Privacy Policy
Last updated: April 2026
1. Introduction
Save the MBR Beagles (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website at savethedogs.uk.
This policy is provided in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR) 2003.
Please read this policy carefully. By using our website, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
The data controller responsible for your personal data is:
We are an independent campaign and are not affiliated with any other organisation. If you have any questions about how we handle your data, please contact us using the details above.
3. What Personal Data We Collect
We collect different categories of personal data depending on how you interact with our website:
3.1 Account Registration
When you create an account, we collect your name, email address, phone number, postcode, and a password (stored in hashed form only — we never store your password in plain text).
3.2 Newsletter Subscription
When you subscribe to our newsletter, we collect your name, email address, phone number, and postcode.
3.3 Write to Your MP Tool
When you use the Write to Your MP tool, we process your name, email address, postcode (to identify your MP via the TheyWorkForYou API), and the content of the letter you write. Your postcode is sent to the TheyWorkForYou API solely to look up your MP’s details. The letter is sent from your email address via our email provider (Mailgun).
3.4 Rescue Operation Signup
When you express interest in participating in rescue operations, we collect your name, contact details, and the risk tier you select.
3.5 Foster/Adoption Applications
When you submit a foster or adoption application, we collect your name, contact details, and information about your household and ability to care for an animal.
3.6 Technical Data
When you visit our website, we automatically collect certain technical information, including your IP address, browser type and version, operating system, referring URL, pages visited, and timestamps. This data is collected through server logs and is used to maintain the security and performance of the website.
4. Lawful Basis for Processing
Under the UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:
| Processing Activity | Lawful Basis | Details |
|---|---|---|
| Account registration | Consent (Art. 6(1)(a)) | You actively choose to create an account and provide your details. |
| Newsletter subscription | Consent (Art. 6(1)(a)) | You opt in to receive communications from us. |
| Write to Your MP tool | Consent (Art. 6(1)(a)) | You choose to use the tool and provide your information to send a letter. |
| Rescue signup | Consent (Art. 6(1)(a)) | You voluntarily sign up and select a risk tier. |
| Foster/adoption applications | Consent (Art. 6(1)(a)) | You voluntarily submit an application. |
| Email and SMS communications | Consent (PECR Reg. 22) | We send marketing communications only with your consent. |
| Technical data and security logs | Legitimate interests (Art. 6(1)(f)) | Necessary to maintain website security, prevent abuse, and ensure service reliability. |
| Authentication cookies | Legitimate interests (Art. 6(1)(f)) | Strictly necessary for the website to function (session management). |
5. How We Use Your Data
We use your personal data for the following purposes:
- Providing our services: managing your account, processing applications, enabling the Write to Your MP tool, and managing rescue signups
- Communications: sending you campaign updates, newsletters, calls to action, and important operational information via email or SMS (with your consent)
- Website security: monitoring for and preventing unauthorised access, abuse, and technical issues
- Campaign improvement: understanding how the website is used so we can improve it (using anonymised, aggregated data only)
We do not use your personal data for automated decision-making or profiling.
6. Who We Share Your Data With
We do not sell, rent, or trade your personal data to any third party. We share your data only in the following limited circumstances:
6.1 Mailgun (Email Service Provider)
We use Mailgun to send emails, including campaign communications and letters sent via the Write to Your MP tool. Mailgun processes your email address and name to deliver these emails. Mailgun’s servers are located in the EU. Their processing is governed by a Data Processing Agreement and they are bound by UK GDPR-equivalent protections.
6.2 TheyWorkForYou API
When you use the Write to Your MP tool, your postcode is sent to the TheyWorkForYou API operated by mySociety to identify your local MP. Only your postcode is transmitted for this lookup — no other personal data is shared with mySociety.
6.3 Law Enforcement
We may disclose your personal data if required to do so by law, or if we believe in good faith that such disclosure is necessary to comply with a legal obligation, protect our rights or safety, or prevent fraud or abuse.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:
| Data Category | Retention Period |
|---|---|
| Account data | Retained while your account is active. Deleted within 30 days of account deletion request. |
| Newsletter subscriber data | Retained until you unsubscribe. Deleted within 30 days of unsubscription. |
| Write to Your MP data | Letter content is retained for up to 12 months for our records, then deleted. Postcode is not stored after MP lookup. |
| Rescue signup data | Retained while your account is active or until you withdraw your signup. |
| Foster/adoption application data | Retained for up to 24 months after the application is resolved, then deleted. |
| Technical/server logs | Retained for up to 90 days, then automatically purged. |
| Authentication cookies | Session cookies expire when you close your browser or after a period of inactivity. |
9. Your Rights Under UK GDPR
Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:
- Right of access (Subject Access Request): You have the right to request a copy of the personal data we hold about you. We will respond within one month of receiving your request.
- Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
- Right to erasure (“right to be forgotten”): You have the right to request that we delete your personal data where there is no compelling reason for us to continue processing it. We will comply unless we have a lawful reason to retain the data.
- Right to restrict processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while we verify its accuracy.
- Right to data portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format (such as JSON or CSV), and to transmit it to another controller.
- Right to object: You have the right to object to the processing of your personal data where we are relying on legitimate interests as the lawful basis.
- Right to withdraw consent: Where we rely on your consent as the lawful basis for processing, you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing carried out before the withdrawal.
To exercise any of these rights, please contact us at hello@savethedogs.uk. We will respond to all legitimate requests within one month. In exceptional circumstances, we may extend this by a further two months, in which case we will inform you and explain why.
You will not have to pay a fee to exercise your rights. However, we may charge a reasonable fee or refuse to comply if your request is clearly unfounded, repetitive, or excessive.
10. Children's Privacy
Our website is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16 years of age. If you are under 16, please do not use this website or provide any personal data to us.
If we become aware that we have collected personal data from a child under 16 without appropriate parental consent, we will take steps to delete that information as soon as possible. If you believe we may have collected data from a child under 16, please contact us immediately.
11. International Data Transfers
Our website is hosted in the United Kingdom (DigitalOcean, London region) and your data is primarily stored and processed in the UK.
Our email service provider, Mailgun, processes data on servers located in the European Union. The EU is recognised by the UK government as providing an adequate level of data protection under UK GDPR, meaning your data is afforded equivalent protections when processed by Mailgun in the EU.
We do not transfer your personal data to any country outside the UK and EU that does not have adequate data protection safeguards in place.
12. Data Security
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it, including:
- Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS)
- Password hashing: Passwords are hashed using bcrypt before storage. We never store passwords in plain text.
- Access control: Access to personal data is restricted to authorised administrators only
- Session management: Authentication sessions are managed securely through NextAuth.js with JWT tokens and CSRF protection
- Server security: Our server is maintained with regular security updates and is protected by firewall rules
While we take all reasonable steps to protect your data, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your data.
13. Data Breach Procedures
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach, where required under UK GDPR Article 33
- Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms, as required under UK GDPR Article 34
- Document the breach, its effects, and the remedial action taken
14. How to Make a Complaint
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk
We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first if possible.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will update the “Last updated” date at the top of this page.
Where changes are significant, we will make reasonable efforts to notify you (for example, by email or a notice on the website). We encourage you to review this policy periodically.
16. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your personal data, please contact us:
See also our Terms of Service for the rules governing use of the website.