Privacy Policy

Privacy Policy

Clean Sheet is committed to safeguarding your privacy. Contact us at if you have any questions or problems regarding the use of your Personal Data and we will gladly assist you.

By using this site or/and our services, you consent to the Processing of your Personal Data as described in this Privacy Policy.

Table of Contents

  1. Definitions used in this Policy
  2. Data protection principles we follow
  3. What rights do you have regarding your Personal Data
  4. What Personal Data we gather about you
  5. How we use your Personal Data
  6. Who else has access to your Personal Data
  7. How we secure your data
  8. Information about cookies
  9. Contact information


Personal Data – any information relating to an identified or identifiable natural person.
Processing – any operation or set of operations which is performed on Personal Data or on sets of Personal Data.
Data subject – a natural person whose Personal Data is being Processed.
Child – a natural person under 16 years of age.
We/us (either capitalized or not) – Clean Sheet

Data Protection Principles

We promise to follow the following data protection principles:

  • Processing is lawful, fair, transparent. Our Processing activities have lawful grounds. We always consider your rights before Processing Personal Data. We will provide you information regarding Processing upon request.
  • Processing is limited to the purpose. Our Processing activities fit the purpose for which Personal Data was gathered.
  • Processing is done with minimal data. We only gather and Process the minimal amount of Personal Data required for any purpose.
  • Processing is limited with a time period. We will not store your personal data for longer than needed.
  • We will do our best to ensure the accuracy of data.
  • We will do our best to ensure the integrity and confidentiality of data.

Data Subject’s rights

The Data Subject has the following rights:

  1. Right to information – meaning you have to right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
  2. Right to access – meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered.
  3. Right to rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
  4. Right to erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records.
  5. Right to restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
  6. Right to object to processing – meaning in certain cases you have the right to object to Processing of your Personal Data, for example in the case of direct marketing.
  7. Right to object to automated Processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
  8. Right to data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
  9. Right to lodge a complaint – in the event that we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please contact us.
  10. Right for the help of supervisory authority – meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
  11. Right to withdraw consent – you have the right withdraw any given consent for Processing of your Personal Data.

Data we gather

Information you have provided us with
We collect personal information from you whenever you sign up for events or communications. For example, when you provide details on a contact form, make a donation, sign up to attend an event or otherwise provide your personal details, we collect the information you provide.

Information automatically collected about you
We may collect non-personal data such as IP addresses, details of pages visited and files downloaded. Website usage information is collected using cookies. See our section on cookies below.

Where you give permission to other organisations
We may collect information that you make available on, for example, Twitter, Facebook, LinkedIn or similar organisations. You may wish to check their privacy policy to find out more information on how they process your data.

Sensitive data
Where you provide the information, we may collect sensitive personal data, including but not limited to, your gender, age and religious beliefs.

Publicly available information
We might gather information about you that is publicly available.

How we use your Personal Data

We may use the Personal Data we collect to:

  • Keep you up-to-date on news and events about our mission and work
  • Send appeals and updates
  • Process donations you give us, including gift aid
  • Provide a personalised service, such as customised website content or personalised emails
  • Keep records of your relationship with us e.g. questions you have asked or complaints you have made

Basis of processing data
We must process information about you lawfully, transparently and fairly. This is the reason we are giving you this Privacy Policy. To process your data legally, one of the following criteria must be met:

  1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  3. processing is necessary for compliance with a legal obligation to which the controller is subject;
  4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Who else can access your Personal Data

We will only share your data with a third party where we engage with them in order to complete our legitimate transaction with you, the data subject. Typically, this will include

  • recruitment agencies – who provide details of your CV and other information which you have given to them;
  • our outsourced payroll company, which will hold data about you in order to process your pay;
  • insurance, pension and other companies we use to provide staff pay, benefits and insurances, such as an Employee Assistance Programme;
  • Occupational Health providers, doctors and other health professionals who provide us with advice on employee medical conditions and sickness management providers (and there are separate rules around our access to such information);
  • HMRC, regulatory authorities and Government Departments to comply with our duties and legal obligations in relation to, for example, safe recruitment, tax, sick pay, maternity/ paternity / adoption leave pay and social security information;
  • the Disclosure and Barring Service; and
  • agencies who request information about you in relation to an application by you for credit or a reference (such as a mortgage lender or lettings agent). In such cases you will be asked to consent to us providing them with this information.

Transfer to a third country

All of our third-party providers which process your personal data, are checked to make sure that where data is transferred outside the UK, it is processed in a way that it is offered the same levels of protection as in the UK. Where data is transferred to countries in the European Economic Area (EEA), these countries are covered by adequacy regulations. Where data is transferred to the US there is a data protection agreement with the third-party provider based on Standard Contract Clauses.

How long do we hold your data for?

Clean Sheet has a clear policy which sets out the length of time it will hold and process your information. These timeframes can be found in Clean Sheet’s Data Retention Schedule which is part of our Data Protection and Confidentiality Policy, which is available upon request.

For information on your information rights see the ‘What are your information rights section?’ below.

Security, storage and protection of your information

We ensure that we have in place appropriate technical controls in place to protect any personal data you provide. We ensure that access to personal data is restricted only to those staff members or volunteers whose job roles require such access and that suitable training is provided for these staff members and volunteers.

If you have an account with us, note that you have to keep your username and password secret.


We do not intend to collect or knowingly collect information from children. We do not target children with our services.

When do we share your information?

We do not share or swap your information with other 3rd parties. We may need to pass on information if required by law or by a regulatory body, for example, a Gift Aid audit by the HMRC, or if asked for details by a law enforcement agency. In some cases, such as with our clients, there are other circumstances in which we share personal information.

What are my information rights?

You have the right to be informed about the collection and use of your personal data. We endeavour to deliver transparency and always inform you on how we use your data. The how’s, why’s and what’s of using your data are detailed primarily in this privacy policy.

You have the right to read our privacy information before giving us your information. We make sure you have an opportunity to read this before you give us your data.

You are entitled to have our privacy policy within one month of us receiving your data from third parties. There are some exceptions to this rule, such as if you already have access to the privacy policy or if it would require a disproportionate amount of effort to provide you with it.

You have a right to access your personal data. Where we feel a request is excessive or requires significant administrative effort we can charge a fee.

You have the right to change inaccurate personal data we hold about you. You can make a request for us to do this verbally or in writing. Where we feel a request is excessive or requires significant administrative effort we can charge a fee.

You have the right to request that we erase all the personal data we hold about you. This is known commonly as ‘the right to be forgotten’.

You have the right to request the suppression or restriction of your personal data. Where data is restricted we are permitted to hold it but not use it. We have one calendar month to process this request, which can be made verbally or in writing.

You have the right to data portability, this means you should be able to easily copy, transfer or move personal data between different places, applications or services without effecting its usability or security.

These rights are not always absolute and certain exceptions apply to each one. We have up to one calendar month to respond to your requests. This can vary – for some requests it is 30 days. If you are in doubt or have any questions please get in touch.


We collect data using cookies – cookies are a normal feature on the majority of websites in use today.

You can normally turn off cookies from your browsers settings if you would like to. However some parts of our website may not work as well, or at all, for you.

We recommend that you opt into cookies for an optimal experience of our website.

Cookies do various things, such as logging the details you use filling in a form, logging as you move from page to page, or logging whether you prefer a mobile or full-size website. Often these are stored as a cookie, but can be saved in your browser instead.

You can remove cookies stored in your computer via your browser settings. Alternatively, you can control some 3rd party cookies by using a privacy enhancement platform such as or For more information about cookies, visit

We use Google Analytics to measure traffic on our website. Google has their own Privacy Policy which you can review here. If you’d like to opt out of tracking by Google Analytics, visit the Google Analytics opt-out page.

Contact Information

Clean Sheet
Phone: +44 300 123 3045

Supervisory Authority
Organisation: Information Commissioners Office
Phone: +44 303 123 1113

Changes to this Privacy Policy

We reserve the right to make change to this Privacy Policy.
Last modification was made 11th April 2024.