Your Title Goes Here

Data protection Policy

Adopted on: 5th June 2023

First Review Completed on: 7th September 2025

Next Review Due By: 7th September 2026

Purpose

ADHD Pirates CIC is committed to safeguarding the privacy and personal data of our service users, stakeholders, and directors. This policy outlines our approach to data protection and demonstrates our compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Scope

This policy applies to all personal and anonymous data processed by ADHD Pirates CIC, including:

Website interactions, as detailed in the Privacy & Cookie Policy available at http://adhdpirates.co.uk/privacy-policy-2/.

Data collected through:

  • Website downloads: Name and email addresses required to access resources.
  • Questionnaires: Used during peer group sessions to meet funding requirements, evaluate session effectiveness, and identify barriers for adults with ADHD.
  • Emails and messages: Sent through our general email address (hello@adhdpirates.co.uk) or via the “Contact Us” page on our website.
  • Contact form submissions: Collect first name and email (mandatory), with optional fields for last name, phone number, and enquiry details.
  • Feedback: Gathered via LinkedIn comments on articles shared through the Director’s personal account.
  • Cookies: Information collected and managed as outlined in thePrivacy & Cookie Policy, including potential third-party cookies.

 

Future Projects: Personal data may also be collected through future initiatives such as group ADHD Coaching, including basic case records (e.g. support needs and communication preferences). Peer group activities are group-based and do not involve formal data collection by participants. However, safeguarding concerns raised by participants may result in the collection of limited personal data.

 

Policy Statement

ADHD Pirates CIC is dedicated to:

  • Processing personal data lawfully, fairly, and transparently.
  • Collecting data for specified, explicit, and legitimate purposes.
  • Ensuring data is adequate, relevant, and limited to what is necessary.
  • Maintaining the accuracy and currency of personal data.
  • Retaining data only for as long as necessary.
  • Ensuring the security and confidentiality of personal data.

 

Responsibilities

Data Protection Officer:
Robert Walmsley, Director of ADHD Pirates CIC, is responsible for overseeing data protection compliance, managing data queries, and addressing any concerns.

Additional Directors:
One additional director does not handle personal data and is therefore not subject to the responsibilities outlined in this policy.

 

Procedures

Data Collection and Consent

  • Personal data is collected through the website, email, questionnaires, and feedback.
  • Mandatory fields for the contact form include first name and email; optional fields include last name, phone number, and enquiry details.
  • Cookies, including those managed by third parties, are used for functionality, analytics, and potential future advertising. Consent for these is obtained via the cookie banner.
  • Individuals are informed about the purpose of data collection through the Privacy & Cookie Policy.
  • In the event that a safeguarding concern is disclosed during a peer group session, basic details (such as name, nature of concern, and actions taken) may be recorded by the Designated Safeguarding Lead to meet legal and safeguarding obligations.

Managing User Rights

 

In plain English, these rights mean you can see what data we hold about you, ask us to correct it, delete it, or send it to someone else. You can also ask us to stop using it in certain ways.

Users can exercise their rights under the UK GDPR, including:

  • Accessing Data: Request a copy of the information we hold.
  • Correcting Data: Request updates to incorrect or incomplete information.
  • Deleting Data: Request that data be deleted.
  • Restricting Processing: Request limited use of their data.
  • Data Portability: Request their data in a transferable format.
  • Objecting to Processing: Refuse specific uses of their data.

Requests should be sent to hello@adhdpirates.co.uk with the relevant subject line (e.g., “Delete My Data,” “Access My Data”). We will respond within 30 days and confirm when the request is completed.

Data Storage and Security

Digital Data: Stored on password-protected devices and secure cloud platforms.

Physical Data: Kept securely at the Director’s home.

Any safeguarding notes or case management records will be stored securely and separately from general participant data, with access limited to the Designated Safeguarding Lead.

Access is restricted to authorised personnel.

Data Sharing

Personal data may be shared with:

  • Service providers (e.g., Google Analytics).
  • Funders or partners, using anonymised data, to demonstrate impact and compliance.
  • Third-party cookies, only with user consent.

Data Retention and Disposal

Retention:

Personal data: Retained for one year after the last interaction.

Anonymous data: Retained indefinitely for analysis and reporting purposes.

Disposal:

Secure deletion of digital data.

Shredding of physical documents.

 

Data Breach Response

Steps:

  1. Identify and contain the breach.
  2. Assess risks to individuals’ rights and freedoms.
  3. Report to the ICO within 72 hours, if required:

To report a breach, visit the Information Commissioner’s Office (ICO) website at https://ico.org.uk and click on the “Report a Breach” button for detailed instructions on submitting the required information.

  1. Notify affected individuals and provide guidance.
  2. Document the breach and corrective actions.

 

Cookies

We use cookies to improve website functionality, provide relevant content, and analyse traffic. Cookies are managed via the CookieYes plugin, allowing users to accept, reject, or customise their preferences through the banner. Detailed information on cookies can be found in the Privacy & Cookie Policy on our website.

 

Training and Awareness

Directors, staff, and volunteers will receive data protection training before handling personal data. This training will be provided in collaboration with Staffordshire County Council or Support Staffordshire to ensure compliance with the UK GDPR and best practices.

Training will also cover handling sensitive disclosures made during peer group activities and how to manage safeguarding-related data appropriately.

 

International Data Transfers

 

Some of our service providers (such as Google Analytics) may process data outside the UK or EEA. When this happens, data is transferred under the UK’s adequacy regulations (the UK-US Data Bridge) or using safeguards such as Standard Contractual Clauses approved by the ICO. These ensure your data is kept safe and secure.

 

Complaints

If you are dissatisfied with how we handle your personal data, you may:

Contact: Robert Walmsley, Data Protection Officer, at hello@adhdpirates.co.uk.

File a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk and click “Make a Complaint.”

 

Review and Updates

This policy will be reviewed annually and updated as necessary to reflect changes in operations, laws, or best practices.

Shares
Share This
Skip to content