Privacy & Payment Security Policy

Last updated: 14 January 2026

Introduction

SMART Recovery UK (“we”, “us”, “our”) is committed to respecting your privacy and keeping your personal data safe. This policy explains how we collect, use, store, and protect your personal information when you visit our website, contact us, or make a donation or payment. It also explains your rights under data protection laws.

Personal Data We Collect

We may collect the following types of personal data:

Information you provide directly

• Name, email, and contact details when you fill in forms on our website
• Information when requesting support, guidance, or giving feedback
• Optional information when registering to volunteer

Information collected automatically

• IP address and device/browser details
• Approximate location based on IP address
• Website usage data (pages visited, time spent on site) via Google Analytics

Our website is not intended for children, and we do not knowingly collect personal data from anyone under 18.

How We Use Your Personal Data

We use your personal data to:

• Respond to enquiries, feedback, and support requests
• Provide the services and information you request
• Send email communications if you have opted in
• Improve our website and services using anonymised analytics
• Meet legal and regulatory obligations
• Protect our organisation and users from fraud or misuse

Legal Basis for Processing

• Consent: Where you have agreed to receive communications or analytics tracking.
• Legitimate interests: To operate and improve our website and services, respond to enquiries, and maintain security.
• Legal obligations: Where required by law or regulation.

How We Protect Your Data

• Secure encrypted connections (HTTPS/TLS) for website traffic
• Access to personal data restricted to authorised staff
• Regular backups and secure storage of data
• Staff training on data protection and confidentiality
• Policies and procedures to prevent unauthorised access or misuse

Payment Security & PCI DSS Compliance

SMART Recovery UK does not store, process, or transmit payment card details on our systems. All payments and donations are securely processed by trusted third-party providers, including PayPal, who are fully PCI DSS compliant.

When you make a payment:

• Your card details are entered directly into the payment provider’s secure system
• We do not have access to your full card number, CVV, or PIN
• Payment information is encrypted and transmitted securely

Our payment providers are responsible for maintaining PCI DSS compliance. We ensure all transactions are handled safely and securely.

Sharing Your Data

We do not sell your personal data. We may share limited data with trusted third parties to:

• Analyse website usage via Google Analytics
• Manage mailing lists and communications
• Support website operation and hosting

All third-party providers must process your data securely and according to our instructions.

Data Retention

• Website analytics: up to 26 months
• Mailing list data: until you unsubscribe
• Enquiries and correspondence: up to 2 years after last contact

Data is deleted or anonymised when no longer required.

International Data Transfers

Some service providers may process data outside the UK. We ensure appropriate safeguards, such as contractual protections or adequacy agreements, are in place for these transfers.

Cookies and Analytics

We use cookies to ensure proper website functionality and to understand how visitors use our site. Google Analytics helps us track anonymised usage data to improve our content and services. You can manage or disable cookies in your browser settings.

Your Rights

You have the right to:

• Request access to your personal data
• Request correction of inaccurate data
• Request deletion where applicable
• Object to or restrict certain processing
• Withdraw consent at any time
• Opt out of marketing communications

To exercise your rights, contact us at [email protected]. You can also complain to the ICO: https://ico.org.uk/concerns/

Changes to This Policy

We regularly review this policy to ensure it is accurate and compliant. Any updates will be posted on this page with a revised “last updated” date.

Contact Us

For questions or concerns about this policy or your data, contact us at [email protected].