Donate Now

Privacy Policy


At Serve Afghanistan (Hereafter referred to as ‘Serve’) we are committed to keeping your data safe. Your privacy and peace of mind are important to us.

We only collect data from people for specific purposes. Once that purpose has finished, we won’t hold on to the data.

This document tells you how, when and why we collect data from people and what we use it for. We also have website Terms and Conditions, which you should read as well.

We’d love to hear from you if you have any feedback or questions on any of this. You can email

Serve is a charity registered in the United Kingdom (number 1105086) whose purpose is to bring hope to the peoples of Afghanistan, through resourcing, empowerment and advocacy. Our company number is 4759091, our NGO Number registered with the Afghan Ministry of Economy is 50 and our registered office is c/o UHY Hacker Young, 6 Broadfield Court, Broadfield Way, Sheffield, S8 0XF, UK.

For the purposes of this policy, ‘us’, ‘we’ and ‘our’ refer to Serve.


Directly with us

Firstly, and most obviously, when you give us your personal information, we save it and use it to communicate with you. Personal information means things like your name, contact details or your role for example. You give us this information when you make a donation, request materials or information, sign up for an event, provide comments or complete surveys. Where you open an email from us and click through to our website, we may record this to help us improve our future contacts with you.

When you visit our website

We may collect personal data about people who visit our website. That means things like cookies and IP addresses (which tell us, for example, the places where people are logging on), which pages people visit and which files they download. Using this data helps us find out if our website is working well and helps us to improve it. The cookies collect information in a way that does not directly identify you. For more information on how these cookies work, please see the section on cookies below.

Information you put online

Sometimes we gather information that people make available on places like Twitter, Facebook or LinkedIn. You can check these organisations’ privacy policies to make sure you’re happy with how they handle your data.

For organisations such as trusts or schools, we may additionally gather information from your public website.

Indirectly from third parties

If you give them your consent, we collect information from third parties such as event organisers when you fundraise for Serve. You can check their privacy policies to see how they handle your data.

Publicly available data

Sometimes we also collect publicly available information from Companies House, the Charity Commission and from articles, newspapers or blogs.

Sensitive data

If you give us sensitive information about yourself, for example about your religious beliefs or your physical or mental health, please be aware that we may keep this information. When we do so, we will seek your consent. We will only keep this information where it is relevant to your interaction with us and only for as long as it is necessary. We promise to keep it secure.


Our basis for processing

We are required by data protection law to have an appropriate legal basis for the processing of your personal data. When processing your personal data we rely upon:

  • where you’ve given us your consent to contact you or hold your information
  • for the performance of a contract or legal agreement with you
  • where there is a legal obligation placed upon us – for example if you allow us to claim gift aid
  • where it is in your vital interest, such as a medical emergency
  • where it is in our legitimate interests to do so

Where we rely upon our legitimate interest to process your data (including contacting you), we only do so after having carefully considered how it might affect the impact upon you and your rights and having weighed this up against our need and potential benefits from contacting you.

Where you provide us with sensitive personal data, such as where you worship or any medical information about you, we will process this using one of the following permitted criteria; with your explicit consent (ie you make clear to us that you are happy for us to hold this information); where you manifestly make this information publicly available – such as on a Religious organisation’s website; or where you have been in regular contact with us. We will hold your data securely and only those who need to, will be able to see or use this information.

For organisations such as religious organisations, trusts or schools, we may contact you where we have a legitimate interest – ie we believe it is reasonable to do so. Again we will only do so having carefully considered how it might affect you and the potential benefits from contacting your organisation.

Where we contact you, by calling or emailing you, in a professional capacity rather than a personal one, about your religious organisation or to do with your role as a trustee for a grant awarding body for example, we will usually consider you to be a ‘corporate subscriber’ under Data Protection Regulations or Law.

As a ‘corporate subscriber’ we are permitted to contact you unless you tell us that you would like no further contact from us. We may also mail you unless you tell us that you don’t want us to do so. However, we will not make contact by calling you if you have subscribed to the Telephone or Corporate Telephone Preference Service. Further information on this (what is generally called a ‘business to business’ approach)can be obtained at the ICO website and on the Telephone Preference Service website.

We want you to receive the right level of communications in the right way for you, so you can change your preferences at any time. Please see the section ‘Your choices and telling us when things change’ below.

Partnerships and major donors

If you show us that you might be in a position to partner with our work in a greater capacity, we will collect further information based on our legitimate interest. There are more details in the next section, ‘What do we do with it?’. This helps us recommend initial discussions with a relationship manager to supporters that might value it and ensure we use our supporters’ money in the most effective ways.

Religious beliefs

We may process personal data relating to your religious affiliations. We will only do this where you tell us you are happy for us to use this information, or where you choose to make this public (eg. on your religious organisation’s website). We will never disclose this information about you outside Serve without your consent.


Processing requests and donations

We may use your personal data to:

  • keep you up-to-date on news and stories about our work
  • ask for financial support and non-financial support such as volunteering or prayer
  • process donations you give us, or support your fundraising for us, including Gift Aid
  • provide information or packs you’ve asked for
  • provide a personalised service, such as customised website content or personalised emails
  • improve your browsing experience and use of the website
  • keep records of your relationship with us, for example questions you’ve asked, surveys completed or complaints you’ve made

We might use your data to:

  • let you know about campaigning opportunities, such as writing to your MP
  • send you fundraising and emergency appeals
  • tell you about our work, and opportunities such as volunteering, praying and community fundraising
  • deliver digital advertising about our work to you on social media such as Google and Facebook. See ‘Social media marketing’ section below
  • help guide our marketing. For example, we will look at location and interests so we can invite you to a local event or tell you about an emerging need in an area you’re interested in
  • engage with your place of worship (if you have given us information about it), for example by providing speakers or offering information packs
  • understand whether you might want and be able to support us with a larger gift. This may involve looking at personal information about you, through in-house research or by using third parties
  • approach you in your professional capacity, for example as a Trustee or religious leader, to talk about supporting our work track the success of our communications by recording whether or not you open or respond to our email or other electronic communications
  • carry out market research
  • Social media marketing
  • Where you have provided your email address with consent for us to market to you, we may reach out to you by using Facebook advertising.

We may also reach out to people who have similar interests to you through Facebook. For example, we might use Facebook’s Custom Audience Programme.

In both instances, we do this by providing Facebook with your email address. If you don’t have a Facebook account, Facebook just deletes the information. Any Facebook advertising you might end up seeing from us through this process, will have been processed in accordance with the terms and conditions you agreed to for Facebook and the privacy settings you set within Facebook.

When we use Facebook’s Custom Audience Programme, Facebook will use your activity on Facebook, such as the things you like and events you attend, to find others who have similar interests and therefore may wish to support Serve. This matching is carried out by Facebook on our behalf and is not at any time seen by Serve.

This social media marketing provides us with a cost effective way of reaching both you and new supporters. There are more details on Custom Audiences at Facebook Business, and you can read Facebook’s Privacy policy here. Facebook also allows you to have a say in the ads you receive.

Please contact us if you have any questions on how we use social media, or would prefer us to exclude you from social media marketing activities.

Email us at:

Write to us at:
Serve Afghanistan
c/o UHY Hacker Young
6 Broadfield Court
Broadfield Way
Sheffield S8 0XF

Partnerships and major donors

If you make a major gift to our work, we’ll offer you a relationship manager. They will discuss and agree with you how you want us to contact you. We will do this at the earliest convenient opportunity. If you don’t want to have a partnership relationship with us, we will destroy any additional, publicly sourced, personal data about you that we have collected for this purpose.

Applying for a job or volunteering with us

When you apply for a job, you send us personal information through your CV or by completing an application form. We will store and use this to:

  • recruit for the role
  • make it easy for you to submit your CV online for jobs, and to subscribe for job alerts answer your questions
  • do reference checks, qualifications checks, criminal referencing, service checks and verify your information. We’ll also use it for health screening and psychometric evaluation or skills tests. This is all done using third parties
  • check we’re following our equal opportunities policy

If you are volunteering or travelling on a trip with us, you may need to send us personal or sensitive personal data – things like information about your dietary requirements, mobility requirements or your health. We’ll keep and use this information to:

  • make the volunteering opportunity possible. This includes sharing sensitive data, such as medical information, with our partner(s) for your safety.
  • provide information, including fundraising materials, in accordance with the ‘What do we do with it?’ section, or equivalent information for the volunteer role description
  • organise these events or other opportunities to serve
  • check the volunteering opportunity or trip is a good one
  • answer any questions or feedback you may have
  • check we’re following our equal opportunities policy


How long?

We keep your personal information only for as long as we need it for each activity. What we have to do by law, accounting and tax all come into play. We also have a separate data retention policy to guide us.

If you tell us you’re happy for us to send you marketing materials, we’ll keep contacting you, unless you tell us not to.

For surveys, pledges or petitions, we will keep your responses for analysis purposes. Each survey will make it clear what we intend to do, so you are informed before you choose to respond.

If you have questions on any of this, or want to see the data retention policy, just get in touch.

Write to us at:
Data Protection Officer
Serve Afghanistan
c/o UHY Hacker Young
6 Broadfield Court
Broadfield Way
Sheffield S8 0XF

Or email us at:


We do all we can to protect your personal data, and this includes having the right technology.

The only people who can access personal data are those Serve staff members or volunteers who can’t do their jobs without it. These people are all trained in data protection.

Occasionally we also use external companies to help us with personal data tasks. We do checks on these companies, have them sign contracts, and keep checking them regularly. When we do use external companies, we are still the ones responsible for keeping your data safe.

But please remember, despite all of this, the internet is never 100 per cent secure. When you submit data there is always a risk.

Credit / debit card security

If you use your debit or credit card to donate, purchase something or pay for a trip, whether online, over the phone or by mail, we’ll process your information securely in accordance with the Payment Card Industry Data Security Standard (PCIDSS). You can find out more about the standard here.

We never store your debit or credit card details once your transaction is complete – they are all securely destroyed.

We do keep bank account details so we can collect direct debits in accordance with direct debit mandate rules. You can find out more by reading about the Direct Debit Guarantee.

Where we store your personal information

We use cloud-based systems to process data – that means data may be processed outside of the European Economic Area (EEA). We only let this happen when we believe your data will be kept safe. We do everything we can to make sure your data is looked after as described in this policy.

By giving us your personal data, you’re agreeing to us using the cloud-based systems to process it.

If you travel overseas with us, we may share personal information with partners in overseas locations. This may include sensitive personal data – things like medical information. When we do this, we’ll let you know what we’re sharing and check you’re happy.


We want you to know that we don’t share or swap your information with any other charities for them to send you marketing. That decision is informed by our values and beliefs and by how important your privacy is to us.

When we have to share information by law

  • We may need to pass on information if required by law or if a regulatory body, like HMRC, or the police ask us to.
  • We may also share your information where required to do so under a contract with a Governmental or grant making body, such as to qualify for aid match from the Department of International Development. In these cases, we will only share the minimum data necessary to fulfil the obligations.

Our service providers and third parties

Sometimes we use agents to help us with tasks such as fulfilling orders or processing donations. They are bound by contract to protect your data and we are still the ones responsible for keeping your data safe.

Sometimes we give external companies information about the people using our website, to help us make sure the website is working well and to find out how we can improve it. But this information is both anonymous and delivered in bulk. We’ll only use IP address information to identify someone if we feel they may cause safety/security issues, or if we have to give this information by law.


What are cookies?

Every time you visit our website, it sends us a cookie. Warm, crumbly and delicious? Sadly not. This is a text file that tells us about your visit. And when the data comes to us, it’s bulked together with information from all the other visitors to our site. Cookies tell us, for example, about traffic data, location data, device information, the date and time people visit and the pages they visit.

Most major websites use cookies. You can find out more at or

How we use cookies on our website

To make the most of our website you should leave cookies turned on, otherwise you might not be able to see all of our lovely site. 

Cookies help us:

  • customise what you see when you visit our site, and help us understand what would interest you
  • process any requests, applications or transactions
  • do our internal administration and analysis

Managing cookies

You can turn off cookies on most browsers. To find out how, use the Help function.

Third party cookies

There are a few external companies that Serve works with, who set cookies on our website. These cookies are mainly used for reporting and advertising so we can improve the way we communicate. We use websites like YouTube and Vimeo to embed videos, and they may send you cookies too. We don’t control the setting of these cookies, so check those websites for more information.

Serve also uses companies like Facebook, HotJar and Google Analytics, which may use cookies. They may also use tracking pixels, which tell us how effective our adverts are.

You can opt out of Google's tracking cookies any time you want. Google uses cookies to match adverts with your preferences so they’re more relevant to you. If you don’t want to see adverts from us based on that information, you can use Google's Ad Personalisation Tool.

All information we get through Google's cookies is anonymous, it just helps us understand how people use our website and which pages are more popular. If you don’t want Google to include you in this information, you can install the Google Analytics Opt Out Tool.

You can also visit the Digital Advertising Alliance website to personalise your advertising preferences.

As some of these services may be based outside of the UK and the European Union, they might not fall under the jurisdiction of UK courts. If you’re worried about that, you can change your cookie settings (see above). Or for more information, visit


Aged 16 or under

If we are sent a child’s data, we’ll ask for their date of birth. If they’re 16 or under, we’ll ask their parent or guardian to sign up on their behalf.



If you want to change what we send you, or how we contact you, just let us know – eg you can tell us that you no longer want fundraising materials, or you can ask us to contact you by email rather than post.

Write to us at:
Serve Afghanistan
c/o UHY Hacker Young
6 Broadfield Court
Broadfield Way
Sheffield S8 0XF

Or email us at:

Updating your details

It’s really helpful if you keep your details with us up-to-date. Just get in touch and let us know if things change, using the same details (above).

Sometimes we use a Post Office address search or postcode lists etc to check data you send us. This could be when, for example, we are unsure of what address you’ve written on a form.

We won’t use these sources to gather information you haven’t given us, for example if you’ve left a telephone number blank. Nor will we automatically update changes of address – we will normally only update your address when you tell us it’s changed. But if you are a regular giver, and items are returned to us, we may use external sources to update your address details. This is so we can let you know how your money has been spent through our news and stories.

Your rights (for example, telling us to stop using your data)

At any time you can:

  • ask us to delete your personal data
  • limit how we keep and use your personal data
  • disagree with our reasons for keeping and using your personal data, eg where we have said we have a legitimate reason for processing it
  • disagree with automated decision making in online job applications and personalised marketing, where we build up a profile of you (see the section on ‘What do we do with it?’ above). If you don’t want us to use profiling we might not be able to send you the information you’d find most interesting or useful.
  • ask us to give you an electronic copy of the information we have about you so you can send it to another organisation (data portability)
  • ask to see what information we have about you. We’ll respond within one month

If you do want to do any of the above, just get in touch and let us know.

Write to us at:
Serve Afghanistan
c/o UHY Hacker Young
6 Broadfield Court
Broadfield Way
Sheffield S8 0XF

Or email us at:

For more information about your rights under the General Data Protection Regulation, visit the Information Commissioner’s Office website at


Changes to this policy

We’ll amend this policy if there are any changes to how we do things or changes to data protection or other legislation. If we make any significant changes, we’ll show you clearly on our website, in our publications or by writing to you.

Whenever you engage with us through our websites, social media, email or telephone, or send us your personal information in any other way, we’ll process your information as explained in this policy. When you provide your information, you’re agreeing to this policy. If you don’t agree, please don’t give us your data.


We’d love to hear from you with any feedback or questions. You can also contact us if you’re worried about anything in this policy or if you want to make a complaint.

Write to us at:
Serve Afghanistan
c/o UHY Hacker Young
6 Broadfield Court
Broadfield Way
Sheffield S8 0XF

Or email us at:

You can also make a complaint about the use of your personal data with the Information Commissioners Office (ICO), the UK data protection regulator. You can do this by calling the ICO helpline or through the ICO website. For details, visit

crossmenuchevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram