Privacy Policy

1. Data We Collect

• Name, email address, and phone number (e.g. when you fill out a form or contact us).
• Job role and the organisation you work for (e.g. if you are a practitioner, manager, or work in youth care, health, or education).
• Your professional experience, if relevant to the research.
• Consent form information, including support or access needs you voluntarily share.
• IP address, browser type, device details, referrer URL, and interaction data from our website.
• Typeform survey responses.
• Research notes, transcripts, and (if applicable) interview recordings.
• Age and care status (if relevant to the research).
• Dates of contact, interview scheduling, consent status, and safeguarding checks (internal use).
• Confirmation of remuneration sent, and internal notes related to research logistics or insights.

Note: We only collect sensitive data (e.g. ethnicity, disability, or health information) when it is provided voluntarily or directly relevant to the research. We do not collect data for profiling or marketing.

2. How We Collect Data

• Website forms (e.g. contact or enquiry forms).
• Calendly bookings.
• Typeform surveys and consent forms.
• Research interviews and focus groups.
• Emails or direct communication.
• Cookies (see our Cookies Policy for details).
• In some cases, data may be temporarily stored on a researcher’s personal device (e.g. phone, laptop) when scheduling or recording. This is deleted within 14 days once uploaded to secure storage.

3. Why We Collect Data

• To respond to enquiries or service requests.
• To conduct ethical and participant-led research.
• To improve our platform, services, and user experience.
• To ensure accessibility and safeguarding during research.
• To understand how people interact with our website.

Note: We do not use your data for marketing or profiling unless you explicitly opt in.

4. Sharing Your Data

• Google Analytics – for anonymised usage statistics.
• Google Workspace – for storing consent forms, research data, and internal documentation.
• Google Meet – for conducting and recording interviews and focus groups (with consent).
• Typeform – for collecting consent and survey responses.
• Fathom – for securely recording and transcribing interviews (with consent).
• Calendly – for booking interviews and research sessions.
• Textanywhere – for sending SMS reminders to participants.

Note: We complete Data Protection Impact Assessments (DPIAs) and Transfer Risk Assessments (TRAs) for tools based outside the UK/EU. These platforms use Standard Contractual Clauses (SCCs) and the UK Addendum to ensure GDPR compliance. We keep DPIAs and TRAs in a dedicated compliance folder so they can be reviewed on request by regulators or partners. We do not sell or share your data for advertising purposes.

5. Your Rights

• Access the data we hold about you.
• Request correction or deletion.
• Object to processing.
• Restrict how we use your data.
• Request a copy of your data (data portability).

Note: To exercise these rights, email [email protected]. We will respond within one month. We keep a log of all rights requests to ensure accountability.

6. Data Retention and Deletion

• Website enquiries and form submissions are retained for up to 12 months.
• Research participant data is retained for up to 2 years after the research project ends.
• Anonymised or aggregated data may be kept for longer for reporting or funding purposes.
• We log and review all deletions and maintain a clear audit trail.

Note: You may request earlier deletion unless we are legally required to retain your data.

7. Security Measures

• Encrypted cloud storage (e.g. Google Workspace).
• Password protection and two-factor authentication.
• Restricted access to authorised team members.
• Secure deletion protocols and regular reviews of stored data.
• Where personal devices are used (e.g. phones, laptops), files are uploaded promptly to secure storage and deleted locally within 14 days.

8. Legal Basis for Processing

• Consent: when you choose to participate in research or complete a form.
• Legitimate interest: to improve our services and conduct ethical research.
• Contractual necessity: when we deliver something you've requested (e.g. a session booking).

Note: We record consent using Typeform, email, or signed forms.

9. Cookies

• We use cookies to understand site usage and improve functionality.
• You can choose to accept or reject cookies when visiting the site.

Note: See our Cookies Policy for details.

10. Children's Privacy

• We do not knowingly collect data from anyone under 16 without verified parental consent.
• We follow safeguarding best practice, including age-appropriate explanations and DBS checks for relevant staff.

10a. Media Consent and Story Sharing

• We may ask for separate media consent to share quotes or stories publicly.
• You can say no or change your mind at any time.
• We never publish personal details without explicit permission.

11. Research Ethics and Safeguarding

• Informed consent is always required before participation.
• Safeguarding checks are completed for researchers working with young people.
• Data Protection Impact Assessments (DPIAs) and Transfer Risk Assessments (TRAs) are carried out for relevant tools.
• Participant tracking logs help manage consent, scheduling, and deletion timelines.
• We also maintain compliance logs (e.g. deletion log, breach log, access log) to evidence safe handling of data.

12. ICO and Complaints

• We are registered with the Information Commissioner's Office (ICO) under UK law.
• If you are concerned about your data, email [email protected].
• If unresolved, contact the ICO at www.ico.org.uk.

13. Contact Us

• If you have questions about this policy or your data, email [email protected].
• We are committed to transparency, respect, and safeguarding your privacy.