Privacy policy
This policy explains how MIDDLETON HEARTLINE (Registered Charity No. 1128759) handles personal information fairly, lawfully and securely.
1. Who we are
MIDDLETON HEARTLINE is a charity registered in England and Wales. Our address is Middleton Arena, LCpl Joel Halliwell VC Way, Middleton, Manchester, M24 1AG. For data protection questions or requests, use the contact form and select “General enquiry”, or write to us at this address.
2. Information we collect
We may collect your name, email address, telephone number if you provide it, enquiry subject, message content, volunteering or donation interests, and correspondence with us. If you join an activity, we may separately request information needed to support safe participation. Please do not send detailed health information through the public website form.
Our hosting provider may process technical information such as IP address, browser type, device type, pages viewed and timestamps. Optional analytics are used only where consent has been given.
3. How and why we use information
We use personal information to respond to enquiries, arrange programme conversations, manage volunteering and partnerships, administer donations, protect participants, improve our services, meet legal obligations and maintain appropriate records. We send newsletters or fundraising updates only where you have actively opted in, and you can unsubscribe at any time.
4. Our lawful bases
Depending on the context, we rely on consent, performance of an agreement, legal obligation, protection of vital interests, or our legitimate interests in operating a safe and effective charity. Where special-category health information is required for programme safety, it is handled with additional care under an appropriate UK GDPR condition.
5. Sharing information
We share information only where necessary with authorised trustees or volunteers, professional advisers, technology providers such as Netlify, regulators, or emergency and safeguarding services. We do not sell personal information. Where suppliers process information for us, we expect suitable confidentiality and security arrangements.
6. Retention
General enquiries are normally retained for up to 24 months after the last meaningful contact. Unsuccessful volunteer enquiries are normally retained for 12 months. Volunteer and programme records are reviewed regularly and retained only as long as operational, safeguarding, insurance or legal requirements justify. Financial and donation records may be retained for up to seven years. Newsletter consent records are kept until withdrawal and for a limited period afterwards to respect that choice.
7. International transfers
Some technology suppliers may process data outside the UK. Where this happens, we use providers that apply recognised safeguards such as UK adequacy regulations or approved contractual protections.
8. Your rights
You may have rights to access your information, correct it, request deletion or restriction, object to processing, receive portable data, and withdraw consent. You can also complain to the Information Commissioner’s Office. We may need to verify identity before completing a request and will normally respond within one month.
9. Cookies and analytics
Essential cookies support site operation and remember privacy preferences. Analytics cookies are optional and should not be set unless accepted. See our cookie policy for more detail.
10. Security and changes
We use proportionate technical and organisational measures to protect data, but no internet transmission is entirely risk-free. We may update this policy when our services or legal duties change. The current version will always appear on this page.