK GDPR requirements.

6. International Transfers

We primarily store and process your data within the UK. If data is transferred outside the
UK/EEA, we ensure appropriate safeguards are in place (e.g. adequacy decision, standard
contractual clauses).

7. Data Retention

We keep personal data only for as long as necessary:

  • Donation records – 6 years.

  • Volunteer and safeguarding records – in line with statutory guidance.

  • Application data – up to 2 years if unsuccessful, longer if awarded a
    grant/scholarship.

  • Marketing data – until you withdraw consent.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data.

  • Rectify inaccurate or incomplete data.

  • Request erasure (“right to be forgotten”).

  • Restrict or object to processing.

  • Data portability (in certain cases).

  • Withdraw consent at any time.

Requests can be made by contacting us (see Section 11). We will respond within one month.

9. Cookies

Our website uses cookies to improve user experience. You can control cookies via your
browser settings. See our Cookie Policy for details.

10. Data Security

We use appropriate technical and organisational measures to protect your personal data
from unauthorised access, loss, or misuse. Access to sensitive data is restricted to staff and
trustees who require it.

11. Contact Us

For any questions about this policy or to exercise your rights, contact:

Data Protection Officer

Falcon Foundation
Hangar 507, Churchill Way, Biggin Hill, England
Email: admin@falconfdn.org 

You also have the right to complain to the Information Commissioner’s Office (ICO): www.ico.org.uk.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes may be notified on
our website.

bottom of page