Get 10% off Unity Gala ticket bookings if you book by 20th June! Discount applied automatically at basket with code EARLYBIRD View Event

Legal

Privacy Policy

Last updated: May 2026

Please read this important information as by using this site you are agreeing to our privacy policy.

Deen Trust International ("DTI", "we", "us", "our") is a charity registered in England & Wales under charity number 1190475, and a private company limited by guarantee registered in England & Wales under company number 12506348. Our registered office is at 73 Wynndale Drive, Nottingham NG5 1HD, United Kingdom. Our correspondence address is 209 Berridge Road, Forest Fields, Nottingham NG7 6HR, United Kingdom.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, DTI is the data controller of personal data you provide through events.deentrust.org (the "Events Site"). We are registered with the UK Information Commissioner's Office (ICO) under registration number ZC148239.

We are also registered with the Fundraising Regulator (https://www.fundraisingregulator.org.uk/), the independent regulator of charitable fundraising in the UK, and we follow its Code of Fundraising Practice.

If you have any questions about this policy, or want to exercise your rights, please contact us at [email protected].

 

1. What this policy covers

This policy explains what personal data we collect when you visit the Events Site, book tickets for our fundraising events, contact us through the site, or attend an event in person. It also explains your rights and choices under UK data-protection law.

It does not cover the separate donate.deentrust.org donation app — see its own privacy policy — or the main deentrust.org corporate site.

 

2. What data we collect

When you book a ticket we collect:

  • Identity and contact data — your first name, last name, email address, billing address (and country), and optionally a mobile or telephone number.
  • Order data — the event you booked, the ticket type and quantity, any seat or table allocation, the total paid, the currency, and the order reference.
  • Dietary and accessibility data (only if you choose to provide it during checkout or by contacting us) — dietary requirements, allergens, mobility needs, or any other reasonable adjustments you ask us to make. This may include special-category data (for example, information about a medical condition that affects your diet). We rely on your explicit consent to handle this, and we share it only with the venue or caterer on a need-to-know basis.
  • Guest-name data (where a ticket admits a named guest other than the buyer) — first and last name of the guest you are bringing, if you supply it.
  • Payment data — handled directly by Stripe Payments UK Ltd (https://stripe.com/gb/legal) via our ticketing back-end. We do not see or store your full card number, CVV or PIN. We receive a tokenised reference, the card brand, last four digits, and the result of the transaction.
  • Check-in data — a unique QR-code token issued for your ticket, plus a timestamp and (optionally) the device/staff member who scanned you in at the venue.
  • Marketing preferences — your choices about how we keep in touch (email, SMS, post, telephone), the date you set them, and the version of our policy that applied when you did so.

When you contact us through the site (for example, via a contact form or by emailing us), we collect whatever information you choose to send us — typically your name, contact details, and the contents of your enquiry.

When you simply browse the Events Site we collect:

  • Technical data — your IP address, device, browser, language, and referring page (used for security, fraud prevention, and — with your consent — anonymised analytics).
  • Cookies and similar technologies — see Section 9.

Server logs may briefly retain IP addresses and request metadata for security and abuse-prevention purposes.

We do not target the Events Site at children. If you are under 16, please ask a parent or guardian to book on your behalf.

 

3. Why we use your data and our legal basis (Purpose and Legal basis (UK GDPR Art. 6))

  1. Fulfil your ticket order — send confirmation, issue the QR-code ticket, manage seating, and respond to  enquiries about your booking. Performance of a contract / our agreement to act on your instructions
  2. Communicate event-essential updates — venue changes, time changes, parking, scanning and arrival instructions, cancellations. Performance of a contract / legitimate interests
  3. Manage allergies, dietary requirements and reasonable adjustments at the venue. Your explicit consent (Art. 9(2)(a) for special-category data); performance of a contract for non-sensitive dietary preferences.
  4. Maintain accounting records and report to the Charity Commission and HMRC. Legal obligation (Charities Act 2011, Companies Act / charity SORP).
  5. Detect and prevent fraud, chargebacks, ticket-touting and unauthorised use of the site. Legitimate interests (protecting our supporters and our charitable assets).
  6. Send you postal updates about our work as an existing supporter. Legitimate interests, with the right to object at any time.
  7. Send you marketing emails, SMS or telephone calls about future events, appeals and our work. Your consent (you can withdraw it at any time — see Section 7).
  8. Analyse how visitors use the Events Site so we can improve it. Your consent (analytics cookies).
  9. Comply with subpoenas, court orders, or other legal obligations. Legal obligation.

 We do not sell your data, and we do not use it for marketing without your separate, opt-in consent.

 

4. Who we share your data with

We share the minimum data needed with carefully selected providers:

  • Stripe Payments UK Ltd — to process card payments. See the Stripe Privacy Policy (https://stripe.com/gb/privacy).
  • Our ticketing platform (Medusa-based commerce back-end) — to manage orders, inventory and post-purchase ticket delivery. Hosted on our behalf under a written data-processing agreement.
  • Email and SMS providers — to send your order confirmation, QR-code ticket, event reminders and any marketing communications you have consented to.
  • The Charity Commission for England & Wales — for statutory reporting (in aggregate, not individual attendees).
  • Venues and caterers — only the information they need to admit you, seat you and (where relevant) accommodate dietary requirements. We do not share contact details with venues unless you ask us to.
  • Authorised charity staff and volunteers — to operate the event (door check-in, table allocation, hosting).
  • Postcode and address-lookup providers — to help you complete your billing address quickly. We send the postcode or partial address you type; we do not share other identifying information.
  • Google Analytics (if you have given analytics-cookie consent) — anonymised usage data only; we have enabled IP anonymisation.
  • Our hosting and back-office providers — to store and process your data securely on our behalf, under written data-processing agreements.
  • Professional advisers and auditors — where needed for legal, financial or audit purposes.
  • Law enforcement, regulators and courts — where we are required to do so by law.

We do not sell your data and we do not share it with other charities for marketing purposes.

 

5. International transfers

Some of our providers (notably Stripe and Google) process data outside the UK. Where this happens, we rely on UK adequacy decisions, the UK International Data Transfer Agreement, or Standard Contractual Clauses with appropriate safeguards, so that your data continues to receive equivalent protection.

 

6. How long we keep your data

  • Order and ticket records — 6 years from the end of the financial year of the event, in line with charity-accounting and HMRC requirements.
  • Accounting records — at least 6 years, as required by charity and company law.
  • Dietary and accessibility data — only until the event has finished and reconciliation with the venue is complete; then deleted (unless you ask us to keep it on file for future bookings).
  • Check-in scan records — 12 months from the event date for safeguarding, capacity-planning and fraud-investigation purposes; then deleted.
  • Marketing preferences — for as long as you wish to hear from us. If you opt out we keep a minimal suppression record so we don't accidentally contact you again.
  • Contact-form messages — for as long as is useful to handle the conversation, and then deleted on request.
  • Anonymous-analytics data — typically up to 14 months in Google Analytics.

 

7. Marketing communications

 We will only send you marketing emails, SMS or telephone calls about future events and our wider work where you have given us consent to do so. You can change your marketing preferences at any time:

  • By using the preferences link at the bottom of any marketing email or SMS we send you.
  • By emailing [email protected].
  • By replying STOP to any marketing SMS.

Withdrawing your marketing consent does not affect our ability to send you transactional messages (such as the QR-code ticket for an event you have already booked, venue changes, or notices required by law).

 

8. Your rights

Under UK GDPR you have the right to:

  1. Access the personal data we hold about you.
  2. Rectify data that is inaccurate or incomplete.
  3. Erase your data in some circumstances (we may need to retain order, accounting and safeguarding records to meet legal obligations).
  4. Restrict or object to certain types of processing, including direct marketing and processing based on legitimate interests.
  5. Portability — receive a copy of the data you provided, in a structured, commonly-used format.
  6. Withdraw consent at any time where we rely on consent (including the dietary/accessibility data you have shared and your marketing preferences).
  7. Not be subject to a decision based solely on automated processing that produces legal effects (we don't do this).

To exercise any of these rights please email [email protected]. We will respond within one calendar month.

 

9. Cookies

The Events Site uses a small number of cookies and similar technologies. You will be asked for your consent on first visit; you can change your choices at any time using the Cookie preferences link in the footer.

  • Strictly necessary (always on) — first-party cookies that remember your cookie choices, your cart contents, your checkout progress, and your session. Stripe also uses cookies that are essential for fraud detection on payments.
  • Analytics (consent required) — Google Analytics, configured with IP anonymisation, to help us understand which events and pages visitors interact with so we can improve them. We do not use Google's advertising features.
  • Marketing (consent required) — currently not in use. If we add marketing or remarketing technologies in future they will only load with your consent.

 

10. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS), role-based access controls, hardened hosting and regular review. Card payments are PCI-DSS compliant via Stripe; we never see or store your full card number. QR-code tickets are signed tokens that cannot be re-used after check-in.

No system is perfectly secure. If we suspect a breach affecting your data, we will notify the ICO and (where required by law) you, in line with our breach-response procedure.

 

11. Children

The Events Site is not directed at children. Children are welcome to attend our events when accompanied by an adult who has booked their ticket. If you are under 16, please ask a parent or guardian to book on your behalf. If we become aware that we have collected data from a child without appropriate consent, we will delete it.

 

12. CCTV, photography and recording at events

Some venues operate CCTV for the safety of attendees; the venue is the data controller for its own CCTV footage and its own privacy notice applies. Our events may also be photographed or filmed by us or our authorised media partners for promotional, reporting and archival purposes. See Section 7 of our Terms of Use for how to opt out of incidental capture.

 

13. Complaints

If you have a concern about how we have handled your personal data, please contact us first at [email protected] so we can try to put things right.

You also have the right to complain to the UK Information Commissioner's Office:

Concerns specifically about our fundraising can also be referred to the Fundraising Regulator (https://www.fundraisingregulator.org.uk/complaints).

 

14. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top tells you when the current version took effect. Material changes affecting how we use your data will be highlighted on the Events Site.

 

15. Related documents

See also our Terms of Use (/terms) for the Events Site, the separate privacy policy for donate.deentrust.org, and the main deentrust.org site for organisation-wide policies.

 

16. Contact

 For any questions about this policy or your personal data:

  • Email: [email protected]
  • Phone: +44 (0)300 180 0234
  • Post: 209 Berridge Road, Forest Fields, Nottingham NG7 6HR, United Kingdom