Privacy Policy

 

At Inside Impact, we take your right to privacy very seriously. We want to make sure you are aware what personal data we collect, the steps we take to protect your personal data and explain how we may use it. Please take the time to read this Privacy Policy carefully. If you do not understand something mentioned in this policy or need more clarification, please contact the Director of Inside Impact, Alexa Sage by emailing [email protected] and we will be happy to explain.

  1. About Us
  • In this Privacy Policy, references to “we”, “us” or “our” are to “Inside Impact”. “Inside Impact” is the operating name of Inside Impact Ltd, a limited company registered with Companies House. Company number: 14434343. Registered Office: Suite 211a, Peel House, 34-44 London Road, Morden, London, SM4 5BT, UK.
  • We are the “controller” for any personal data processed as set out in this Privacy Policy.
  • As a UK-based company, the key piece of legislation we must adhere to in relation to data protection is the Data Protection Act 2018. This controls how your personal information is used by organisation, businesses or the government. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (“GDPR”).
  • Under this legislation, our data protection practices are regulated by a supervisory authority. The UK Supervisory Authority under the Data Protection Act 2018 is the Information Commissioner’s Office (“ICO”). As a UK-based company processing the personal data of individuals based in the UK, our supervisory authority is therefore the ICO.
  • As a data controller, Inside Impact is legally required to register with the ICO. Inside Impact’s ICO registration number is: ZB480706.
  1. Inside Impact Clients
  • This Privacy Policy applies to your relationship with Inside Impact including your interactions with the company online through its website, newsletter, emails, social media; with staff, for example through phone conversations or online meetings when you are not a client; as well as through the processes of becoming a client of Inside Impact; and the benefits you receive as a result of purchasing products or services from Inside Impact.
  • Trusted suppliers or partner organisations who provide services or support to Inside Impact clients may also gather information and will have their own Data Protection Policies and Privacy Notices. They are not covered by Inside Impact’s Privacy Policy and you should refer to the other parties’ Privacy Policies as applicable.
  1. Collection of Information
  • When you interact with Inside Impact; access any area of www.inside-impact.co.uk; sign up to the newsletter; interact on social media; access any products or services; attend events organised by Inside Impact; receive support from Inside Impact staff whether in person, over the phone or online; respond to communications from Inside Impact’s staff or consultant partners; participate in surveys; request support; or cancel any paid or free products or services; we may collect, store and use your personal information in line with this policy.
  • When you sign up to the newsletter, we ask for personal information but this is limited to your name and your email. This is the minimum amount of information required to provide this service to you.
  • When you sign up as a participant on an Impact Accelerator, we ask for personal information in order to deliver this service in a way that is specific and accessible to you and allows us to meet our legal obligations such as keeping an address for the purpose of invoicing. We also collect information throughout the course about your progress as part of our own impact measurement which ensures you are being provided with the benefits promised and so that future participants get the best experience possible.
  • When you purchase consultancy services from Inside Impact, we may collect some personal information that allow us to meet our legal obligations and to be able to deliver those services to you, such as contact information for the project manager or key staff, or access requirements to provide services in an accessible manner.
  • When an individual contacts us or receives support from an Inside Impact staff member or consultant partner, we keep a record of these interactions and the content of that interaction whether by phone, email or in person. This may contain information relating to individuals. Recording this information is important to us to be able to provide good quality, continuous support and to help us monitor our outputs and outcomes.
  • When an individual accesses our website hosted by Kajabi, their IP address is not made available to Inside Impact. We do not use cookies on our website and we do not carry out any visitor level tracking which would also allow us to identify individual visitors.
  • When individuals attend sessions facilitated by Inside Impact whether online or in person, we often take videos and photos. At the point before any moving or still images are captured we will ask everyone to confirm expressly that they consent to use taking those images or videos. Anyone who does not consent will not have their image captured or be guaranteed that their image is not identifiable. Any videos or photos may be used in Inside Impact’s promotional literature; on our website www.inside-impact.co.uk; or social media through LinkedIn (Company Page: Inside Impact), Twitter (@inside_impact); YouTube (@inside-impact). We will not associate any other personal data of yours including opinions or contact information alongside the video or photo unless you expressly consent to it, for example when consenting to providing a testimonial. Wherever possible, we try not to make individuals identifiable through photos and videos.
  1. Use of Your Information
  • By becoming a customer or follower of Inside Impact or by accessing Inside Impact products and services (both paid and free), you agree that your personal information may be collected, stored, used and shared by us, our partners, or third parties we work with, for any of the following purposes:
  • to be able to provide an effective, high-quality service to you or your colleagues as part of our obligation to you as an Inside Impact customer or follower and to be able to improve our service offering;
  • to provide you with a user-friendly browsing experience when using www.inside-impact.co.uk and to keep our website free from malicious attacks;
  • to fulfil any contractual agreements between you and us;
  • to ensure the safety, inclusion and convenience of attendees at sessions facilitated by Inside Impact;
  • if you have requested a paid service such as consultancy services or participation in an Impact Accelerator, to be able to process this payment;
  • if you have provided a service to us, to be able to process your request for payment and ensure timely payment;
  • if you have made enquiries, requested support from Inside Impact, submitted a complaint or query, to be able to address these and provide you with a timely and appropriate response and to learn from these experiences to improve our organisation’s offering;
  • to send you email notifications and updates with information relevant or beneficial to your organisation or products or services (both paid and free) that you have signed up to;
  • to send you newsletters that you have opted in to receiving;
  • to put you in touch with our partners or trusted suppliers at your request;
  • to comply with legal and regulatory requirements such as Health and Safety incident recording for the HSE or accounting records for HMRC;
  • to contact you occasionally in order to invite you to share your opinions and experiences of being a Inside Impact client and to develop case studies for the benefit of other members;
  • to allow Inside Impact to monitor and evaluate the services we provide;
  • to facilitate Inside Impact providing services to you through third parties including consultants;
  • to notify you of updates to our Privacy Policy;
  • to process termination of services to you;
  • to uphold any of your rights under the Data Protection Act 2018 or as part of an effort to protect your privacy.
  1. Storage of Information
  • Wherever possible, we aim to minimise the amount of data held as a hard copy by using electronic systems as the default option for all processes.
  • Where we use third party software to host personal information, we have two-factor authentication set up when accessing those platforms from a new device to reduce the risk of anyone gaining access to the data who should not.
  • We use third parties to help us store and process personal data for those who interact with Inside Impact. This table summarises where what kind of information is stored, for what purpose, and how to access the privacy information relating to those platforms.

Platform

Data captured

Purpose

Zoom

https://explore.zoom.us/en/privacy/

 

Name

Email

Image

Chat log

To deliver facilitated sessions online including recorded lectures as part of Impact Accelerators

Notion

https://www.notion.so/Privacy-Policy-3468d120cf614d4c9014c09f6adc9091

Name

Contact information

Meeting notes

Progress details including baseline measurements

Access requirements

Record of consent

Testimonials

To keep records of interactions with the business

To deliver a client portal

To manage projects

To measure impact

Kajabi

https://kajabi.com/policies/privacy

Name

Email

Address

Phone number

Engagement data

 

To host Inside Impact’s website

To deliver newsletters

To host Impact Accelerator learning materials

To allow people to sign up for Impact Accelerators

Xero

https://www.xero.com/uk/legal/privacy/

Name

Address

Contact information

Payment information

To generate invoices for customers and purchase orders for suppliers

To maintain all financial records relating to the business for HMRC
  • If at any point we become aware of a breach of data, we will risk assess the severity of the situation. If we determine that the breach is likely to result in high risk to your rights and freedoms, we will communicate the breach to you without undue delay and report the breach to the ICO as part of our legal obligation. Any data processors that we have arrangements with will be required by contract to inform us of any breaches they become aware of that relate to your personal data, as soon as they become aware.
  1. Legal Basis for Processing Your Information
  • Our legal basis for collecting and using the personal information described in Section 5 will depend on the personal information concerned and the specific context in which we collect it. We will collect personal information from you only (i) where we have your consent to do so, (ii) where we need the personal information to perform a contract with you (iii) where the processing is in our legitimate interests and not overridden by your rights, or (iv) where we have a legal obligation to do so.
  • If you have provided a service to us, we will use your data as necessary to fulfil our contractual obligations, including to be able to process your request for payment and ensure timely payment.
  • In order to provide services to individuals associated with your organisation you have purchased and to ensure you have access to the full range of our products and services’ benefits, we will use your data as necessary to fulfil our contractual obligations, including to deliver personalised support by email, phone and in person.
  • If you have opted in to receiving Inside Impact’s newsletter, we will use your data to provide these communications based on your opt-in consent. You can withdraw consent at any point by clicking the ‘Unsubscribe’ link at the bottom of any email.
  • If you are a client of Inside Impact or are enquiring about products and services, we use data about your access requirements including your preferred format in or order to provide an accessible service and meet our legal obligations under the Equality Act 2010.
  • If you are attending an in-person session facilitated by Inside Impact, we will use data about your dietary and access requirements to meet our legal obligations to be compliant with the Health and Safety Executive.
  • If you are a client of Inside Impact, we may collate personal information for example recording support interactions or survey responses, under our legitimate interests, enabling us to provide an effective and continuous service to you, improve our services in future and monitor our impact.
  • If you are associated with an organisation that has purchased products or services from Inside Impact (for example as a staff member or volunteer) and then leave that organisation, we may still keep your personal information for up to five years after you have left under our legitimate interests. We wish to provide a quality experience which includes consideration of your remaining colleagues receiving a continuous service, particularly in the case of staff and trustee transitioning support. We always weigh the consideration of our legitimate interests against your privacy rights to ensure your rights are not overridden.
  1. Disclosure of Your Information
  • We may disclose your personal information to third parties if we are under a duty to disclose your information to comply with a legal obligation or to protect the safety of our property, our staff, other clients or members of the public.
  • Other than the third parties named in the Privacy Policy or for the reasons noted at paragraph 7.1 above, we will not disclose your personal information to any other third party unless we have obtained your consent first.
  1. Data Retention
  • We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested) or to comply with applicable legal, tax or accounting requirements.
  • When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • In the event of a person leaving an organisation which has interactions with Inside Impact membership, we will delete the contact information along with access and dietary requirements for that person immediately upon being made aware of that person’s departure, or the day after their final day with that organisation if we know in advance. We will retain that person’s name, position, association with the organisation and any interactions with that person for five years to ensure continuity and quality of support to our clients. After five years, the information will be permanently deleted from our database.
  • Anyone who has consented to receive the newsletter will be removed from the active electronic mailing list and will no longer receive these communications. We may retain the email for the next two years so that we ensure we have a record that consent has been revoked for these communications.
  1. Your Rights

Under the Data Protection Act 2018 which is the UK’s implementation of the General Data Protection Regulation, you have the following data protection rights:

Right to be informed. We will strive to be transparent in how we collect and use personal data. This Privacy Policy sets out how we do that and is publicly available. We are happy to receive questions or comments about any information contained in this Policy.

Right of access. If we store your personal data, you have the right to make a subject access request. We are required by law to make this information available to you within a month, unless the request is complex or there are numerous requests. This information will be supplied to you electronically in a format that is accessible to you. This will be free of charge.

Right to rectification. If you become aware that we hold incorrect or incomplete information about you, you can contact us using the details in Section 12 to provide us with the correct information. We have a duty to keep up to date information and so we ask the lead contacts to confirm or update their information at the point of member renewal which takes place every year.

Right to erasure (otherwise known as the ‘right to be forgotten’). If you withdraw your consent and it is our only legal basis for keeping your information, your personal information will be deleted upon your request. If we no longer have a legitimate interest for keeping your data or the reason for keeping the information at the time you provided it is no longer applicable, we will delete your information upon request. There may however be situations where it is not possible, for example where we are required to by law. In these cases we will explain to you why it is not possible to fulfil your request completely, however we will work with you to minimise any processing of that data.

Right to restrict processing. At this request, we will continue to store your data but will restrict any further processing. Decisions to restrict will be based on assessing whether legitimate grounds override individual rights or not.

Right to data portability. You have the right to request that we move your data from one IT environment to another. This would be between different organisations. Whilst we will do our best to format our information in a way that another organisation could use it without it being corrupted, we cannot guarantee that systems will be readily compatible.

Right to object. You have the right to object to any direct marketing. Inside Impact’s direct marketing is done through our email newsletter which we seek your consent for. If you withdraw consent, we will cease this marketing immediately. You also have the right to object to processing based on legitimate interests or the performance of a task in the public interest, exercise of official authority, or for purposes of scientific/historical research and statistics. At this point we will consider the weight of the legitimate need to process data again the individual’s privacy rights.

Rights regarding automated decision making and profiling. This is not applicable as Inside Impact does not currently automate decision making nor carry out any profiling.

If you feel that we have not respected your privacy rights, you are entitled to make a complaint to the ICO. Further information on how to do this can be found on the ICO website: https://ico.org.uk/concerns/ However, before making a complaint direct to the ICO, we advise that you contact Inside Impact first to try to resolve the matter in accordance with ICO’s guidance.

  1. Children

We strongly believe in protecting the privacy of children. We do not knowingly collect or maintain personal information from persons under 13 years of age. Any person purchasing products or services from Inside Impact must be of 18 years or over in order to enter into such an arrangement. No part of www.inside-impact.co.uk is directed to persons under 13 years of age. If you are under 13 years of age, then please do not use or access our website. We will take appropriate steps to delete any personal information of persons less than 13 years of age.

  1. Updating this Privacy Policy

We may update or amend this Privacy Policy from time to time, to comply with law or to meet our changing business needs or reporting requirements. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. At a minimum, any updates or amendments will be posted on www.inside-impact.co.uk/privacy and communicated through an email to everyone actively subscribed to the mailing list.

  1. Contacting Inside Impact

If you have any questions, comments or complaints about this Privacy Policy, please contact us using the details below:

FAO: Alexa Sage - Inside Impact Data Protection Compliance Lead
Inside Impact

Suite 211a Peel House,

34-44 London Road,

Morden,

London, SM4 5BT

United Kingdom
E-mail: [email protected]

This Privacy Policy was last updated on 21 October 2022.