Speak to a trained member of the Mermaids team. 08088010400

Welcome to Mermaids’ privacy policy. 

Mermaids is committed to upholding and protecting your rights in respect of your privacy and personal data. This privacy policy will demonstrate how we collect and protect information about you (your ‘personal data’) when you use and engage with our website and services. 

This policy was last updated 26 May 2023.

Who we are

Mermaids is a charity that has been supporting transgender, non-binary and gender-diverse children, young people, and their families since 1995.

Mermaids is registered as a charity with the Information Commissioner’s Office (Number 1160575) at Mermaids, Regus, Princes Exchange, 2 Princes Square, Leeds, LS1 4HY, [email protected].

How we collect personal data about you

We collect personal data in a variety of ways, which are set out below:

  • Personal data you provide to us directly

You may provide personal data to us when making a donation, signing up to attend events, using our forum, signing up to receive email communications from us, contacting us via phone or email or otherwise using our services.

When you interact with our website, we collect your personal data by using “cookies” and other tracking methods. This personal data includes tracking data, browsing activities and patterns over time and across different websites.

  • Personal data you may provide to us indirectly

There may be scenarios where we collect personal data about you that has been provided to us by a third party. This may occur if a friend or family member puts you forward for an event or an independent event organiser shares your personal data with us, such as third-party donation websites or organised charity runs. 

We sell merchandise on our website via an external provider (Merchify) whose privacy policy can be found here. Mermaids does not keep, store, or use any personal data submitted through our merchandise provider. In addition, our website will, in some circumstances, contain links to other websites of interest. It is important to check the privacy policy of these websites as any information provided whilst visiting such sites is not governed by this privacy policy.  

We transfer any necessary documents, which may contain personal data, onto storage provided by third party providers such as Google and Microsoft, who take technological measures to keep your personal data safe. 

The personal data we collect about you 

We may collect, use and store the following kinds of personal data:

  • your name;
  • your pronouns; 
  • your date of birth;
  • your contact details;
  • your address;
  • general information about your situation and/or your health;
  • notes from any call;
  • equalities monitoring information;
  • meal preferences; 
  • any reasonable adjustments necessary; 
  • if hosting younger people, we may collect next of kin data;
  • information on tax payer status to enable us to claim Gift Aid;
  • information about activities/interaction on our website or social media platforms e.g. the device being used, IP address and location; and
  • any other personal information you provide to us.

We may collect some forms of special category data, which includes information about your race or ethnicity, health, religious or philosophical beliefs, sexuality, sexual orientation, political opinions, trade union membership, and generic genetic and biometric data. We only collect this special category data where there is good reason to do so. You may wish to keep the call entirely anonymous and/or ask us not to keep a note of anything.

How we use your personal data  

We use your personal data for many reasons, which includes, but may not be limited to, the following:

  • to process your donations;
  • to sign you up to events;
  • to enable your use of the forum;
  • keep a record of your relationship with us;
  • respond to or fulfil any requests, complaints or queries you make to us;
  • further our charitable objectives; 
  • to sign you up to receive email communications; and
  • to contact you via phone or email or otherwise whilst using our services (e.g. helpline calls, volunteering, to enable us to claim Gift Aid on your donations where eligible, to support you in your fundraising efforts).

Legal basis for processing data

Data protection law ensures that every use of personal data is justified by a “legal basis”. 

  • Consent

This legal basis requires clear consent to be obtained in order to process personal data for a specific purpose. We ensure we have obtained consent before collecting your personal data wherever necessary. For example, email, forum, and phone correspondence. You have the right to withdraw consent at any time. 

  • Legal Obligation 

The processing is necessary for Mermaids to comply with the law. For example, we collect personal data in order to keep a record of donations for tax purposes and under anti-money laundering legislation. 

  • Contract

The processing is necessary for a contract Mermaids has with the individual, or because you have asked us to take specific steps before entering into a contract. 

  • Legitimate interest

The processing is necessary for an individual’s legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data, which overrides those legitimate interests.

How we keep your information safe

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. We ensure that only people who need to access the information have passwords in order to access it. They will only process your personal data on our instructions and they are subjected to a duty of confidentiality. 

We ensure that all staff and volunteers are trained in data protection and confidentiality so that they understand how to protect personal data. We take other measures, such as only allowing access to those that need it, requiring passwords, using two factor authentication when available and monitoring access to systems.

We store the required personal data, excluding credit card details, on our server for as long as needed to process the donation. We also keep any paper records locked away or under the supervision of a member of staff until digitised, from then it is destroyed.

How long we keep your personal data for

We will store your personal data for 6 years after your last contact with us, unless you ask us to delete it. We abide by any applicable legal, accounting, reporting or regulatory requirements which specify how long certain records must be kept.

Your forums account will be removed after 11 months of inactivity and all of your forums posts will be archived for 6 years – The forums team will email you beforehand to warn you that your account is due to be terminated due to inactivity. We keep your information in an archived form for 6 years after your last post or after you delete your personal data unless you exercise your rights (see Your rights below).

Disclosures of your personal data 

We will only disclose your personal data in a few minimal ways. For example, if there is a safeguarding concern (this is standard with younger people, so that if you are at risk of serious harm, we may contact local emergency services to safeguard your life). Additionally, we can share some details with HMRC, or if the law necessitates sharing personal data. We may only share information with any venues or organisers that are running events for or with us. We only share the information that we need to share and will not share information such as gender information where this is not required. We may need to share your information with our various regulators such as the Charity Commission and Fundraising Regulator.


We will only send you electronic marketing messages, by email, SMS or social media where your consent has been obtained and you have indicated that you want to receive these from time to time. You can opt out at any time by contacting us or unsubscribing. We use cookies for remarketing purposes, including Facebook Pixel. You can find out more about the Facebook Pixel here. No personally identifying information is collected from the Facebook Pixel cookie.

Your rights 

You have several rights over your data. If you want to do any of these things, please contact [email protected]. Please note, that some of these rights are not guaranteed. For example, you can always ask for a copy of your data, but if you ask us to delete something that we have a legal obligation to hold (such as information about a donation) then we may not be able to comply. 

  • The right to be informed about the collection and use of personal data

We will tell you what we are doing with your information

  • The right to access personal data and supplementary information

You can request a copy of any personal data that we hold about you. 

  • The right to have inaccurate personal data rectified, or completed if it is incomplete

If you think that our records of your personal data are incorrect, inaccurate or incomplete, please let us know. We will correct any factually incorrect information. 

  • The right to erasure (to be forgotten) in certain circumstances

In some cases, you can ask us to delete your information. If this is not possible, we will explain why this is the case. 

  • The right to restrict processing in certain circumstances

You can ask us to stop using your data for certain purposes. 

  • The right to data portability, which allows you to obtain and reuse your personal data for your own purposes across different services 

You can ask us for a copy of your data in a format that is machine-readable

  • The right to object to processing in certain circumstances 

You can object to some of our processing

  • Rights in relation to automated decision making and profiling

We have to tell you if we are using any programmes to make automatic decisions about you – however, we do not do this. 


If you have any complaints or concerns with regard any personal data that Mermaids may hold about you or if you wish to exercise rights in relation to your personal data, please contact us via our Data Protection Officer at [email protected]. You also have the right to raise concerns with the UK Information Commissioner’s Office, which is the regulator for data protection matters. They can be contacted at ico.org.uk.

We may change this privacy policy from time to time. If we make any significant changes in the way we treat your personal information, we will make this clear on the Mermaids’ website or by contacting you directly.

Contact us

If you have any questions or comments regarding this privacy policy, please contact our Data Protection Officer at [email protected] or by phone at 0808 801 0400.