Privacy policy

This notice explains how Volnteer collects and uses personal information when you use our volunteer management platform, and what choices you have. It should be read together with our Terms and conditions.

Information for users of the Volnteer service (United Kingdom focus)

Who is responsible for your personal information?

The data controller for personal information processed through the Volnteer website and platform (referred to in our Terms and conditions as “Volnteer”, “we”, or “us”) is:

VOLNTEER LTD
England and Wales
Postal address for formal correspondence: as published on our ICO registration (see below).

Unless we act strictly as a processor on behalf of an organisation customer under a separate agreement, we decide how and why your personal information is used to run the service (for example account administration, hosting your profile, platform security, and service communications).

We are registered with the UK Information Commissioner’s Office (ICO) as a data controller. The official record (registration reference, dates, fee tier, and address shown on the register) is published by the ICO and may change when we renew; please check there for the current details. Search the ICO register of fee payers for VOLNTEER LTD or registration reference ZC069498.

Scope and children

This notice applies to visitors to our website, registered volunteers, and organisation representatives or administrators who use Volnteer. It describes processing that reflects how the platform is built today (for example account, profile, applications, volunteer hours, emails, and limited analytics).

Volnteer is not intended for children. Our Terms and conditions require users to meet a minimum age. Do not register if you are below that age.

What personal information we collect

Depending on how you use Volnteer, we may process:

  • Account and identity: name, email address, password (stored using secure hashing), phone number, and role (for example volunteer or organisation user).
  • Volunteer profile and preferences: address and postcode, date of birth, availability (days, times, notes), travel distance, accessibility or accommodation needs, biography and other profile text fields, profile photograph, institution (where provided), and consents such as contact permission, acceptance of this processing, and optional sharing with partners.
  • Volunteering activity on the platform: applications to opportunities, application status and pipeline stage, logged hours and related notes, and CSR or reporting data derived from approved volunteering where the product provides that functionality.
  • Organisation customer data: organisation name, website, description, contact email and phone, address, email domain restrictions where used, opportunity descriptions, and user accounts linked to that organisation.
  • Technical and usage data: IP address, browser type, device identifiers, pages viewed, and interaction data collected through cookies or similar technologies (see below).
  • Communications: messages you send us, metadata from transactional emails (for example password reset, welcome, or application-related notifications sent through our systems).

Some fields (for example detailed accessibility information) may be considered special category personal data under UK GDPR when they concern health or disability. We only use such information for the purposes described here and where the law allows, typically including your explicit consent where consent is the appropriate basis.

You should not upload unnecessary special category data into free-text fields unless you are comfortable with it being processed as described.

How and why we use personal information (lawful bases)

UK GDPR requires a “lawful basis” for each processing activity. The most relevant bases for Volnteer are typically:

  • Performance of a contract (UK GDPR Article 6(1)(b)): providing accounts, profiles, opportunity discovery, applications, hours recording, and other core platform functions you request.
  • Consent (Article 6(1)(a)): where you opt in, for example marketing-style contact beyond essential service messages, optional partner sharing, or cookies or analytics where consent is required.
  • Legitimate interests (Article 6(1)(f)): platform security, abuse prevention, improving reliability, understanding aggregate usage, and internal reporting, where not outweighed by your rights.
  • Legal obligation (Article 6(1)(c)): where we must comply with law or regulatory requests.

We use your contact details and profile information to operate matching, show relevant opportunities, facilitate contact between volunteers and organisations in line with platform design, and to meet safeguarding-style expectations tied to volunteering arrangements where applicable. Essential service emails (such as security alerts, password reset, or confirmations necessary to use the service) are sent as part of providing the service, not as promotional marketing.

Organisations that use Volnteer

When a volunteer applies to an organisation’s opportunity or interacts with that organisation through Volnteer, the organisation typically receives or can access relevant applicant information through the platform to manage recruitment and volunteering. Each organisation is responsible for its own compliance with data protection law for that processing, including providing its own privacy information to volunteers where required.

Commercial or charity customers that subscribe to Volnteer may require a data processing agreement (DPA) describing our respective roles. A short summary in consumer-facing terms cannot replace that contract for customers.

Sharing, subprocessors, and recipients

We may share personal information with:

  • Organisations hosting opportunities, as needed for applications, approvals, communications, and reporting on the platform.
  • Service providers (processors) who assist us for hosting, email delivery, analytics, maps or address lookup (where enabled), customer support tooling, or security—under contractual terms that require them to protect personal data.
  • Professional advisers, regulators, or law enforcement where required or permitted by law.

Implemented or configured in this codebase (non-exhaustive): transactional email may be sent using Brevo (SMTP); session replay or behavioural analytics may be loaded via Microsoft Clarity; Google Fonts may be loaded from Google’s CDN; address autocomplete may use Google Places when an API key is configured. The live list of subprocessors should be maintained accurately for your deployment and linked from this policy or a dedicated subprocessors page.

International transfers

Some providers may process data outside the United Kingdom or European Economic Area. Where that happens, we aim to rely on an approved transfer mechanism such as the UK International Data Transfer Agreement, UK Addendum, or EU Standard Contractual Clauses (as updated from time to time), supplemented by a transfer impact assessment where appropriate. The exact mechanism depends on the provider and your legal entity’s jurisdiction—your legal adviser should confirm documentation.

Retention

We keep personal information only as long as needed for the purposes above, including legal, accounting, or reporting requirements. Factors include whether you still have an account, whether organisations still need records of volunteering, and limitation periods under applicable law. When information is no longer required, we delete or anonymise it in line with internal retention schedules—which you should define and publish at a high level.

Security

We use appropriate technical and organisational measures designed to protect personal information (including access controls, encryption in transit where standard for web services, and secure credential storage). No online service can guarantee absolute security.

Your privacy rights

Under UK GDPR and the Data Protection Act 2018, you may have rights to access, rectify, erase, restrict, or object to certain processing, and to data portability where applicable. You may withdraw consent where processing is based on consent (without affecting earlier lawful processing). You may complain to the UK Information Commissioner’s Office (ICO); see ico.org.uk.

To exercise rights, contact us using the details in the final section. We may need to verify your identity. Some requests must also be directed to organisations when they hold separate recruitment records outside our control.

Cookies and similar technologies

We use cookies and similar technologies that are strictly necessary for the site to function (for example session and security cookies for log-in and security).

We may use optional analytics (Microsoft Clarity) to understand how the service is used. Those technologies are not loaded until you accept optional cookies via the banner on our website. If you choose “Reject optional”, we set a short preference cookie (volnteer_analytics with value 0) so we remember not to ask again for a period; if you choose “Accept optional cookies”, we set volnteer_analytics to 1 and load Clarity. You can change your mind by clearing cookies for our site or when we offer a preference centre in future.

Where UK Privacy and Electronic Communications Regulations (PECR) require consent for non-essential cookies or similar technologies, we aim to obtain that consent before they run, consistent with this notice.

Changes to this notice

We may update this privacy policy when our service, providers, or the law changes. We will revise the “Last updated” date and, where appropriate, notify you through the platform or by email.

Contact

For privacy questions, requests to exercise your rights (access, erasure, and so on), or complaints about how we use personal information, contact:

The practical way to reach us is through the Contact us details published on the Volnteer website. Please mark privacy or data protection requests clearly in the subject or message. For a postal address (for example if your request must be in writing), use the address shown for VOLNTEER LTD on the ICO register so you always have the current registered entry.

Terms and conditions Home