Privacy Policy

The Foundation of Hearts (‘FoH’) is committed to protecting and respecting your privacy and we make it our highest priority to safeguard the confidentiality of all personal information you provide to us.

This Privacy Notice sets out the approach that we take to the handling your personal data. Please read it to understand how we protect the information you provide to us.

Information that we collect from you
We collect and retain personal information in relation to all of the FoH pledgers specifically name, home address, email address and total value of contributions received. We also collect personal bank details via an Application Program Interface (‘API’) on our website with our partner GoCardless under a service agreement. Whether or not you provide us with this kind of information is always entirely under your control.

We may also collect information about your usage of our website but we do so at an aggregated level and not in a manner that allows you to be identified personally.
In order to minimise the impact on your privacy, we will never knowingly collect more data than is strictly necessary to perform the activities described in this notice.

Use of your information
Your information is used to:
• Allow us to collect payments from you as a pledger to FoH as instructed by you;
• Maintain a register of members for corporate purposes;
• Allow us to administer the Maroon Points reward scheme;
• Allow us to contact you from time to time to keep you updated with FoH affairs; and
• Better understand and protect our interests as a member organisation by allowing us to track membership trends at an aggregated level.

Processing your information
We process your personal data in a manner compliant with the General Data Protection Regulation (‘GDPR’). Our legal basis for processing your data is that:
• We are required to do so as per your instruction under a contract (for example, for collecting monthly pledge amounts) or
• We have a legitimate interest in processing the information (for example, maintaining a register of members and administering the Maroon Points scheme)

Disclosure of your information
We may occasionally pass aggregated information on the usage of our website to third parties for research purposes, but this will never include information that can be used to identify you. We share your information with certain third-party data processors for the purposes of one or more of the uses specified above, but always under strict terms of service which ensure that your data remains protected. The third-party data processors we use are:
• Payment providers - GoCardless Ltd (under this service agreement);
• Bookkeepers –JSA Accounting Services Limited; and
• Website managers – Shaw Marketing and Design Limited.

Unless required or permitted to do so by law, we will not otherwise share, sell or distribute any of the information we hold without your prior and relevant consent.

We do not transfer any data to parties located outside the European Economic Area (‘EEA’).

Security and data retention
We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. We make the confidentiality and security of your information our highest priority and we limit access to it to only those FoH directors or appointed officials who need to come into contact with it in order to fulfil their duties.

Although we always do our best to protect your information, the transmission of information via the internet can never be completely secure and we are therefore unable to guarantee the security of the information which you share with us at your own risk.

We will retain your information for a reasonable period, and in particular to preserve your Maroon Points, or for as long as the law requires (whichever period is longer).

All information is retained on secure servers or on encrypted and password protected devices.

Notification of a data breach
We take the matter of protecting your data very seriously. In the event that we become aware of a data breach which we conclude has a high risk of adversely impacting your individual rights and freedoms we will seek to inform you and the relevant authority within 72 hours of becoming aware of the essential facts.

Use of cookies on the website
We do use cookies on our website to enhance your user experience. A cookie is a text file which contains information relating to your web journey and behaviour. It is stored in your web browser to enable us to personalise your experience the next time you visit our website.

Cookies are useful as they can quicken up the web journey for you and can also allow a website to recognise a user’s device.

Our tracking cookies collect information about how you browse and use our website, what pages you visit, how you entered the site and where you left it. This data is anonymous and not specific to you yet helps us to make improvements to your web experience by identifying pages where more visitors may be exiting the website or where visitors may be struggling to find necessary information.

Managing your cookies
You will be able to use the Help menu bar on most browsers to get information on how to block or prevent cookies. This will give you information on how to disable cookies altogether, however it should be noted that this may stop some functions on websites.

Accessing your personal information
You are legally entitled to request at any time:
• To view the personal data we hold about you;
• To request that we do not process your personal data in the manner described above;
• To request that we do not share your personal information with any third-party processor in the manner described above;
• To request that we correct or update any information held about you that you do not believe to be accurate; or
• To request that we permanently delete any personal information we hold relating to you.

Where you wish to make such a request, our preference is that you submit it in writing, along with proof of your identity, to the Foundation of Hearts, c/o Tynecastle Park, Gorgie Road, Edinburgh EH11 2NL, with the envelope marked for the attention of Louise Strutt, Data Protection Officer. Whilst this is our preferred method of contact, you are legally entitled to contact us via any communication channel. We will aim to respond without undue delay and in any event within 30 days of receipt of your request.

Any changes to our privacy notice in the future will be posted to the website and, where appropriate, through e-mail notification.

If you have any further questions or issues around our privacy notice, please contact us at

In the event that you wish to make a complaint or raise an issue with the processing of your data by FoH you can do so by contacting the Information Commissioner’s Office (‘ICO’) via the report a concern section of their website here.