One Ummah
One Ummah Privacy Policy
How we protect your personal information
Last updated 23 June 2026
1. Introduction
This Privacy Policy explains how One Ummah (“we”, “us”, or “our”) collects, uses, and protects your personal data when you use our website (oneummah.org.uk) and related services.
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data Controller
One Ummah is the data controller for personal data collected through this website. Our contact details are:
Email:
Postal: One Ummah Head Office, 136 Marton Rd, Middlesbrough, TS1 2ED, United Kingdom
3. Data We Collect
We may collect the following personal data when you interact with our website or services:
- Identity data: name, date of birth, gender, job title.
- Contact data: email, phone, postal address.
- Financial data: payment card information for donations (processed securely via third-party PCI DSS-compliant providers; we do not store your full card details)
- Technical data: IP address, browser type, operating system.
- Usage data: website interactions, pages visited, referral URLs.
- Cookie data: see Section 8; non-essential cookies are only set with your consent.
- Recruitment data: information provided when applying for a role, including job applications, CVs, cover letters, and any related correspondence or assessment information.
4. Purpose & Lawful Basis
We process your personal data on the following lawful bases:
- Contractual necessity: processing donations and managing related transactions
- Legitimate interests: responding to enquiries, providing services, and improving website functionality and user experience
- Consent: sending newsletters, updates, and marketing communications (only where you have explicitly opted in)
- Legal obligation: complying with applicable laws, safeguarding duties, employment obligations, and regulatory requirements
- Recruitment and selection: processing job applications, assessing candidates for employment or volunteer roles, managing the recruitment process, and communicating with applicants
5. How We Use Your Data
We use your personal data for the following purposes:
- Processing donations and maintaining records of transactions
- Responding to enquiries and providing support
- Sending newsletters, updates, and marketing communications (only with your consent)
- Internal record keeping, monitoring, and analysis to improve our services and website
- Ensuring security and preventing fraud
- Complying with legal, employment and regulatory obligations
6. Data Retention
- Personal data will only be retained for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, reporting, or regulatory requirements.
- Account and transactional data (including donation history) will be regularly reviewed and retained only for as long as necessary, typically for up to 6 years after the end of the relationship or last transaction, unless a longer retention period is required by law.
- Marketing consent records and communication preferences will be reviewed every 24 months and updated or deleted where no longer valid or required.
- Technical, usage, and cookie data will generally be retained for up to 12 months unless required for security, fraud prevention, legal compliance, or anonymised for analytical and statistical purposes.
- Recruitment data (including job applications, CVs, interview notes, and related correspondence) will be retained for the duration of the recruitment process and for a limited period afterwards (typically up to 6–12 months) unless we have a legal basis to retain it for longer or you consent to being considered for future opportunities.
- Personal data is stored securely using appropriate technical and organisational measures to protect it against unauthorised access, loss, misuse, or disclosure. Access is restricted to authorised personnel only on a need-to-know basis.
- When personal data is no longer required, it will be securely deleted, anonymised, or otherwise disposed of in accordance with applicable data protection laws.
7. Third-Party Services and Business Changes
We may share the following categories of data where necessary:
- Identity and contact data (for communication and account management)
- Transaction data (for payment processing and fraud prevention)
- Technical and usage data (for analytics and website functionality)
- All third parties, including IT providers, payment processors, and HR service providers where used, are contractually required to process your data only as instructed and in compliance with UK GDPR.
Payment Processing:
Payments are processed securely by third-party, PCI DSS-compliant providers. We do not store or have access to your full payment card details.
International Transfers:
Where personal data is transferred outside the United Kingdom or European Economic Area, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent legal mechanisms.
Business Changes:
In the event of a sale, merger, or transfer of control of One Ummah, personal data may be transferred to the new owner. You will be notified of such a transfer, and your data will only be used for the same or compatible purposes.
8. Cookies and Your Choices
We use cookies to improve your experience on our website:
- Necessary cookies: Essential for the operation of the website
- Analytics and marketing cookies: Used to analyse usage and improve services; these are only set with your consent
You can:
- manage your cookie preferences via our cookie banner
- adjust your browser settings to block or delete cookies
Please note that restricting cookies may affect the functionality of the website.
We comply with the Privacy and Electronic Communications Regulations (PECR).
For more information, see our Cookie Policy www.oneummah.org.uk/cookie-policy.
9. Your Rights
- Access: Request a copy of your personal data
- Rectification: Request correction of inaccurate or incomplete data
- Erasure: Request deletion of your data where applicable
- Restriction: Request restriction of processing in certain circumstances
- Data portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests or for direct marketing
- Withdraw consent: Withdraw consent at any time where processing is based on consent
You may request access to your personal data by submitting a Subject Access Request (SAR). Requests can be made via our contact form at https://oneummah.org.uk/contact-us or by emailing info@oneummah.org.uk. We may require proof of identity to ensure data is not disclosed to the wrong person.
You may also:
- Unsubscribe from marketing communications at any time using the link in our emails
- Send complaints to complaints@oneummah.org.uk
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
https://ico.org.uk/make-a-complaint/
10. Children’s Data
Our services are not directed at children under the age of 16, and we do not knowingly collect personal data from individuals under this age without appropriate parental or guardian consent.
11. Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Secure servers and encryption for sensitive information.
- Restricted access to authorised personnel.
- Procedures to detect, report, and investigate personal data breaches, including notifying the Information Commissioner’s Office (ICO) and affected individuals where required by law.
12. Changes to this Policy
We may update this Privacy Policy from time to time.
Material changes will be notified on the website and, where required, we will obtain your consent again.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Email: info@oneummah.org.uk
Address: One Ummah Head Office, 136 Marton Rd, Middlesbrough, TS1 2ED, United Kingdom
You may also contact the Information Commissioner’s Office (ICO):
This policy replaces any previous versions and should be reviewed periodically for updates.