Privacy

Privacy policy.

Written in plain English so you can actually read it. We collect the minimum data needed to keep daughters safe and supporters informed. We never sell your information. If you want it deleted, write to us and we will.

Last updated 13 May 2026 Effective 13 May 2026 Version 4.2

Information we collect

We collect only what we need to run the charity, process donations, communicate with you, and keep daughters safe. The categories are limited and listed in full below.

Information you give us

  • Donor information. Name, postal address, email, phone, billing address, donation amount, payment method (the last four digits and card type are stored, full card numbers are not stored on our servers).
  • Account information. Login credentials if you create a recurring giving account, profile preferences, communication preferences.
  • Communications. The contents of emails, contact form submissions, comments, and any documents you upload.
  • Volunteer and club leader information. Background check results (US), references, training completion, role history. Background check files are handled by a regulated third party and we receive a pass or fail outcome only.
  • Survey and feedback responses. Voluntary information you share when responding to a survey, interview, or program evaluation.

Information collected automatically

  • Usage data. IP address (truncated after 30 days), browser, device type, pages viewed, referrer.
  • Cookies and similar. Strictly necessary cookies for cart and login, plus analytics and preference cookies you can decline.

Information from third parties

  • Payment processors (Stripe, PayPal, The Giving Block) confirm transaction status and fraud signals.
  • Employer and DAF sponsors share gift designation when you direct funds through them.
  • Public registries we check for sanctions screening on large gifts.

How we use it

We use your information for the following limited purposes:

  • Process and acknowledge donations and issue tax receipts.
  • Operate recurring gifts, refund requests, and payment retries.
  • Communicate program updates, impact reports, and event invitations you have opted in to receive.
  • Provide donor care and respond to your questions.
  • Comply with charity reporting, anti-money-laundering, and tax obligations in the US and UK.
  • Improve our website, programs, and communications by reviewing aggregate usage.
  • Recruit and screen volunteers, including safeguarding background checks.
  • Protect the safety of daughters in our care, our staff, and the integrity of our programs.

We do not use your information for behavioural advertising. We do not sell your information. We do not rent our donor list.

Our lawful basis. Under GDPR we rely on legitimate interests for donor administration, consent for marketing communications, contract for paid services, and legal obligation for charity reporting. You can withdraw consent at any time.

Sharing

We share information only with the categories of recipients below, and only as much as is needed for the stated purpose.

  • Service providers who run our website, email, payment processing, CRM, accounting, and analytics. Each is bound by a data processing agreement.
  • Field offices in countries where you have designated a restricted gift, limited to your name and gift amount unless you choose to share more.
  • Auditors and regulators when required by law, including the US IRS, UK HMRC, OSCR, and the Charity Commission.
  • Law enforcement when legally compelled or to protect a daughter, a worker, or the public.
  • Successor entity in the event of a merger of Global Family Care Network with another charity, with notice to you.

We never share survivor information with donors, journalists, or the public except where the survivor herself has provided written informed consent and where doing so does not endanger her or her family.

Your rights

You can exercise the following rights at any time by writing to info@myglobalfamily.org. We respond within 30 days.

  • Access. Request a copy of the information we hold about you.
  • Correction. Ask us to fix anything inaccurate.
  • Deletion. Ask us to delete your information, subject to legal retention rules (we are required to retain donation records for seven years in the US and six years in the UK).
  • Restriction. Ask us to pause processing while we investigate a dispute.
  • Portability. Receive your information in a machine readable format.
  • Objection. Object to processing based on legitimate interests, including direct marketing.
  • Withdraw consent. Unsubscribe from emails using the link at the bottom of every message, or write to us.
  • Complain. Lodge a complaint with the UK ICO, the Scottish OSCR, or your state attorney general.

Cookies

We use a minimal cookie set. On your first visit you see a banner letting you accept or decline analytics and preference cookies. Strictly necessary cookies cannot be declined because the site would not work without them.

  • Strictly necessary. Session, CSRF protection, donation cart. Retained for the session or up to 24 hours.
  • Analytics. Aggregate usage measurement via a self-hosted, IP-anonymised analytics tool. Retained for 26 months.
  • Preferences. Language and accessibility settings. Retained for 12 months.

We do not use advertising cookies or cross-site trackers. You can change your cookie choices at any time via the cookie settings link in the footer.

Children's privacy

Our website is intended for adults. We do not knowingly collect information from anyone under 16. Daughters in our programs do not interact with the public website.

Where we work with minors through our clubs and educational programs, we do so under separate consent from a parent, guardian, or legal sponsor, and according to the safeguarding policy of the country where the program runs. Club rosters are held by the local team and are not uploaded to our central systems.

If you believe we have collected information from a minor in error, write to info@myglobalfamily.org and we will delete it within seven days.

GDPR specifics (UK and EU)

If you live in the UK or the European Economic Area, the UK GDPR and EU GDPR apply.

  • Data controller. Global Family Care Network UK, 27 Albany Street, Edinburgh EH1 3PY. Registered SCIO Scotland · SC049440.
  • Data protection officer. info@myglobalfamily.org.
  • International transfers. When we transfer data outside the UK or EEA, we rely on the UK International Data Transfer Addendum and the EU Standard Contractual Clauses.
  • Supervisory authority. UK Information Commissioner's Office (ico.org.uk). Scottish charities are also supervised by OSCR.

US specifics

If you live in the United States, the following state law rights may apply in addition to the general rights above.

  • California (CCPA and CPRA). You may request the categories of personal information collected, the sources, the purposes, and the parties with whom we share. You may opt out of sale (we do not sell). You may request deletion subject to legal retention rules.
  • Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws. Comparable rights apply. We honour verifiable consumer requests within the statutory window.
  • Charitable solicitation registration. We are registered to solicit in the states that require it. A copy of our registration is available on request, except for non-resident states.
  • Do Not Track. Our site does not respond to Do Not Track because there is no industry consensus on the signal. We do honour Global Privacy Control as an opt out of sale.

Contact

For privacy questions or requests, write to:

Privacy Team, Daughter Project
Email: info@myglobalfamily.org
US post: P.O. Box 13160, Bakersfield, CA 93389
UK post: 27 Albany Street, Edinburgh EH1 3PY

If you do not receive a satisfactory response within 30 days, you may lodge a complaint with the UK ICO (ico.org.uk), OSCR (oscr.org.uk), or your state attorney general.