Privacy and cookie policy
How we collect, use and store your data.
Click for Easy Read
Contents
How we handle your personal information
What information do we collect and how?
Why do we need your information and how do we use it?
Our lawful basis for processing personal data
How do we keep your information safe?
How long do we keep your information?
How do we share your information?
Complying with requests for erasure.
Making a Subject Access Request
Introduction
This privacy policy explains how and why Inclusion London collects, stores, uses, and shares your personal information. It will explain your rights in relation to your personal information and what to do if you have a complaint.
We are committed to protecting your privacy and ensuring your personal information is used in line with data protection laws, including the UK GDPR and the Data Protection Act 2018.
By using our services, website or submitting your data to Inclusion London, you confirm that you have read and understood this Privacy Policy. This includes authorising us to collect, store, and process your information in the ways explained.
Who we are
Inclusion London is a charity which supports user-led Deaf and Disabled people’s organisations in London, with training, resources, advice, consortia and other projects. We also campaign for equality for Deaf and Disabled people, and provide some information about issues which affect Deaf/Disabled people.
We are registered with the Information Commissioner’s Office under number ZA124663, and are a registered charity under number 1157376, and a registered company limited by guarantee in England and Wales under number 6729420.
If you have questions about our privacy policy or would like to change how we contact you, you can email info@inclusionlondon.org.uk or phone our office on 020 7237 3181.
How we handle your personal information
What is personal data?
In this policy, we explain how we collect, store, and use your personal data. Personal data is any information that can identify you, such as your name, telephone number, postal or email address, and, where relevant, bank details if you are supporting us financially.
We may also collect special category data, which is sensitive personal information, such as access or support needs and dietary requirements for some events or services, or during research, surveys, or case studies. We handle special category data in line with strict legal requirements and only with your explicit consent or where we have another lawful basis for doing so.
What information do we collect and how?
We collect information about you when you:
- sign up to our email newsletter;
- sign up as a member of Inclusion London;
- contact us about or book a place at one of our training sessions or events;
- attend our events;
- work with us on our projects such as our Disability Justice and Business Development projects;
- complete one of our surveys;
- agree to be part of any research or case studies we are doing;
- contact us about campaigns and policies issues;
- use our template letters and forms on disabilityjustice.org.uk website;
- use one of the chatbots on our website;
- use our website.
Why do we need your information and how do we use it?
We collect personal data to support the work we do and to make sure can provide a high quality of services, as well as to keep in touch with you, and offer you communications that are relevant to you.
The information we collect is used and stored for the following reasons:
- To contact you about our work, for example through our newsletter and other emails;
- To support you with our services, for example by keeping in touch by phone and email;
- To monitor and report on the progress of our funded projects;
- To assess and improve the quality of our services;
- To comply with the law regarding data sharing;
- To keep a record of any communications between us and you, for example emails and phone calls.
Our lawful basis for processing personal data
We process personal data in accordance with the Data Protection Act 2018 and the UK GDPR of May 2018, as well as any other applicable legislation (referred to collectively as the ‘data protection legislation’). Our main lawful basis for processing personal data are:
- Consent: Where you have explicitly agreed to receive communications or share information with us for specified and legitimate purposes. You can withdraw your consent at any time by contacting us using the details provided in this policy.
- Legal Obligations: Where this is necessary to fulfil legal obligations that apply to us, meaning we are required by law to collect or share your information.
- Legitimate Interests: Where it is necessary for our legitimate interests relating to running our daily operations, as long as, in each case, these interests are in line with applicable law and do not override your legal rights and freedoms.
Less commonly, we may process your data under other lawful bases, such as:
- Vital Interests: For example, if it is necessary to protect someone’s life in an emergency.
- Contract: If we need to process your data to fulfil a contractual agreement with you.
We will make it clear which lawful basis applies whenever we collect or process your personal data.
For special category data, such as access requirements or data shared during case studies, we will only process this information with your explicit consent or where permitted under other lawful bases (for example, safeguarding or vital interests). Which applies will be made clear when we collect or process your personal data.
How do we keep your information safe?
Inclusion London keeps information about you on secure computer systems an, in some cases, on paper. We make sure your data is handled safely and securely, using appropriate technical and organisational measures to prevent it from being accidentally lost, accessed without permission, or used improperly.
We work with trusted third-party tools and services to help us manage our operations. These tools may store your data in different locations, including outside the UK. We provide details of the purpose of these tools and the due diligence undertaken in selecting them in the section below. We encourage you to review the privacy policies of these tools, which will be linked.
We take the security of your personal information seriously and use a combination of technical, organisational, and physical safeguards to protect it from unauthorised access, loss, or misuse. These include, but are not limited to:
- Encryption to protect data during transmission and while stored on our systems.
- Access controls, ensuring only authorised personnel can process personal data.
- Regular staff training on data protection and confidentiality.
- Secure disposal of paper-based and digital records in accordance with data protection laws.
We regularly review and improve our security measures to address emerging risks and ensure compliance with the latest standards.
In addition, we have established procedures to promptly address any suspected data security breaches. If a breach occurs that poses a risk to your rights and freedoms, we will notify you and the relevant regulatory authorities, as required by law.
Third-Party Tools
To provide our services effectively, we work with trusted third-party tools and services — known as subprocessors — to collect, store, and process personal data. These subprocessors act under our instructions and in compliance with GDPR, making sure your data is handled securely and lawfully.
We carefully select these subprocessors based on their ability to demonstrate GDPR compliance, including robust security measures and appropriate safeguards for international data transfers (e.g., Standard Contractual Clauses). We also review their certifications, data protection policies, and conduct risk assessments or Data Processing Impact Assessments where necessary.
For a full list of our current subprocessors, their purposes, and the safeguards they have in place to protect your data, please visit our Subprocessors List.
We regularly monitor these tools to ensure they continue to meet our data protection standards. If you have any questions about how we select and work with third-party tools, please contact us.
Chatbots on Inclusion London’s Website
We use chatbots on our website to assist with certain services and support. These chatbots process personal data based on the information you provide, which may include names, email addresses, and health-related data (special category data).
The chatbots are managed by trusted third-party providers, and all data is securely processed and stored in compliance with GDPR.
For more detailed information about how chatbot data is managed, including the subprocessors involved, please visit our Subprocessors List.
How long do we keep your information?
We do not keep personal data indefinitely. Your data is retained only for as long as necessary to fulfil the purposes for which it was collected, or to comply with legal, contractual, or regulatory requirements. Once the retention period has expired, we securely delete or anonymise your personal data to ensure it can no longer identify you.
We maintain a Data Retention Schedule that outlines the specific retention periods for different types of data. This ensures we manage data responsibly and in line with legal obligations. If you would like more information about how long we keep your data, please contact us using the details provided in this policy.
When and why we share your information
We will treat your information sensitively and confidentially. We will only share your data in the following circumstances:
- With Consent – Where you have explicitly agreed for use to share your personal data with third-parties.
- For legal or safeguarding reasons – We may disclose your information without your consent if we are concerned that you or someone else is at risk of harm; or we are required to by law, such as in response to a legal obligation or request from law enforcement.
- With trusted subprocessors as detailed above – We work with carefully selected third-party companies to deliver services on our behalf having performed due diligence on their security measures and GDPR complaince, as detailed in the table above. These service providers act as our processors, meaning they process data on our instructions and under agreements that ensure the same level of protection for your data as if we were handling it ourselves. We only provide them with the information they need to perform their specific tasks, and they are not allowed to use your data for any other purpose.
If any inaccurate personal data is shared with another organisation, we will tell them about the inaccuracy so they correct their records.
We will never sell or rent your information to third party organisations, and we will not share your personal information for others to use in their marketing or fundraising.
How to request the deletion of your information
Unless a different contact method is directly provided (in the survey or training course, for example) requests for removing personal data after initial consent can be sent to info@inclusionlondon.org.uk. We will respond within one month of receiving the request. If the data in question has been provided through a survey or similar, please try to provide as much information as possible in your request to help us find your submission, especially if it was completed anomymously.
There are occasionally reasons why we may not be able to comply with a request for erasure (ICO – Right to erasure), but we will always review each request on a case-by-case basis and be transparent about the steps we are taking.
Non-personal information
When you visit our website, we may collect non-personal information about your visit to help us improve your experience and ensure our website functions effectively. Non-personal information does not identify you as an individual.
What Information Do We Collect?
Examples of non-personal information we may collect include:
- The type and version of the browser you are using (e.g., Chrome, Firefox);
- The type of device you are using (e.g., smartphone, tablet, desktop);
- The operating system and its version (e.g., Windows 10, macOS);
- Your approximate geographic location (e.g., city or region, not precise address);
- The pages you visit on our website and the time and date of those visits.
How Do We Use This Information?
We use non-personal information to:
- Monitor and improve the performance of our website;
- Ensure our website displays properly on different devices and browsers;
- Understand how visitors are accessing information to improve how we work;
- Analyse visitor behaviour, such as which pages are most popular, to make content more relevant;
- Identify and resolve technical issues.
How Is This Information Collected?
We collect non-personal information using cookies and similar technologies.
Cookies and our Website
A cookie is a small file which is placed on your computer or device by a website when you visit it. Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to see information like how many people use the website and what pages they tend to visit.
How We Use Cookies
We use cookies on our website to:
- Personalise content and provide features specific to you;
- Monitor website usage, such as the number of visitors and the pages they view;
- Enhance functionality, such as enabling event bookings, user accounts, and contributions to our noticeboard.
Third-party Cookies
Some cookies on our site are set by third parties:
- YouTube: When you watch embedded videos on our site, YouTube may place cookies on your device. For more details, visit YouTube’s Privacy Policy.
- Google Analytics: We use Google Analytics to collect anonymised data about how visitors use our site, such as the number of visitors, where they came to our site from, the pages they view, and the browser and devices they use. This helps us improve our website. For more information, see Google’s Privacy Policy.
Managing Cookies
You can choose to refuse cookies on our website. However, this may affect some features, such as:
- Creating or logging into membership accounts;
- Booking events;
- Posting content to our noticeboard.
If you wish to restrict or block the cookies which we set, you can do this through your browser settings. The ‘Help’ function in your browser should tell you how.
You may also like to visit www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. Please be aware that restricting cookies may impact on the functionality of our website.
Your rights
The GDPR sets out rights for individuals about the use of their personal information.
You have the right to:
- Be informed about the collection and use of your data. The GDPR requires that we are transparent about why we are collecting your data and what we are using it for.
- Access your information at any time. You can request to see any data we hold on you, and we must provide that information within a month of receiving your request.
- Correct your information. The ‘right to rectification’ means you can have any personal data we hold about you changed if it is inaccurate or incomplete.
- Have your personal information removed. You can request for us to delete your personal information under the ‘right to be forgotten.’
- Restrict the processing of your personal information. This means you can request that we do not use the information we hold about you.
- Ask for a copy of your personal data. This allows individuals to obtain and reuse their personal data for their own purposes across different services.
- Object to the processing of your personal data. This includes the right to stop your data being used for direct marketing.
- Object to the use of automated decision-making and profiling. This includes making a decision solely by automated means without any human involvement, and automated processing of personal data to evaluate certain things about an individual.
Where you have provided consent to be contacted or to receive a service, you will be entitled to withdraw that consent at any time.
How to contact us
You can contact us using the details below if you:
- Would like to access your information
- Would like us to change the way we contact you
- Have any queries or concerns as to how your data is processed
- Have any questions about this privacy notice or the information we hold about you
Contact:
Tracey Lazard
Tracey.Lazard@inclusionlondon.org.uk
Tel: 0207 237 3181
In writing:
Inclusion London,
336 Brixton Road,
London SW9 7AA
Making a Subject Access Request
You have the right to request access to the personal data we hold about you. This is often called a ‘Subject Access Request’.
There are many ways a request can be made, please see the guidance below for help if you are not sure how to make a request.
- Contact us. This can be by email, post, the contact form on our website, phone, or in person. It is helpful if you make it clear you are requesting access to your personal data.
- Tell us what data you want to access; this helps us find your information.
- We may ask for proof of identity. This is so we can be sure we do not share personal information with people who do not have the right to see it.
- We will send the information you ask for within one month. In some cases, we make extend this time by up to two months. We will tell you if this is the case.
- In some rare cases, we may refuse to provide access to your data if doing so would adversely affect the rights and freedoms of others or if an exemption under GDPR applies. If we refuse your request, we will inform you of the reason and your right to lodge a complaint with the Information Commissioner’s Office (ICO) or seek judicial remedy.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
If you have a concern about the way Inclusion London is collecting or using your personal data the General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone 0303 123 1113, Monday-Friday 9am-5pm.
Updates to this Policy
We may make changes to this Privacy Policy from time to time. If we make any changes in the way we use your personal information we will make this clear on our website or by contacting you directly.
Last updated: 4th December 2024 (Subprocessors list created and link, wording clarified and moved into bulletpoints and clearer sections, information on lawful basis made clearer, information on ChatBots added).