Just £10 Delivers 40 Meals to People in Poverty

Be a Food Hero! Volunteer With Us Today

Give Us Your Surplus Food

Fareshare Midlands collects and uses information about people with whom it communicates. This personal information must be dealt with properly and securely however it is collected, recorded and used – whether on paper, in a computer, or recorded on other material – and there are safeguards to ensure this in the Data Protection Act 2018

Fareshare Midlands regards the lawful and correct treatment of personal information as very important to the successful and efficient performance of its functions, and to maintain confidence between those with whom it deals. To this end Fareshare Midlands fully endorses and adheres to the Principles of Data Protection, as set out in the Data Protection Act 2018 and the General Data Protection Regulations (GDPR).


The purpose of this policy is to ensure that the staff, volunteers, trustees, members and all other service users of Fareshare Midlands are clear about the purpose and principles of Data Protection and to ensure that it has guidelines and procedures in place which are consistently followed.

Failure to adhere to the Data Protection Act 2018 and GDPR is unlawful and could result in legal action being taken against Fareshare Midlands or its staff, volunteers or trustees.


The Data Protection Act 2018 regulates the processing of information relating to living and identifiable individuals (data subjects). This includes the obtaining, holding, using or disclosing of such information, and covers computerised records as well as manual filing systems.

Data users must comply with the Data Protection principles of good practice which underpin the Act. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully.

To do this Fareshare Midlands follows the eight Data Protection Principles outlined in the Data Protection Act 2018, which are summarised below:

The principles apply to “personal data” which is information held on computer or in manual filing systems from which the subject is identifiable. Fareshare Midlands employees, volunteers and trustees who process or use any personal information in the course of their duties will ensure that these principles are followed at all times.


The following procedures have been developed in order to ensure that Fareshare Midlands meets its responsibilities in terms of Data Protection. For the purposes of these procedures data collected, stored and used by Fareshare Midlands falls into 2 broad categories:

Internal data records

Purposes: Fareshare Midlands obtains personal data (names, addresses, phone numbers and email addresses), application forms, references and in some cases other documents from staff, volunteers and trustees. These data are stored and processed for the following purposes:


Only the organisation’s relevant staff, volunteers and trustees will have access to personal data. All staff, volunteers and trustees are made aware of the purpose and principles of Data Protection and rules around GDPR.

The contact details of staff, volunteers and trustees will only made available to other staff, volunteers and trustees on an officially verified request or “in the line of duty” basis. Any other information supplied on applications will be kept in a secure Electronic Folder and will not be accessed during the day-to-day running of the organisation, except as needed for recruitment or operational purposes. Contact details or information will not be passed on to anyone outside the organisation (excluding statutory bodies eg the Inland Revenue) without their explicit consent, and where officially verified as necessary by the Chief Executive and/or Senior Management Team in the Chief Executive’s absence. HR Advice will be sought in case of any issues of doubt and/or concern.

Staff, volunteers and trustees will be supplied with a copy of their personal data held by the organisation if a request is made. A separate Recruitment Data Privacy Notice is in place for the required procedure.

All confidential post must be opened by the addressee only.

Fareshare Midlands continues to take reasonable steps to keep personal data up to date and accurate.

Personal data will be stored for as long as the data owner/client/member uses our services, and normally longer, and for as long as we are required to by funders. Where an individual ceases to use our services and it is not deemed appropriate to keep their records, their records will be destroyed. However, unless we are specifically asked by an individual to destroy their details, we will normally keep them on file for future reference. If a request is received from an organisation/ individual to destroy their records, we will remove their details from the database and request that all staff holding electronic details for the organisation destroy them. This work will be carried out by the Data Information Officer.

This procedure applies if Fareshare Midlands is informed that an organisation ceases to exist.

Responsibilities of staff, volunteers and trustees

During the course of their duties with Fareshare Midlands, staff, volunteers and trustees will be dealing with information such as names/addresses/phone numbers/email addresses of members/clients/volunteers ie for legitimate business purpose only. They may be told or overhear sensitive information while working for Fareshare Midlands. The Data Protection Act 2018) gives specific guidance on how this information should be dealt with.

To help staff, volunteers, trustees meet the terms of the Data Protection Act 2018, staff, volunteers and trustees are asked to confirm that they have understood their responsibilities as part of the employment contract, induction programme or sign on their volunteer agreement that have understood their responsibilities. The Recruitment Data Privacy Notice is issued with the recruitment paperwork.


Fareshare Midlands will take reasonable steps to keep personal data up to date and accurate. Personal data will be stored for 6 (six) years after an employee, volunteer or trustee has worked for the organisation and brief details for longer.


Personal data are kept in on a password-protected computer system.

Fareshare Midlands operates a clear desk policy at all times.

Use of Photographs

Fareshare Midlands will seek consent from individuals before displaying photographs in which they appear. This policy also applies to photographs published on the organisation’s website or other forms of media such as social media channels or newsletters.

External data records

Fareshare Midlands obtains personal data (such as names, addresses, and phone numbers) from members and suppliers. These data are obtained, stored and processed solely to assist staff and volunteers in the efficient running of services. Personal details supplied are only used to send material that is potentially useful. Most of this information is stored on the organisation’s electronic systems/databases.

Fareshare Midlands obtains personal data and information from members and suppliers in order to provide services. These data are stored and processed only for the purposes outlined in the agreement and service specification signed by the client/member.

Personal data are collected electronically by email. During this initial contact, the data owner is given an explanation of how this information will be used. Written consent is not requested as it is assumed that the consent has been granted when an individual freely gives their own details.

Personal data will not be passed on to anyone outside the organisation without explicit consent from the data owner unless there is a legal duty of disclosure under other legislation, in which case the relevant Manager will discuss and agree disclosure with the Chief Executive Officer.

Disclosure and Barring Service

Fareshare Midlands will act in accordance with the DBS code of practice. Only Certificate numbers of any DBS checks will be held by FSM on the HR Breathe Database, in line with the timelines in the Recruitment Data Privacy Notice and Retention of Records schedule.


Compliance with the Act is the responsibility of all staff, paid or unpaid. Fareshare Midlands will regard any unlawful breach of any provision of the Act by any staff, paid or unpaid, as a serious matter which will result in disciplinary action. Any employee who breaches this policy statement will be dealt with under the disciplinary procedure which may result in dismissal for gross misconduct. Any such breach could also lead to criminal prosecution.

Any questions or concerns about the interpretation or operation of this policy statement should in the first instance be referred to the team’s Senior Manager, in the first instance.

Security of Data

The security of your data is important to us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Breach of Data Security

If FSM discovers that there has been a breach of HR-related personal data that poses a risk to the rights and freedoms of an individual(s), it will report it to the Information Commissioner within 72 hours of discovery. FSM will record all data breaches regardless of their effect.

If the breach is likely to result in a high risk to the rights and freedoms of an individual(s), it will tell affected individuals that there has been a breach and provide them with information about its likely consequences and the mitigation measures it has taken.

Retention of Data

FareShare Midlands will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

All documents containing personal data will be disposed of securely in accordance with the Data Protection principles.

FareShare Midlands will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, approximately 50 (fifty) months, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Volunteer data collected through online forms will be held for at least 3 (three) months from the last date of interaction with FareShare.

Use of Data

FareShare Midlands uses the collected data for various purposes:

FareShare Midlands may process your Personal Data because:

Legal Basis for Processing Personal Data under General Data Protection Regulation (GDPR)

If an individual is from the European Economic Area (EEA), FareShare Midlands' legal basis for collecting and using the personal information described in this Data Protection and Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

Transfer of Data

Personal information, including Personal Data, may be transferred to and maintained on computers located outside of and individual’s state, province, country or other governmental jurisdiction where the data protection laws may differ than those from their jurisdiction.

FareShare Midlands may also share an individual’s data within the FareShare network.

If an individual is located outside United Kingdom and chooses to provide information to us, we may transfer the data, including Personal Data, to the United Kingdom and process it there.

An individual’s consent to this Data Protection and Privacy Policy followed by their submission of such information represents their agreement to that transfer.

Legal Requirements

FareShare Midlands may disclose Personal Data in the good faith belief that such action is necessary to:

In certain circumstances, individuals have the following data protection rights:

Individuals have the right to access, to update or to delete the information we have on them. They also have the following rights:

Please note that we may ask individuals to verify their identity before responding to such requests.

Individuals have the right to complain to a Data Protection Authority about our collection and use of their Personal Data.

Consent and Communication

By providing us with their personal information, an individual consents to the collection and use of that information for the purposes and in the manner described in this Data Protection and Privacy Policy. An individual can contact us at any time to request changes to how we contact them – or to tell us not to contact them at all. To change your marketing preferences at any time please contact us at FareShare Midlands, 10 Wilson Road, South Wigston, Leicester, LE18 4TP or email at recruitment@faresharemidlands.org.uk.

Newsletter Subscription

By signing up to our newsletter an individual agrees to receive emails and direct mail from FareShare Midlands on a regular basis and occasional fundraising appeal emails.

Requests for the release of any data we may hold on you along with questions about this Policy or requests for further information should be directed to recruitment@faresharemidlands.org.uk.

Data Protection and Privacy Statement for Fundraising Activities 

At FareShare Midlands, we are committed to protecting and respecting your privacy. This statement explains how we collect, use, and safeguard your personal information in relation to our fundraising activities. 

Data Collection and Use: 

We collect personal data from our corporate partners, donors, and supporters for fundraising purposes. This information may include names, contact details, donation history, and communication preferences. We use this data to: 

Data Storage and Security: 

We store your information securely in our Fundraising CRM system, Donorfy. Access to this data is restricted to authorized personnel only. We have implemented appropriate technical and organizational measures to protect your data from unauthorized access, alteration, or disclosure. 

Data Sharing: 

We do not sell or share your personal information with third parties for their marketing purposes. We may share your data within the FareShare network to enhance our fundraising efforts, but only when necessary and with appropriate safeguards in place. 

Consent and Communication Preferences: 

We will only send you fundraising communications if you have given us your consent to do so. You can change your preferences or opt-out of receiving communications from us at any time by contacting us at fundraising@faresharemidlands.org.uk.

Data Retention: 

We retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

Your Rights: 

 Under data protection law, you have rights including: 

Changes to This Statement: 

Contact Us: 

If you have any questions about this privacy statement or how we handle your personal information, please contact our Data Protection Officer at recruitment@faresharemidlands.org.uk

By providing us with your personal information, you consent to the collection and use of that information for the purposes and in the manner described in this Data Protection and Privacy Statement. 

This statement covers the key aspects of data protection and privacy related to fundraising activities, aligning with the overall data protection and privacy policies of Fareshare Midlands. It should be reviewed by legal counsel to ensure full compliance with current UK data protection laws and fundraising regulations before being implemented.


Stay in touch

Sign up to our regular newsletter for our latest news, inspirational stories, delicious recipes and ways that you can join the fight against hunger and food waste.