We hold personal information about our customers and potential customers. Some of
our customers are companies, and any information held about these customers will be outside the scope of the GDPR.
All 3rd party suppliers, including our support team, are companies rather than individuals, and therefore any information held about them is deemed to not fall within the requirements of the GDPR.
What systems do we have?
We identified the following systems:
Our website – Essential to display our orders and for customer to purchase goods from us
Our CRM platform – Our Content Management System is Joomla
An accounts reconciliation tool – our accounts reconciliation software is Excel kept on a secure system
Payment processors – Our payment processors are Go Get Funding and PayPal kept on a secure independent system
Internal service for email newsletters via the CRM.
We also noted that we have development and test versions of some of these systems, but that they don’t contain live customer data.
| What we hold | How we obtained it | Where we hold it | Why we hold it* |
| Full Name | Entered by customer when the sign up | Main CMS database | Critical for placing online orders |
| Customer Address | Entered by customer when the sign up | Main CMS database | Critical for shipping order to customer |
| Email address | Entered by customer when the sign up | Main CMS database | Critical for communication with customerand used for marketing with the customer’s consent |
| Country | Determined by IP address resolution at the time the customer signs up for a subscription | Main CMS database | Used for the purposes of determining VAT and maintaining financial records to demonstrate compliance. |
* In general the information is held to provide the service that the customer has paid for, and for us to extract and reconcile our financial information. Where there are additional uses of the data these are documented here.
How do we obtain consent?
We obtain consent by means of a check box on our website when the user signs up. This will cover:
1. GENERAL CONSENT: I consent to you holding information about me for the purposes of providing me with any services that I am paying for, and which My Foundations are required to collect and hold to comply with any legal or regulatory requirements. I consent to you communicating with me by email and telephone to discuss any issues which may arise relating to the ongoing safety and management of my account.
2. ADVICE COMMUNICATIONS: I consent to you sending me emails after I have donated, with advice on how to use the service. This may include notification of new projects which I am able to access as a result of my donation for no additional cost.
3. MARKETING COMMUNICATIONS: I consent to you sending me emails advising on news and general marketing from My Foundations. Your data will not be passed to any 3rd parties.
How do we keep our data secure
We have taken out a maintenance contract to ensure our CMS is kept up to date with the latest software and security patches.
We have a 128bit security encryption certificate to ensure data is not captured between the user and the CMS.
Subject Access Requests
If a subject request access to their data they must submit a written request by Royal Mail recorded delivery to:
<add address here>
Upon receipt of the request, My Foundations will provide data on the subject within one month. There is no charge for this service.
Right to be forgotten
Subjects can ask for data we withhold on them to be deleted under the right to be forgotten. This data will not include aspects of financial information that My Foundations are required to retain due to accounting and taxation regulations
Some of our data we can’t delete as it could break the integrity of one or more of our systems, so we will anonymise rather than delete it – changing the customers name to “Deleted Deleted” and their address to “1 Deleted Road” for example.
To request your right to be forgotten please submit a written request by email to:
hello@my-foundations.org
Upon receipt of the request, My Foundations will action the request within one month. There is no charge for this service.
