Privacy Policy

Last updated: 19 February 2026

1. Introduction

Muslim Welfare House Sheffield ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our website and services, you consent to the collection and use of your personal data as described in this policy.

2. Information We Collect

2.1 Personal Data

We collect the following types of personal data:

  • Contact Forms: Name, email address, and message content
  • Activity Requests: First name, surname, email, organisation name, event details, speaker details, estimated attendees, dates, and times
  • Event Signups: First name, last name, email address, and optionally phone number
  • Analytics: IP addresses, page views, user behavior, and device information (via Vercel Analytics, with consent)

2.2 How We Collect Data

We collect personal data through:

  • Contact forms on our website
  • Event registration forms
  • Activity request forms
  • Website analytics (with your consent)
  • Email communications

3. Lawful Basis for Processing

We process your personal data under the following lawful bases:

  • Consent: When you provide explicit consent (e.g., for analytics cookies)
  • Legitimate Interests: To respond to your enquiries and manage event registrations
  • Contract: To fulfil our obligations when you register for events or request activities
  • Legal Obligation: To comply with applicable laws and regulations

4. How We Use Your Data

We use your personal data for the following purposes:

  • To respond to your enquiries and contact requests
  • To process and manage event registrations
  • To evaluate and respond to activity requests
  • To send you important updates about events and services (where you have consented)
  • To improve our website and services through analytics (with consent)
  • To comply with legal obligations

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal data to third parties. We may share your data only in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist us in operating our website and services (e.g., Vercel for hosting and analytics, Resend for email delivery, Firebase for data storage)
  • Legal Requirements: When required by law or to protect our rights and safety
  • With Your Consent: When you have given explicit consent for specific sharing

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy:

  • Contact Form Submissions: Retained for 2 years from the date of submission
  • Event Signups: Retained until the event concludes, plus 1 year for record-keeping
  • Activity Requests: Retained for 3 years from the date of submission
  • Analytics Data: Retained for 26 months (as per Vercel Analytics default)

After the retention period, we will securely delete or anonymise your personal data unless we are required to retain it for legal reasons.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data (subject to legal obligations)
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Request transfer of your data to another service provider
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, please contact us using the details provided in Section 10.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure data storage using Firebase Firestore
  • Input sanitization to prevent XSS attacks
  • Rate limiting to prevent abuse
  • Regular security reviews and updates

9. Cookies and Tracking

Our website uses cookies and similar tracking technologies. For detailed information about the cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

10. Contact Information

If you have any questions, concerns, or wish to exercise your rights regarding your personal data, please contact us:

Muslim Welfare House Sheffield

10-12 Severn Road

Sheffield, S10 2SU

United Kingdom

Email: manager@mwhs.org.uk

We will respond to your request within one month of receipt. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date.

12. Children's Privacy

Our website is not intended for children under the age of 13. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.