Data Protection

Data protection and security go hand-in-hand. Click here for the Security page.

Our Role as your Supplier

Data Processor

In the eyes of the GDPR we are the Data Processor (read more) and you, the client are the Data Controller. As such we have a comprehensive data processing agreement which sets our commitments and obligations as your data processor. This is updated from time to time in line with legislation and improvements. The full DPA can be viewed here.

Your data is safe and sound in our servers. But sometimes your data may be handled by other parties - for example when you integrate Donorfy with Mailchimp. These sub-processors, as they are called in GDPR, are listed here.

Sensitive Data

Credentials such as passwords and API keys are strongly encrypted. Donorfy does not store any usable credit card or bank account details. They are stored by the payment processors’ systems (see Integrations) which themselves are subject to the strictest compliance regulations.

Donorfy’s role in enabling you to comply with data protection legislation

Donorfy provides a host of features to enable you to meet your obligations as a data controller, and to enable you to set and comply with your own data management policies. These features include:

  • Legitimate Interest or Opt In policy, for each comms channel.
  • Preference Centre.
  • Bulk archive and bulk delete to ensure data retention policy can be adhered to.
  • Filtering based on channel permissions.

ICO Registration

Donorfy is registered with the ICO.