Menu

Privacy Policy

We want to ensure we are transparent and clear, using our policies effectively to  safeguard your privacy.  

  • What is personal data?

Personal data is any information about you (your information). For example, your name, where you live, how old you are, photos and video recordings are your personal data. Some types of personal information have to be treated with extra care because it is more sensitive, for example information you may disclose about your mental health. 

  • What information do we collect?  

We may securely collect, store and use the following kinds of personal information:  

  • Information about your computer and your visits to our website, such as your IP  address, your browser type, where you are based, and how you ended up here, as  well as if you are returning  
  • Information relating to donations or transactions  
  • Information relating to events you are interested in attending, or programmes you wish to take part in, such as email addresses and names  
  • Information relating to newsletters or signing up to become a mentor volunteer
  • Photography and video recordings (with additional consent as further detailed below) 

  • What are our reasons under the law to use your information?

We can only use your information when we have a reason to under the law. For example:

  • If we have collected consent from you because you are aged 17 or over.
  • If we have collected consent from an adult who can consent on your behalf because you are aged 16 or under.
  • We have good reasons to use your information without consent in very special circumstances such as to provide some types of advice services or to keep you or someone else safe (in line with our safeguarding policy).

4) Cookies  

We use cookies to understand how you are using our website, they help us make sure our  website is useful by personalising your experience. Google Analytics uses these cookies to  help us analyse what is working well. We look at information such as which pages you  visited and for how long. Google’s privacy policy is here if you would like to know more  about this.  

Our mailing lists ask for your basic contact information and informs you of how often we  will contact you. We track click rate and open rate in these mailings, which are held by  Mail Chimp and protected by their privacy policy. We check these lists for accuracy and  will always ask you to subscribe.  

5) How will we use your personal information?  

  • To personalise your experience of the website  
  • To enable your use of our services  
  • To send you email notifications which you have specifically requested  
  • To generate anonymous reports which may inform our funding reports 
  • For safeguarding reasons (in line with our safeguarding policy) 
  • To generate anonymous reports for evaluation 

We make sure our details are up to date and accurate. If you ever wish to unsubscribe, our  mailings have an unsubscribe link or note included. We only keep your information for as long as it is useful, and review this at timely periods.  

6) Accounting & financial  

Payment details are held securely by our accounts manager. We will use these details for purposes such as:  claiming Gift aid on donations.

7) Disclosures  

We do not sell, rent or share your information with third parties other than when we share anonymous information with our evaluator and funders. Any information we  disclose about you, other than for purposes as mentioned within this policy, will be when  required to do so by law.  

8) Security of and consent in relation to personal information  

We will take reasonable technical and organisation precautions to prevent the loss, misuse  or alteration of your personal information. No personal data such as photos will be held on personal devices.  

All personal data shared with us is kept on our secure, password protected drive. All of our staff must keep your information safe and confidential (which means not sharing it with other people unless the law allows them to, for example in cases of safeguarding). We have security in place to stop your information being lost or used in the wrong way. Only the people who need to will have access to your information.

Safeguarding children and young people’s data – As part of the Roots Futures Programme, we work in partnership with schools to deliver activities for young people. In some cases, such as our supervised letter exchange component, pupils may share creative or reflective writing with peers from another participating school. All such exchanges are strictly anonymised, using first names only, and are managed entirely through school staff to ensure safeguarding and protection of the child / young person’s data. The Roots Programme does not collect, store or process any personally identifiable information about pupils unless this is explicitly agreed in advance (with schools, parents / carers and children / young people) and which are necessary for specific activities (e.g. attendance at in-person events such as Swap Days or Vision Day). In such cases, only the minimum necessary data is collected and handled securely, in full compliance with the UK GDPR and the Data Protection Act 2018. No pupil data is ever shared with third parties. All communications are conducted via schools, which retain responsibility for direct contact with students and parents/carers. The safety, privacy and dignity of every child involved in the programme is our highest priority.

Matching and Support Information for Inclusive Participation – To support meaningful and inclusive experiences within the Roots Futures Programme, we may request limited, non-identifying information from partner schools to help us sensitively match pupils, for example where participants have SEND or specific communication needs. This may include a first name, first initial of surname and relevant non-sensitive context (e.g. preferred communication style), always provided via school staff. This data is used solely for the purpose of supporting inclusive engagement and is never collected directly from pupils or retained beyond the programme.

For in-person events such as Swap Days or Vision Days, where we have an additional duty of care, we may collect additional essential information to ensure pupil wellbeing (such as allergies, accessibility needs, dietary requirements or emergency contact information). This information is obtained via the school and only shared with relevant staff at participating schools, strictly on a need-to-know basis, to ensure all young people’s needs are fully catered to. We treat this data with the highest level of confidentiality and care, in full compliance with UK GDPR and our safeguarding protocols.

For online sessions involving children and young people, a member of staff from each participating school is always present in the room during sessions. On rare occasions where a school staff member is present in the room but not directly on the video call, and both schools request this arrangement and full consent has been obtained from all parents/carers of participants involved in that programme, sessions may be recorded, solely in line with our safeguarding policy. These recordings are stored securely and are shared only with the designated school staff involved in the programme. If safeguarding concerns arise, these recordings may be reviewed by safeguarding leads to verify details of an incident. All recordings are securely deleted within one year of programme completion.

To protect participant data during online sessions, meeting details are only shared with confirmed attendees. Access is restricted through a secure waiting room, and only participants with cameras and microphones switched on (confirming their identity) are admitted.

Adult participants and parents/carers of youth participants always have the option to opt in or out of giving consent through our forms. Consent can be withdrawn at any time. Responsibility for recording, storing, and deleting any recordings rests with the Roots Programme staff member leading the session, in line with Roots protocols.

9) Photography

Appropriate photos of participants involved in Roots Programme sessions will only be taken and shared externally on our organisation’s website/communication materials where consent is given by the participants featured (in case of an adult) and parent/carer (in case of a child or young person under the age of 17). Any photos and other personal data will be securely deleted within 3 years. 

10) Policy amendments  

This policy will be reviewed annually, and may also be subject to updates periodically.  Please check this page to stay updated and if concerned about any changes, email us.  

11) Your rights  

If you wish to check the information we have on record about you, we will be able to  provide this by email within one month, once you have verified your identity with us.  Please email here, if this is the case. The Information Commissioner’s Office oversees all  complaints around data processing, and would be the people to speak to if you had any  larger issues with how your information is handled. If you have any concerns, or would like  to know more about our privacy decisions, please let us know!  

12) Third party websites  

The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites. 

This policy was last reviewed on: …July 2025…………

Signed by director: ……Ruth Ibegbuna…………………………

Date: ………July 2025………………

Next Review Date: …..July 2026………….

The Roots Programme CIC | Room 519, Royal Exchange Offices, Old Bank Street, Manchester, England, M2 7PE | Company number 11389434