WeDonate
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading

Privacy Policy

Last updated: 13 April 2026

Introduction

WeDonate Ltd ("WeDonate", "we", "us") respects your privacy and is committed to protecting your personal information in full compliance with the UK GDPR and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, and safeguard your data when you use our WeDonate platform (the Platform).

Information We Collect

We collect only the following personal data:

  • Name
  • Age (to confirm you are 18+)
  • Email address
  • Country of residence
  • Donor ID number or donor card image submitted for verification (images are automatically and permanently deleted immediately after verification)
  • Blood group – only if visible on an uploaded donor card image. This is special category health data and is processed temporarily only with your explicit consent.
  • Payment and transaction data – when you purchase a savings card (gift card), we record the order amount, currency, brand, face value, order status, and timestamps. We do not collect or store your payment card number, expiry date, or CVV; those details are entered directly into a secure form provided by our payment processor and never pass through our servers.
  • IP address and user agent – we record the IP address and browser user agent string associated with certain actions on the Platform, including savings card purchases and code reveals. This is used for fraud detection, chargeback evidence, and Platform security.
  • Device and browser information – our payment processor may also collect technical information about your device and browser (such as screen resolution and device identifiers) through its embedded payment form, for the purpose of fraud prevention and Strong Customer Authentication.

How We Use Your Information

We process your data for the following purposes and lawful bases (UK GDPR Article 6):

  1. 1.To create and manage your account – legitimate interests
  2. 2.To verify your donor status – legitimate interests
  3. 3.To provide you with donor discounts and benefits – performance of contract
  4. 4.To send transactional communications – legitimate interests
  5. 5.To comply with legal obligations – legal obligation
  6. 6.To process savings card purchases, prevent fraud, and respond to payment disputes – performance of contract and legitimate interests

Special category data (blood group): We rely on your explicit consent (Article 9(2)(a) UK GDPR) for the brief period an uploaded image is processed. The image is then permanently deleted.

Email Marketing and Communications

We only send marketing emails if you explicitly opt in. You can withdraw consent at any time via the unsubscribe link or by contacting us. Transactional and account-related messages are sent regardless of marketing preference.

Data Sharing and Disclosure

We do not sell your data. We only share it where necessary:

  • With email/push providers to send messages
  • With voucher-store partners (name + email) when you choose to use that feature
  • With giveaway sponsors (only if you enter and consent is clearly stated)
  • With Stripe Payments Europe, Limited (“Stripe”), our payment processor, to process savings card payments. When you enter payment details on our Platform, those details go directly from your browser to Stripe via a secure embedded form. WeDonate does not receive or store your full card details. Stripe processes your payment data as an independent data controller under its own privacy policy. We receive only a payment confirmation, a non-sensitive token representing your card, and the card's issuing country and funding type — which we use to enforce our payment rules.
  • In the future, if we partner with official donor organisations for enhanced verification, your Donor ID may be shared only with your explicit consent and appropriate safeguards. No such sharing occurs today.
  • When required by law or public authorities

Data Retention

  • Donor card images – deleted immediately after verification (within seconds)
  • Name, email, Donor ID number, and account data – retained while your account is active. Deleted on request, subject to any legal retention obligations.
  • Savings card order records – retained for a minimum of 6 years from the date of the transaction, even if your account is deleted. This is required for tax records, payment dispute resolution, and compliance with HMRC requirements. Order records include: order amount, face value, brand, timestamps, and payment status. They do not include your payment card details.
  • IP addresses and user agent strings associated with transactions – retained alongside the relevant order record for the same period and purpose.

Data Security

We use industry-standard technical and organisational measures to keep your data safe. In the unlikely event of a breach that poses risk to your rights, we will notify you and the ICO as required by law.

Cookies and Similar Technologies

See our separate Cookie Policy.

Your Rights

Under UK data protection law you have the right to:

  • Access your data (Subject Access Request)
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time

We will respond to requests free of charge, usually within one month. Contact our Data Protection Officer at [email protected].

Changes to this Privacy Policy

We may update this policy from time to time. Significant changes will be communicated by email or a prominent notice on the Platform.