Privacy policy

Website privacy policy

Privacy policy

Website privacy policy

This privacy policy is provided in a layered format so you can click through to the specific areas set out below. Please also use the Glossary to understand the meaning of some of the terms used in this privacy policy.

  1. Important information and who we are
    2. Why we collect your data about you
    3. The data we collect about you
    4. How is your personal data collected
    5. Sharing of your personal data
    6. International transfers
    7. Data security
    8. Data retention – How long will we use your personal data
    9. Your legal rights
    10. Glossary

 

  1. Important information and who we are

Purpose of this privacy policy

Welcome to Active Prospects! This privacy policy is here to explain how we collect and use your personal information. This includes any data you give us when you:

  • Fill out our contact form.
  • Make a donation to Active Prospects.
  • Sign up for our newsletter or other updates.
  • Provide services to Active Prospects.
  • Apply for roles within Active Prospects

We want to ensure that you fully understand how we use your data, so please read this privacy policy carefully. It’s important to review any other privacy notices we provide at specific times when we collect or process your personal information, as they will enhance your understanding of our practices. This policy adds to those notices and does not replace them.

Controller

Active Prospects is a society registered under the Community Benefit Act 2014 with society registration number 26618R.  We are a social enterprise dedicated to supporting individuals with learning disabilities, physical and mental health needs, helping them live fulfilling and independent lives.

We are the controller and responsible for your personal data (collectively referred to as “Active Prospects”, “we”, “us” or “our” in this privacy policy).

We care deeply about your privacy and have appointed a Data Protection Officer to oversee this important area. This role is held by the Director of Quality, Governance and Lived Experience

If you have any questions about this privacy policy or want to exercise your legal rights, please contact the Data Protection Officer using the details set out below.

  • Name: Data Protection Officer
  • Email address: dataprotection@activeprospects.org.uk
  • Postal address: 1 Castlefield Court, Church Street, Reigate, RH2 0AH.
  • Telephone number: 01737 924084

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Changes to the privacy policy and your duty to inform us of changes

We regularly review our privacy policy to ensure it remains current. This version was last updated in September 2025.

It is important that the personal data we hold about you is correct and up to date. Please let us know if your details change during your time with us.

Third-party links

Our website may contain links to other websites. If you click on those links, they might collect personal information about you. We do not control these external sites and are not responsible for their privacy policies. We encourage you to read the privacy policy of any website you visit after leaving ours.

  1. Why we collect your data about you

Active Prospects is dedicated to providing vital support services, and our authority to operate in this capacity is grounded in our mission to assist individuals and communities.

As a responsible charity, we fulfil our statutory legal obligations through the following activities:

  • Complying with regulations and reporting requirements.
  • Responding to safeguarding needs or concerns
  • Checking successful applicant’s eligibility to work in the UK
  • Reviewing information about criminal convictions and offences for some roles

We also fulfil our contractual obligations through the following activities:

  • Providing support and services
  • Managing donations and processing transactions.
  • Managing our relationship with people we service.

In specific situations, Active Prospects processes personal data based on our legitimate interests. In these cases, we conduct thorough assessments and, when necessary, balancing tests to ensure that your right to privacy is respected and protected.

  • Improving services based on your feedback
  • Conducting research and analysis to support our mission
  • Improving staff experience based on your feedback
  • Providing newsletters and updates
  • Processing information during recruitment and keeping records of the process
  • Responding to general queries
  • Administering and protecting our website.
  • Use of data analytics for improvement

We’ll use your consent to process your Personal data.  With your consent we will:

  • Sending you marketing material
  • Sharing your story (with permission) for marketing
  • Use special categories of personal information (ethnicity) for equal opportunities monitoring – you can withdraw at any time

In limited circumstance, we’ll use public task to process your Personal data for:

  • Coordinating your care with NHS and other local authorities

3.The data we collect about you

The information we collect may vary based on the services we provide. Below is a summary of the types of personal data we may gather:

Information we may collect Examples of personal information and Special category of personal information
Basic personal details for account administration and identify verification purposes ·         Your title, first and last name,

·         date of birth,

·         gender,

·         marital status

·         In limited circumstances, your national insurance number

Financial details ·         bank account details

·         Gift Aid details

Contact details ·         Address,

·         Email address and

·         Telephone numbers

Family Details ·         First and last Name and contact information of next of kin
Recruitment process ·         Name, address & contact details

·         Qualifications, skills, experience and employment history

·         whether or not an individual has a disability requiring reasonable adjustments during the recruitment process

·         Information about an individual’s entitlement to work in the UK

·         Equal opportunities monitoring information, including information (gender, ethnicity, age, marital status and nationality)

·         For some roles, we’re obliged to seek information about criminal convictions and offences

Health ·         Physical health information

·         Mental health information

·         Medical history

(limited to those who require because of their role)

Cookies ·         IP address (internet protocol address)

·         Cookies (small text files placed on our computer when you visit a webpage)

·         Please see our cookies policy on our website for more information

Donations ·         Name, organisation and position so we can provide information that’s relevant to you

·         your contact details, like your phone number or email, so that we can keep in touch with you about our services, plans and events

·         dietary or access requirements, if you’ve told us about them for any events and site visits, we host

·         areas of interest so we can provide information that’s relevant to you

Service providers and other relevant stakeholders ·         Name, organisation and position for relevant information

·         Contact details (phone number or email) to keep in touch

·         Dietary or access requirements, if you’ve told us about them for any events and site visits, we host

·         Details of services you have provided to us, references from former clients and details of public liability insurance.

Marketing & communication ·         your preferences in receiving marketing from us and your communication preferences.

 

We may also collect, use, and share aggregated data for various purposes. Aggregated data does not identify individuals and is not considered personal data under the law. However, if aggregated data is combined with personal data in a way that allows for identification, we will treat it as personal data in accordance with our privacy policy.

  1. How is your personal data collected?

We gather data from and about you through various methods.

Direct Interactions

Active Prospects collects information from you when:

  • Reach out for general information about our services
  • Make a donation
  • Complete a Gift Aid form
  • Subscribe to our newsletter or request other marketing material
  • Apply to become an approved contractor
  • Submit application forms, CVs and resumes
  • Supply passports or other identify documents
  • Gathered during interviews or other assessment process

Automated Technologies

As you interact with our website, if you have given consent, we will collect Technical Data regarding your device, browsing actions, and patterns. We gather this information using cookies and similar technologies. We may also receive Technical Data if you visit other websites that use our cookies.

Third Parties

  • We work with JustGiving to handle donations and manage donor records. When you donate through JustGiving, they provide us with personal data related to your transaction. For more details on how JustGiving handles your information, you can review their privacy policy here: JustGiving Privacy Policy. Please note that JustGiving will only share your contact details with us if you have given them consent to do so.
  • Medical Professionals: We may receive health information relevant to your care from medical professionals, handled confidentially.
  • Next of Kin/Family: We may contact your next of kin for information regarding your care and needs, particularly in emergencies.
  • HMRC and Regulatory Bodies: We may obtain data from HMRC for compliance with financial regulations, including verifying Gift Aid eligibility.
  • National Health Service (NHS): We may gather essential health information from the NHS to meet your service needs.
  • Professional Networking Platforms: We may collect information from platforms like LinkedIn during job applications to assess your qualifications and experience.

Marketing

You will receive marketing communications from us if you have signed up to receive our newsletter. You can withdraw your consent to marketing at any time by following the link to unsubscribe.

Please note that opting out of marketing will not affect any personal data you have provided to us through donations, services or other transactions.

Cookies
When you visit our website, a cookie notice will appear, allowing you to accept or decline non-essential cookies. You can update your cookie preferences at any time using this notice.

Essential cookies, which are necessary for the website to function, will always be active.
You can also set your browser to refuse all or some cookies, or to alert you when cookies are set or accessed. For more details on the types of cookies we use and your options, please see our Cookie Policy.

Change of purpose

We will use your personal data solely for the purposes for which it was originally collected. If we find it necessary to use your data for a different reason that aligns with the original purpose, we will do so in a reasonable manner. If you would like more information on how this new purpose is compatible with the original one, please feel free to reach out to us.

Should we need to use your personal data for a completely unrelated purpose, we will inform you and explain the legal basis that permits this.

Please be aware that we may process your personal data without your knowledge or consent when permitted or required by law, in accordance with the guidelines mentioned above.

  1. Sharing of your personal data with others that work on our behalf

Active Prospect collaborates with a network of partner companies to enhance our services. We have implemented strict contractual agreements with these partners to ensure that your information is protected to the same high standards we uphold.

We set out the categories of partner companies who work on our behalf

  • Email marketing services providers, such as MailChimp, helps us manage and execute email campaigns for outreach, engagement and donor communications.
  • Fundraising platforms, such as JustGiving, facilitates online donations and fundraising campaigns, making it easier for supporters to contribute.
  • Social Media platforms, such as Facebook, Twitter, LinkedIn and Instagram, extend our reach and foster engagement with the community through social media campaigns and updates.
  • Healthcare providers, such as doctors, dentists, etc., ensure health-related services meet the needs of the community and recipients of our services.
  • Regulatory bodies and Authorities, such as Surrey County Council, Care Quality Commission and NHS, ensure our compliance with regulations and standards governing charitable activities and community support services.
  • Professional Advisors, such as lawyers and HR specialists, provide expert advice ensuring our compliance with laws and regulations affecting our business.
  • Finance and accounting services, such as Cybertill, Auditors, etc. help us manage financial records, ensure accuracy in reporting and maintain accountability in funding and expenditures.
  • HR services, such as consultants and payroll providers, manage recruitment, employee well-being and compliance with employment regulations.
  • Emergency services, such as ambulance, police and fire services, ensure safety and respond to emergencies related to the community we serve.

Each category of partners plays a crucial role in supporting our mission while safeguarding the information and interests of our target audience. This structured approach enables clearer communication on their purposes and assures stakeholders of the robust measures we have in place to protect their data.

  1. International transfers

We sometimes share your information with carefully selected organisations outside the UK, such as contractors working on our behalf to provide services to you. In such instances, we ensure that an appropriate and valid derogation is used for international transfers of data compliance.

  1. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  1. Data retention -How long will you use my personal data for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

  1. Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:

  • Right to access (What information we have). You can ask us for a copy of the information we hold about you. You can also ask us for details of what we use the information for, who we share it with, how long we’ll keep it for and where we got it from.
  • Right to Rectification (Ensuring we have the correct information). You can ask us to rectify any incorrect information we hold about you or update any incomplete information.
  • Right to Deletion (If you want to be forgotten). You can ask us to delete the information we hold about you. This right applies in certain circumstances, such as when we hold information we no longer need, or when you originally consented to us holding information about you but have changed your mind.
  • Right to Object (Stopping us from using information about you). You can ask us to stop using your information, including direct marketing. Please note that in some situations this right does not apply, for example, where we have a legal obligation to do so. If you gave us consent to use your information, you have the right to withdraw this at any time..
  • Right to Restriction (Suspending the use of information about you). You can ask us to stop using information you’ve queried while we deal with your query.
  • Right to Data Portability You have the right to request a copy of the information you’ve given to a company under a contract or with your explicit consent. The copy must be provided to you in a structured, commonly used and machine-readable format.

Please not should there be an exception, you will be notified of the reasoning for such exception.

To exercise your rights or make a complaint, please contact the Data Protection Officer. We will respond within one month of receiving your request. If your request is complex, we will inform you about an extension of an additional month.

No fee usually required

You can access your personal data and exercise your rights for free. However, if your request is unjustified, repetitive, or excessive, we may charge a reasonable fee or refuse to fulfil your request.

What we may need from you

To confirm your identity and ensure your right to access your personal data (or exercise any other rights), we may ask for specific information from you. This is a security measure to protect your data from unauthorized access. We might also reach out for additional information to help us respond to your request more quickly.

  1. Glossary

LAWFUL BASIS

Legitimate Interest refers to our business’s need to operate effectively while providing you with the best possible service and experience. We carefully consider how our use of your personal data may affect you, both positively and negatively, before proceeding. Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

Stay in touch

Need more support or advice?
We’re here for you.