GoodBox – Privacy Policy
1. Introduction
The Good Box Co Labs LTD (“GoodBox”, “us”, “we”), is a company registered in England and Wales with company number 10272838 and registered address Unit 1, Century Park, Altrincham, England, WA14 5BJ. We are registered with the Financial Conduct Authority (Registration Number 772729).
We are dedicated to helping charities and the wider non-profit sector drive efficiencies in fundraising by harnessing the latest technologies. We deliver simple, affordable, and practical fundraising solutions, including hardware and software to facilitate digital donations both eComm and card present.
Our website is located at www.goodbox.com (the “Website”).
We are committed to protecting your privacy and will only use the information that we collect about you lawfully. This policy is intended to give you an understanding of how and why we use the information you provide to us both online and otherwise.
2. What information do we collect about you?
For charities that are to become our customers:
We collect personal data about your staff, directors, beneficial owners or trustees, and beneficiaries (whatever applicable) for a number of reasons, including communicating with you, responding to requests for information and for identification and verification purposes arising out of our legal obligations under anti-money laundering regulations as a financial institution, supervised by the UK Financial Conduct Authority.
The personal data we collect can include:
(a) your full name;
(b) contact details;
(c) records of your communication with us;
(d) date of birth, gender, ID number, and private address (if you need to be identified and verified);
For donors that are donating money to our customer:
When you donate to one of our charity customers, GoodBox does not directly store or see any personal data related to contactless card transactions. All transaction data is encrypted at the source, ensuring it is not accessible to us.
However, in instances where donors wish to apply Gift Aid to their donation, or requests donation receipts, additional personal information may be collected by our charity customers or through our platform if they are using our Gift Aid-enabled technology. The following outlines our Gift Aid data processing practices:
When you choose to apply Gift Aid to your donation, additional data may be collected to fulfil the requirements of HM Revenue and Customs (HMRC) for Gift Aid claims. This data may include:
Full name
Contact details (address, email)
Declaration of UK taxpayer status
Donation amount and transaction date
Purpose of Processing Gift Aid Data
Gift Aid data is processed solely to enable our charity customers to claim Gift Aid on eligible donations, providing charities with the additional financial benefit allowed under UK law.
For website visitors:
We also collect information about the use of our website using cookies (see the Cookies Policy).
The personal data we collect can include:
(a) information you may enter onto the Website;
(b) technical metadata of the devices that connect to our systems:
- IP and MAC addresses
- browser and operating system information
- referring websites
- website navigation metrics
3. How will we use the information about you?
For charities that are to become our customer:
We will process your data for the following reasons:
(a) to provide our services;
(b) to supply you with communications you have requested about our products, services or the fundraising sector and other customer support;
(c) to keep a record of your relationship with us;
(d) to manage your communication preferences;
(e) to monitor and mitigate fraudulent and illegal activities;
(f) to comply with applicable laws and regulations, and requests from statutory agencies.
For donors that are donating money to our customers:
We will process your data for the following reasons:
(a) to ensure that the donation is received by the charity of your choice and to provide our services to our customers;
(b) to monitor and mitigate fraudulent and illegal activities.
For website visitors
We will process your data for the following reasons:
(a) to supply you with communications you have requested about our products, services or the fundraising sector;
(b) to manage your communication preferences and to contact you in case you filled in a contact form;
(c) to improve the user experience of the Website.
Cookies Policy
Cookies are bits of data which are stored in your computer or mobile device when you visit a website. They’re widely used to make websites work properly, or work more effectively, as well as to provide information to the owners of the website. There are different types of cookies which are used for different reasons. Please find below an extensive list of the cookies used on this site, their type, a description of their function, and the duration of time they will remain on your browser unless deleted (see how to do so below).
Click here for our extensive cookie policy.
1. Our legal basis for processing personal data
We need a lawful basis to collect and use your personal data under data protection law. The law allows for six ways to process personal data (and additional ways for sensitive personal data). Four of these are relevant to the types of processing that GoodBox carries out. This includes information that is processed on the basis of:
(a) A person’s consent (for example to send you direct marketing by e-mail and for our website visitors;
(b) Processing necessary for the performance of a contract with you (for our customers and donors);
(c) Processing that is necessary for compliance with a legal obligation (for example, reporting to the Financial Conduct Authority) (for our customers)
(d) Our legitimate interests (for our customers – please see below for more information).
Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as that interest is not overridden by the privacy rights of the individual whose data is being used. For example, GoodBox’s legitimate interests include responding to solicited enquires, marketing our services to charities, providing information, research, events management, employment, and recruitment requirements.
If you would like to change our use of your personal data in this manner, please get in touch with us using the details in the “How to contact us” section below.
2. Will we share this information with others?
We do not share, sell or rent your information to third parties for marketing purposes. We will not otherwise disclose your personal information unless required to do so by a regulatory agency or law or unless we have consent from you.
We may allow our staff, consultants, and/or external providers acting on our behalf to access and use your information for the purposes for which you have provided to us (e.g. to deliver mailings, to analyse data and to process payments). We make sure your information is treated with the same level of care as if we were handling it directly.
3. How do we protect the security of personal data?
We aim to ensure that there are appropriate physical, technical and managerial controls in place to protect your personal details. All data transmission between you and the Website is done via HTTPS.
We encourage you to review the privacy statements of websites you choose to link to from the Website so that you can understand how those sites collect, use and share your information. We are not responsible for the privacy statements or other content on sites outside of the Website.
The information we collect from you may be transferred to and processed and/or stored at a destination outside the European Economic Area (“EEA”). If we send your personal data outside the EEA we will take reasonable steps to ensure that the respective processors implement appropriate measures to protect your information.
4. How long do we keep your data for?
We will keep your personal data for no longer than is necessary for the purposes for which it is processed, in accordance with our policies or applicable regulation. For instance, our legal obligation to maintain the personal data of beneficiaries, trustees, directors etc of our customer is up until five years after termination of the relationship.
Once the retention period has expired, the information will be deleted or archived.
If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future.
5. Your rights
You have a number of rights under applicable data protection legislation. To exercise any of these rights please use the “How to contact us” section.
(a) Right of access
You have the right to know what information we hold about you and to ask, in writing, to see your records. We will supply any information you ask for that we hold about you as soon as possible, but this may take up to 30 days. We will not charge you for this.
(b) Right to be informed
You have the right to be informed of how your personal data will be used. This policy as well as any additional information or notice that is provided to you either at the time you provided your details or otherwise, is intended to provide you with this information.
(c) Right to object and to withdraw consent
Where we process your data on the basis of your consent (for example, to send you regular direct marketing) you can withdraw that consent at any time. All regular communication we send to you will include details on how to unsubscribe from the respective communication.
(d) Right of erasure
In some cases, you have the right to be forgotten (i.e. to have your personal data deleted from our database). Where you have requested that we do not send you marketing materials we will need to keep some limited information in order to ensure that you are not contacted in the future.
(e) Right of rectification
If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated.
If you are unhappy with the way we handled your personal data, please contact us using the details below. You are also entitled to make a complaint to the Information Commissioner’s Office at https://ico.org.uk/
6. How do we update our privacy policy?
We may update this policy from time to time without notice. We, therefore, advise you to consult this policy frequently.
The privacy policy was last updated in January 2025.
7. How to contact us
Please email us at: support@goodbox.com
Version 1.2 (January 2025)