Privacy Policy

How we collect, use and protect your personal data — and your rights under UK GDPR.

Last updated: . Need this in another format? Email support@thegreatchangeuk.com.

1. Who we are (data controller)

The Great Change UK (“we”, “us”) is the data controller for personal data we process in connection with our website, subscriptions, weekly draws and donations. Contact: support@thegreatchangeuk.com. Registered office and company number will appear here once available.

2. The data we collect

  • Identity & contact: name, email, postcode (for UK eligibility), and any details you provide when contacting us.
  • Subscription/transaction: plan status, amounts, last 4 digits & method type (via Stripe), refunds, cancellations.
  • Technical: IP address, device/browser, pages visited, timestamps, cookie/consent choices.
  • Support: messages and any attachments you send us.

3. How we collect it

  • Directly from you (subscribe, email, forms).
  • Automatically (essential cookies and server logs for security/performance).
  • From processors (e.g., Stripe for payments).

4. Why we use your data (lawful bases)

  • Contract — create/manage your subscription, include you in eligible draws, pay prizes, provide support.
  • Legal obligation — age verification, anti-fraud/AML, accounting/tax records.
  • Legitimate interests — security, troubleshooting, preventing abuse, understanding aggregate usage to improve.
  • Consent — any optional analytics/marketing (not enabled by default). You can withdraw consent anytime.
No marketing by default: we will only send marketing if you explicitly opt in.

5. Payments (Stripe)

We use Stripe to process payments. Stripe may act as an independent controller for its regulatory obligations. We receive limited payment info (status, method type, last 4 digits) and never see full card numbers. See Stripe’s privacy information via your receipt or stripe.com.

6. Cookies & tracking

We use essential cookies to make the site work (e.g., remember cookie consent). If we enable analytics (e.g., GA4), we’ll request consent via the banner and won’t set analytics cookies unless you choose “Accept”.

  • Essential: e.g., cookieConsent (stores your banner choice).
  • Optional (if enabled): usage analytics to improve the site — consent-based; can be declined.

See our Cookie Notice for details and a “Reset my choice” control.

7. Sharing your data

  • Service providers: payment processing (Stripe), hosting, email. Bound by contracts and confidentiality; some (e.g., Stripe) also act as independent controllers.
  • Legal/compliance: where required by law, to enforce our terms, or protect rights and safety.
  • Transparency: we may publish anonymised totals and anonymised Winner IDs; we don’t publish personal details.

8. International transfers

Where providers process data outside the UK/EEA, we rely on adequacy decisions or appropriate safeguards (UK IDTA/Standard Contractual Clauses) with supplementary measures as needed.

9. How long we keep data

  • Account & subscription data: for your active period, then typically up to 6 years for tax/accounting/legal reasons.
  • Support emails: up to 2 years from closure unless needed longer for disputes/legal obligations.
  • Cookies: according to their type and your choices.

10. Your rights

Under UK GDPR you can:

  • Access your data and request a copy.
  • Ask us to correct inaccurate or incomplete data.
  • Request deletion where we have no legal reason to keep it.
  • Object to or restrict certain processing (especially where based on legitimate interests).
  • Withdraw consent at any time (for consent-based processing like analytics/marketing).
  • Data portability for info you provided to us, where processing is based on consent/contract and is automated.

To exercise rights, email support@thegreatchangeuk.com. We aim to reply within one month (or explain if we need more time for complex requests).

11. Complaints

You can complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk. We’d appreciate the chance to resolve concerns first — please contact us.

12. Security

We use appropriate technical and organisational measures (encryption in transit, access controls, logging, least-privilege). No system is 100% secure; please use a strong, unique email password and tell us if you suspect a compromise.

13. Children

Our service is for UK residents aged 18+. We do not knowingly collect data from anyone under 18. If a minor’s data was provided, contact us and we’ll delete it.

14. Changes to this policy

We may update this Privacy Policy to reflect changes in law or our operations. We’ll post the new date at the top and, if changes are material, show a clear notice on the site.