Stop It Now confidential helpline0808 1000 900

Privacy Policy

This privacy policy also applies to our websites: and

As a charity committed to preventing the sexual abuse of children the Lucy Faithfull Foundation (LFF) puts safety at the heart of our organisation and this includes the use of any personal information. We are fully committed to protecting your information and will be open and transparent about how and why we are using it. We operate in full compliance with General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018.

WHat is the lucy faithfull foundation?

The Lucy Faithfull Foundation is a leading child protection charity. We specialise in tackling and preventing the sexual abuse of children. Since 1992 we have been working with governments, professionals and the public to prevent child sexual abuse. We run the Stop It Now! helpline, Stop It Now! Wales and Stop It Now Scotland as well as the Parents Protect website.

The Lucy Faithfull Foundation is a Registered Charity No. 1013025 and is a company limited by guarantee. Registered in England No. 2729957. Our registered office is: 2 Birch House, Harris Business Park, Hanbury Road, Stoke Prior, Bromsgrove, B60 4DJ. We are registered with the UK Information Commissioners Office under the reference Z4895696

About this policy

This privacy notice explains how we look after your personal data (in all situations where we collect your data) and sets out your privacy rights and also explains how the law and our approach to privacy and personal data protects you.

This privacy notice supplements any other privacy notices that we may provide to you at the point that we collect data from you and should be read in conjunction with those notices.


The Lucy Faithfull Foundation promises to respect any personal data you share with us, or that we get from other organisations, and keep it safe. We aim to be clear when we collect your data and not do anything you wouldn't reasonably expect.

Developing a better understanding of our supporters through their personal data allows us make better decisions, fundraise more efficiently and, ultimately, helps us to deliver our mission of preventing the sexual abuse of children and young people.


For the purpose of the GDPR we are the data controller and any enquiry regarding the collection or processing of your data should be addressed to our Data Protection Officer using the contact details below:

Name: Mr Adrian McNulty  Email address:

Postal address: Mr Adrian McNulty, The Lucy Faithfull Foundation, 2 Birch House, Harris Business Park, Hanbury Road, Stoke Prior, Bromsgrove, B60 4DJ

By using our websites, you consent to this policy. 

The information we collect is obtained in a variety of ways:

When you give it to us DIRECTLY

You may give us your information when you contact us directly to make a donation, enquire about fundraising or request materials or to request a service form us. 

When you give it to us INDIRECTLY

Your information may be shared with us by others, for example independent third parties may have indicated that you wish to support The Lucy Faithfull Foundation and have given your consent. When using third party sites, you should check their privacy policy when you provide your data to understand fully how they will process your information. Your information may have been passed to us by a third party as part of commissioning a service with us or carrying out a contract.

When we collect it as you use our WEBSITES

what information do we collect from you?
The type and quantity of information we collect and how we use it depends on why you are providing it. We may use your data to provide you with information (including fundraising or campaigning activities), services or materials or resources you have requested or which we feel may interest you - where you have consented to being contacted.


If you support us, for example through donating, or requesting resources and materials, we may collect and process information about you. Depending on the nature of your engagement with us, this personal information may include your name, postal address, telephone number or mobile number, email address, your date of birth or your bank or credit card details if you have donated to us directly.

We may also ask for information relating to your health (for example if you are taking part in a high-risk event). We may also ask why you have decided to donate to us, but will only ask you to answer these questions if you feel comfortable doing so. We are legally required to hold some personal information to fulfil statutory obligations, for example the collection of Gift Aid or to support certain financial transactions.

We will always want to acknowledge receipt and thank anyone who chooses to aid our mission by donating to us. Where a donor has supplied contact details we will endeavour to thank them for their generosity which we constitute being a legitimate interest. We will not subsequently contact them, unless they opt-in to subscribe to our newsletters or to receive other relevant updates about the organisation.

If you contact us, we may keep a record of that correspondence. We will mainly use your data to:

Children's data

We sometimes collect and manage information from children who fundraise for us. We aim to manage it in a way which is appropriate to the age of the child. If appropriate, we will seek consent from a parent or guardian before collecting information about children and we will only hold what we need to for the requirements of the engagement.

Direct Marketing

With your consent, we will contact you to let you know about the services we provide and our most recent achievements. We may also let you know about ways you can support us and ask for donations or support. We will only contact you using the communications preferences you have given us. If you opt-in and then later change your mind, that is fine. You just need to let us know by emailing or calling 01372 847 160.

We will never rent, sell or share personal details to other organisations for use by them in their own direct marketing activities. However, if we run an event in partnership with another named organisation your details may need to be shared with them. We will be very clear what will happen to your data when you register.

Service users

When individuals are referred to us for our services, we will receive personal information, including name, address, date of birth, medical and criminal offence data, as well as other relevant information to enable us to commence work with the individual(s).

Personal information may also be collected directly from individuals in the course of the engagement with us, in order to provide as full a picture e.g. for assessment purposes.

All personal information collected for the purposes of engagement with service users is treated with the utmost sensitivity and care, and subject to stringent data security protocols.


Our lawful basis for processing

Under data protection legislation we must be clear with you what is our lawful reason for processing your data. While there are a range of lawful reasons to process your data, in the main we have identified legitimate interest as our main basis. This is explained below.

Legitimate interest.  Through the operation of our helpline, our fundraising and marketing, service delivery and our public awareness campaigning LFF process your data to conduct its core activity in its mission to eradicate child sexual abuse

Consent. This is where we've asked for your permission to use your personal data in a specific way, and you've agreed for example marketing.

Contract. We may process your personal data as part of an agreement you have with us to deliver a service to you.

Legal obligation. We may collect or share your personal data where we are required to do so by law. This can be as part of our responsibilities to fulfil regulatory requirements (e.g. The Charity Commission) or as part of financial audit regulation.

Vital interests. We may have to process your data if that is necessary toprotect someone’s life, for example when we become or made aware of a risk to someone’s health during any interaction with you.

Public task. We process data at times in the public interest for example by sharing data with public bodies about number of helpline calls received or visits to our websites


A cookie is a small text file that is sent to your computer's hard drive when you visit a website. A cookie typically contains the name of the website from which it has come, the lifespan of the cookie and a value. The value is usually a unique code that will only make sense to the website that has issued it. Cookies can also be used to measure how people use websites and what kind of browsers or devices they're using.

Like most websites, we use cookies to gather information about your computer for our services and to provide statistical information regarding the use of our website. We use Google Analytics to interpret our website’s traffic to ensure it is working in the best way possible and to allow us to continually improve the experience for users.  A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. The information provided by such cookies will not identify you personally - it is statistical data about our visitors and their use of our website. This statistical data does not identify any personal details whatsoever.

For more information generally on how Google uses your data please visit -

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not.

Cookies also enable us to collect details of your visits to our website, including but not limited to traffic data, location data, weblogs, and other communication data and the resources that you access.

When you visit our websites, you'll see this notice ‘We use Cookies to ensure we give you the best experience on our website' with a 'Find out more about Cookies' link to this Privacy Notice. As above, you have the right to accept or reject those cookies. We are therefore relying on your consent as our lawful basis for using Cookies.

We use the following cookies on our website:

Google Analytics

Google Analytics provides anonymous statistics on website usage. Cookies are used to track the source of a visitor, their session on the website (to associate multiple page views to one visit) and whether they are a new or returning visitor.

Cookie name Description Type/Length

 __utmb       __utmc             

Determining Visitor Session, contains a unique visitor identifier

30 minutes from set/update

Identifying Unique Visitors, contains a unique visitor identifier

2 years from set/update

Tracking Traffic Sources & Navigation, contains traffic source and information about referring keyword or website

6 months from set/update

Throttling request rate

10 minutes from set/update

_ga Visitor Identification

2 years from set/update

_gid                                                                User Journey 24 hours from set/update

PHP Session ID

A PHP session is created when certain functionality is in use on the website, allowing the website to uniquely identify one user between page loads. This is essential for the website’s operation, and is used for facilities such as logins to the content management system and load balancing.

Cookie name Description Type/Length


Contains an anonymous identifier that can be used by the server to provide a continuous service. Expires when the browser is closed

GDPR Consent

Cookie name Description  Type/Length



It records the default button state of the corresponding category. These cookies do not store any personal information.  1 year from     set/update
viewed_cookie_policy   The primary cookie that records the user consent for the usage of the cookies upon  ‘accept’ and ‘reject.’ It does not track any personal data and is set only upon user action (accept/reject).  1 year from set/update


We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback.

Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form, i.e. data from which all personally identifiable information has been removed), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

How to continue using our websites without cookies

All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. For more information on how to manage the cookies we use on this website, including how to remove cookies, please visit this page on the website of the Information Commissioner’s Office (ICO). The ICO is the UK’s independent authority that promotes openness by public bodies and data privacy for individuals.

The following links provide details on how to do this in a range of popular web browsers:

Cookie settings in Internet Explorer:

Cookie settings in Firefox:

Cookie settings in Chrome:

Cookie settings in Safari:

Please note that should you choose to decline cookies, you may be unable to access particular parts of our website.

Other ways we collect information about you when you use our websites

In addition, the type of device you're using to access our website and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you're using and what your device settings are. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.

Following links to third party websites 

Our websites may include links to other websites of interest, not owned or managed by The Lucy Faithfull Foundation. We try our best to only link to reputable websites; however, once you have used these links to leave our site, we cannot be held responsible for the privacy of data collected by sites not managed by us, nor can we accept responsibility or liability for those policies. For this reason, you should always look at the privacy statement applicable to the website in question.

Opting-in to receive information from us

We have moved to an 'opt-in only' communications policy. This means that we will only send communications to those that have explicitly stated that they are happy for us to do so via their preferred channel(s) (email, phone or post).

Our communications include information about our latest achievements, campaigns and activities, and the services we provide. If you would like to receive such communications but have not opted-in please contact us by email, by phone 01372 847 160 or by completing an online form ( /

When you donate to us, we will ask you to complete a communications preference form. If you sign up for updates through our website, we will communicate by your preferred method and periodically ask you to confirm your preferences.

If you contact us, we may keep a record of that correspondence. We will mainly use your data to:


We will contact you in the way you have specified. If you want to change your contact preferences please email or call 01372 847 160.


We will never rent, sell or share personal details to other organisations for use by them in their own direct marketing activities. We ensure that there are appropriate technical controls in place to protect your personal details. For example our network is protected and routinely monitored.

External companies sometimes collect or process personal data on our behalf, for example through Give as you Live. We do comprehensive checks on these companies before suggesting you use them. However, when using third party sites, like Give as you Live, you should check their privacy policy when you provide your data to understand fully how they will process your information. Some of our suppliers may run their operations outside the European Economic Area (EEA). Although they may not be subject to same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.

We may, for financial or technical reasons, from time to time need to use the services of an internet services provider located outside of the European Economic Area. However, we shall ensure that your personal information will be held by those internet service providers in compliance with European data protection regulations. By submitting your personal information to our website, you agree to this transfer, storing or processing at a location outside the European Economic Area. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

In cases when we use external websites provided by other organisations such as Twitter or Facebook, then we would ask you to consult their privacy policies.

We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or in order to enforce or apply our terms of use for this website or other agreements; or to protect the rights, property or safety of The Lucy Faithfull Foundation, our donors or others. This includes exchanging information with other companies and organisations for the purposes of fraud detection and protection.

We may also collect non-personal data such as aggregated data, which is data that may be obtained from your personal data, but which does not directly or indirectly identify you. This may include usage data detailing how you use our website and the features and areas that you have interacted with.


It is incredibly helpful if you can help us keep your information up to date. If you want to let us know if your contact details have changed, or if you want to change your communications preferences, you can email or call 01373 847160.


The Lucy Faithfull Foundation is payment card industry (PCI) compliant and uses external Payment Card Industry Data Security Standard (PCI DSS) compliant providers to process debit or credit card payments we take by phone. The details are entered into the application whilst the payee is on the phone and we do not store PCI data on our own systems.

Controlling the use of your data

Where we rely on consent as the lawful basis for processing your data you can revoke or vary that consent at any time.

If you do not want us to use your data or want to vary the consent that you have provided you can write to us at The Lucy Faithfull Foundation, 2 Birch House, Harris Business Park, Hanbury Road, Stoke Prior, Bromsgrove, B60 4DJ or email us at at any time.


The transmission of information via the internet or email is not completely secure.  Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk.

We have put in place security measures to prevent your data from accidental, loss or disclosure. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

In the event of a data breach we will notify the ICO and you in the event that the breach results in any likelihood of loss or damage to you.

Data retention

The length of time that we retain, and store data depends on the purpose for which it was collected. We will only store data for as long as is required to fulfil that purpose, or for the purpose of satisfying legal requirements.

It is a legal requirement that we keep certain data about our customers and suppliers for at least seven years. The type of data includes contact, identity, financial and transaction data.

Where you have requested that we provide you with marketing materials we will retain your data until such time as consent is withdrawn by you.

Your rights

The GDPR gives you a range of rights in relation to the personal data that we collect from you. You have the right to:

(a) Access your personal data. This right is commonly known as the ‘data subject access request’ and enables you to receive a copy of the personal data we hold about you. You will not need to pay a fee to access your personal data unless we can justifiably demonstrate that the request is repetitive or excessive. We will respond to all legitimate data access requests within one month. If there are any discrepancies in the information we provide, please let us know and we will correct them. Please complete this form to make a Subject Access Request.

(b) Request update of the personal data. This enables you to have any incomplete or inaccurate data corrected.

(c) Correction or erasure of your personal dataThis enables you to ask us to delete personal data where there is no justifiable reason for us continuing to retain and process it. We may not always be able to delete the data such as if there is an ongoing contractual relationship between us or if we are legally required to retain the data. Please complete this form to make a Correction or Erasure Request.

(d) Object to processing of your personal data where we are relying on consent or our legitimate interests (or those of a third party) as the justification for processing the data.

(e) Restrict, or stop,the processing of your personal data. This enables you to ask us to change the processing of your personal data. For example,the processing of your donation.

(f) Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, machine-readable format.

(g) Withdraw consent. Where we are relying on consent to process your personal data you may withdraw that consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

You can exercise these rights at any time by writing to us at the address detailed above, or by email to For other information, please see guidance available via the Information Commissioner’s Office.

If you want to access your information, please send a description of the information you want to see and proof of your identity (certified copy of passport, driving license or birth certificate) by post to Mr Adrian McNulty, The Lucy Faithfull Foundation, 2 Birch House, Harris Business Park, Hanbury Road, Stoke Prior, Bromsgrove, B60 4DJ. So that we know we only provide the personal data to the right person, we do not accept these requests by email or telephone.


If you wish to raise a complaint regarding our use of your personal data then you can contact the Information Commissioner’s Office (ICO), which is the UK supervisory authority for data protection issues. (

If you do wish to raise a complaint then we would welcome the opportunity to discuss your concerns before you contact the ICO to see if we can resolve the issue for you. In such a case, please contact Mr Adrian McNulty via the contact details in the above paragraph.

Changes to this policy

We reserve the right to make changes to this privacy policy from time to time. Each time you visit this site you should check this privacy policy to check that no changes have been made to any sections that are important to you. If we make significant changes in the way we treat your personal information we will make this clear on The Lucy Faithfull Foundation website and/or by contacting you directly.

If you have any questions, comments or suggestions, please let us know by contacting us on or by calling 01372 847160.

This policy was updated on 14th August 2020. 

privacy policy for children


As a charity committed to child protection the Lucy Faithfull Foundation (LFF) puts safety at the heart of our organisation. This includes the use of any of your personal information. We are committed to protecting your information and will be clear with you about how and why we are using it. We follow all current data protection law across all of our work. 

What is a privacy policy?

A privacy policy explains what personal information we collect from you, how we use it and what your rights are. If you have any questions you can speak with your allocated worker or contact Adrian McNulty, our Data Protection Officer at

Why is it important?

There are laws in place in the UK to protect people’s information and privacy. The General Data Protection Regulation (GDPR) is the law that sets out the rules around what information organisations can collect, process and store.   

Some definitions: 

What information do we collect from you?

Why do we collect your personal information?

We collect your information so that we can work with you, look at ways we can improve our services, make sure our services are accessible to anyone who needs them, get your views about our resources or to help us to research our area of work.

Under the GDPR, we are allowed to collect, process and store your personal data in order to deliver the aim of our charity: to prevent child sexual abuse.

In some situations, we may ask for your consent to process your information. We will always explain why we are asking for your information and what we are going to do with it. You can withdraw your consent at any time.

If you are under 13, you are not able to give consent due to your age. We will need to ask your parent or carer to give us consent instead.

Who do we share your personal information with?

When we start our work with you, we will explain who we will share information with. We can review this together at any time. Often it can be helpful for us to share information with your social worker, your parents or carers or other professionals who work with you, so they can support you and keep you and others safe.

If your social worker or another professional has asked us to complete an assessment or intervention with you, we will usually share information with them, including a final report telling them about the work we have done together.

There are times when we cannot keep information confidential and may have to share it in order to keep you, another child or an adult safe. If you tell us anything that makes us worried about you or another person being harmed, then we may have to share that with local authorities (social workers) or the police so that they can help. At times a Court may require us to share information. We will always try to tell you before we share any information, where possible.

We sometimes work with other organisations, like universities, to help us measure how well we are doing. We always anonymise any personal information, by changing the names and personal details, so you cannot be identified in any research.

How long do we keep your personal information?

We will keep your personal information for two years from the last time we see or speak to you. Any reports we complete for a local authority or the Court will be kept on our secure database indefinitely. This is in case the report is needed again in the future by the local authority, the police or the courts.  

How we keep your data safe?

We take the security of your information very seriously. We keep your personal information on The Lucy Faithfull Foundation network and have internal policies to make sure we do not lose your data, share it with anyone who should not see it or misuse it in any way. Where any of your information is kept in paper form, we have systems to keep it safe. We have secure and confidential ways to delete the data we store when we no longer need it. 

You also have the right to:
  • ask us to provide you with all the information we hold on you and we will reply, for free, usually within a month 
  • ask us to change information you think is wrong, for example if you need to update your email address
  • in some cases, you can ask us to delete all the data we hold on you 
  • ask us to move your information to you or to another organisation in an easy to read format’
  • ask us to stop using your information, or ask us to only use it in a certain way
  • to contact the information commissioner’s office directly via their website or 0303 123 1113.  
Who to contact for more information? 
You can write to: 
Mr Adrian McNulty,  
The Lucy Faithfull Foundation,  
2 Birch House,  
Harris Business Park,  
Hanbury Road,  
Stoke Prior,  
B60 4DJ 
or email at  
If you want to access your information, please send a description of the information you want to see and proof of your identity (certified copy of passport, driving license or birth certificate).  

Sign up for news & updates

To support our work to protect children, donate today.

Donate today
Contact us

2 Birch House
Harris Business Park
Hanbury Road
Stoke Prior
B60 4DJ

Tel: 01527 591922
Fax: 01527 575 939

For help with a child sexual abuse issue, call our
Stop It Now helpline on 0808 1000 900 or
click here to send us a secure email or use our live chat.

Lucy Faithfull Foundation

Lucy Faithfull Foundation is a Registered Charity No. 1013025, and is a company limited by guarantee, Registered in England No. 2729957.

Privacy Policy
Cookie Policy
Diversity statement

© 2024 Copyright Lucy Faithfull Foundation
Website Design by SiteWizard