top of page

Privacy Statement

Who are we?
The Windmill Trust provides specialist, creative therapy to children and young people in Cumbria requiring mental health support.

Our vision is a future where, regardless of economic background, children and young people have access to researched, effective therapeutic interventions to alleviate distress and ward against long-term mental health issues.

The mission of The Windmill Trust is to provide researched, effective therapeutic interventions to children, young people and families in West Cumbria, helping to reshape the impact of trauma, one child at a time.

The Windmill Trust is the controller for the personal information we process unless we state otherwise.

You can contact us about data privacy by email, post or phone via the Charity Manager, The Windmill Trust, 78 Appleby Road, Kendal, Cumbria, LA9 6HF, or email or call us on 07708 650696.

Our Registered Charity number: 1195160


This Privacy Statement explains how and why we use your personal data, to ensure you remain informed and in control of your information.

What type of personal information do we collect?
We collect, process and store three main types of personal information:

  • clinical records in order to ensure clients are provided with appropriate and supportive services

  • recruitment and HR records about our employees, contracted practitioners and volunteers in order to fulfil our record keeping obligations as employers and contractors

  • supporter records relating to our fundraising activities in order to comply with legal and financial obligations and to keep them informed

How do we obtain your personal data?
Most of the personal data we process is provided to us directly by you when you:

  • use our clinical services

  • apply for a practitioner role

  • apply for a job or volunteering role

  • sign up to one of our training sessions

  • request information about our activities and services

  • make a donation to us

  • fundraise on our behalf

  • register for an event

  • enter into a contract with us

  • get in touch with us via phone, website or other method


The type of information we collect will vary according to how you are engaging with us and we always ensure we only collect the information necessary to fulfil this engagement.

Sometimes we collect your personal information indirectly from third-party fundraising organisations including Charities Aid Foundation (CAF) and JustGiving when you use their services to make a donation to us or sign up for school training. These third parties only share your information with us with your consent. You should check their Privacy Notices when you provide your information to understand fully how they will process your data.

You may also provide personal information to us when you visit The Windmill Trust’s pages on social media, e.g. Facebook or Instagram, or when you visit our website. Our website uses cookies to support functionality, improve the security of the site and allow pages to be shared by social networks.


For more information about cookies, please read our Cookies Notice.

How we Handle Clinical Records
We recognise that the information we collect to support our clinical work is likely to include sensitive personal data, so we handle our clinical records very carefully including but not limited to the following ways:

  • we obtain consent to process personal data

  • for children, we obtain parental written consent and a child’s verbal or written consent to process personal data

  • we keep brief and factual notes on children and families which are kept digitally on a password protected, cloud-based system; in a locked filing cabinet or in a portable, locked file box.

  • all information is kept securely and access is highly restricted to trained staff bound by confidentiality agreements

  • information may be used for monitoring and evaluation purposes in order to improve current and future delivery of services

  • information is anonymised when shared or used for evaluation and reporting

  • if diversity information is collected, all reporting will be anonymised

  • data are only shared where The Windmill Trust has a legal obligation to do so or to protect the vital interests of an individual


How we handle HR and recruitment records
We use personal data that you provide to:

  • process an application for employment, volunteering, placement or practitioner role: we may process your data to ascertain suitability and for the performance of contract (or prior to entering into a contract)

  • share appropriately with the third party, external payroll bureau and pension provider and HM Revenue & Customs

  • maintain an employment relationship


The above list is supplied for illustration and is not exhaustive.


How we Handle Fundraising Data

We use personal information to fundraise, process donations and stay in touch with our supporters to:

  • thank them and keep them updated on what we have achieved with their support

  • let them know about any events or opportunities that may be of interest to them


Our electronic marketing (email and telephone) is only undertaken with your prior consent and postal marketing is only undertaken where there are legitimate interests. In order to do this effectively, we sometimes use third parties to store and process personal information linked to our fundraising activities:

  • to process your payments, including donations, to The Windmill Trust, some information may be passed to payment processors. Please refer to their privacy statements

  • when we share our data with these third-party providers, these “data processors” act only under our instructions and are not permitted to use your information for their own purposes


We will never sell your data to third parties, and you will not receive offers or communications from other companies or organisations as a result of giving your details to us.


Our Website
Our company is hosted on the platform. provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through’s data storage, databases and the general applications. They store your data on secure servers behind a firewall.

All direct payment gateways offered by and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

How Long Will We Keep Your Information?
We will retain any personal information for no longer than necessary for the purposes for which it was collected, taking into account guidance issued by the Information Commissioner’s Office (ICO).

We will keep your personal information in respect of any financial transaction for as long as the law requires us to for tax or accounting purposes which may be for up to twenty-five years.

Clinical information is deleted/destroyed after twenty-five years.

Your Data Protection Rights
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

Your Right of Access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

Your Right to Rectification
You have the right to ask us to correct information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Your Right to Erasure
You have the right to ask us to erase your personal information in certain circumstances.

Your Right to Restriction of Processing
You have the right to ask us to restrict the processing of your information in certain circumstances.

Your Right to Object to Processing
You have the right to object to processing if we are able to process your information in certain circumstances.

Your Right to Data Portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or if the processing is automated under, or in talks about entering, a contract.

You are not required to pay any charge for exercising your rights. We have one month to respond to you.


Please contact the Charity Manager, The Windmill Trust, 78 Appleby Road, Kendal, Cumbria, LA9 6HF, on email or call 07708 650696 if you wish to make a request.

If you and/or your child are being supported within our clinical service, you may choose to speak to the therapist who will pass on your request.

If you are a The Windmill Trust employee, contracted practitioner, or volunteer, you may choose to speak to your line manager or the staff member coordinating your role who will pass on your request.

If you are not happy with the way we have handled your data and are unable to resolve the issue with us personally, you have the right to lodge a complaint with the Information Commissioner’s Office, the UK’s independent body set up to uphold information rights.

You can read more about your rights here: For the public | ICO

Updates to this Statement
We will update this Privacy Statement from time to time so you may wish to check it each time you submit personal information to The Windmill Trust.

This statement was last reviewed: October 2023.

We are committed to reviewing our policies annually. 

The next full review date for this policy is: November 2024.



Name:  Phillippa Chapman, Manager

Date Signed: 2nd November 2023

bottom of page