We respect your privacy and are committed to protecting your personal information. We collect personal data to help us deliver our work – from sending newsletters and processing event registrations, to improving your experience on our website. We only collect what we need, use it responsibly, and store it securely. This policy explains what information we collect, how and why we use it, who we share it with, and the rights you have under UK data protection law.

This privacy policy was last updated in July 2025.

Information we collect

We collect personal information in three main ways:

1. Information you provide to us

• When you sign up for our newsletter
• When you register for events or programmes
• When you fill in a contact form, survey or feedback request
• When you choose to share information with a member of our team via email
• When you make a donation (and in the course of a direct debit, the frequency and date of which these will be taken)

2. Information we collect automatically

• Website usage data such as IP address, device type and browser
• Cookie-based tracking that helps us improve how our website performs

3. Information from third parties

• Go Cardless (for donations)
• Eventbrite (for event registration)
• Active Campaign (for newsletters and website analytics)
• Google Analytics (for website analytics)
• Stripe (for donations)

How and why we use your information

We collect and use personal information so we can:

• Communicate with you about events, programmes or news
• Understand how people use our website and improve user experience
• Deliver services you’ve requested
• Meet legal and regulatory obligations

We rely on different legal bases to process your data, including your consent, fulfilling a contract, and our legitimate interests in improving our services.

We only keep your data for as long as necessary to meet these purposes, up to a maximum of seven years.

Who we share your information with

We only share your data securely and confidentially with trusted partners who help us deliver our services, including:

• Website hosting providers
• Email marketing platforms
• Event registration platforms
• Analytics services 
• Payment platforms

For events or funded projects, information may also be shared with named partner organisations if required. We will always inform you of this when you register or sign up. We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party’s direct marketing.

We will share information with our payment services provider only to the extent necessary for the purposes of processing payments you make via our website, refunding such payments and dealing with complaints and queries relating to such payments and refunds.

Where services store data outside the UK, we ensure that appropriate data protection safeguards are in place.

your data rights

You have rights under UK GDPR that allow you to control your personal data. These include:

• Right to access: Ask us what information we hold about you
• Right to correct: Update or amend inaccurate details
• Right to delete: Ask us to remove your personal data
• Right to object or restrict: Limit how we use your information
• Right to data portability: Request your data in a format you can take elsewhere
• Right to withdraw consent: Withdraw permission for us to use your data

To exercise any of these rights, please contact us using the details below.

data security and retention

We take the security of your personal information seriously and follow strict policies to protect it. 

Your data is stored on secure, password-protected servers, either managed by us directly or through trusted suppliers, including cloud-based services.

Financial transactions are protected by encryption, and we work only with reputable partners to ensure your data remains safe.

We also take appropriate technical and organisational steps to prevent unauthorised access, misuse or loss of data.

While we take every precaution, it’s important to remember that no method of internet transmission is completely secure. We therefore encourage you to keep your own login information, such as passwords, confidential.

We keep personal information only for as long as necessary to fulfil the purpose it was collected for. In some cases, we may retain data for longer if required by law, to comply with legal obligations, or to protect our legal rights, including fraud prevention. We regularly review our data retention practices, and personal information is never held for more than seven years.

cookies

We will ask you to consent to our use of cookies in accordance with the terms of this policy when you first visit our website. Cookies are small text files stored on your device that help us understand how you use our website. We use:

• Essential cookies: Required for basic site functionality
• Analytics cookies: Help us improve website performance
• Marketing cookies: Only used with your permission

You can manage your cookie preferences at any time here.

Data protection registration

We are registered as a data controller with the UK Information Commissioner’s Office. Our data protection registration number is Z3611031.