[email protected] +44 744 695 3968
UHAFD Privacy Policy

Privacy Policy

How we protect and respect your personal information

Last Updated: June 17, 2025

Introduction

United Humanity Agency for Development ("UHAFD," "we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines our practices concerning the collection, use, and disclosure of personal information when you use our website, applications, services, and platforms (collectively, the "Services") or when you apply for funding, make donations, or engage with us in any other capacity.

We process personal information in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the UK Data Protection Act, and other applicable privacy laws depending on your jurisdiction.

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

Information We Collect

Information You Provide to Us

We may collect the following categories of personal information directly from you:

  • Identity Information: Name, date of birth, nationality, identification document details, photographs, signatures, and similar identifiers
  • Contact Information: Email address, telephone number, postal address, country of residence, and similar contact data
  • Financial Information: Bank account details, payment card information, financial statements, income information, and other financial data necessary for processing donations, grants, or investments
  • Application Information: Details provided in grant, donation, or investment applications, including project proposals, business plans, and personal statements describing needs or hardships
  • Professional Information: Employment history, professional qualifications, organizational affiliations, and similar professional data
  • Communications: Records of your communications with us, including emails, calls, letters, and online form submissions
  • Documentation: Copies of identification documents, proofs of address, financial records, medical records, and other supporting documentation submitted with applications

Information We Collect Automatically

When you use our Services, we may automatically collect certain information, including:

  • Device and Usage Information: IP address, device type, browser type, operating system, time zone setting, browser plug-in types and versions, and similar technical data
  • Interaction Data: Information about your interactions with our Services, including pages visited, features used, time spent on pages, click data, scroll depth, and similar usage information
  • Cookie Data: Information collected through cookies and similar tracking technologies, as explained in our Cookie Policy

Information From Third Parties

We may receive information about you from third parties, including:

  • References: Information provided by references listed in your applications
  • Partner Organizations: Information shared by our partner organizations with your consent
  • Public Sources: Information available from public sources, such as company registries, news articles, and publicly accessible social media profiles
  • Verification Services: Information obtained from identity verification services, financial verification services, and similar third-party verification providers

Special Categories of Personal Information

In some cases, we may collect and process special categories of personal information (also known as sensitive personal information), such as:

  • Information about your health when relevant to a donation application based on medical hardship
  • Information revealing racial or ethnic origin
  • Information about religious beliefs when relevant to a project or application

We only process such information when necessary and with appropriate safeguards in place, typically with your explicit consent or when necessary to comply with legal obligations or to protect vital interests.

How We Use Your Information

We use your personal information for the following purposes:

Processing Applications and Providing Services

  • Evaluating and processing grant, donation, and investment applications
  • Conducting due diligence and verification processes
  • Administering funds and monitoring funded projects
  • Responding to your inquiries and providing support
  • Facilitating donations and managing donor relationships

Operational and Administrative Purposes

  • Managing our relationship with you
  • Maintaining accurate records
  • Improving our Services and developing new features
  • Analyzing usage patterns to enhance user experience
  • Ensuring the security and integrity of our Services
  • Preventing fraud and misuse of our Services

Communications

  • Providing information about our programs and initiatives
  • Sending updates on your applications or projects
  • Sharing newsletters and impact reports (with your consent)
  • Inviting you to events or requesting feedback

Legal and Compliance Purposes

  • Complying with legal obligations, including anti-money laundering and counter-terrorism financing regulations
  • Responding to legal requests from regulatory authorities
  • Establishing, exercising, or defending legal claims
  • Conducting audits and investigations when necessary

Legal Bases for Processing

We process your personal information based on one or more of the following legal bases:

  • Consent: When you have given your consent for specific purposes
  • Contractual Necessity: When processing is necessary for the performance of a contract with you
  • Legal Obligation: When processing is necessary for compliance with a legal obligation
  • Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party
  • Vital Interests: When processing is necessary to protect someone's life or safety
  • Public Interest: When processing is necessary for the performance of a task carried out in the public interest

How We Share Your Information

We value your privacy and are committed to maintaining the confidentiality of your personal information. However, there are circumstances where we may share your information with third parties, including:

Within Our Organization

We may share your information with our staff, volunteers, and contractors who need access to perform their duties. All personnel with access to personal information are bound by appropriate confidentiality obligations.

Service Providers

We may share information with trusted service providers who perform services on our behalf, such as:

  • Payment processors and financial institutions
  • Database management and cloud hosting providers
  • Analytics and research providers
  • Customer relationship management systems
  • Communication service providers
  • Identity verification and due diligence providers

These service providers are only permitted to use your information as necessary to provide services to us and are required to maintain the confidentiality and security of your data.

Partner Organizations

In certain cases, we may share information with partner organizations who collaborate with us on programs, projects, or initiatives. This is typically done with your knowledge and consent or when necessary for the implementation of projects you are involved in.

Legal and Regulatory Authorities

We may disclose your information when required by law, regulation, or legal process, such as:

  • In response to a court order, subpoena, or similar legal requirement
  • To comply with legal obligations, including anti-money laundering and counter-terrorism financing laws
  • To regulatory authorities as part of audits or investigations
  • To law enforcement when we believe disclosure is necessary to prevent or report a crime

Other Third Parties

We may also share information in the following circumstances:

  • With your consent or at your direction
  • To protect our rights, property, or safety, or that of our users or others
  • In connection with a merger, acquisition, reorganization, or similar transaction
  • In an anonymized or aggregated form that cannot be used to identify you

International Data Transfers

As a global organization operating in multiple countries, we may transfer, store, and process your personal information in countries other than your country of residence. These countries may have different data protection laws than those in your country.

When we transfer personal information from the European Economic Area (EEA), the UK, or other jurisdictions with data protection laws to countries that may not provide the same level of protection, we implement appropriate safeguards, which may include:

  • Standard Contractual Clauses approved by the European Commission or UK authorities
  • Binding Corporate Rules (if applicable)
  • Data Transfer Agreements with specific protections
  • Other lawful transfer mechanisms or exceptions

You can request more information about these safeguards by contacting us using the details provided at the end of this Privacy Policy.

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, accidental loss, destruction, or damage. These measures include:

  • Encryption of sensitive personal information
  • Access controls and authentication requirements
  • Regular security assessments and penetration testing
  • Staff training on data protection and security
  • Physical security measures for our premises
  • Data minimization and pseudonymization where appropriate

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including:

  • Providing our Services and maintaining our relationship with you
  • Complying with legal, accounting, or reporting requirements
  • Resolving disputes and enforcing our agreements

The criteria we use to determine our retention periods include:

  • The duration of our relationship with you
  • Whether there is a legal obligation to retain the data
  • Whether retention is advisable in light of our legal position (e.g., for statutes of limitations, litigation, or regulatory investigations)

Your Data Protection Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information. These may include:

  • Right to Access: The right to request a copy of the personal information we hold about you
  • Right to Rectification: The right to request that we correct incomplete or inaccurate personal information
  • Right to Erasure: The right to request that we delete your personal information in certain circumstances
  • Right to Restrict Processing: The right to request that we restrict the processing of your personal information in certain circumstances
  • Right to Data Portability: The right to receive your personal information in a structured, commonly used, and machine-readable format
  • Right to Object: The right to object to processing of your personal information in certain circumstances
  • Right to Withdraw Consent: The right to withdraw consent at any time where we rely on consent to process your personal information

To exercise any of these rights, please contact us using the details provided at the end of this Privacy Policy. We will respond to your request within the applicable timeframe required by law (generally within 30 days for GDPR requests).

Please note that we may need to verify your identity before processing your request, and that certain exemptions or limitations may apply based on applicable law.

Complaints

If you are concerned about how we are handling your personal information, please contact us first so that we can try to resolve your concerns. You also have the right to lodge a complaint with a data protection authority in the country where you live, work, or where you believe an infringement has occurred.

Children's Privacy

Our Services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to delete that information.

Third-Party Links and Services

Our Services may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to such third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other reasons. We will notify you of any material changes by posting the updated Privacy Policy on our website and updating the effective date. We encourage you to periodically review this Privacy Policy to stay informed about our information practices.

If we make significant changes that materially affect your rights or how we use your personal information, we will provide prominent notice, such as through email notifications or banners on our website, before the changes take effect.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Data Protection Officer
United Humanity Agency for Development
Email: [email protected]
Postal Address: United Humanity Agency for Development, Data Protection Office, London, United Kingdom

This Privacy Policy was last updated on June 17, 2025.