Data Protection and Privacy Policy - The Decelerator

The Decelerator, the organisation, is committed to being transparent about how it collects and uses the personal data it collects, and to meeting its data protection obligations. This policy sets out the organisation's commitment to data protection, and individual rights and obligations in relation to personal data. Please read it carefully to understand how we use your personal information. 

This policy applies to the personal data of site visitors, hotline callers, clients, partners, collaborators, prospective applicants, employees, volunteers, interns, and consultants contracted. 

The organisation has appointed Iona Lawrence as its data protection officer. Their role is to inform and advise the organisation on its data protection obligations. They can be contacted at iona@decelerator.org.uk. Questions about this policy, or requests for further information, should be directed to the data protection officer. 

This privacy policy applies to The Decelerator, a not-for-profit company registered in England and Wales with Companies House as The Decelerator with registration number 15363652, whose registered address is: Birkbeck Suite 2, Water Street, Skipton, BD23 1PB.

User Type

Site Visitor: You are a site visitor when you visit and interact with our web sites, web pages, blogs and content on www.decelerator.org.uk  

Hotline caller: You are a hotline caller when you have a call with The Decelerator hotline. 

Partner / Collaborator: You are working in partnership with The Decelerator.

Prospective Applicant: You are a Prospective Applicant when you apply to a position at The Decelerator.  

Employee: You are working as an employee at The Decelerator.  

Consultant: You are working as a consultant with The Decelerator.

Principles 

There are six principles for which all personal data must be processed according to Article 5 of the GDPR. These principles outline what any company that has a digital presence needs to keep accountable towards: 

  1. Lawfulness, fairness, and transparency: Obey the law, only process personal data in a way that people would reasonably expect, and always be open about your data protection practices. 

  2. Purpose limitation: You must normally only process personal data for the specific reason you collected it and nothing else. 

  3. Data minimization: don't process any more data than you need. 

  4. Accuracy: make sure that any personal data you hold is adequate and accurate. 

  5. Storage limitation: don't store personal data for longer than you need to. 

  6. Integrity and confidentiality: always process personal data securely. 

These principles build the foundation for why data is being collected and all of the data that The Decelerator is collecting falls in line with one of these six principles. 

1. We collect personal information about you 

1.1. When you give it to us directly 

For example, personal information that you submit through our website or personal information that you give to us when you communicate with us by email, phone or letter. 

1.2. When we obtain it indirectly 

For example, your personal information may be shared with us by third parties, including sub-contractors in technical and delivery services; analytics providers and search information providers. To the extent we have not done so already, we will notify you when we receive personal information about you from them and tell you how and why we intend to use that personal information. 

1.3. When it is available publicly 

Your personal information may be available to us from external publicly available sources. For example, depending on your privacy settings for social media services, we may access information from those accounts or services (for example when you choose to interact with us through platforms such as Facebook, Instagram or Twitter). 

1.4. When you visit our website 

1.5. We also collect and use your personal information by using cookies on our website – please see our Cookies Policy

In general, we may combine your personal information from these different sources for the purposes set out in this Policy. 

 

2. What personal information do we use? 

2.1. We may collect, store and use the following kinds of personal information: 

  • your name and contact details (postal address, email address and, where applicable, social media identity); 

  • information about your computer/mobile device and your visits to and use of our website, including, for example, your IP address and geographical location; 

  • details of your qualifications and experience; 

  • your date of birth and gender; and/or 

  • any other personal information which we obtain as per clause 1. 

2.2. The EU General Data Protection Regulation (“GDPR”) recognises certain categories of personal information as sensitive and therefore requiring more protection, for example information about your health, ethnicity and political opinions In certain situations, we may collect and/or use these special categories of personal information (for example, health information to ensure equal access). We will only process these special categories of personal information if there is a valid reason for doing so and where the GDPR allows us to do so. 

 

3. How and why will we use your personal information? 

3.1. Your personal information, however provided to us, will be used for the purposes specified in this Policy. In particular, we may use your personal information: 

  • to provide you with services, products and information you have requested; 

  • to communicate with you in relation to the work of The Decelerator; 

  • to provide further information about The Decelerator’s work, services, activities and/or products (where necessary, only where you have provided your consent to receive such information); 

  • to communicate with you about a project you are involved in; 

  • to analyse and improve our work, services, activities, products and/or information (including for our website), and/or for our internal records; 

  • to report on the impact and effectiveness of our work; 

  • to publish news articles and other information on our website; 

  • to process your application for a job with us when you apply through our website; 

  • to administer your employment/other working relationship with us (for example, to pay your salary); 

  • to provide references, for example to landlords and new employers; for training and/or quality control; 

  • to audit and/or administer our accounts; 

  • to satisfy legal obligations which are binding on us, for example in relation to regulatory, government and/or law enforcement bodies with whom we may work (for example requirements relating to the payment of tax or anti-money laundering); 

  • for the prevention of fraud or misuse of services; and/or 

  • for the establishment, defence and/or enforcement of legal claims. 

 

4. Communications for marketing 

4.1. We may use your contact details to provide you with information about our work, events, services and/or products which we consider may be of interest to you (for example, information about future work). Where we do this via email, SMS or telephone, we will not do so without your prior consent (unless allowed to do so via applicable law). 

4.2. Where you have provided us with your consent previously but do not wish to be contacted by us about our work, events, services and/or products in the future, you may opt out of receiving emails from us at any time by clicking the “unsubscribe” link and the bottom of our emails; or by contacting us at hello@decelerator.org.uk

 

6. How long do we keep your personal information? 

6.1. In general, unless still required in connection with the purpose(s) for which it was collected and/or processed, we remove your personal information from our records six years after the date it was collected. 

6.2. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to use it or (iii) you validly exercise your right of erasure (please see section 11 below), we will remove it from our records at the relevant time. We review personal information that we hold at least annually in order to verify if it is still validly required in connection with the purpose(s) for which we collected it. 

 

7. Will we share your personal information? 

7.1. We will not sell or rent your personal information with third party organisations. However, in general we may disclose your personal information to selected third parties in order to achieve the purposes set out in this Policy. Non-exhaustively, those parties may include: 

  • suppliers and subcontractors for the performance of any contract we enter into with them, for example IT service providers such as cloud storage providers or mailing houses; 

  • professional service providers such as accountants and lawyers; 

  • parties assisting us with research to monitor the impact/effectiveness of our work; 

  • regulatory authorities, such as tax authorities; and/or 

  • analytics and search engine providers. 

 8. Security/storage of and access to your personal information 

8.1. We are committed to keeping your personal information safe and secure and we have appropriate and proportionate security policies and organisational and technical measures in place to help protect your personal information. Your personal information is only accessible by appropriately trained staff, and stored on secure servers with features enacted to prevent unauthorised access. 

 

9. Exercising your rights 

9.1. Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing purposes or to unsubscribe from our email list at any time. You also have the following rights: 

  • Right of access – you can write to us to ask for confirmation of what personal information we hold on you and to request a copy of that personal information. Provided we are satisfied that you are entitled to see the personal information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exemptions that apply. 

  • Right of erasure – at your request we will delete your personal information from our records as far as we are required to do so.   

  • Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated. You can also ask us to check the personal information we hold about you if you are unsure whether it is accurate/up to date. 

  • Right to restrict processing – you have the right to ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate usage. 

  • Right to object – you have the right to object to processing where we are (i) processing your personal information on the basis of the legitimate interests basis (see paragraph 4), (ii) using your personal information for direct marketing or (iii) using your information for statistical purposes. If you object to direct marketing, we will retain certain limited personal information about you to ensure that we do not contain you again. 

  • Right to data portability – to the extent required by the GDPR, where we are processing your personal information (that you have provided to us) either (i) by relying on your consent or (ii) because such processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contact, and in either case we are processing using automated means (i.e. with no human involvement), you may ask us to provide the personal information to you – or another organisation – in a machine-readable format. 

  • Rights related to automated decision-making – you have the right not to be subject to a decision based solely on automated processing of your personal information which produces legal effects or similarly significantly affects you, unless such a decision (i) is necessary to enter into/perform a contract between you and us/another organisation; (ii) is authorised by EU or UK law (as long as that law offers you sufficient protection); or (iii) is based on your explicit consent. 

9.2. Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you contact us using the details in section 12 below. 

9.3. We encourage you to raise any concerns or complaints you have about our data processing by contacting us using the details provided in section 14 below.  You are further entitled to make a complaint to the Information Commissioner’s Office – www.ico.org.uk. For further information on how to exercise this right, please contact us using the details in section 14 below. 

  

10. Changes to this Policy 

10.1. This Policy will be reviewed at least annually and we may update it from time to time. We will notify you of any significant changes by contacting you directly where reasonably possible for us to do so and by placing an updated notice on our website. This Policy was last updated in May 2024. 

11. Links and third parties 

The website may contain links to other websites. We are not responsible for the privacy policies or practices of third party websites. 

12. How to contact us 

Please let us know if you have any questions or concerns about this Policy or about the way in which we process your personal information by contacting us at the following channels: 

Email: hello@decelerator.org.uk

Post:  

The Decelerator, Birkbeck Suite 2, Water Street, Skipton, BD23 1PB