The Galloways logo in navy blue and orange.
01772 744148
ShopDonateGet Support
Product has been added to your basket.
Quick Links
DonateShopMake a Referral

Privacy

Privacy and Cookies Notice

This notice is effective from the date at the end of page.

We are Galloways and we’re committed to protecting your personal information and making every effort to ensure that data we hold about you is processed in a fair, open and transparent manner.

This notice explains when and why we collect personal information (also referred to as ‘data’) about you, how we use it, how we keep it secure and when we may be required to disclose it to a third-party. It also explains your rights and choices you can make about this information.

If you have any questions about this notice or our privacy practices, you can contact us in the following ways:

 In writing to: Information Governance, Galloways, Howick House, Howick Park Avenue, Penwortham, PR1 0LS

 By emailing to: enquiries@galloways.org.uk

 By calling us: 01772 744148

Galloways is a registered charity, Charity Number. 1208307. We also operate a trading subsidiary known as Galloways Enterprise Ltd (Brew Me Sunshine Café), Company No. 10901305 in line with our charitable purposes.

 We are the Data Controller, as referred to in the Data Protection Act 2018 and in UK General Data Protection Regulations (UK GDPR).

 

Types of personal data we collect

 As the Data Controller, we collect and process the following data:

  • Personal identifiers, contact information and characteristics (for example, name, address and methods of contact, date of birth)
  • Website user statistics, which may include your IP address, the device type you are using and your geographic location
  • Health conditions
  • Financial information when you make a donation or purchase something from us, including whether you are a UK taxpayer and if you give your consent for us claiming Gift Aid.
  • CCTV images, when you visit one of our centres in Preston, Morecambe or Chorley
  • Images and audio records for marketing and/or case study purposes where consent has been gathered
  • Any other personal information you share with us should it be relevant

If you provide us with any Sensitive Personal Information (data) by telephone, email or by other means, we will treat that information with extra care and confidentiality and always in accordance with this Privacy Notice.

If you are sharing your personal experience or that of a friend or relative, we may also collect information about health conditions.

We will ask you to give consent to share your story; we can keep your personal information anonymous, and you can refuse to give your permission, which we will respect. See How we use your sensitive personal data later in this notice.

Data from third-party individuals and organisations

 We also receive personal data from third-party individuals and organisations in the following scenarios:

  • When you have given your consent for a referral into our service on your behalf
  • From those who act on our behalf when you sign up to play the Galloways Lottery
  • Where a donation is being made indirectly to us using third-party services
  • Trusted third-party organisations when you sign up for activities provided by them on our behalf when instructed to do so
  • Third-party services where an event or activity is being booked
  • Third-party software for processing mailing lists.

  Why we collect and process your data

When we collect your data, it is processed for the following reasons:

  • To help us give you guidance and advice about managing your eye condition or that of someone you care for
  • To plan and offer services and data information to you or a loved one
  • To help organise the activities we offer
  • To help maximise the financial support you give us as a supporter/donor, this includes being able to claim Gift Aid on your donation
  • To update you with important administrative messages about our services, your donation, an event or goods you have requested
  • To keep a record of your relationship with us
  • To comply with the Charities (Protection and Social Investment) Act 2016 and follow the recommendations of the official regulator of charities, the Charity Commission, which require us to identify and verify the identity of supporters who make major gifts so we can assess any risks associated with accepting their donations
  • Where you volunteer with us, to administer the volunteering arrangement
  • To contact you about our work and how you can support Galloways
  • To invite you to take part in surveys, research or case studies

If you do not provide this information, we may not be able to offer the services which have been identified as potentially beneficial to you, to process your donation, sign you up for a particular event or provide goods and services you have requested.

Sensitive Personal Data (known as Special Category Data)

Sensitive Personal Data can include information about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs. Data Protection law recognises that extra care needs to be taken when collecting and processing this type of data.

A number of NHS contracts we deliver require us to report on particular data criteria and service user statistics. This information is used for data analysis and therefore, we have to record it, but it is always anonymised before sharing.

  •  We will only use this data for the purposes of dealing with your enquiry, training, and quality monitoring or evaluating the services we provide.
  • Where you have given us your express consent that you are happy for us to share your story, then we may publish it on our website, press, social media, in other media or with funders.
  • We will not pass on your details to anyone else without your express permission except in exceptional circumstances. Examples of this might include anyone reporting serious self-harm or posing a threat to others or children contacting us and sharing serious issues such as physical abuse or exploitation.

When you visit our Website or Social Media pages

 We automatically collect general data relating to which pages you have visited most often – this helps us understand what data is important to the people visiting our website or social media pages so that we can improve the information we give.

We use the data that you have given us in order to ensure that we offer a tailored service which best meets your needs.

Cookies

 Our website uses cookies; these are small files stored by your browser on your computer or any other device where you are viewing our website. They help the website recognise your device so that it can work more effectively. Cookies also allow us to gather information about the pages you visit.

Cookies do not gather any personal data about you, nor do they give us access to your computer or any information you hold on it.

Cookies collect information such as your IP address, location, browser type being used, how you found us online, the length of your visit to our site, the number of pages viewed and how you navigate around it. This data helps us to optimise and improve the information we provide.

We use both Sessional cookies and Permanent Cookies. Session cookies are only stored in your device’s memory for the duration of using a web browser. They are automatically deleted once you close the browser. Permanent/Stored cookies – these cookies are stored on your device and are not deleted when you close your browser. They help to identify the way you use our website, the pages you visit, your device’s IP address, the time you spend on a page and help with general functionality of the website for you so when you return to the site, you’ll get the best experience.

  • Essential Cookies – these are needed to help make our website usable with functions like page navigation.
  • Preference Cookies – these work to remember information such as your preferred language, the region you are in or the font size
  • Marketing– these help us to understand how you interact with our website.
  • Tracking/Statistic Cookies – our website and social media pages use tracking cookies. These cookies allow us to analyse how people access and interact with our pages, identify posts and sections most interacted with; they also help us to identify trends. The data collected is based on demographics and do not include details such as your name, your data of birth or your telephone number. The third-party service we use is Google Analytics. You can find out more about this service here: How Google Analytics works

No Cookies

 You can opt out of Cookies used by our website from all but the Essential Cookies and you can do this in your browser. However, if you choose to reject these cookies, our website may not function in a way that is accessible to you or how you would like it to.

If you would like more information about the cookies we use, please contact us by email using enquiries@galloways.org.uk or phoning our head office.

How we store, manage and process your personal data

Your data is securely stored within our charity database, which is only accessible by those with a business need to. Access is restricted by passwords and the data is stored on a secure cloud server.

We keep your personal data for the duration you are in contact with us and thereafter for a period of three years from your last correspondence or financial transaction (including donations). After which time your data is archived. Then if we have not had contact from you after 7 years, we will delete your data from our records, unless we are required to keep data for audit purposes. Should this occur, your data will be anonymised.

We keep and may use case study information for a period of 5 years once consent has been given, or less if you tell us otherwise. Once this type of data is shared with a third-party we rely on them to use their own data retention periods and anonymisation.

We delete data which we no longer need, as well as data you have asked us to delete, as is your right. This deletion is done securely by a manager to ensure security is maintained at every step. We do not routinely keep paper copies of documents shared with us unless there is a contractual or legal basis to do so, such as recording for Gift Aid purposes which fall under ‘financial transactions’ category of data and will be kept for 7 years, unless otherwise directed by regulatory instruction.

Profiling

 As part of our fundraising activities, from time to time we send out information to groups of people who have been identified through profiling. This may mean we will look in our database for groups of people who might fall within a certain age range, or who live in a particular postcode. The sending of fundraising information is only sent out to those who have given consent for us to do so. We do not share this profiling information with any third-party businesses for their own marketing purposes.

Sharing your personal data

 We will never sell or share your personal data with other organisations so they can contact you for marketing purposes, nor do we sell your web browser activity.

We may share this data with third-party organisations in certain circumstances and processing is only carried out under our strict instructions, which includes storing your data securely, deleting it when it is no longer needed by the third-party and that it is never used for any other purpose. We use Data Sharing Agreements or Data Processing Agreements with third-party organisations to ensure your data is processed in compliance with the Data Protection Act and with GDPR. Reasons for sharing your data may include:

  • Partner services where you have agreed to a referral to them; this may include other eye health services, NHS services or organisations who offer help and support that you need.
  • To claim Gift Aid (HMRC)
  • For health and safety reasons where an activity is provided by a third-party on or off site
  • Anonymised data shared with partner organisations, sector colleagues and grant funders to give an accurate picture of the numbers of people we are supporting. As statistical data, no individual can be identified
  • Case study information shared with funders to demonstrate the impact of our support and your interaction with Galloways. Case studies may include photographs, video and/or audio recording. This information is processed with your consent.
  • Internally with our own services in order to plan operational activity; this data is not for public access or use and is securely managed.

Legal basis for processing your data

Under the Data Protection Act 2018, UK General Data Protection Regulations (UK GDPR), the Data (Use and Access) Act 2025, Privacy and Electronic Communications Regulations (PECR) and all other applicable data protection and charity law,  we have to make sure they we follow all requirements about your data and tell you the about the legal basis we rely on to process your data.

In most cases, where you contact us about help with your eye condition, we will use ‘legitimate interest’ as our lawful reason for collecting and processing your data. This means there is a legitimate reason for Galloways knowing this information as it directly relates to the services we offer. However, if you share other personal data with us which is not directly related to your eye health or to the activity you are participating in (this includes those who volunteer with us), we will ask for your consent to collect it. This is particularly important for any data which is classified as sensitive personal data (Special Category data) which may not be directly related to why you have contacted us. For volunteers and service users where Special Category Data needs to be recorded to make sure visits to our premises and the help given is done so safely, we only ask for data which is deemed relevant. This again is recorded under Legitimate Interest.

If you make a donation with us, we only record and process the data that is necessary and in accordance with the Code of Fundraising Practice. You can find out more about how this code guides our day-to-day fundraising activities here: www.fundraisingregulator.org.uk/code

For contracts with NHS services, we record data about individuals to comply with our contractual obligations.

Where you are happy to provide information about your interaction with us and your sight loss journey, we will ask for consent to record this.

We rely on legitimate interests to send relevant information to service users about our services, activities, events and opportunities that support our charitable aims using the Data (Access and Use) Act 2025. We do this because it helps us keep service users informed, supported and engaged with our charitable purpose. We have balanced this against your rights and interests, however you can object to receiving these communications at any time.

Where you are happy for us to contact you for marketing purposes, we will ask for your consent to do so. Consent for marketing purposes means that we will contact you about the work we do and how you can help us. We follow the guidance laid out in the Privacy and Electronic Communications Regulations (PECR). You can find out more about these regulations here: Privacy and Electronic Communications Regulations  – ICO

Please note, you can withdraw consent at any time by contacting us on:

01772 744148 or  enquiries@galloways.org.uk

You can find out more about your rights about your personal data here: Your Data, Your Rights| ICO

If you’d like to find out more about the different types of lawful basis for processing data, the Information Commissioner’s Office have further details: A guide to lawful basis | ICO

Your rights as an individual (‘data subject’)

Your data belongs to you. By law under UK GDPR you have rights relating to your personal data; in outline these are:

  • The right to be informed
  • The right of access to your data – known as a Subject Access Request (SAR)
  • The right to rectify any erroneous data
  • The right to erasure – sometimes known as the ‘Right to be forgotten’
  • The right to restrict access to your data
  • The right not to be subject to automated decision making and profiling
  • The right to data portability
  • The right to object

To find out more detail about these rights, please contact us or click here: For the public | ICO

We do not carry out any automated decision making.

You may wish to contact us for the following reasons:

  • To withdraw your consent
  • To make a Subject Access Request to view the data we hold and process about you
  • To make a complaint if you have any concerns about our use of your personal data

You can do so at any time by:

  • Using our enquiry form, please click here
  • By emailing us on: enquiries@galloways.org.uk
  • By calling us on 01772 744148 during office hours
  • By writing to us at Galloways, Howick House, Howick Park Avenue, Penwortham, PR1 0LS

Please note: If you are making a Subject Access Request, the data will be provided free of charge, unless the request is excessive or done with intent to cause disruption to service (sometime referred to as a ‘vexatious request’ or it is deemed ‘manifestly unfounded or excessive’). Should this be the case we have the right to apply a reasonable administration fee.

You can also seek further help from the Information Commissioner’s Office (ICO) if you are unhappy with how we have dealt with your complaint to us. Please note, the ICO will not be able to assist until you have made a complaint with us first.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Helpline number: 0303 123 1113

Information Commissioner’s Office website: https://www.ico.org.uk

Last revision date: 12 FEB 2026