GoodBox – Privacy Policy 

1. Introduction 

The Good Box Co Labs LTD (“GoodBox”, “us”, “we”), is a company registered in England and Wales with company number 10272838 and registered address Unit 21, Greenway Business Centre, Harlow, England, CM19 5QE.  We are registered with the Financial Conduct Authority (Registration Number 772729). 

We are dedicated to helping charities and the wider non-profit sector drive efficiencies in fundraising by harnessing the latest technologies. We deliver simple, affordable, and practical fundraising solutions, including hardware and software to facilitate digital donations both eComm and card present. 

Our website is located at www.goodbox.com (the “Website”). 

We are committed to protecting your privacy and will only use the information that we collect about you lawfully. This policy is intended to give you an understanding of how and why we use the information you provide to us both online and otherwise. 

2. What information do we collect about you? 

For charities that are to become our customers: 

We collect personal data about your staff, directors, beneficial owners or trustees, and beneficiaries (whatever applicable) for a number of reasons, including communicating with you, responding to requests for information and for identification and verification purposes arising out of our legal obligations under anti-money laundering regulations as a financial institution, supervised by the UK Financial Conduct Authority.  

The personal data we collect can include:  

(a) your full name;
(b) contact details;
(c) records of your communication with us; 
(d) date of birth, gender, ID number, and private address (if you need to be identified and verified); 

For donors that are donating money to our customer: 

We do not see, collect or store any personal data whatsoever when processing a contactless transaction. The data which is required to perform a card transaction will be captured, but all details encrypted at source, and therefore not visible to us.

For website visitors: 

We also collect information about the use of our website using cookies (see the Cookies Policy). 

The personal data we collect can include: 

(a) information you may enter onto the Website;
(b) technical metadata of the devices that connect to our systems:

  • IP and MAC addresses 
  • browser and operating system information 
  • referring websites 
  • website navigation metrics 

3. How will we use the information about you? 

For charities that are to become our customer: 

We will process your data for the following reasons: 

(a) to provide our services;
(b) to supply you with communications you have requested about our products, services or the fundraising sector and other customer support;
(c) to keep a record of your relationship with us;
(d) to manage your communication preferences;
(e) to monitor and mitigate fraudulent and illegal activities;
(f) to comply with applicable laws and regulations, and requests from statutory agencies. 

For donors that are donating money to our customers: 

We will process your data for the following reasons: 

(a) to ensure that the donation is received by the charity of your choice and to provide our services to our customers;
(b) to monitor and mitigate fraudulent and illegal activities. 

For website visitors 

We will process your data for the following reasons:

(a) to supply you with communications you have requested about our products, services or the fundraising sector;
(b) to manage your communication preferences and to contact you in case you filled in a contact form;
(c) to improve the user experience of the Website. 

Cookies Policy

Cookies are bits of data which are stored in your computer or mobile device when you visit a website. They’re widely used to make websites work properly, or work more effectively, as well as to provide information to the owners of the website. There are different types of cookies which are used for different reasons. Please find below an extensive list of the cookies used on this site, their type, a description of their function, and the duration of time they will remain on your browser unless deleted (see how to do so below).

Click here for our extensive cookie policy.

1. Our legal basis for processing personal data 

We need a lawful basis to collect and use your personal data under data protection law. The law allows for six ways to process personal data (and additional ways for sensitive personal data). Four of these are relevant to the types of processing that GoodBox carries out. This includes information that is processed on the basis of: 

(a) A person’s consent (for example to send you direct marketing by e-mail and for our website visitors;
(b) Processing necessary for the performance of a contract with you (for our customers and donors);
(c) Processing that is necessary for compliance with a legal obligation (for example, reporting to the Financial Conduct Authority) (for our customers)
(d) Our legitimate interests (for our customers – please see below for more information).  

Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as that interest is not overridden by the privacy rights of the individual whose data is being used. For example, GoodBox’s legitimate interests include responding to solicited enquires, marketing our services to charities, providing information, research, events management, employment, and recruitment requirements.  

If you would like to change our use of your personal data in this manner, please get in touch with us using the details in the “How to contact us” section below.  

2. Will we share this information with others? 

We do not share, sell or rent your information to third parties for marketing purposes. We will not otherwise disclose your personal information unless required to do so by a regulatory agency or law or unless we have consent from you.  

We may allow our staff, consultants, and/or external providers acting on our behalf to access and use your information for the purposes for which you have provided to us (e.g. to deliver mailings, to analyse data and to process payments). We make sure your information is treated with the same level of care as if we were handling it directly. 

3. How do we protect the security of personal data? 

We aim to ensure that there are appropriate physical, technical and managerial controls in place to protect your personal details. All data transmission between you and the Website is done via HTTPS. 

We encourage you to review the privacy statements of websites you choose to link to from the Website so that you can understand how those sites collect, use and share your information. We are not responsible for the privacy statements or other content on sites outside of the Website.