Privacy policy
How CAS-UK handles personal data in portal and payment flows
This summary reflects data elements visible in current member, group admin, and donation code paths. We process personal data to run account access, campaign support, and communications responsibly.
Last updated: March 2026 • Contact: info@cas-uk.org
Data categories in active flows
| Category | Examples from forms/controllers | Purpose | Legal basis (typical) |
|---|---|---|---|
| Account identity | member_email, group_email, names, passwords |
Authenticate members and Group Admin users | Contract / legitimate interests |
| Contact and profile | Phone numbers, addresses, country codes, photo uploads | Membership operations and communication delivery | Contract / legitimate interests |
| Contribution and donation records | Campaign references, amounts, payment gateway metadata | Campaign settlement, donation processing, audit trail | Contract / legal obligations |
| Dependent and next-of-kin linking | Parent references, dependant records, next-of-kin identifiers | Eligibility and family-relationship handling | Contract / substantial public interest where applicable |
Third-party processors and integrations
| Processor / integration | Data involved | Purpose | Safeguard approach |
|---|---|---|---|
| PayPal / card / mobile-money gateways | Payment amount, transaction references, payer metadata | Payment processing and callbacks | Gateway contractual controls and secure redirect model |
| Email delivery services | Email address, template payload data | Account and campaign communications | Service credentials and restricted mail templates |
| SMS and Telegram integrations | Phone numbers, chat identifiers, message content | Notifications and user updates | Opted communication channels and controlled sender flows |
| Firebase social sign-in | Identity token, verified provider email | Google/Yahoo assisted authentication | Server-side token verification before session creation |
Your rights
- Access a copy of your personal data.
- Request correction of inaccurate records.
- Request erasure or restriction where applicable.
- Object to processing based on legitimate interests.
Sessions, cookies, and retention
CAS-UK uses PHP session handling for authenticated use and route continuity. Cookies/session tokens are used for login state and security controls. Retention is limited to operational, legal, and audit needs.