Empowr CIC Hero Programme
Last Updated: March 2026
Your Privacy Matters
At Empowr CIC, we take your privacy seriously. This policy explains what personal information we collect when you become a Hero, how we use it, and what rights you have over your data.
We've written this in plain English because we believe privacy policies shouldn't require a law degree to understand. If you have any questions after reading this, just email us at hero@empowrcic.org — we're happy to help.
1. Who We Are
Empowr CIC
Community Interest Company registered in England and Wales
Company Number: 13660924
Registered Office: Crown House, 27 Old Gloucester Street, London, WC1N 3AX
Contact Email: hero@empowrcic.org
For the purposes of UK data protection law (UK GDPR and Data Protection Act 2018), Empowr CIC is the data controller — meaning we're responsible for how your personal data is collected and used.
2. What Information We Collect
When You Become a Hero:
We collect the following personal information when you make a donation:
From You Directly (via Stripe):
- Email address — required for payment confirmation and Hero communications
- Name — cardholder name for payment processing
- Payment information — card details, billing address (collected and stored by Stripe, not by us)
- Donation amount and tier — which Hero tier you've chosen
- Donation date — when you became a Hero
Automatically:
- IP address — collected by Stripe for fraud prevention (not stored by us)
- Device information — browser type, operating system (standard web server logs)
What We Do NOT Collect:
- We never see or store your credit card number — Stripe handles this securely
- We do not track your browsing behaviour across other websites
- We do not collect sensitive personal data (health, religion, political views, etc.)
3. How We Use Your Information
We use your personal data for the following purposes:
To Process Your Donation:
- Verify and complete your payment via Stripe
- Send you payment confirmation receipts
- Maintain records of your contributions for accounting and CIC reporting
Legal Basis: Performance of a contract (your donation agreement with us)
To Deliver Hero Benefits:
- Send you your digital Hero badge
- Provide quarterly impact reports and newsletters
- Invite you to the Heroes community
- Communicate tier-specific benefits
Legal Basis: Performance of a contract (Hero programme benefits)
To Communicate With You:
- Respond to your questions or requests
- Notify you of changes to our terms or privacy policy
- Share updates about Empowr's work and impact
Legal Basis: Legitimate interests (keeping donors informed and engaged)
For Legal and Regulatory Compliance:
- Maintain financial records as required by UK company law
- Prepare our annual CIC report for the CIC Regulator
- Comply with accounting and tax obligations
Legal Basis: Legal obligation
4. Stripe Payment Processing
We use Stripe to securely process all donations.
What Stripe Does:
- Collects your payment information — card number, expiry date, CVV, billing address
- Stores your payment details securely — we never see your full card number
- Processes your donation — handles the transaction and sends funds to us
- Sends you receipts — email confirmations for each payment
Your Data and Stripe:
- Stripe acts as our payment processor (a "data processor" in legal terms)
- Stripe stores your payment data on secure servers
- Stripe is PCI-DSS Level 1 certified — the highest security standard for payment processing
- Stripe's data centres are located globally, including in the EU and US
Stripe's Privacy Practices:
For full details on how Stripe handles your data, see their Privacy Policy.
Important:
- We only receive your name, email, and transaction details from Stripe
- We never see your full card number or CVV
- To update payment details or cancel subscriptions, you use your Stripe Customer Portal (link in payment confirmation emails)
5. How We Store and Manage Your Data
Email and Contact Information:
Your email address and donation details are stored in:
- Stripe — for payment processing and subscription management
- Email/CRM tool — for Hero communications (we may use services like Mailchimp, HubSpot, or similar platforms to manage newsletters and impact reports)
Data Security:
We take appropriate technical and organisational measures to protect your personal data:
- All data transmission is encrypted using SSL/TLS
- Access to your data is restricted to authorised personnel only
- We use reputable third-party service providers with strong security practices
- We regularly review our security measures
Data Retention:
- Active Heroes: We keep your data for as long as you maintain a subscription or remain part of our community
- Cancelled subscriptions: We retain your email and donation history for 7 years after your last contribution (required for accounting and tax purposes)
- After 7 years: Your data is securely deleted unless we have a legal obligation to retain it longer
6. Who We Share Your Data With
We do not sell, rent, or trade your personal data to third parties.
We only share your information with trusted service providers who help us deliver the Hero programme:
Payment Processing:
- Stripe — processes donations and stores payment information securely
- Learn more: stripe.com/gb/privacy
Email and Communications:
- Email marketing or CRM platforms — to send Hero badges, impact reports, and newsletters (e.g., Mailchimp, HubSpot, Brevo, or similar)
- These providers are data processors acting on our instructions
- All providers are required to comply with UK GDPR
Legal Disclosure:
We may disclose your information if required by law, court order, or regulatory request (e.g., HMRC, CIC Regulator, or law enforcement).
International Transfers:
Some of our service providers (e.g., Stripe, email platforms) may store data on servers outside the UK. When this happens:
- We ensure they provide adequate data protection (e.g., through Standard Contractual Clauses)
- Your data is protected to the same standard as UK GDPR requires
7. Cookies and Tracking
What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and improve your experience.
Cookies We Use:
Currently, the Empowr Heroes website uses minimal or no cookies. We do not use advertising cookies or track your behaviour across other websites.
If we add analytics in the future (e.g., Google Analytics to understand how people use our site), we will:
- Update this policy to explain what cookies we use
- Give you the option to accept or decline non-essential cookies via a cookie banner
- Only use analytics cookies with your consent
Your Cookie Choices:
You can control cookies through your browser settings:
- Block all cookies — your browser settings allow you to refuse cookies entirely
- Delete existing cookies — you can clear cookies already stored on your device
- Manage preferences — most browsers let you accept some cookies and block others
Note: Blocking cookies may affect your ability to use some website features (e.g., staying logged into your Stripe Customer Portal).
8. Your Data Protection Rights
Under UK data protection law (UK GDPR), you have the following rights:
1. Right to Access
You can request a copy of the personal data we hold about you. We'll provide this free of charge within one month of your request.
2. Right to Rectification
If your personal data is inaccurate or incomplete, you can ask us to correct or complete it.
3. Right to Erasure ("Right to be Forgotten")
You can ask us to delete your personal data in certain circumstances:
- You withdraw consent (where consent was the legal basis)
- Your data is no longer needed for the purposes we collected it
- You object to processing and we have no overriding legitimate interest
Important: We may need to retain some data for legal or accounting purposes (e.g., donation records for 7 years for tax compliance).
4. Right to Restrict Processing
You can ask us to limit how we use your data in certain situations (e.g., if you contest the accuracy of your data).
5. Right to Data Portability
You can request your personal data in a structured, commonly used format (e.g., CSV file) and transfer it to another organisation.
6. Right to Object
You can object to processing based on legitimate interests. For example:
- Object to marketing emails (use the "unsubscribe" link in any email)
- Object to any processing you believe is unfair
7. Rights Related to Automated Decision-Making
We do not use automated decision-making or profiling (algorithms that make decisions about you without human involvement).
9. How to Exercise Your Rights
To exercise any of your data protection rights, email us at:
Please include:
- Your name and email address (so we can verify your identity)
- A clear description of your request (e.g., "I'd like a copy of my data" or "Please delete my account")
We'll respond within one month. If your request is complex, we may extend this by two months — we'll let you know if that's the case.
10. Unsubscribing from Emails
Non-Essential Emails:
You can unsubscribe from newsletters, impact reports, and promotional emails at any time:
- Click the "Unsubscribe" link at the bottom of any email
- Email us at hero@empowrcic.org with the subject line "Unsubscribe"
Essential Emails:
You cannot unsubscribe from:
- Payment confirmations (required for transaction records)
- Important policy updates (e.g., changes to these terms or privacy policy)
- Service notifications (e.g., subscription cancellation confirmations)
To stop all communications, you must cancel your subscription via your Stripe Customer Portal.
11. Children's Privacy
The Hero programme is intended for adults (18 years and over).
We do not knowingly collect personal data from children under 18. If you are under 18, please ask a parent or guardian to make a donation on your behalf.
If we discover that we've inadvertently collected data from a child under 18, we will delete it promptly.
12. Links to Other Websites
Our website may contain links to external websites (e.g., Stripe, social media platforms, partner organisations).
Important:
- We are not responsible for the privacy practices of other websites
- This privacy policy applies only to the Empowr Heroes website
- We encourage you to read the privacy policies of any external sites you visit
Example: When you click "Become a Hero" and go to Stripe's payment page, Stripe's privacy policy applies.
13. Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect:
- Changes in data protection law
- New services or features we offer
- Feedback from Heroes
When We Update:
- We'll post the new policy on this page with an updated "Last Updated" date at the top
- For significant changes, we'll email you at least 30 days in advance
- Continued use of our services after changes take effect means you accept the updated policy
We recommend reviewing this policy periodically to stay informed about how we protect your data.
14. Complaints and Concerns
If you have concerns about how we handle your personal data, please contact us first:
Email: hero@empowrcic.org
Address: Empowr CIC, Crown House, 27 Old Gloucester Street, London, WC1N 3AX
We'll investigate and respond within 14 days.
Independent Complaints:
If you're not satisfied with our response, you have the right to lodge a complaint with the UK's data protection authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
15. Contact Us
If you have any questions about this privacy policy or how we handle your data:
Email: hero@empowrcic.org
Founding Patron Enquiries: patron@empowrcic.org
Mailing Address:
Empowr CIC
Crown House, 27 Old Gloucester Street
London, WC1N 3AX
Thank You for Trusting Us With Your Data
Your privacy is important to us. We're committed to handling your information responsibly and transparently.
With gratitude,
The Empowr Team
This privacy policy was last updated on March 24, 2026.