Important Information

TAAP Fundraiser Privacy Notice

TAAP Fundraiser Privacy Notice

TAAP Fundraiser Privacy Notice

Last update: 9th June 2021

Your privacy is important to us. Our goal is to make TAAP Fundraiser a great experience while processing your personal data fairly and transparently. This Privacy Notice (the “Privacy Notice”) aims to describe how we process your personal data in the context of your use of TAAP Fundraiser and to inform you of the rights you hold as a result. The TAAP Fundraiser Product is made up of a Portal (“Website”) for use by an Organisation who subscribe to the Product and a mobile application for use by the Organisations employees to collect donations. Privacy Notice applies only to our Website and to the services provided through our mobile application (the “TAAP Fundraiser App”). Use of the TAAP Fundraiser Product is your use of our Services

1. Introduction and applicability

In light of the UK GDPR legislation on the protection of personal data (the “General Data Protection Regulation”, known as the “UK GDPR” 2016/679 and Data Protection Act 2018), we would like to disclose, in a transparent manner, our data processing operations with respect to the personal data collected by your use of our Services. Kindly observe that this Privacy Notice does not apply to any external products or services such as applications or software that integrate with other services (“Third Party Services”) Furthermore, please note that our Services may contain links, embedded or not, to external websites and services that have privacy policies of their own and fall outside the scope of this Privacy Notice.

We are committed to ensuring that your personal data is kept confidential, and that it is only collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. For any question regarding the collection or processing of your personal data, or for any request to exercise your rights in relation to your personal data, you can contact us in writing at any time to

For more details on data processing, its scope and purpose, the relationship between the Data Controller and the Data Processor, please visit our Data Processor Agreement (DPA).

2. Who is responsible for the data processing?

TAAP Ltd, having its registered office at Kinetic Centre, Theobald Street, Borehamwood, Hertfordshire WD6 4PJ under company number 04962797 is the Data Processor for the processing of your personal data collected via the Product and for the processing carried out when you subscribe to and/or use our Services and so enter information when creating your account. TAAP Fundraiser is one of many products incubated and built in the United Kingdom by TAAP Ltd.

The Organisation that purchases TAAP Fundraiser is the Data Controller.
On donating and opting in for communications and/or GiftAid, you are giving your consent to the processing of your personal data by TAAP Ltd (Data Processor) and the subscribing Organisation (Data Controller) that shall use the TAAP Fundraiser Product.

3. What is personal data?

Personal data (which should be understood to include personally identifiable information, or PII for short) is any information relating to an identified or identifiable natural person. It is sufficient that the data shall allow us to establish a (direct or indirect) link between one or more datapieces and a natural person.
Personal data does not include anonymous or non-personal data (i.e. information that cannot be associated with or tracked back to a specific individual) or personal data that has been independently anonymised. By your use of our Services, you in any case consent to the processing and using of anonymous and non-personal data that is no longer associated with any natural person.

4. Description of processing

What information will we collect?
• Account registration for use of the TAAP Fundraiser Product
When an Organisation registers for an account, details provided are required to create an admin user providing access to the Portal. The registration requires;
o Admin Name – unique identifier
o Admin Email Address – Needed to provide access to the Website for account
• TAAP Fundraiser Portal – Your administrator will setup users of the system which will include the following data
o Display Name – unique identifier and needed to Identify who has logged in
• TAAP Fundraiser app
Used by the Organisations employees to collect donations. Where a donor chooses to
Giftaid and/or opt-in to communications and marketing by the Organisation then data will need to be collected to be able to collect the Giftaid and/or provide communications to the Donor in the future. These details will be sent back to the Portal for visibility of who has Giftaided and/or opted in. The information provided includes:
o Donor First Name
o Donor Last Name
o Address
o Postcode
o Telephone Number
o Email

5. For what purpose will we process your data? Will my personal data be shared?

Your data will be processed for specified, explicit and legitimate purposes as described in section [4].

We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us using the details in section 10.

We may, from time to time, use your personal data for reporting and for making improvements to our Services; in such instances we will always ensure an individual cannot be identified. Your personal data may be transferred to our trusted third-party processors, this will be for purposes such as: hosting of our servers, project management tools and customer relationship management system.

Our trusted third-party processors are contractually bound by us to keep your information confidential and used only for specified, explicit, and legitimate purposes as specified in section [4].

Some messages from us are service-related and necessary for customers. You agree that we can send you non-marketing emails or messages, such as those related to transactions, your account, security, or product changes/updates.

With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email with information, news, and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out. We will always obtain your express opt-in consent before sharing your personal data with third parties for marketing purposes and you will be able to opt-out at any

If you have agreed that we can use your information for marketing purposes, you can change your mind easily, via one of these methods:
Send an email to: or write to us at: Unsubscribe, c/o Data Protection Officer, Kinetic Centre, Theobald Street, Borehamwood, Hertfordshire WD6 4PJ.

We will never lease, distribute or sell your personal data to a third party without requesting your prior permission. We will not transfer your data to other third parties without informing you separately beforehand in the exceptional cases where we are either legally required on important public interest grounds, or for the establishment, exercise or defence of legal claims.

6. Legal Basis for processing personal data

Our legal basis for collecting and using the personal data described above will depend on the personal information concerned and the specific context in which we collect it. However, we will generally only collect personal information from you where;
• We need the personal information to perform a contract with you upon signup and
acceptance of our End User License Agreement (EULA);
• The processing is in our legitimate interest and not overridden by your right
• You have given your consent to do so

We have a legitimate interest in operating our services, for example when responding to your queries, improving our services, undertaking marketing.
In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the GDPR and your legal rights.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not.

7. Security of your data

Protecting personal data from access, loss or alteration is of the utmost importance to us. All visitor records, photos, account data, configuration data and contact information are stored in the Cloud, data centres within the United Kingdom.
Servers are updated with the latest security patches during scheduled routine maintenance.

The TAAP Fundraiser app and Website (referred to as our Services) access data using our secure API (short for: application program interface – how software components interact with each other forming the basis of software applications). The API uses encryption for data in transit, and every request must include a time-limited authentication token generated by the authentication system. Donor data is encrypted at rest. For support purposes, a limited number of senior engineers can access client data via a virtual private network secure tunnel, controlled by private
key-based secrets and multi-factor authentication.

As a Website user, you will log in with a username and password, managed by your Admin as specified in [4]. User passwords are hashed at all times and cannot be accessed or intercepted as we use Secure Socket Layer (SSL) technology.

There are three user levels that can be set, controlling access to devices and portal functions. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with
any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Where will your personal data be processed?

Donor data collected via our Services is only stored and/or processed within the United Kingdom. Sometimes we will need to share your personal data with third parties and suppliers outside the United Kingdom. This will be for purposes such as: Technical Support, Project Management Tools and our Customer Relationship Management system.

Where your personal data is transferred outside the UK, it will only be transferred to countries that have been identified as providing adequate protection for UK data, or where approved transfer mechanisms are in place to protect your personal data, i.e., by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties). If you wish for more information about this, please contact

Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.

9. How long will we hold your data?

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected or to comply with applicable legal, tax or accounting requirements in accordance with our data retention policy. Following that period, we’ll make sure it’s deleted or anonymised.

For the Donor data submitted by the TAAP Fundraiser App into the Website, the data will be held for a period of up to 30 days only. Should you wish to see a copy of our Data Retention Policy, this can be requested by email to

10. Data subject rights

It’s your personal data and you, as a data subject, have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time. Follow the unsubscribe instructions contained in the marketing communication, or send your request to

Under data protection law, you have rights including:
• Your right of access – You have the right to ask us for copies of your personal
• Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
• Your right to restriction of processing – You have the right to ask us to restrict the
processing of your information in certain circumstances.
• Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
• Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
• You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

You can exercise these rights at any time by sending an email to

If you’re not happy with how we are processing your personal data, please let us know by sending an email to We will review and investigate your complaint and get back to you within a reasonable time frame.
You may be able to refer your complaint to the relevant data protection authority. For the UK, this is the Information Commissioner’s Office (ICO).

Information Commissioner’s Office
Wycliffe House
Water Lane
Cheshire SK9 5AF
Helpline number: 0303 123 1113

This privacy statement was last updated: 9th June 2021 under version 1.

If you have any questions, let us know.