Privacy Policy
 

Last updated: 29 December 2025

 

We Are F.I.S.H CIC (“we”, “us”, “our”) is committed to protecting your personal information and being transparent about how we collect and use it.

 

This Privacy Notice explains what information we collect, how we use it, and your rights.

 

    1. Who we are (Data Controller)

  • We Are F.I.S.H CIC is the “data controller” for the personal information we process, which means we decide how and why your data is used.
  • Contact details: Email: catchus@wearefish.org.uk 

   Data Protection Lead/Officer: Sandra Ritchie - CEO

 

 

    2. What personal information we collect. We may collect and process the following types of information:

  • Information you provide to us
  • Name, email address, phone number
  • Your message/enquiry (for example via a “Contact Us” form)
  • Information you provide when signing up for sessions, activities, newsletters, volunteering, or events
  • Donation or payment details (where relevant, typically processed by a payment provider rather than stored by us)

     Information we collect automatically when you use our website

  • IP address, device type, browser type
  • Pages you visit and how you use our website
  • Cookie identifiers (see “Cookies” below) 

    Special category data (sensitive data)
  Because we support individuals and families, you may choose to share information such as:

  • Health information, disability/SEND-related information, support needs
  • Information about a child or young person’s needs (when you are their parent/guardian or otherwise authorised)

 We only process special category data when there is a clear need and a lawful basis to do so (see section 4).

    

    3. Where we get your information from

  • Directly from you (forms, email, phone, in person, sign-up sheets)
  • From authorised family members/guardians or professionals only where appropriate and lawful
  • From our website analytics tools (if enabled)

    4. How we use your information (and our lawful bases)

 Under UK GDPR, we must have a lawful basis for processing. We use your information for:

  • Responding to enquiries and providing information - Lawful basis: Legitimate interests (to respond to you) or Consent (where you specifically request ongoing contact)
  • Delivering activities, sessions, events, and community support - Lawful basis: Legitimate interests and/or Performance of a contract (where you sign up for something)
  • Special category data (if applicable): Explicit consent, or processing necessary for reasons of substantial public interest/social care support, where applicable and lawful
  • Safeguarding and welfare (where required) - Lawful basis: Legal obligation and/or Vital interests
  • Special category data: Substantial public interest, vital interests, and/or explicit consent depending on the context
  • Volunteer coordination and administration - Lawful basis: Legitimate interests and/or Contract
  • Fundraising, donations, and supporter communications - Lawful basis: Consent (for electronic marketing) and/or Legitimate interests (where permitted)
  • Improving our website and services - Lawful basis: Legitimate interests (to improve user experience) and/or Consent for non-essential cookies
  • Legal, regulatory, and financial compliance - Lawful basis: Legal obligation

    5. Children’s privacy

  • We take children’s privacy seriously. If you provide information about a child or young person, you confirm you have the authority to do so (for example, as a parent/guardian) or that it is otherwise lawful and appropriate.
  • Where we rely on consent to process data about a child, we may ask for parent/guardian consent depending on the situation.

    6. Who we share information with

 We only share your personal information where necessary and proportionate, including with:

  • Trusted service providers who help us run our organisation and website (e.g., website hosting, email services, form providers, analytics, CRM systems)
  • Payment providers (if you donate or pay for something online)
  • Professional advisers (e.g., accountants)
  • Regulators/authorities where required by law
  • Safeguarding partners (only where necessary and lawful)

 We require third parties to respect the security of your information and to treat it in accordance with the law.

 

 List OF key providers:

 Website hosting: IONOS

 Website forms/contact submissions: IONOS/MONDAY/MOVEMENT

 Analytics: GOOGLE ANALYTICS

 Payments/donations: COOPERATIVE BANK/STRIPE/PAYPAL/APPLE PAY/SUMUP

 

    7. International transfers

  • Some of our service providers may store data outside the UK. If we transfer personal data internationally, we ensure appropriate safeguards are in place (for example, UK adequacy regulations or standard contractual clauses).

    8. How long we keep your information (retention)

 We keep personal information only as long as necessary for the purposes we collected it, including legal, accounting, and 

 safeguarding requirements.

 

 Typical examples:

  • General enquiries: 12 months from the date the enquiry is closed
    (up to 24 months if there is a clear, documented reason)
  • Session/event records: 2 years after the last session or event, unless recording support notes/safeguarding concerns
  • Safeguarding records: Until the child reaches age 25, or 7 years after last contact for adults at risk
    (whichever is longer, unless advised otherwise by statutory agencies)
  • Financial records: 6 years in the UK

    9. Your data protection rights

 You have rights under UK GDPR, including:

  • Access to your personal data
  • Correction of inaccurate or incomplete data
  • Erasure (in certain circumstances)
  • Restriction of processing (in certain circumstances)
  • Objection to processing based on legitimate interests
  • Data portability (in certain circumstances)
  • Withdraw consent at any time where processing is based on consent

 To exercise your rights, contact us using the details in section 1.

 

    10. Complaints

  • If you’re unhappy with how we handle your information, please contact us first so we can try to resolve it.
  • You also have the right to complain to the UK Information Commissioner’s Office (ICO):

            ICO website: Information Commissioner’s Office

           Telephone: 0303 123 1113

 

    11. Security

 We use appropriate technical and organisational measures to protect your information. However, no website or email transmission is completely secure, please avoid sending highly sensitive information by email unless we have agreed a secure method.

 

    12. Cookies

 We may use cookies and similar technologies to make our website work and to understand how people use it.

  • Essential cookies are required for the website to function.
  • Non-essential cookies (e.g., analytics) are used only where you consent.

You can manage cookies through your browser settings and, where available, our cookie preferences tool.

 

    13. Changes to this Privacy Notice

 We may update this notice from time to time. The latest version will always be posted on this page with the “Last updated” date.

 

©Copyright 2022. All rights reserved.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.