Skip to main content


Franciscan Missionaries of the Divine Motherhood (FMDM) is committed to protecting and respecting your privacy. For the purposes of the General Data Protection Regulations (GDPR) and any subsequent UK legislation covering data protection the Data Controller is FMDM.

Our Policy sets out why we collect personal information about individuals and how we use that information. It explains the legal basis for this and the rights you have over the way your information is used. This Policy covers FMDM in relation to the collection and use of the information you give us. We may change this Policy from time to time. If we make any significant changes we will advertise this on the website or contact you directly with the information. Please check this page occasionally to make sure you are happy with any changes. If you have any questions about this Policy or concerning your personal information please contact the GDPR Administrator at or by post to GDPR Administrator, St Francis, Ladywell Convent, Ashstead Lane, Godalming GU7 1ST.

What type of personal information we collect

The type and amount of information we collect depends on why you are providing it. The information we collect when you make an enquiry may include your name, email address, postal address and phone number. If you are a supporter, for example making a donation, volunteering, signing up for an event, in addition to asking for your name and contact details ie your full address, email address and your phone number, we may also ask you for your credit/debit card details to process bookings at the Retreat Centre. If you are booking it on behalf of a group who are staying onsite, we will also require the names and addresses of the attendees as well as the detail of the presenter if appropriate.

This information is kept for no more than 6 months after the end of the event and is not shared with any third party. Any credit/debit card payments are processed in-house and the details securely shredded on-site. Donations are only accepted by cash, cheque or bank transfer.

If you are a grant or job applicant, the information you are asked to provide is as set out in the application and necessary for the purposes of our considering the application. How we collect information We may collect information from you whenever you contact us or have any involvement with us for example when you:

  • donate to us
  • enquire about our activities or services
  • post content onto our website/social media sites
  • volunteer for us
  • attend a meeting with us and provide us with information
  • take part in our events/book our facilities for an event
  • contact us in any way including online via our website, email, phone, SMS, social media or post.
  • We do not collect Cookies when you visit our website. Where we collect information from We collect information:

(1) From you when you give it to us directly: You may provide your details when you ask us for information or make a donation, volunteer, attend our events or contact us for any other reason.

(2) When you give it to us indirectly: Your information may be shared with us by other organisations such as fundraising sites like Just Giving or Virgin Money if you are fundraising for us.  They should only do so in the way they have set out in their own Privacy Policy which you should check when you give your details.

(3) When you have given other organisations permission to share it: Your information may be provided to us by other organisations if you have given them your permission.  This might for example be a charity working with us or might be when you buy a product or service from a third party organisation.  The information we receive from other organisations depends on your settings or the option responses you have given them.

(4) When it is in available on social media: Depending on your settings or the privacy policies applying for social media and messaging services you use, like Facebook, Instagram or Twitter, you might give us permission to access information from those accounts or services.

How we use your information

We will use your personal information in a number of ways which reflect the legal basis applying to processing of your data. These may include:

  • providing you with the information or services you have asked for
  • processing donations you make, including processing for Gift Aid purposes
  • organising volunteering activity you have told us you want to be involved in and in relation to the fundraising for us you are involved in
  • sending you communications with your consent that may be of interest including marketing information about our services and activities, campaigns and appeals asking for donations and other fundraising activities and promotions for which we seek support
  • when necessary for carrying out your obligations under any contract between us
  • seeking your views on the services or activities we carry on so that we can make improvements
  • maintaining our organisational records and ensuring we know how you prefer to be contacted
  • processing grant or job applications

Our legal basis for processing your information

The use of your information for the purposes set out above is lawful because one or more of the following applies:

  • Where you have provided information to us for the purposes of requesting information or requesting that we carry out a service for you, we will proceed on the basis that you have given consent to us using the information for that purpose, based on the way that you provided the information to us.  You may withdraw consent at any time by emailing us at  This will not affect the lawfulness of processing of your information prior to your withdrawal of consent being received and actioned.
  • It is necessary for us to hold and use your information so that we can carry out our obligations under a contract entered into with you or to take steps you ask us to prior to entering into a contract.
  • It is necessary to comply with our legal obligations eg retaining payment or donation information for HMRC records.
  • Where the purpose of our processing is the provision of information or services to you, we may also rely on the fact that it is necessary for your legitimate interests that we provide the information or service requested, and given that you have made the request, would presume that there is no prejudice to you in our fulfilling your request.
  • If you want to contact us about your marketing preferences please contact


How we keep your information safe

We understand the importance of security of your personal information and take appropriate steps to safeguard it. We will store all the personal information you provide on our secure (password and firewall protected) server. Access to any personal information held, both electronically and in paper form, is restricted to those who have a legitimate reason to access it; eg HR, Finance etc.

We will use personal information only for the purposes for which it was originally collected and we will make sure we delete it securely.

Our Wi-Fi is protected by an industry standard encryption mechanism. A review is taken monthly by our IT support. Access to financial or sensitive personal information is controlled by passwords which in turn are limited to authorised persons only. We always ensure only authorised persons have access to your information, which means only our staff, and volunteers and contractors, and that everyone who has access is appropriately trained to manage your information. No data transmission over the internet can however be guaranteed to be 100% secure. So while we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk.

Who else has access to your information?

Third parties if we run an event in conjunction with them. We will let you know how your data is used when you register for any event.

Owing to matters such as financial or technical considerations the information you provide to us may be transferred to countries outside the European Economic Area (EEA), which are not subject to the same data protection regulations as apply in the UK. This is because we have Sisters in Africa, Malaysia, Singapore, Australia and America. We meet our obligations under GDPR by ensuring that the information has equivalent protection as if it were being held within the EEA. Any data sent is not processed by a third party. We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest. Other than this, we will not share your information with other organisations without your consent.

Keeping your information up to date

We really appreciate it if you let us know if your contact details change. You can do so by contacting us at Our use of “cookies” The website does not automatically collect information ie “Cookies” from the browser. Children’s Information We do not collect any information on children. However, if we ever have cause to do so, where appropriate we will ask for consent from a parent or guardian to collect information about children (under 16s).

1. How long we keep your information for We will hold your personal information for as long as it is necessary for the relevant activity. By way of example, we hold records of donations you make for at least six years so we can fulfil our statutory obligations for tax purposes. Where we rely on your consent to contact you for direct marketing purposes, we will treat your consent as lasting only for as long as it is reasonable to do so. This will usually be for two (2) years. We may periodically ask you to renew your consent.

2. If you ask us to stop contacting you with marketing or fundraising materials, we will keep a record of your contact details and limited information needed to ensure we comply with your request.

Your rights

You have the right to request details of the processing activities that we carry out with your personal information through making a Subject Access Request. Such requests have to be made in writing. More details about how to make a request, and the procedure to be followed, can be found in our Data Protection Policy. To make a request contact us at

1. This may be reduced in the UK to age 13. Parental consent under GDPR is required re the context of information society services to children (for example Facebook) but not otherwise. Charities working with children will wish to have their own policies on consent. Under the Data Protection Act 1998, children have been able to exercise their own data rights as soon as they have capacity and understanding, which is ordinarily assumed by age 12.

2. The Fundraiser Regulator states that the period should be assessed having regard to how long the individual would consider it reasonable to be contacted before they are asked to renew consent. (See Fundraiser Regulator’s Personal Information and Fundraising: Consent, Purpose and Transparency 21 February 2017

You also have the following rights:

  • the right to request rectification of information that is inaccurate or out of date
  • the right to erasure of your information (known as the “right to be forgotten”)
  • the right to restrict the way in which we are dealing with and using your information
  • the right to request that your information be provided to you in a format that is secure and suitable for re-use (known as the “right to portability”)
  • rights in relation to automated decision making and profiling including profiling for marketing purposes

All of these rights are subject to certain safeguards and limits or exemptions, further details of which can be found in our Data Protection Policy. To exercise any of these rights, you should contact the GDPR Administrator at the above address. If you are not happy with the way in which we have processed or dealt with your information, you can complain to the Information Commissioner’s Office at the following address:

Commissioner’s Office,
Wycliffe House,
Water Lane,
Wilmslow, Cheshire, SK9 5AF.

Changes to this Privacy Policy

This Policy may be changed from time to time. If we make any significant changes we will advertise this on our website or contact you directly with the information. Do please check this Policy each time you consider giving your personal information to us. This Policy was last updated in July 2018.