We Are Family


We Are Family CIO Privacy Policy

1    Introduction

1.1          We Are Family (‘WAF’ and ‘we’) is committed to protecting the privacy and rights of individuals (including members and their families, volunteers, employees, trustees and others) and to fully comply with data protection legislation (principally the General Data Protection Regulation ('GDPR') and the Data Protection Act 2018 (‘DPA’)).

1.2          This Privacy Policy ('Policy') applies to all WAF members (both adoptive parents and prospective adopters), volunteers and trustees. In this Policy, for simplicity, the words ’member’ and 'you' are used to mean each of these groups. This Policy explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights.  If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the end of this Policy.

2    What does WAF do?

2.1          WAF is a parent-led adoption support community operating in and around London. We provide support through regular meet-ups, information sharing and other initiatives.

2.2          WAF recognises the fundamental importance of protecting personal data about adoptive families, and that any failure to do so could have far-reaching negative consequences for its members and their families. Equally, sharing adoption-related information and the experiences of adoptive parenting with each other, and offering mutual support, is at the core of WAF’s reason for existence.

3     What personal information does WAF collect and why?

3.1          WAF holds and processes certain information about its members and other individuals it has dealings with for various purposes, including providing information and support to its members; enabling the sharing of information and experiences between members; for administrative purposes; and, in an anonymised and aggregated form, in dealing with external stakeholders and for fundraising purposes.

3.2          The personal information that we may collect about you broadly falls into the following categories:

3.2.1      Information that you provide voluntarily (when you apply to become a member of WAF or at a later time). This may include information such as your name, email address, local authority area, adopter status and family details as well as information about your year of birth, gender, ethnicity, disability and sexual orientation.

3.2.2      Information that we collect automatically from your device. This may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (eg country or city-level location) and other technical information.  We may also collect information about how your device has interacted with our website, including the pages accessed and links clicked. Collecting this information enables us to better understand the visitors who come to our website, where they come from, and what content on our website is of interest to them. Some of this information may be collected using cookies and similar tracking technology. For further information about the types of cookies we use, why, and how you can control cookies, please see our Cookie Notice [link].

3.2.3          Information that we obtain from third party sources. We only receive personal information about you from third party sources in limited circumstances, and only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.  This includes, for example, confirmation from your social worker about your adopter status where you have asked the social worker to provide us with this information.

3.3          We use personal information about WAF members for the following purposes:

3.3.1      To administer and manage our membership;

3.3.2      To provide information of benefit to WAF members including about WAF and other organisations’ activities, about WAF blog postings, and about things affecting adoptive families;

3.3.3      To identify members when they contact WAF;

3.3.4      To allow WAF volunteers to run WAF events (including notifying members about events) and to provide access to various means of support;

3.3.5      To compile non-identifying statistical information on the membership of WAF (for instance, about the gender, race, disability and sexual orientation representation within our membership) which helps us to better understand who uses our services, guides us in our work and helps with future WAF fund-raising; and

3.3.6      To identify members who have similar circumstances (for example, single or LGBTQ adopters in the same WAF group) where the relevant members have consented to such identification (we only actually connect such members where each has then specifically agreed to this).

3.4          We use personal information about trustees to allow WAF to fulfil its regulatory responsibilities and to administer the operation of the WAF Board of Trustees. We use personal information about volunteers to facilitate their voluntary work for WAF.

3.5          Please note that WAF operates a Facebook page, available at, which is primarily controlled and operated by Facebook Inc. and its affiliates ('Facebook') and that any information collected about you via the Facebook group will be used in accordance with Facebook's privacy notice and cookie notice (available on Facebook's website). Facebook may use this page to place cookies on your device. Please see our Cookie Notice [link] for further information about cookies generally and how you can opt out from them.  We encourage you to read Facebook's privacy notice and cookie notice if you access our Facebook group.

4    Legal basis for processing personal information

4.1          Our legal basis for collecting and using the personal information described above will depend on the information concerned and the specific context in which we collect it.

4.2          We will normally collect personal information from you only where we have your consent to do so, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or (in some cases) where we need the personal information to perform a contract with you.  We may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

4.3         If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

4.4          Sensitive data (such as information about health status, sexual orientation or religious beliefs) should not generally be obtained, held, used or disclosed, unless the individual (the ‘data subject’) has given explicit consent. This means that the data subject must have been fully informed of the intended processing and has indicated their agreement. Where we process sensitive information about you, we will always obtain your consent to do so. In most instances, consent to process sensitive data for WAF members is obtained when you complete the membership application form. Where we collect sensitive information about you after you have become a WAF member, consent will be appropriately sought.

5   Data retention

5.1          We retain personal information we collect from you where we have an ongoing legitimate need to do so (for example, to provide you with our services or to comply with applicable legal, tax or accounting requirements). When we have no ongoing legitimate need to process your personal information, we will delete, shred or anonymise it.

5.2          If you do not wish to continue your membership of WAF, your personal information will be deleted, shredded and/or anonymised. If we consider that a member is no longer active (for example, where contact cannot be made), information will be deleted, shredded or anonymised. WAF reviews the information held about its members on a regular basis.

6    Data security

6.1          WAF uses appropriate technical and organisational measures to protect the personal information that we collect and process about you.  The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. 

6.2          WAF recognises that photographs and other images of members and their families can present a serious risk to privacy. For this reason, WAF will not take or use any image of a member or of anyone in his or her family unless explicit consent has been obtained. Photography or video recording at any WAF event is strictly controlled.

7    Your data protection rights

7.1              You have the following data protection rights

7.1.1            If you wish to access, correct, update or request deletion of your personal information, object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information, you can contact us at any time by using the contact details provided below. 

7.1.2              If we have collected and process your personal information with your consent, then you can withdraw your consent at any time.  This includes your right to opt out of any emails we may send you at any time, although if you opt out of receiving emails from your primary WAF local group we will treat that as you ending your membership of WAF. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

7.1.3              You have the right to complain to a data protection authority about our collection and use of your personal information.  Your local data protection authority is the Information Commissioner's Officer (

7.2          We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

8    Disclosure of data

8.1          WAF will ensure that your personal information is not disclosed to unauthorised third parties, including other family members, friends, government bodies and, in certain circumstances, the police, unless otherwise permitted under the statements below:

8.1.1      You have given consent (eg to be contacted by another member);

8.1.2      Where disclosure is required to allow a requested service to be provided (eg where you have specifically requested information about a particular service);   

8.1.3      Where WAF is legally obliged to disclose the data (eg in relation to a Charity Commission inspection or inquiry, police investigations, under a court order etc);

8.1.4      Where disclosure of data is required for the performance of a contract (although this will be unusual in relation to WAF); and

8.1.5      Where WAF becomes aware of a child or vulnerable adult protection concern and decides to inform the relevant authorities (see WAF’s Safeguarding Policy [add link]).

8.2          As an alternative to disclosing personal data, WAF may offer to pass on a message asking them to contact the enquirer; or accept an incoming email message and attempt to forward it. WAF will not accept sealed envelopes or packets for forwarding to members. Due to the many sensitivities of adoption, WAF will not forward unknown messages or materials to members.

9      International transfers

9.1          WAF's database servers are located in the United Kingdom. However, your personal information may be transferred to, and processed in, countries other than the United Kingdom.  These countries may have data protection laws that are different to the UK.

9.2          Specifically, our website servers are located in the United Kingdom and our third party service providers operate around the world. We have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Policy.

10    How to contact us

10.1        We may update this Policy from time to time in response to changing legal, technical or operational developments. We will obtain your consent to any material changes if and where this is required by applicable data protection laws. You can see when this Policy was last updated by checking the "last updated" date shown at the end of this Policy. 

10.2        If you have any questions or concerns about our use of your personal information, please contact us at: 

10.3        The data controller of your personal information is We Are Family CIO which is registered with the Charity Commission of England and Wales with charity number 1163318.

Last updated: 23 September 2019