1. Purpose of this policy

This policy explains how Equality and Diversity UK Ltd (EDUK) collects, uses, stores and protects personal data. We are committed to handling personal information lawfully, fairly and transparently in line with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Privacy and Electronic Communications Regulations (PECR)

EDUK is registered with the Information Commissioner’s Office (ICO): ZB518334.

2. What personal data we collect

We may collect the following types of personal data:

• Contact details (name, email, phone, address)
• Organisation and job role
• Booking and order information
• Payment information (processed securely by third‑party providers)
• Communications with us
• Website usage data (analytics, cookies)
• Staff and contractor information

We only collect what we need to deliver our services.

3. How we use personal data

We use personal data for the following purposes:

• Managing bookings, orders and enquiries
• Providing training, resources and support
• Sending updates or newsletters (only with consent or legitimate interest)
• Managing staff and contractors
• Maintaining financial and administrative records
• Improving our services and website
• Meeting legal or regulatory obligations

4. Our lawful bases for processing

We rely on one or more of the following lawful bases:

• Contract – to provide services you have purchased
• Consent – for optional communications
• Legitimate interests – running and improving our business
• Legal obligation – financial, tax or regulatory requirements
• Vital interests – very rare, only for safety‑related reasons

5. Special category data

We may process limited special category data (for example, health information or ethnicity) when necessary for:

• Accessibility adjustments
• Equal opportunities monitoring
• Employment requirements
• Legal claims

Where required, we use an Appropriate Policy Document as required by the Data Protection Act 2018.

6. Sharing personal data

We only share personal data when necessary and with appropriate safeguards. This may include sharing with:

• Service providers (IT, email, payment processors)
• Training partners
• Professional advisers
• Regulators or authorities where legally required

We never sell personal data.

7. International transfers

If we transfer personal data outside the UK, we use one of the following safeguards:

• UK adequacy regulations
• International Data Transfer Agreement (IDTA)
• UK Addendum to EU Standard Contractual Clauses

8. Data security

We protect personal data through measures such as:

• Secure systems and encrypted storage
• Access controls
• Staff training
• Regular security reviews
• Secure disposal of data

9. Data retention

We keep personal data only for as long as necessary. Typical retention periods are:

• Bookings and orders: 6 years
• Enquiries: 12 months
• Mailing list data: until you unsubscribe
• Staff records: in line with employment law

A full retention schedule is available on request.

10. Your rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Restrict or object to processing
• Request data portability
• Withdraw consent at any time (where consent is the lawful basis)
• Complain to the Information Commissioner’s Office (ICO)

We aim to respond to all requests within one month.

11. Cookies and marketing

We comply with PECR. Non‑essential cookies (for example, analytics) are only used with your consent. Marketing emails are only sent with consent or legitimate interest, and you can unsubscribe at any time.

12. Data breaches

If a personal data breach occurs, we will:

• Assess the risk to individuals
• Notify the ICO within 72 hours where required
• Notify affected individuals where there is a high risk to their rights and freedoms

13. Contact us

Data Protection Department
Equality and Diversity UK
Warwick House
14 Lowes Road
Bury
BL9 6PJ
Email: dp@equalityanddiversity.co.uk