Privacy Policy

Effective Date: 21 May 2026 | Last Updated: 21 May 2026 | Version: v1.0

Introduction

Empowr CIC is committed to protecting the privacy of everyone who engages with us — whether you visit our website, enquire about our programmes, attend a session, or support our work.

This policy explains what personal information we collect, how we use it, who we share it with, and what rights you have. We have written it in plain English because privacy policies should be easy to understand.

If you have any questions, contact us at legal@empowrcic.org.

1. Who We Are

Empowr CIC Community Interest Company registered in England and Wales Company Number: 13660924 Registered Office: Crown House, 27 Old Gloucester Street, London, WC1N 3AX Contact Email: enquiries@empowrcic.org

For the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018), Empowr CIC is the data controller — we are responsible for deciding how and why your personal data is used.

2. What Information We Collect

Website Enquiries

When you contact us via email or through a contact link on our website, we collect:

• Your name
• Your email address
• Any information you choose to include in your message

We do not operate contact forms that collect data server-side. All enquiries are sent directly to our inbox via your email client.

Programme Bookings

When you or your child books a place on one of our programmes (drop-ins, lessons, courses, camps, or advanced sessions), we may collect:

• Full name
• Date of birth (particularly for under-18 participants)
• Contact details (email address, phone number)
• Emergency contact name and phone number
• Any relevant health or accessibility information you choose to share with us
• Payment information (processed by our booking provider — we do not store card details)

Safeguarding

Where our programmes involve participants under the age of 18, we collect the above information as part of our safeguarding obligations. This information is handled with the highest level of care and is accessible only to authorised staff and session leaders.

Volunteers and Enquirers

If you enquire about volunteering or working with us, we collect the information you provide in your enquiry and any further details shared during the application process.

Website Analytics

Our website (empowrcic.org) does not currently use analytics cookies or tracking tools. We do not collect browsing data or build profiles of visitors.

3. How We Use Your Information

To Respond to Enquiries

We use the information you send us to respond to your questions, provide information about our programmes, and follow up as appropriate.

Legal basis: Legitimate interests — responding to people who contact us.

To Deliver Programmes

We use participant information to manage bookings, run sessions safely, communicate about schedule changes, and fulfil our duty of care — particularly for young participants.

Legal basis: Performance of a contract (the booking agreement); Legal obligation (safeguarding).

To Comply with Legal and Regulatory Obligations

As a Community Interest Company, we maintain records as required by the CIC Regulator, Companies House, and HMRC. This includes financial records and, where applicable, safeguarding records.

Legal basis: Legal obligation.

To Share Our Work

With your consent, we may use photographs or video taken at sessions or events in our communications (website, social media, annual reports). See our Photography & Media Consent Policy for full details.

Legal basis: Consent.

4. How We Store Your Data

We store personal data securely using reputable third-party services. All data transmission between you and our services is encrypted using SSL/TLS.

Access to personal data is restricted to authorised staff and session leaders who need it to carry out their role.

We do not transfer personal data outside the UK without ensuring adequate protections are in place.

5. How Long We Keep Your Data

Data Retention Period Email enquiries 2 years from last contact, then deleted Programme booking records 7 years from the date of the session (accounting and legal compliance) Safeguarding records (under-18 participants) Until the participant reaches 25, or 7 years from last session — whichever is longer Volunteer application records 6 months if unsuccessful; 7 years if the person works with us Photography / media consent Duration of consent or until withdrawn

6. Who We Share Your Data With

We do not sell, rent, or trade your personal data.

We may share data with:

• Booking and payment providers — to process programme registrations and payments
• Email tools — to send programme communications and newsletters (where you have opted in)
• Legal and regulatory bodies — if required by law (e.g. HMRC, CIC Regulator, safeguarding authorities)
• Session leaders and coaches — only the information they need to run a session safely

All third-party providers are required to handle your data in accordance with UK GDPR.

7. Your Data Protection Rights

Under UK GDPR, you have the following rights:

Right to Access — You can request a copy of the personal data we hold about you, free of charge, within one month of your request.

Right to Rectification — You can ask us to correct inaccurate or incomplete data.

Right to Erasure — You can ask us to delete your data where there is no lawful reason to keep it. Note that some data must be retained for legal or safeguarding reasons.

Right to Restrict Processing — You can ask us to limit how we use your data in certain circumstances.

Right to Object — You can object to processing based on legitimate interests, including receiving marketing communications.

Right to Data Portability — You can request your data in a structured, portable format.

Rights related to Automated Decision-Making — We do not use automated decision-making or profiling.

To exercise any of these rights, contact us at legal@empowrcic.org. We will respond within one month.

8. Complaints

If you are unhappy with how we have handled your data, please contact us first at legal@empowrcic.org. We will investigate and respond within 14 days.

If you remain unsatisfied, you have the right to complain to the UK's data protection authority:

Information Commissioner's Office (ICO) Website: ico.org.uk Helpline: 0303 123 1113

9. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. For significant changes, we will communicate this through our usual channels.

10. Contact Us

Privacy enquiries: legal@empowrcic.org General enquiries: enquiries@empowrcic.org

Empowr CIC Crown House, 27 Old Gloucester Street London, WC1N 3AX