top of page

Privacy policy

The purpose of this policy is to provide an explanation as to how Barefoot Legacy Consultant uses personal data provided and that I collect. I ensure I use your information in accordance with the General Data Protection Regulations (GDPR) and all other applicable laws concerning the protection of personal data.

 

Where this policy refers to "I" or "me", unless it mentions otherwise, it’s referring to Barefoot Legacy Consultant.

 

Barefoot Legacy Consultant is a sole proprietary business, and its office is 70 Mont Piton 2, Piton, 30807, Mauritius. If you would like to find out more information about how your data is processed, please contact me by email at jensen@barefootlegacyconsultant.co.uk.

 

What personal information I hold

 

I collect your contact information such as first name, last name, position, organisation name and email address when you email me with an enquiry. I may also collect your details from publicly available sources such as online job boards or Linkedin.

 

As a Legacy Fundraising Consultant, I also receive data from client and supplier Controllers for data analysis and provision of legacy fundraising services. This means a Controller will send me a file of data and I process it to produce legacy fundraising communications, data cleansing or analysis etc.

 

All data is held securely and is not retained only for as long as necessary to fulfill the purpose for which it was collected. The personal data I collect will be used for the following purposes:

 

  • Dealing with enquiries and requests about my services.

  • Sending information about my services which are applicable to you and your charity.

  • Requesting information about your services and/or goods which are applicable to Barefoot Legacy Consultant and/or clients.

  • Providing outbound fundraising consulting services on behalf of a client who has contracted me to work for them.

 

My legal basis for processing of your personal data is:

 

  • Where it is necessary to meet contractual obligations entered into by you.

  • Where it is necessary for purposes of my legitimate interest in relation to goods and/or services that you use and/or supply in your role

  • Fulfilment of contractual obligations to client Controllers.

Where I use legitimate interest:

 

  • In response to an enquiry from you about my services.

  • For the purposes of promoting my services via direct marketing which are relevant to you in your role and your charity.

  • Enquiring about your goods and/or services which are applicable to Barefoot Legacy Consultant and/or clients.

If I hold your data on behalf of another organisation

 

If you are a supporter of an organisation that uses my services to process your data, that organisation is the Data Controller and is responsible for determining how they use your data and for what purpose(s).

 

I will only process data according to terms agreed with the Data Controller when they contracted me to work for them as a Data Processor.

 

If you would like further information on this, please contact the organisation who collected your data. If you’d like further information on how I process your data on the Data Controller’s behalf, you can contact me at jensen@barefootlegacyconsultant.co.uk.

How I protect your information

 

Data is transferred outside of the EEA (European Economic Area) and all data is held on secure servers in The Republic of Mauritius.

I prioritise the security and privacy of personal data through a robust set of safeguards:

 

  • I employ encryption techniques to protect data both at rest and in transit, ensuring it remains confidential.

  • I employ a secure file transfer platform (SFTP) to protect and transfer data to and from my clients.

  • Once a quarter, security audits and vulnerability assessments are conducted to identify and mitigate potential risks.

  • Secure backups are performed regularly, with backup data stored in secure locations.

  • My firewall and antivirus systems are continuously updated to protect against ransomware, viruses, spyware, malware and other online threats.

  • I also have a comprehensive incident response plan to address data breaches promptly.

  • I adhere to data minimisation principles, collecting only the necessary data and retaining it for the shortest period required.

  • Additionally, I conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities to ensure compliance with data protection regulations.

 

Who I share your data with

 

Your data may be shared with other companies for me to fulfil my contractual obligations with the Data Controller, such as email marketing platform, printers, fulfilment houses and postal suppliers.

 

I require these third parties to have appropriate controls in place and to comply strictly with my written instructions and data protection laws.

 

The Data Controllers on whose behalf I process data include charities and other not-for-profit organisations. 

 

I may also share your data with a third party where I am under duty to disclose your personal data in order to comply with law, or that the disclosure is ‘necessary’ for purposes of national security, taxation and criminal investigation or where I have your written consent.

Your rights

You have the right to request a copy of the information that I hold about you and, if relevant, to withdraw your consent. You can also object or request that I restrict processing of your personal data, ask me to correct any information I hold about you and in some circumstances delete it altogether.

 

You can request that I transfer your personal information to another party where such right is applicable e.g. the processing is based on consent or performance of a contract and is carried out by automated means.

 

If you would like a copy of some or all of your personal information, or would like to make a complaint, please email me at jensen@barefootconsulting.co.uk whose details are shown at the beginning of this policy. I may need to request specific information from you to help me confirm your identity and ensure your right to access the information.

 

You also have the right to complain to the UK Information Commissioner’s Office www.ico.org.uk/concerns or telephone 0303 123 1113.

Your interaction with my website

I do not use cookies and no analytical information is collected on my website. Unless you send me an enquiry, I will collect no data about you.

 

Barefoot Legacy Consultant Privacy Policy, updated 23rd February 2025

bottom of page