Privacy statement

Data is important and in line with new GDPR regulations effective from 25 May 2018, this privacy policy will outline how we collect, store and use your personal data.

The new regulations instructs us that personal data must be:

Processed in a lawful manner and handled both fairly and transparently

Relevant and limited to it’s intended purpose

Accurate and where required, kept updated

Stored and used in a manner which is secure

The Rainbow Foundation is committed to protecting and respecting your privacy. Any personal data you provide for the purposes of accessing our services, The Rainbow Foundation as the Data Controller, is responsible for sorting and processing that data in a fair, lawful, secure and transparent way.

What personal data we hold on you

If you are enquiring about our services, you may give us information about yourself or a family member via email, over the phone or by filling in registration forms. The information you provide when you register may include your name, details of your situation as well as providing your address, e-mail address, phone number and specific information.

Why we need your personal data

The reason we need your Data is to be able to provide you with service.  Our lawful basis for processing your personal data is that we have a legitimate interest to provide the services you are expressing an interest in.

How long we hold your personal data

We will hold your personal data on file for as long as it is required to provide you with a service from The Rainbow Foundation, plus time to provide any relevant reports to our funders.

Our data retention period is 12 months and once you are no longer a service member, the data we hold will be restricted for basic reporting purposes only and all other information will be securely destroyed when no longer needed. 

Who we share your personal data with

In the event that you have contacted us to enquire as to what groups, services and / or organisations are available to support you, we may sometimes need to share your information with the third-party organisation in question. This may be verbally, in writing or via email. Permission to contact a third-party organisation on your behalf will be expressly requested beforehand.

Cookies (embedded content from other websites)

From time to time, we may embed content from other websites. Embedded content from other websites behaves in the same way as if the visitor has visited the third party website.

Embedded content may include – though is not limited to – videos, images and relevant articles. 

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Data analytics

The Rainbow Foundation uses Google Analytics to see how well our website is performing and enable us to improve our website services. This data is consolidated and anonimised by the data analytics programme and as a result, no indefinable data is used during this process.

Full details on the Google Analytics Privacy Policy can be found here.

Marketing and service updates

Contact information may be used to contact you about the service(s) you accessed and / or enquired about.  This may occasionally include marketing materials relevant to the aforementioned service(s). You will only be contacted regarding the service you have expressed an interest in and where permission has been granted for us to contact you regarding the aforementioned service(s).

Your rights

You have the right to:

  • receive a copy of the information we hold about you
  • request your information be changed if you believe it was not correct at the time you provided it
  • request that your information be deleted if you no longer want to take part in our research

If at any time you are unsure of the data held on you by The Rainbow Foundation, you are able at any time to submit a Subject Access Request (SAR) by emailing us at

As per GDPR regulations, responses to SAR’s will be made within 30 days of acknowledging the email, detailing all information held on the requestor.