Please Donate



This privacy policy describes what information we gather about you, what we use that information for and who we give that information to. It explains why and how we collect and use the information. This privacy policy also sets out your rights in relation to your information and who you can contact for more information or queries. 


If you have any requests concerning your personal information or any queries with regard to our processing, please contact You may also contact us by writing to The Data Protection Officer (VFF) c/o Royal Star & Garter, 15 Castle Mews, Hampton TW12 2NP. 




This privacy policy consists of the sections set out below:


  • Information about us 
  • Collection of information about you 
  • Other people’s data 
  • What we do with your information 
  • Legal basis for processing your information 
  • Sharing of your information 
  • International transfers 
  • Security of personal information 
  • Cookies 
  • Retention of personal information 
  • Your rights 


Information about us 


In this privacy policy, references to we, us, our are references to the Veteran Friendly Framework (“VFF”). We are a project organised jointly by Royal Star & Garter (charity registration number 210119, The Royal British Legion (charity registration 219279 ) and Veterans Covenant Healthcare Alliance (VCHA). This website is administered by Royal Star & Garter. Royal Star & Garter is the “controller” for the purposes of the UK General Data Protection Regulation (“GDPR”). Our ICO registration number is Z5712729. 


Collection of information about you 


We may collect and process the following data about you: 


  • Information you give us. You may give us information about you asking for information about the VFF or by applying for accreditation, submitting an application to work, or by corresponding with us by phone, e-mail or otherwise. The information you give us may include your name, address, e-mail address and phone number. You may also give us information through our website and social media pages.  
  • Sensitive personal data. We sometimes collect and use “sensitive personal data”. This is defined as information about racial or ethnic origin, political opinions, religious or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions. We collect sensitive personal data to help us monitor equal opportunities and for safeguarding purposes.   
  • Information that you give to third parties. We may receive information about you from third parties. Where we receive personal data that relates to you from a third party, we request that this third party inform you of the necessary information regarding the use of this data. Where necessary, they may refer to this privacy policy.  
  • Technical information when you visit our website, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, geographical location, browser plug-in types and versions, operating system and platform. 
  • We use Google Analytics and Google Signal to measure how you use our website.   


Other people’s data 


You may provide the personal data of other people (e.g. colleagues you work with). Before providing anyone else’s data please ensure they are happy for you to do so and under no circumstances must you make public another person’s home address, email address or phone number without their permission. 


What we do with your information 


When you provide personal information to us, we may use it for any of the purposes described in this privacy policy or as stated at the point of collection (or as obvious from the context of collection). 


For organisations, we will use the information you provide to: 


  • fulfil your requests – such as provision of information 
  • record any contact we have with you; 
  • assess your application to join the VFF; 
  • to carry out our obligations arising from any contracts entered into between you and us; 
  • prevent or detect fraud or abuses of our website and enable third parties to carry out technical, logistical or other functions on our behalf. 


Legal basis for processing your information 


We rely on one or more of the following processing conditions in order to process your personal information: 


  • our legitimate interests in the effective delivery of information and services to you (provided these do not interfere with your rights); 
  • to satisfy any legal and regulatory obligations to which we are subject; 
  • to perform our obligations under any contracts that we have agreed with you; or 
  • where no other condition for processing is available, if you have agreed to us processing your personal information for the relevant purpose. 


Sharing of your information 


We may disclose your personal information to our employees, officers or professional advisers as reasonably necessary for the purposes set out in this privacy policy. 


Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation. 


We never sell or share your information to other organisations to use for their own purposes other than as explained above. 


International transfers 


Third party organisations engaged by us to process your personal information for the purposes set out in this privacy policy may be situated outside the United Kingdom and may therefore transfer personal information outside the UK. We will have a contract with the third party organisation requiring them to use your information only as instructed by us. 


Transfers outside the UK will be only: 


  • to a recipient located in a country which provides an adequate level of protection for your personal information; and/or 
  • under an agreement or mechanism which satisfies UK requirements for the transfer of personal data to data processors or data controllers outside the UK, such as standard contractual clauses approved by the European Commission or the US Privacy Shield Framework in relation to transfers of personal data from the UK to the USA. 


Security of your personal information 


We have implemented generally accepted standards of technology and operational security in order to protect personal information from loss, misuse, alteration or destruction. Only authorised persons are provided access to personal information collected via the website; these individuals have agreed to maintain the confidentiality of this information. We use secure server software (SSL) to encrypt financial and personal information you input via our website before it is sent to us. 


Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to or by us. 


Where you or we have provided a password enabling you to access parts of our websites or use our services, it is your responsibility to keep this password confidential. Please do not share your password with anyone. 




Our website uses cookies so that we can track how users navigate through our website, in order to enable us to evaluate and improve our website. For detailed information on the cookies we use and the purposes for which we use them please read our cookies policy. 


Retention of personal information 


We will retain your personal information only for as long it is required for the purposes for which it was collected, or as required to do so by law. When we no longer need information, we will dispose of it securely, using specialist companies if necessary to do this work for us. 


Your rights 


You have certain rights in relation to the personal information we hold about you. In particular, you have a right to: 


  • request a copy of personal information we hold about you (commonly referred to as a subject access request); 
  • ask that we update the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete; 
  • ask that we delete personal information that we hold about you, or restrict the way in which we use such personal information; 
  • object to our processing of your personal information; 
  • withdraw your consent to our processing of your personal information (to the extent such processing is based on consent and consent is the only permissible basis for processing); and/or 
  • request portability of your personal information. 


If you would like to exercise these rights, please contact us in writing (which can be an email). You may be asked to provide the following details: 


  • The personal information you want to access 
  • Where it is likely to be held 
  • The date range of the information you wish to access. 


We will need to ask you to confirm your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits (30 days). This timeframe may be extended by up to two months if your request is particularly complex. 


We may charge for a request to access your information, if permitted by applicable law. For example, we may charge a reasonable fee based on administrative costs for providing further copies of your information. 


We are not a ‘public authority’ as defined under the Freedom of Information Act 2000. We will not use our funds to respond to requests for information made under this Act. 


For more information about your rights under the GDPR, please visit the website of the Information Commissioner’s Office at 


Contact us 


If you have any questions or complaints about this privacy policy or the way your personal information is processed by us, or would like to exercise one of your rights set out above, please contact us by one of the following means: 



Post: The Data Protection Officer (VFF) c/o Royal Star & Garter, 15 Castle Mews, Hampton, TW12 2NP. 


You may also have the right to lodge a complaint with the UK’s data protection regulator, the Information Commissioner’s Office. For further information on your rights and how to complain to the ICO please refer to the ICO website: 



Author: Caroline Speller, Charity Secretary Royal Star & Garter 

Date: December 2023 

Review date: December 2024