Welcome to the Muslim Leadership Foundation CIC (“we,” “us,” or “our”) website. We are committed to protecting and respecting your privacy. This Privacy Statement explains how we collect, use, and safeguard your personal data when you visit our website, http://www.themlf.org (“the Site”).

MLF UK CIC is committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains what information we collect, why we collect it, how we use it, how long we keep it, and your rights in relation to your personal data.

1. Who we are

MLF UK CIC is the data controller for the personal data we collect and use.

If you have any questions about this Privacy Policy or how your data is handled, please contact us at:

Email: info@themlf.org

2. Who this policy applies to

This policy applies to personal data collected through our work, including data relating to:

• programme participants
• event attendees
• staff and volunteers
• contractors and freelancers
• supporters, partners and stakeholders
• people who contact us through our website, forms or email

3. What personal data we may collect

We may collect and process personal data such as:

• name
• email address
• phone number
• postal address
• date of birth or age range
• emergency contact details
• attendance and engagement information
• feedback and survey responses
• financial information where required for payment, invoicing or grant compliance

Where relevant, we may also collect limited special category data, such as information about ethnicity, faith, health, accessibility or support needs. We only collect this where there is a clear reason for doing so and where the appropriate lawful basis applies.

4. How we collect data

We may collect personal data through:

• registration and sign-up forms
• event bookings
• surveys and feedback forms
• email correspondence
• programme monitoring and evaluation tools
• website enquiries
• applications, onboarding and employment-related processes

5. How we use personal data

We use personal data to:

• deliver programmes, training and events
• communicate with participants, partners and supporters
• manage registrations and attendance
• respond to enquiries and requests
• support safeguarding, health and safety, and organisational responsibilities
• evaluate our work and improve our programmes
• meet reporting requirements linked to funding or grant compliance
• manage recruitment, volunteering and contractor relationships
• meet legal and regulatory obligations

Where possible, information used for reporting and evaluation is anonymised.

6. Lawful basis for processing

We process personal data under one or more of the following lawful bases:

• consent – for example, where you choose to receive marketing updates or complete optional surveys
• legitimate interests – for running programmes, managing relationships and improving our services
• contract – where processing is necessary for an agreement or service
• legal obligation – where we are required to process data for legal, regulatory, safeguarding, employment or health and safety reasons

Where we collect special category data, we will explain why it is needed and, where appropriate, seek explicit consent.

7. Photography and videography

We may take photographs or video recordings during events and programmes for documentation, evaluation and promotional purposes.

Where this applies:

• participants will be informed in advance
• consent options will be made clear
• consent choices will be recorded and respected
• individuals can withdraw consent for future use at any time
• we will take reasonable steps to avoid using images of those who have opted out

Images and recordings are stored securely and only accessed by authorised team members.

8. Data sharing

We do not sell personal data.

We may share personal data only where necessary, including:

• with service providers who help us run secure systems and platforms
• with funders where reporting is required, usually in anonymised form
• with safeguarding bodies or relevant authorities where there is a risk of harm or a legal duty to share information
• with professional advisers or regulators where required by law

We do not transfer personal data outside the UK without appropriate safeguards.

9. Data security

We take appropriate technical and organisational steps to protect personal data. These include:

• password-protected files and devices
• restricted access to personal information
• secure cloud storage
• encryption and two-factor authentication where appropriate
• regular review and deletion of outdated files
• secure destruction of paper records when no longer needed

10. How long we keep personal data

We keep personal data only for as long as necessary for the purpose for which it was collected.

As a general guide:

• participant data may be retained for up to 2 years after engagement
• financial records may be retained for 6 years
• safeguarding records are retained in line with safeguarding requirements and guidance
• other records are reviewed regularly and securely deleted when no longer needed

11. Your rights

Under data protection law, you have the right to:

• request access to your personal data
• request correction of inaccurate data
• request deletion of data in certain circumstances
• withdraw consent where consent is the basis for processing
• object to certain uses of your data
• ask us to restrict processing in some situations
• complain to the Information Commissioner’s Office (ICO)

12. Subject access requests

You can request a copy of the personal data we hold about you by contacting us at:

Email: info@themlf.org

We may ask for proof of identity before responding. We aim to respond within one month.

13. Complaints about data handling

If you have a concern about how we have handled your personal data, please contact us first at:

Email: info@themlf.org

You also have the right to complain to the Information Commissioner’s Office (ICO).

14. Cookies and website data

Our website may collect limited technical information such as IP address, browser type, device information and pages visited. This helps us understand how the website is used and improve its performance.

For more information about how cookies are used on our site, please see our Cookie Policy.

15. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, guidance or organisational practice. The latest version will always be published on our website.