Fund My CommunityFind funding

Legal

Privacy policy

Last updated: 18 May 2026

1. Who controls your data

Fund My Community Ltd is the data controller for personal data collected through this site. We are registered with the Information Commissioner’s Office (registration number to be confirmed). Contact: damien@fundmycommunity.co.uk.

2. What we collect

We collect personal data you give us directly, and a limited amount of technical data automatically.

From community organisations using Community Gold:

  • Organisation name, location, project description, and answers to eligibility questions
  • Your name, role, email address, and phone number
  • Any documents you upload as part of an application

From contractors applying to join the pool:

  • Trading name, company number, contact details, geographic coverage, trade specialisms
  • Public liability insurance certificate and referee contact details

Automatically, when you visit the site:

  • IP address, browser type, pages visited, and timestamps (server logs)
  • A small number of strictly necessary cookies for authentication and session security

3. Why we use it (lawful basis)

We process personal data on the following lawful bases under UK GDPR:

  • Performance of a contract or steps prior to entering one — to deliver funder matching, process applications, and run the contractor pool.
  • Legitimate interests — to operate, secure, and improve the platform, and to contact you about your account or application.
  • Consent — for any optional marketing communications. You can withdraw consent at any time.
  • Legal obligation — where we must keep records for tax, accounting, or regulatory purposes.

4. Who we share it with

We do not sell personal data. We share it only as necessary to deliver the service:

  • With grant funders, where you instruct us to introduce you or apply on your behalf.
  • With contractors invited to bid on a specific project, limited to the project description and the centre’s contact information.
  • With trusted technology providers acting as processors on our behalf (cloud hosting, email delivery, authentication). These providers are bound by data processing agreements and process data only on our instructions.
  • With law enforcement or regulators if we are required to do so by law.

5. International transfers

Some of our processors are based outside the UK. Where personal data is transferred outside the UK, we rely on adequacy decisions or the UK International Data Transfer Addendum, ensuring an equivalent level of protection.

6. How long we keep it

We keep personal data only as long as we need it. Application records and funder match histories are retained for up to seven years to support audits and regulatory queries. Contractor pool records are kept while you remain in the pool, plus six years after you leave. Web server logs are retained for up to 90 days.

7. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Have inaccurate data corrected
  • Ask us to erase your data, subject to retention obligations
  • Restrict or object to processing
  • Receive your data in a portable format
  • Withdraw consent at any time, where we rely on it
  • Complain to the ICO (ico.org.uk) if you believe we have mishandled your data

To exercise any of these rights, email damien@fundmycommunity.co.uk. We will respond within one month.

8. Security

We use encryption in transit (HTTPS), encrypted databases, role-based access controls, multi-factor authentication for admin accounts, and audit logging. No system is perfectly secure, but we work to industry standards and respond promptly to any incident.

9. Changes

We may update this policy. The “Last updated” date reflects the most recent change. Material changes will be communicated through the site or by email where appropriate.

See also: Terms of use · Cookies