Privacy Policy

Verified Space is operated by VerifiedSpace Platforms Ltd., a company registered in England and Wales. We provide a digital booking platform that connects charity organisations with retail stores and venues for fundraising opportunities. We are committed to protecting your privacy and handling your data in an open, transparent manner.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, VerifiedSpace Platforms Ltd. is the data controller. Our registered address is available upon request by emailing hello@verifiedspace.co.uk.

We collect information in the following ways:

Account Information: When you register as a store manager or charity organisation, we collect your name, email address, organisation name, job title, phone number (optional), and username/password credentials. For charity organisations, we also collect your registered UK Charity Number for verification purposes.

Profile Data: Information you provide to complete your profile, including store locations, operating hours, charity descriptions, and fundraiser details such as names, training status, and DBS check status.

Booking and Transaction Data: Records of time slot bookings, approval/decline actions, fundraiser assignments, and feedback ratings submitted through the platform.

Communications: Any correspondence you send us, including support enquiries, feedback, and waiting list applications.

Technical Data: Your IP address, browser type and version, operating system, referring URLs, page views, and access timestamps. This data is collected automatically when you use our platform.

Audit Trail Data: Comprehensive logs of all significant actions taken on the platform, including bookings, approvals, status changes, and user interactions, retained for regulatory compliance purposes.

We use the information we collect for the following purposes:

Service Delivery: To operate and maintain the Verified Space platform, process bookings between stores and charities, verify charity registration status, and facilitate the two-way feedback system.

Account Management: To create and manage your account, authenticate your identity, and communicate with you about your account or bookings.

Platform Improvement: To analyse usage patterns, improve the user experience, develop new features, and ensure the platform operates efficiently and fairly.

Compliance and Safety: To maintain audit trails for regulatory compliance, prevent fraudulent or inappropriate use of the platform, and ensure the safety of fundraising activities.

Communications: To send you important service notifications, booking confirmations, status updates, and — where you have opted in — occasional updates about platform features.

Fair Access: To operate our reputation-based priority system, which gives higher-rated charities early access to new time slots, promoting quality and professionalism across the platform.

Under UK GDPR, we process your personal data on the following lawful bases:

Contractual Necessity: Processing is necessary for the performance of our contract with you — namely, providing access to the Verified Space platform and facilitating bookings between stores and charities.

Legitimate Interests: We have a legitimate interest in maintaining platform security, preventing fraud, improving our services, and ensuring fair access for all users.

Legal Obligation: Certain processing is required to comply with legal obligations, including maintaining audit trails and responding to regulatory requirements.

Consent: Where required, we obtain your explicit consent — for example, for optional marketing communications. You may withdraw consent at any time.

We do not sell your personal data. We may share your information in the following limited circumstances:

Between Platform Users: Store names, locations, and available time slots are visible to registered charity users. Charity names and charity registration numbers are visible to store managers when processing booking requests. Fundraiser performance ratings are visible to the employing charity.

Service Providers: We work with trusted third-party providers who process data on our behalf, including our hosting provider (Neon for database services), email delivery services (Resend), and the UK Charity Commission API for verification. All providers are bound by data processing agreements.

Legal Requirements: We may disclose your data if required by law, regulation, legal process, or enforceable governmental request.

We retain your personal data for as long as your account remains active and for a reasonable period thereafter to comply with our legal obligations, resolve disputes, and enforce our agreements.

Audit trail data is retained for a minimum of seven years to satisfy regulatory compliance requirements. Booking history and feedback data are retained for the lifetime of the associated accounts plus three years. Account credentials are deleted promptly upon account closure, subject to our audit retention obligations.

We take the security of your data seriously and implement appropriate technical and organisational measures to protect it, including:

Passwords are hashed using industry-standard bcrypt encryption and are never stored in plain text. All data in transit is encrypted using TLS/SSL. Access to personal data is restricted to authorised personnel on a need-to-know basis. Our database infrastructure is hosted by Neon with enterprise-grade security measures. Regular security reviews are conducted to identify and address vulnerabilities.

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access: You can request a copy of the personal data we hold about you.

Right to Rectification: You can ask us to correct inaccurate or incomplete data.

Right to Erasure: You can request deletion of your personal data, subject to our legal retention obligations.

Right to Restrict Processing: You can ask us to temporarily halt processing of your data in certain circumstances.

Right to Data Portability: You can request your data in a structured, commonly used, machine-readable format.

Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes.

To exercise any of these rights, please contact us at hello@verifiedspace.co.uk. We will respond within one month of receiving your request.

Your data is primarily processed within the United Kingdom and the European Economic Area. Where data is transferred outside these regions (for example, to service providers), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the ICO.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this page periodically.

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at hello@verifiedspace.co.uk.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority. You can contact the ICO at ico.org.uk or by telephone on 0303 123 1113.