Skip to main content
Amir Khan Foundation
Donate

Legal

Privacy Policy

How we collect, use, store and protect your personal information, and what rights you have under UK data protection law.

Last updated: 15 May 2026

Who we are

The Amir Khan Foundation (referred to in this policy as “we”, “us” and “our”) is a charity registered in England and Wales under charity number 1158078. Our registered office is at Premier House, Prince Street, Bolton, BL1 2NP, United Kingdom.

For the purposes of UK GDPR and the Data Protection Act 2018, the Amir Khan Foundation is the data controller for personal information you share with us through this website, our donation forms, our contact channels, and our fundraising and programme delivery activity.

How to contact us about your data

If you have a question about how we handle your personal information, or if you want to exercise any of the rights set out below, please contact us at info@amirkhanfoundation.com or write to us at the registered office address above. Please mark your message for the attention of the Data Protection Lead.

The information we collect

We only collect the information we need to run our charity well and keep our supporters informed. The categories below cover the main ways we hold information about you.

Information you give us directly

  • When you donate: your name, email address, home address, postcode, donation amount, donation type (General, Zakat or Sadaqah), the project or appeal you chose, and your Gift Aid declaration if applicable.
  • When you contact us: your name, email address, the subject of your enquiry, and the content of your message.
  • When you sign up for updates: your name and email address.
  • When you apply to volunteer or work with us: your name, contact details, and any other information you choose to share with us.

Information we collect automatically

  • Website usage: if you have given consent, we collect information about how you use our website through Google Tag Manager and the analytics tools loaded through it. This may include the pages you visit, the time and date of your visit, the device you are using, and general location information based on your IP address.
  • Cookies: our website uses cookies. The cookies we use, and how to control them, are described in our Cookie Policy.

Payment information

When you make a donation, your payment card details are handled directly by our regulated payment processor (Stripe Payments UK, Ltd). We do not see, store or have access to your full card number, security code or expiry date. We receive only a confirmation that the payment succeeded and a reference we use to match the donation to your record.

What we use your information for

Under UK GDPR we must have a lawful basis for using your personal information. The table below sets out what we do with your data and the basis we rely on for each activity.

What we doLawful basis
Process your donation and send you a receiptPerformance of a contract
Claim Gift Aid on your donation (where eligible)Legal obligation (HMRC requirements)
Reply to your enquiriesLegitimate interests
Send you fundraising updates and newslettersConsent (you can withdraw this at any time)
Measure website performance and improve our contentConsent (via the cookie banner)
Keep accounting records and meet Charity Commission obligationsLegal obligation
Protect our website and detect fraudLegitimate interests

Who we share your information with

We do not sell your personal information to anyone, and we do not share it with third parties for their own marketing.

We share limited information with the following categories of partner, only where it is necessary to run our work:

  • Payment processors (Stripe) - to take and reconcile your donation securely.
  • HM Revenue and Customs - to claim Gift Aid where you have given us a valid declaration.
  • Email service providers - to send you receipts, campaign updates and the newsletter if you have opted in. Our providers act only on our instructions and do not use your data for any other purpose.
  • Analytics and tag management providers (Google) - only if you have given consent through our cookie banner.
  • Professional advisers - accountants, auditors, and legal advisers acting on our behalf, bound by their own professional confidentiality.
  • Regulators and authorities - where we are required to share information by law, including the Charity Commission, HMRC and the Information Commissioner's Office.

International transfers

Our humanitarian delivery teams operate in Pakistan, Gaza and across Africa. We do not routinely transfer donor personal information outside the United Kingdom. Where information is transferred to a third party processor outside the UK or European Economic Area, we rely on the UK Government's adequacy decisions or, where these do not apply, on the International Data Transfer Agreement and the standard contractual clauses approved by the Information Commissioner's Office.

How long we keep your information

  • Donation records: retained for seven years from the end of the tax year of the donation, to meet HMRC and Charity Commission record-keeping requirements.
  • Gift Aid declarations: retained for as long as the declaration is valid and for at least seven years after it ends.
  • Enquiries and correspondence: retained for up to three years from the last interaction.
  • Newsletter and marketing consent: retained until you withdraw consent or until we have not heard from you for a prolonged period, after which we will ask you to confirm or remove your subscription.
  • Website analytics data: aggregated and retained in line with our analytics provider's default retention settings.

We delete or anonymise personal information once we no longer need it for the purpose we collected it.

How we protect your information

We take appropriate technical and organisational measures to protect your personal information from loss, misuse, unauthorised access, alteration or disclosure. These include encrypted connections across the website, access controls on the systems where donor data is held, and contractual security obligations on our partners and processors.

If we ever become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will report it to the Information Commissioner's Office within 72 hours and notify you where we are required to do so.

Your rights

Under UK GDPR you have the following rights in relation to your personal information:

  • Right to be informed - to know how we use your data (this policy is one of the ways we do that).
  • Right of access - to ask for a copy of the personal information we hold about you.
  • Right to rectification - to ask us to correct information that is wrong or incomplete.
  • Right to erasure - to ask us to delete your personal information, subject to our legal obligations to retain certain records.
  • Right to restrict processing - to ask us to limit how we use your data in certain circumstances.
  • Right to data portability - to receive your data in a portable format where the lawful basis is consent or contract.
  • Right to object - to object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent - at any time, where we rely on your consent.
  • Rights related to automated decision-making - we do not use automated decision-making or profiling in any way that has a legal or similarly significant effect on you.

To exercise any of these rights, please contact us using the details above. We will respond within one month. You will not need to pay a fee.

Children

Our services are not directed at children under 16. We do not knowingly collect personal information from anyone under 16 without parental or guardian consent. If you believe we hold information about a child without consent, please contact us and we will delete it.

Cookies

For full detail of the cookies we use, why we use them and how to manage your preferences, please see our Cookie Policy.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will change the “Last updated” date at the top of this page. If the changes are material, we will give you reasonable notice and, where required, ask for your consent again.

Your right to complain

If you are not satisfied with how we have handled your personal information, you have the right to complain to the Information Commissioner's Office, the UK's independent data protection authority.

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

We would, however, appreciate the chance to address your concerns before you contact the ICO. Please reach out to us first using the details near the top of this page.