Introduction

In keeping with its vision and values, Collaborate Digital is committed to maintaining the highest degree of ethical conduct amongst all its staff, contractors and associated personnel.  To help increase understanding, this Code of Conduct details Collaborate Digital’s expectations of employees and contractors in key areas.

Scope and purpose

This Code of Conduct applies to all contracted staff, volunteers, partners, suppliers and contractors, international and local, employed by Collaborate Digital.

The purpose of this Code of Conduct is to set out the conduct expected of Collaborate Digital staff and contractors whilst under contract to the organisation, and forms part of all contracts of employment.  The Code is applicable at all times.  Breaches of the Code of Conduct are grounds for disciplinary action, up to and including dismissal.

Collaborate Digital staff and contractors are expected to uphold local law wherever they operate, except where the Code of Conduct is more stringent, in which case the Code applies.

Code of Conduct Standards

Collaborate Digital employees and contractors are expected to:

Uphold the integrity and reputation of Collaborate Digital by ensuring that their professional and personal conduct is consistent with Collaborate Digital’s values and standards

• Treat all people fairly with respect and dignity
• Seek to ensure that their conduct does not bring Collaborate Digital into disrepute and does not impact on or undermine their ability to undertake the role for which they are employed
• Not work under the influence of alcohol or use, or be in possession of, illegal substances on Collaborate Digital premises or accommodation

Not engage in abusive or exploitative conduct

• Not engage in sexual activity with children (persons under the age of 18). Mistaken belief in the age of a child is not a defence
• Not exchange money, employment, goods or services for sex, including sexual favours or other forms of humiliating, degrading or exploitative behaviour. This includes any exchange of assistance that is due to beneficiaries of assistance
• Not engage in sexual relationships with beneficiaries of assistance, since they are based on inherently unequal power dynamics
• Not engage in any commercially exploitative activities with children or vulnerable adults including child labour or trafficking
• Not physically assault a child or vulnerable adult
• Not emotionally or psychologically abuse a child or vulnerable adult

Ensure the safety, health and welfare of all Collaborate Digital staff members and associated personnel (volunteers, partners, suppliers and contractors)

• Adhere to all legal and organisational health and safety requirements in force at their location of work
• Comply with any local security guidelines and be pro-active in informing management of any necessary changes to such guidelines
• Behave in a manner such as to avoid any unnecessary risk to the safety, health and welfare of themselves and others, including partner organisations and communities with whom we work

Be responsible for the use of information, assets and resources to which they have access by reason of my employment with Collaborate Digital

• Ensure that they use Collaborate Digital assets and resources entrusted to them in a responsible manner and account for all money and property
• Not use Collaborate Digital IT equipment, software or e-mail and social media platforms to engage in activity that is illegal under local or international law or that encourages conduct that would constitute a criminal offence. This includes any material that intimidates or harasses any group based on protected characteristics, or encourages extremism
• Not use Collaborate Digital IT equipment to view, download, create, distribute or save in any format inappropriate or abusive material including but not limited to pornography or depictions of child abuse

Perform their duties and conduct their private life in a manner that avoids conflicts of interest

• Declare any financial, personal or family (or close intimate relationship) interest in matters of official business which may impact on the work of Collaborate Digital
• Not be involved in awarding benefits, contracts for goods or services, employment or promotion within Collaborate Digital, to any person with whom they have a financial, personal, family (or close intimate relationship) interests
• Not accept significant gifts or any remuneration which have been offered to them as a result of their employment with Collaborate Digital

Uphold confidentiality

• Exercise due care in all matters of official business, and not divulge any confidential information relating to colleagues, work-related matters or any sensitive information unless legally required to do so

Complaints and reports

Collaborate Digital staff and contractors are obligated to bring to the attention of the relevant manager any potential incident, abuse or concern that they witness, are made aware of, or suspect which appears to breach the Standards contained in this Code.  Collaborate Digital staff and contractors reporting concerns are protected by the Disclosure of Malpractice in the Workplace policy.

Staff members and contractors who have a complaint or concern relating to breach of the Code should report it immediately to their line manager.  If the staff member or contractor does not feel comfortable reporting to their line manager (for example if they feel that the report will not be taken seriously, or if that person is implicated in the concern) they may report to any other appropriate staff and contractors member.  For example, this could be a senior manager or a member of the HR Team.

Staff members or contractors receiving reports or concerns are obliged to action or refer the report immediately as per the Collaborate Digital Complaints Policy and procedures

Related policies

• Complaints policy and procedures
• Health and Safety in the Workplace policy
• Disclosure of Malpractice in the Workplace policy
• Safeguarding policy
• Anti Bullying and Harassment policy

Key details

• Policy prepared by: Mark Matthews
• Approved by board / management on: 1^st June 2023.
• Policy became operational on: 1^st June 2023.
• Next review date: 1^st June 2024.

Policy statement

Receiving feedback and responding to complaints is an important part of improving Collaborate Digital’s accountability.  Ensuring our stakeholders can hold us to account will improve the quality of our work in all areas.

Scope

This policy applies to Collaborate Digital and is global in its application.  A complaint can be made by any supporter, partner organisation, community or individual with whom we work, or any member of the public whether an individual, company or other entity, in the UK for anywhere else in the world.

Definitions

A complaint is an expression of dissatisfaction about the standards of service, actions or lack of action, by Collaborate Digital or its staff and associated personnel (contractors, suppliers, volunteers etc).  It is a criticism that expects a reply and would like things to be changed.  Complaints could include the following (which is not an exhaustive list):

• Concern from someone we work with about the quality of programme delivery
• Concern from a member of the public or supporter about a particular fundraising approach or campaign action
• Concern about the behaviour of staff or associated personnel

A complaint has to be about some action for which Collaborate Digital is responsible or is within our sphere of influence.

A complaint is not:

• A general inquiry about Collaborate Digital’s work
• A request for information
• A contractual dispute
• A request to amend records e.g. to correct an address, cancel a donation
• A request to unsubscribe from an Collaborate Digital service e.g. a campaign newsletter or email

The complaints procedures do not apply to complaints that are subject to current investigation by any regulatory body or other legal or official authorities in the UK or other countries in which we operate.  Such issues will be dealt with by the relevant regulatory body.

Procedures for making a complaint

It is hoped that most complaints or concerns about Collaborate Digital’s work or behaviour can and will be dealt with informally by staff or volunteers at a local level.  However, it is recognised that not all issues can be resolved in this way and that a formal complaints mechanism is required for those occasions when an individual or organisation wishes to make their complaint a matter of record and to receive a formal response.

How to make a complaint

All formal complaints should be made in writing either directly from the individual or organisation making the complaint or via someone acting on their behalf.  See below for details about to whom to address a complaint.

Who can make a complaint?

This policy is global in application. A complaint can be made by:

• Any supporter
• Partner organisation
• Community or individual with whom we work
• Any member of the public whether an individual, company or other entity in the UK or around the

Who is not covered by this policy?

Complaints by staff are governed by Collaborate Digital’s procedures for dealing with problems in the workplace, and Anti Bullying and Harassment policy.  Complaints relating to serious incidents such as fraud and corruption or safeguarding concerns will be dealt with through the relevant policy and procedures.

How to make a complaint

To make a complaint please contact Vicki Matthews, Director on 07870 106811 or [email protected]

Key details

• Policy prepared by: Mark Matthews
• Approved by board / management on: 1^st June 2023.
• Policy became operational on: 1^st June 2023.
• Next review date: 1^st June 2024.

Introduction

Collaborate Digital needs to gather and use certain information about individuals.  These can include customers, suppliers, business contacts, schools, school children, employees and other people the organisation has a relationship with or may need to contact.  This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards — and to comply with the law.

Why this policy exists

This data protection policy ensures Collaborate Digital:

• Complies with data protection law and follow good practice
• Protects the rights of staff, customers and partners
• Is open about how it stores and processes individuals’ data
• Protects itself from the risks of a data breach

Data protection law

General Data Protection Regulation describes how organisations — including Collaborate Digital — must collect, handle and store personal information.  These rules apply regardless of whether data is stored electronically, on paper or on other materials.  To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

Article 5 of the GDPR requires that personal data shall be:

• processed lawfully, fairly and in a transparent manner in relation to individuals;
• collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
• adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
• accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
• kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
• processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”

Collaborate Digital has determined that the most appropriate lawful basis for processing data is ‘legitimate interests’.  A Legitimate Interests Assessment has been carried out for the day to day operations of the business and specific assessments are carried out for each individual project.

Policy scope

This policy applies to:

• The head office of Collaborate Digital
• When conducting Collaborate Digital business in schools or at other remote premises
• All staff and volunteers of Collaborate Digital
• All contractors, suppliers and other people working on behalf of Collaborate Digital

It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the GDPR. This can include:

• Names of individuals
• Business addresses
• Email addresses
• Telephone numbers
• The individual’s voice and/or image in any recorded media such as audio or video
• · …plus any other information relating to individuals

Data protection risks

This policy helps to protect Collaborate Digital from some very real data security risks, including:

• Breaches of confidentiality. For instance, information being given out inappropriately.
• Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them.
• Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.

Responsibilities

Everyone who works for or with Collaborate Digital has some responsibility for ensuring data is collected, stored and handled appropriately. Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.

However, these people have key areas of responsibility:

• The board of directors is ultimately responsible for ensuring that Collaborate Digital meets its legal obligations.
• The data protection officer, Mark Matthews, is responsible for:
• Keeping the board updated about data protection responsibilities, risks and issues.
• Reviewing all data protection procedures and related policies, in line with an agreed schedule.
• Arranging data protection training and advice for the people covered by this policy.
• Handling data protection questions from staff and anyone else covered by this policy.
• Dealing with requests from individuals to see the data Collaborate Digital holds about them (also called ‘subject access requests’).
• Checking and approving any contracts or agreements with third parties that may handle the company’s sensitive data.
• Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
• Performing regular checks and scans to ensure security hardware and software is functioning properly.
• Evaluating any third-party services the company is considering using to store or process data. For instance, cloud computing services.

The board is responsible for:

• Approving any data protection statements attached to communications such as emails and letters.
• Addressing any data protection queries from journalists or media outlets like newspapers.
• Where necessary, working with other staff to ensure marketing initiatives abide by data protection principles.

Specific Risks: Children

The GDPR explicitly states that children’s personal data merits specific protection as they may be less aware of the risks, consequences and safeguards concerned, and their rights in relation to the processing of personal data.

Collaborate Digital complies with all the requirements of the GDPR, not just those specifically relating to children.  We design our processing with children in mind from the outset and use a data protection by design and by default approach.

We make sure that our processing is fair and complies with the data protection principles and as a matter of good practice, we use DPIAs to help us assess and mitigate the risks to children.

The GDPR allows organisations to process personal data on the basis of consent.  To enable this, Collaborate Digital requires a parental consent form to be completed for each participating child under the age of 13.  The information collected is limited to:

• Name
• School
• Parent’s name

The form explains what we plan to do with their personal data, is open about the risks and safeguards involved and informs them about what to do if they are unhappy.

Children aged 13 or over are able to give their own consent and are given the same explanation as adults consenting on behalf of younger children.  We make sure that the child understands what they are consenting to, and we do not exploit any imbalance of power in the relationship between us.

Collaborate Digital assumes that the voice or image of a child recorded in audio or video does constitute personal data.

We take into account sector specific guidance on marketing, such as that issued by the Advertising Standards Authority, to make sure that children’s personal data is not used in a way that might lead to their exploitation.

We stop processing a child’s personal data if they or their parent ask us to.

General staff guidelines

• The only people able to access data covered by this policy should be those who need it for their work.
• Data should not be shared informally. When access to confidential information is required, employees can request it from their line managers.
• Collaborate Digital will provide training to all employees to help them understand their responsibilities when handling data.
• Employees should keep all data secure, by taking sensible precautions and following the guidelines below.
• In particular, strong passwords must be used and they should never be shared.
• Personal data should not be disclosed to unauthorised people, either within the company or externally.
• Data should be regularly reviewed and updated if it is found to be out of date. If no longer required, it should be deleted and disposed of.
• Employees should request help from their line manager or the data protection officer if they are unsure about any aspect of data protection.

Data storage

These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the IT manager or data controller.

When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.

These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:

• When not required, the paper or files should be kept in a locked drawer or filing cabinet.
• Employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer.
• Data printouts should be shredded and disposed of securely when no longer required.

When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:

• Data should be protected by strong passwords that are changed regularly and never shared between employees.
• If data is stored on removable media (like a CD or DVD), these should be kept locked away securely when not being used.
• Data should only be stored on designated drives and servers, and should only be uploaded to an approved cloud computing services.
• Servers containing personal data should be sited in a secure location, away from general office space.
• Data should be backed up frequently. Those backups should be tested regularly, in line with the company’s standard backup procedures.
• Data should never be saved directly to laptops or other mobile devices like tablets or smart phones.

All servers and computers containing data should be protected by approved security software and a firewall.

Data use

Personal data is of no value to Collaborate Digital unless the business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft:

• When working with personal data, employees should ensure the screens of their computers are always locked when left unattended.
• Personal data should not be shared informally. In particular, it should never be sent by email, as this form of communication is not secure.
• Data must be encrypted before being transferred electronically. The IT manager can explain how to send data to authorised external contacts.
• Personal data should never be transferred outside of the European Economic Area.
• Employees should not save copies of personal data to their own computers. Always access and update the central copy of any data.

Data accuracy

The law requires Collaborate Digital to take reasonable steps to ensure data is kept accurate and up to date.

The more important it is that the personal data is accurate, the greater the effort Collaborate Digital should put into ensuring its accuracy.

It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.

• Data will be held in as few places as necessary. Staff should not create any unnecessary additional data sets.
• Staff should take every opportunity to ensure data is updated. For instance, by confirming a customer’s details when they call.
• Collaborate Digital will make it easy for data subjects to update the information Collaborate Digital holds about them. For instance, via the company website.
• Data should be updated as inaccuracies are discovered. For instance, if a customer can no longer be reached on their stored telephone number, it should be removed from the database.
• It is the marketing manager’s responsibility to ensure marketing databases are checked against industry suppression files every six months.

Subject access requests

All individuals who are the subject of personal data held by Collaborate Digital are entitled to:

• Ask what information the company holds about them and why.
• Ask how to gain access to it.
• Be informed how to keep it up to date.
• Be informed how the company is meeting its data protection obligations.

If an individual contacts the company requesting this information, this is called a subject access request.  Subject access requests from individuals should be made by email, addressed to the data controller at [email protected]  The data controller can supply a standard request form, although individuals do not have to use this. Individuals will be charged £10 per subject access request. The data controller will aim to provide the relevant data within 14 days.  The data controller will always verify the identity of anyone making a subject access request before handing over any information.

Disclosing data for other reasons

In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.

Under these circumstances, Collaborate Digital will disclose requested data. However, the data controller will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers where necessary.

Providing information

Collaborate Digital aims to ensure that individuals are aware that their data is being processed, and that they understand:

• How the data is being used
• How to exercise their rights

To these ends, the company has a privacy statement, setting out how data relating to individuals is used by the company.

[This is available on request. A version of this statement is also available on the company’s website.]

Key details

• Policy prepared by: Mark Matthews
• Approved by board / management on: 1^st June 2023.
• Policy became operational on: 1^st June 2023.
• Next review date: 1^st June 2024.

Purpose and scope

The purpose of this document is to provide procedures for dealing with reports of breach of Collaborate Digital Safeguarding Policy, where the safeguarding violation is:

• Against staff, contractors or members of the public,
• Perpetrated by staff, partners or associated personnel.

Procedures

1. Report is received

1.1 Reports can reach the organisation through various routes. This may be in a structured format such as a letter, e-mail, text or message on social media.  It may also be in the form of informal discussion or rumour.  If a staff member hears something in an informal discussion or chat that they think is a safeguarding concern, they should report this to the appropriate staff member in their organisation.

1.2 If a safeguarding concern is disclosed directly to a member of staff, the person receiving the report should bear the following in mind:

• Listen
• Empathise with the person
• Ask who, when, where, what but not why
• Repeat/ check your understanding of the situation
• Report to the appropriate staff member (see below)

1.3 The person receiving the report should then document the following information, using an Incident Report Form if there is one:

• Name of person making report
• Name(s) of alleged survivor(s) of safeguarding incident(s) if different from above
• Name(s) of alleged perpetrator(s)
• Description of incident(s)
• Dates(s), times(s) and location(s) of incident

1.4 The person receiving the report should then forward this information to the Safeguarding Focal Point or appropriate staff member within 24 hours.

1.5 Due to the sensitive nature of safeguarding concerns, confidentiality must be maintained during all stages of the reporting process, and information shared on a limited ‘need to know’ basis only.  This includes senior management who might otherwise be appraised of a serious incident.

1.6 If the reporting staff member is not satisfied that the organisation is appropriately addressing the report, they have a right to escalate the report, either up the management line, to the Board (or other governance structure), or to an external statutory body.  The staff member will be protected against any negative repercussions as a result of this report.  See Collaborate Digital Complaints Policy and Disclosure of Malpractice in the Workplace Policy.

2. Assess how to proceed with the report

2.1 Appoint a Decision Maker for handling this report

2.2 Determine whether it is possible to take this report forward

• Does the reported incident(s) represent a breach of safeguarding policy?
• Is there sufficient information to follow up this report?

2.3 If the reported incident does not represent a breach of Collaborate Digital Safeguarding Policy but represents a safeguarding risk to others (such as a child safeguarding incident), the report should be referred through the appropriate channels (eg. local authorities) if it is safe to do so.

2.4 If there is insufficient information to follow up the report, and no way to ascertain this information (for example if the person making the report did not leave contact details), the report should be filed in case it can be of use in the future and look at any wider lesson learning we can take forward.

2.5 If the report raises any concerns relating to children under the age of 18, seek expert advice immediately.  If at any point in the process of responding to the report (for example during an investigation) it becomes apparent that anyone involved is a child under the age of 18, the Decision Maker should be immediately informed and should seek expert advice before proceeding.

2.6 If the decision is made to take the report forward, ensure that you have the relevant expertise and capacity to manage a safeguarding case.  If you do not have this expertise in-house, seek immediate assistance, through external capacity if necessary.

2.7 Clarify what, how and with whom information will be shared relating to this case.  Confidentiality should be maintained at all times, and information shared on a need-to-know basis only.  Decide which information needs to be shared with which stakeholder – information needs may be different.

2.8 You may have separate policies depending on the type of concern the report relates to.  For example, workplace sexual harassment is dealt with through the Collaborate Digital’s Anti Bullying and Harassment policy.  If there isn’t a policy for the type of report that has been made, follow these procedures.

If there isn’t a policy for the type of report that has been made, follow these procedures.

2.9 Check your obligations on informing relevant bodies when you receive a safeguarding report.  These include (but are not limited to):

• Funding organisations
• Umbrella bodies/networks
• Statutory bodies (such as the Charity Commission in the UK)

Some of these may require you to inform them when you receive a report, others may require information on completion of the case, or annual top-line information on cases.  When submitting information to any of these bodies, think through the confidentiality implications very carefully.

3. Appoint roles and responsibilities for case management

3.1 If not already done so (see above), appoint a Decision Maker for the case. The Decision Maker should be a senior staff member, not implicated or involved in the case in any way.

3.2 If the report alleges a serious safeguarding violation, you may wish to hold a case conference.  This should include:

• Decision Maker
• Person who received the report (such as the focal point, or manager)
• HR manager
• Safeguarding adviser (or equivalent) if there is one

The case conference should decide the next steps to take, including any protection concerns and support needs for the survivor and other stakeholders (see below).

4. Provide support to survivor where needed/requested

4.1 Provide appropriate support to survivor(s) of safeguarding incidents.  Nb. this should be provided as a duty of care even if the report has not yet been investigated.  Support could include (but is not limited to)

• Psychosocial care or counselling
• Medical assistance
• Protection or security assistance (for example being moved to a safe location)

4.2 All decision making on support should be led by the survivor.

5. Assess any protection or security risks to stakeholders

5.1 For reports relating to serious incidents: undertake an immediate risk assessment to determine whether there are any current or potential risks to any stakeholders involved in the case and develop a mitigation plan if required.

5.2 Continue to update the risk assessment and plan on a regular basis throughout and after the case as required.

6. Decide on next steps

6.1 The Decision Maker decides the next steps.  These could be (but are not limited to)

• No further action (for example if there is insufficient information to follow up, or the report refers to incidents outside the organisation’s remit)
• Investigation is required to gather further information
• Immediate disciplinary action if no further information needed
• Referral to relevant authorities

6.2 If the report concerns associated personnel (for example contractors, consultants or suppliers), the decision-making process will be different.  Although associated personnel are not staff members, we have a duty of care to protect from harm anyone who comes into contact with any aspect of our programme.  We cannot follow disciplinary processes with individuals outside our organisation, however decisions may be made for example to terminate a contract with a supplier based on the actions of their staff.

6.3 If an investigation is required and the organsiation does not have internal capacity, identify resources to conduct the investigation.  Determine which budget this will be covered by.

7. Manage investigation if required

7.1 Refer to the organisation’s procedures for investigating breaches of policy.  If these do not cover safeguarding investigations, use external guidelines for investigating safeguarding reports, such as the CHS Alliance Guidelines for Investigations.

8. Make decision on outcome of investigation report

8.1 The Decision Maker makes a decision based on the information provided in the investigation report.  Decisions relating to the Subject of Concern should be made in accordance with existing policies and procedures for staff misconduct.

8.2 If at this or any stage in the process criminal activity is suspected, the case should be referred to the relevant authorities unless this may pose a risk to anyone involved in the case.  In this case, the Decision Maker together with other senior staff will need to decide to decide how to proceed.  This decision should be made bearing in mind a risk assessment of potential protection risks to all concerned, including the survivor and the Subject of Concern.

9. Conclude the case

9.1 Document all decisions made resulting from the case clearly and confidentially.

9.2 Store all information relating to the case confidentially, and in accordance with Collaborate Digital policy and local data protection law.

9.3 Record anonymised data relating to the case to feed into organisational reporting requirements (eg. serious incident reporting to Board, safeguarding reporting to donors), and to feed into learning for dealing with future cases.

Key details

• Policy prepared by: Mark Matthews
• Approved by board / management on: 1^st June 2023.
• Policy became operational on: 1^st June 2023.
• Next review date: 1^st June 2024.

Purpose

At Collaborate Digital, it is vital that everyone who works for us maintains the highest standards of conduct, integrity and ethics, and complies with local legislation. If an employee, volunteer, partner, consultant or contractor has any genuine concerns about malpractice in the workplace, we wish to encourage them to communicate these without fear of reprisals and in the knowledge that they will be protected from victimisation and dismissal.

This policy does not form part of an employees’ terms and conditions of employment and may be subject to change at the discretion of management.

Malpractice includes (but is not limited to) the issues listed below:

• Financial wrongdoing including theft, bribery, fraud, money laundering and aid diversion
• A failure to comply with any legal obligations
• Sexual misconduct, including sexual abuse, harassment or exploitation (see Collaborate Digital Safeguarding Policy)
• Abuse or exploitation of children, vulnerable adults or beneficiaries (see Collaborate Digital Safeguarding Policy as above)
• Breach of Collaborate Digital policy
• Abuse of position
• Danger to the health and safety of individuals or damage to the environment
• Improper conduct or unethical behaviour
• Activity which would bring the organisation into serious disrepute
• The deliberate concealment of information relating to any of the matters listed above

If you have a genuine concern and have a reasonable belief it is in the public interest, even if it is later discovered that you are mistaken, under this policy you will not be at risk of losing your job or from suffering any form of retribution as a result. This assurance will not be extended to an individual who maliciously raises a matter they know to be untrue or who is involved in any way in the malpractice. Those found to be making false allegations maliciously will have disciplinary action taken against them.

Malpractice is not a complaint about the performance and behaviour of a manager or other work colleague towards you. Such complaints will be directed for action to Collaborate Digital’s HR policies and procedures.  If you genuinely believe that the actions of someone who works for Collaborate Digital could lead to or has resulted in malpractice, please follow the procedure below.

Please note this procedure is not intended to replace Collaborate Digital’s Grievance Procedures, which continues to be the appropriate way to raise personal issues relating to the specific job or employment.

1. Raise the matter with your line manager, who will consult with the appropriate contact point. If you feel that you are unable to raise the matter with your line manager, and you are able to, raise it with a more senior manager.

At the point of raising a concern it would be useful for you to share information describing:

• Whether anyone is at immediate risk of harm?
• What happened? If possible, make note of dates, times, places, people.
• Who is involved?
• How do you know about it?
• When were you first concerned about it?
• Have you told anybody about it?
• Was any action taken?

All managers should:

• Report incidents of theft, fraud, or corruption immediately to Collaborate Digital’s Fraud and Corruption lead
• Report Safeguarding concerns relating to sexual abuse or exploitation of children, vulnerable adults, beneficiaries or any Collaborate Digital representative to Collaborate Digital’s Safeguarding lead
• Report any other incidents of malpractice in the workplace to your HR team, or to the Head of Human Resources

2. A decision will be made on whether it is appropriate to handle such complaints under this policy. Where not appropriate the complainant will be informed and their permission sought to divert the issue to the appropriate HR procedure.

3. When matters are reported to the Fraud and Corruption lead, Collaborate Digital’s Fraud and Corruption policy will be followed. If an investigation is conducted, the outcome may involve taking disciplinary action if misconduct has been proved, which may include dismissal.

4. When matters are reported to the Safeguarding lead, Collaborate Digital’s Safeguarding Investigation Guidelines will be followed. If an investigation is conducted, the outcome may involve taking disciplinary action if misconduct has been proved, which may include dismissal.

You will be notified once the matter has been resolved, but outcomes are subject to confidentiality and may not be communicated.

Collaborate Digital will take appropriate action, which may end in dismissal, in accordance with the relevant procedure against any employee, volunteer or consultant who:

• Has been found to be victimising another individual for using this procedure or deterring them from reporting genuine concerns under it.
• Made a disclosure maliciously that is known to be untrue or without reasonable grounds for believing that the information supplied was accurate.

Frequently asked questions

What if the line manager is involved in the alleged malpractice in some way?

If the line manager is involved in the alleged malpractice in some way, the matter should be raised with the next senior manager in the management line. Concerns regarding financial wrongdoing may be raised directly with the Fraud and Corruption lead and concerns relating to sexual abuse or exploitation of children, vulnerable adults, beneficiaries or any Collaborate Digital representative to the Safeguarding lead.

Can the disclosure be made anonymously?

You are strongly encouraged not to make anonymous disclosures as details and further concerns cannot then be checked with you and this may seriously limit the ability of investigators to pursue your concerns. Nonetheless, all disclosures, made anonymously or otherwise, will be reviewed but lack of information may limit the nature, extent and outcome of the investigation.

Who will conduct the investigation?

Normally an independent person from within Collaborate Digital will be appointed. On rare occasions, or for complex cases such as safeguarding, external investigation support may be sought.

What if the matter involves a criminal offence?

The issue may also be reported to the police if a criminal offence, such as fraud or theft, or sexual assault has been committed.

What if the matter is a complaint about the performance or behaviour of a manager or colleague against me?

Such complaints will be directed for action to the appropriate HR policy under unless the concerns relate to concerns of sexual misconduct or other forms of malpractice listed in this policy.

Key details

• Policy prepared by: Mark Matthews
• Approved by board / management on: 1^st June 2023.
• Policy became operational on: 1^st June 2023.
• Next review date: 1^st June 2024.

Collaborate Digital is committed to encouraging equality, diversity and inclusion among our workforce, and eliminating unlawful discrimination.

The aim is for our workforce to be truly representative of all sections of society and our customers, and for each employee to feel respected and able to give their best.

Collaborate Digital, in providing our service, is also committed against unlawful discrimination of customers or the public.

The policy’s purpose is to:

• provide equality, fairness and respect for all in our employment, whether temporary, part-time or full-time
• not unlawfully discriminate because of the Equality Act 2010 protected characteristics of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race (including colour, nationality, and ethnic or national origin), religion or belief, sex and sexual orientation
• oppose and avoid all forms of unlawful discrimination. This includes in pay and benefits, terms and conditions of employment, dealing with grievances and discipline, dismissal, redundancy, leave for parents, requests for flexible working, and selection for employment, promotion, training or other developmental opportunities

Collaborate Digital commits to:

• Encourage equality, diversity and inclusion in the workplace as they are good practice and make business sense
• Create a working environment free of bullying, harassment, victimisation and unlawful discrimination, promoting dignity and respect for all, and where individual differences and the contributions of all staff are recognised and valued.This commitment includes training managers and all other employees about their rights and responsibilities under the equality, diversity and inclusion policy. Responsibilities include staff conducting themselves to help Collaborate Digital provide equal opportunities in employment, and prevent bullying, harassment, victimisation and unlawful discrimination.All staff should understand they, as well as their employer, can be held liable for acts of bullying, harassment, victimisation and unlawful discrimination, in the course of their employment, against fellow employees, customers, suppliers and the public
• Take seriously complaints of bullying, harassment, victimisation and unlawful discrimination by fellow employees, customers, suppliers, visitors, the public and any others in the course of Collaborate Digital’s work activities.Such acts will be dealt with as misconduct under Collaborate Digital’s grievance and/or disciplinary procedures, and appropriate action will be taken. Particularly serious complaints could amount to gross misconduct and lead to dismissal without notice.Further, sexual harassment may amount to both an employment rights matter and a criminal matter, such as in sexual assault allegations. In addition, harassment under the Protection from Harassment Act 1997 – which is not limited to circumstances where harassment relates to a protected characteristic – is a criminal offence.
• Make opportunities for training, development and progress available to all staff, who will be helped and encouraged to develop their full potential, so their talents and resources can be fully utilised to maximise the efficiency of Collaborate Digital.
• Decisions concerning staff being based on merit (apart from in any necessary and limited exemptions and exceptions allowed under the Equality Act).
• Review employment practices and procedures when necessary to ensure fairness, and also update them and the policy to take account of changes in the law.
• Monitor the make-up of the workforce regarding information such as age, sex, ethnic background, sexual orientation, religion or belief, and disability in encouraging equality, diversity and inclusion, and in meeting the aims and commitments set out in the equality, diversity and inclusion policy.
• Monitoring will also include assessing how the equality, diversity and inclusion policy, and any supporting action plan, are working in practice, reviewing them annually, and considering and taking action to address any issues.

Key details

• Policy prepared by: Mark Matthews
• Approved by board / management on: 1^st June 2023.
• Policy became operational on: 1^st June 2023.
• Next review date: 1^st June 2024.

Purpose

The purpose of this policy is to protect people, particularly children, at risk adults and beneficiaries of assistance, from any harm that may be caused due to their coming into contact with Collaborate Digital.  This includes harm arising from:

• The conduct of staff or personnel associated with Collaborate Digital
• The design and implementation of Collaborate Digital’s programmes and activities

The policy lays out the commitments made by Collaborate Digital and informs staff and associated personnel of their responsibilities in relation to safeguarding.

This policy does not cover:

• Sexual harassment in the workplace – this is dealt with under Collaborate Digital’s Anti Bullying and Harassment Policy
• Safeguarding concerns in the wider community not perpetrated by Collaborate Digital or associated personnel

What is safeguarding?

In the UK, safeguarding means protecting peoples’ health, wellbeing and human rights, and enabling them to live free from harm, abuse and neglect

In our sector, we understand it to mean protecting people, including children and at-risk adults, from harm that arises from coming into contact with our staff or activities.  Further definitions relating to safeguarding are provided in the glossary below.

Scope

• All staff contracted by Collaborate Digital
• Associated personnel whilst engaged with work or visits related to Collaborate Digital, including but not limited to the following: consultants; volunteers; contractors; programme visitors including journalists, celebrities and politicians

Policy Statement

Collaborate Digital believes that everyone we come into contact with, regardless of age, gender identity, disability, sexual orientation or ethnic origin has the right to be

protected from all forms of harm, abuse, neglect and exploitation.  Collaborate Digital will not tolerate abuse and exploitation by staff or associated personnel.

This policy will address the following areas of safeguarding [as appropriate]:  child safeguarding, adult safeguarding, and protection from sexual exploitation and abuse.  These key areas of safeguarding may have different policies and procedures associated with them (see Associated Policies).

Collaborate Digital commits to addressing safeguarding throughout its work, through the three pillars of prevention, reporting and response.

Prevention

Collaborate Digital responsibilities

Collaborate Digital will:

• Ensure all staff have access to, are familiar with, and know their responsibilities within this policy
• Design and undertake all its programmes and activities in a way that protects people from any risk of harm that may arise from their coming into contact with Collaborate Digital. This includes the way in which information about individuals in our programmes is gathered and communicated
• Implement stringent safeguarding procedures when recruiting, managing and deploying staff and associated personnel
• Ensure staff receive training on safeguarding at a level commensurate with their role in the organization
• Follow up on reports of safeguarding concerns promptly and according to due process

Staff responsibilities

Child safeguarding

Collaborate Digital staff and associated personnel must not:

• Engage in sexual activity with anyone under the age of 18
• Sexually abuse or exploit children
• Subject a child to physical, emotional or psychological abuse, or neglect
• Engage in any commercially exploitative activities with children including child labour or trafficking

Adult safeguarding

Collaborate Digital staff and associated personnel must not:

• Sexually abuse or exploit at risk adults
• Subject an at risk adult to physical, emotional or psychological abuse, or neglect

Protection from sexual exploitation and abuse

Collaborate Digital staff and associated personnel must not:

• Exchange money, employment, goods or services for sexual activity. This includes any exchange of assistance that is due to beneficiaries of assistance
• Engage in any sexual relationships with beneficiaries of assistance, since they are based on inherently unequal power dynamics

Additionally, Collaborate Digital staff and associated personnel are obliged to:

• Contribute to creating and maintaining an environment that prevents safeguarding violations and promotes the implementation of the Safeguarding Policy
• Report any concerns or suspicions regarding safeguarding violations by an Collaborate Digital staff member or associated personnel to the appropriate staff member

Reporting

Collaborate Digital will ensure that safe, appropriate, accessible means of reporting safeguarding concerns are made available to staff and the communities we work with.  Collaborate Digital will also accept complaints from external sources such as members of the public, partners and official bodies.

How to report a safeguarding concern

Staff members who have a complaint or concern relating to safeguarding should report it immediately to their line manager.  If the staff member does not feel comfortable reporting to their line manager (for example if they feel that the report will not be taken seriously, or if that person is implicated in the concern) they may report to any other appropriate staff member.

In the first instance contact Vicki Matthews, 07870 106811.

Response

Collaborate Digital will follow up safeguarding reports and concerns according to policy and procedure, and legal and statutory obligations (see Procedures for reporting and response to safeguarding concerns in Associated Policies).

Collaborate Digital will apply appropriate disciplinary measures to staff found in breach of policy.  Collaborate Digital will offer support to survivors of harm caused by staff or associated personnel, regardless of whether a formal internal response is carried out (such as an internal investigation).  Decisions regarding support will be led by the survivor.

Confidentiality

It is essential that confidentiality in maintained at all stages of the process when dealing with safeguarding concerns.  Information relating to the concern and subsequent case management should be shared on a need to know basis only and should be kept secure at all times.

Associated policies

• Code of Conduct
• Anti Bullying and Harassment policy
• Complaints Policy
• Other policies as appropriate

Glossary of Terms

Beneficiary of Assistance

Someone who directly receives goods or services from Collaborate Digital’s programme.  Note that misuse of power can also apply to the wider community that Collaborate Digital serves, and also can include exploitation by giving the perception of being in a position of power.

Child

A person below the age of 18

Harm

Psychological, physical and any other infringement of an individual’s rights

Psychological harm

Emotional or psychological abuse, including (but not limited to) humiliating and degrading treatment such as bad name calling, constant criticism, belittling, persistent shaming, solitary confinement and isolation

Protection from Sexual Exploitation and Abuse (PSEA)

The term used by the humanitarian and development community to refer to the prevention of sexual exploitation and abuse of affected populations by staff or associated personnel.  The term derives from the United Nations Secretary General’s Bulletin on Special Measures for Protection from Sexual Exploitation and Abuse (ST/SGB/2003/13)

Safeguarding

In the UK, safeguarding means protecting peoples’ health, wellbeing and human rights, and enabling them to live free from harm, abuse and neglect.

In our sector, we understand it to mean protecting people, including children and at-risk adults, from harm that arises from coming into contact with our staff or programmes.

Safeguarding means taking all reasonable steps to prevent harm, particularly sexual exploitation, abuse and harassment from occurring; to protect people, especially vulnerable adults and children, from that harm; and to respond appropriately when harm does occur.

This definition draws from our values and principles and shapes our culture. It pays specific attention to preventing and responding to harm from any potential, actual or attempted abuse of power, trust, or vulnerability, especially for sexual purposes.

Safeguarding applies consistently and without exception across our programmes, partners and staff. It requires proactively identifying, preventing and guarding against all risks of harm, exploitation and abuse and having mature, accountable and transparent systems for response, reporting and learning when risks materialise. Those systems must be survivor-centred and also protect those accused until proven guilty.

Safeguarding puts beneficiaries and affected persons at the centre of all we do.

Sexual abuse

The term ‘sexual abuse’ means the actual or threatened physical intrusion of a sexual nature, whether by force or under unequal or coercive conditions.

Sexual exploitation

The term ‘sexual exploitation’ means any actual or attempted abuse of a position of vulnerability, differential power, or trust, for sexual purposes, including, but not limited to, profiting monetarily, socially or politically from the sexual exploitation of another.  This definition incudes human trafficking and modern slavery.

Survivor

The person who has been abused or exploited. The term ‘survivor’ is often used in preference to ‘victim’ as it implies strength, resilience and the capacity to survive, however it is the individual’s choice how they wish to identify themselves.

At risk adult

Sometimes also referred to as vulnerable adult.  A person who is or may be in need of care by reason of mental or other disability, age or illness; and who is or may be unable to take care of him or herself, or unable to protect him or herself against significant harm or exploitation.

Key details

• Policy prepared by: Mark Matthews
• Approved by board / management on: 1^st June 2023.
• Policy became operational on: 1^st June 2023.
• Next review date: 1^st June 2024.

Privacy notice

This is the privacy notice of Collaborate Digital Ltd. In this document, “we”, “our”, or “us” refer to Collaborate Digital Ltd.

We are company number 11003734 registered in England and Wales.

Our registered office is at 173 College Road, Crosby, Liverpool, L23 3AT.

Introduction

1. This is a notice to inform you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.
2. We regret that if there are one or more points below with which you are not happy, your only recourse is to leave our website immediately.
3. We take seriously the protection of your privacy and confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them, and will not accidentally fall into the hands of a third party.
4. We undertake to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.
5. Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
6. The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data. We do this now, by requesting that you read the information provided at knowyourprivacyrights.org
7. Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.

The bases on which we process information about you

The law requires us to determine under which of six defined bases we process different categories of your personal information, and to notify you of the basis for each category.

If a basis on which we process your personal information is no longer relevant, then we shall immediately stop processing your data.

If the basis changes then if required by law, we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.

1. Information we process because we have a contractual obligation with you

When you create an account on our website, buy a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us.

In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information.

We may use it in order to:

• verify your identity for security purposes
• sell products to you
• provide you with our services
• provide you with suggestions and advice on products, services and how to obtain the most from using our website

We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.

Additionally, we may aggregate this information in a general way and use it to provide class information, for example to monitor our performance with respect to a particular service we provide. If we use it for this purpose, you as an individual will not be personally identifiable.

We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.

2. Information we process with your consent

Through certain actions when otherwise there is no contractual relationship between us, such as when you browse our website or ask us to provide you more information about our business, including our products and services, you provide your consent to us to process information that may be personal information.

Wherever possible, we aim to obtain your explicit consent to process this information, for example, by asking you to agree to our use of cookies.

Sometimes you might give your consent implicitly, such as when you send us a message by e-mail to which you would reasonably expect us to reply.

Except where you have consented to our use of your information for a specific purpose, we do not use your information in any way that would identify you personally. We may aggregate it in a general way and use it to provide class information, for example to monitor the performance of a particular page on our website.

If you have given us explicit permission to do so, we may from time to time pass your name and contact information to selected associates whom we consider may provide services or products you would find useful.

We continue to process your information on this basis until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.

You may withdraw your consent at any time by instructing us by emailing [email protected]  However, if you do so, you may not be able to use our website or our services further.

3. Information we process because we have a legal obligation

We are subject to the law like everyone else. Sometimes, we must process your information in order to comply with a statutory obligation.

For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.

This may include your personal information.

Specific uses of information you provide to us

4. Information provided on the understanding that it will be shared with a third party

Our website allows you to post information with a view to that information being read, copied, downloaded, or used by other people.

Examples include:

• submitting an audio or video recording or script
• photographs or video taken while taking part in our activities
• names of children participating in our activities

In posting personal information, it is up to you to satisfy yourself about the privacy level of every person who might use it.

We do store this information, and we reserve a right to use it in the future in any way we decide.

This information will be shared with the sponsor of the specific campaign you have registered to take part in.  Contact details for campaign sponsors can be obtained by emailing [email protected]

Once your information enters the public domain, we have no control over what any individual third party may do with it. We accept no responsibility for their actions at any time.

Provided your request is reasonable and there is no legal basis for us to retain it, then at our discretion we may agree to your request to delete personal information that you have posted. You can make a request by contacting us at [email protected]

5. Complaints regarding content on our website

Our website is a publishing medium. Anyone may register and then publish information about himself, herself or some other person.

We do not moderate or control what is posted.

If you complain about any of the content on our website, we shall investigate your complaint.

If we feel it is justified or if we believe the law requires us to do so, we shall remove the content while we investigate.

Free speech is a fundamental right, so we have to make a judgment as to whose right will be obstructed: yours, or that of the person who posted the content that offends you.

If we think your complaint is vexatious or without any basis, we shall not correspond with you about it.

6. Information relating to your method of payment

We store information about your debit or credit card or other means of payment when you first provide it to us.

We store this payment information in order to make repeat purchasing of goods and services easier next time you visit our website.

We also store it to help us prevent fraud.

We take the following measures to protect your payment information:

• We keep your payment information encrypted on our servers.
• We do not keep all your payment information so as:
  • • to prevent the possibility of our duplicating a transaction without a new instruction from you;
    • to prevent any other third party from carrying out a transaction without your consent
• Access to your payment information is restricted to authorised staff only.
• If we ask you questions about your payment information, we only show partial detail, so that you can identify the means of payment to which we refer.

We automatically delete your payment information when a credit or debit card expires.

7. Job application and employment

If you send us information in connection with a job application, we may keep it for up to three years in case we decide to contact you at a later date.

If we employ you, we collect information about you and your work from time to time throughout the period of your employment. This information will be used only for purposes directly relevant to your employment. After your employment has ended, we will keep your file for six years before destroying or deleting it.

8. Sending a message to our support team

When you contact us, whether by telephone, through our website or by e-mail, we collect the data you have given to us in order to reply with the information you need.

We record your request and our reply in order to increase the efficiency of our business.

We keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you to provide a high quality service.

9. Complaining

When we receive a complaint, we record all the information you have given to us.

We use that information to resolve your complaint.

If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.

We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify you or any other person.

10. Affiliate and business partner information

This is information given to us by you in your capacity as an affiliate of us or as a business partner.

It allows us to recognise visitors that you have referred to us, and to credit to you commission due for such referrals. It also includes information that allows us to transfer commission to you.

The information is not used for any other purpose.

We undertake to preserve the confidentiality of the information and of the terms of our relationship.

We expect any affiliate or partner to agree to reciprocate this policy.

Use of information we collect through automated systems when you visit our website

11. Cookies

Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.

Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.

Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.

Our website uses cookies. They are placed by software that operates on our servers, and by software operated by third parties whose services we use.

When you first visit our website, we ask you whether you wish us to use cookies. If you choose not to accept them, we shall not use them for your visit except to record that you have not consented to their use for any other purpose.

If you choose not to use cookies or you prevent their use through your browser settings, you will not be able to use all the functionality of our website.

We use cookies in the following ways:

• to track how you use our website
• to record whether you have seen specific messages we display on our website
• to keep you signed in our site
• to record your answers to surveys and questionnaires on our site while you complete them

The cookies we use are as follows.

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

12. Personal identifiers from your browsing activity

Requests by your web browser to our servers for web pages and other content on our website are recorded.

We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution.

We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you.

If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our website.

13. Our use of re-marketing

Re-marketing involves placing a cookie on your computer when you browse a website in order to be able to serve to you an advert for products or services when you visit some other website.

We do not make any use of re-marketing.

Disclosure and sharing of your information

14. Information we obtain from third parties

Although we do not disclose your personal information to any third party (except as set out in this notice), we sometimes receive data that is indirectly made up from your personal information from third parties whose services we use.

15. Credit reference

To assist in combating fraud, we share information with credit reference agencies, so far as it relates to clients or customers who instruct their credit card issuer to cancel payment to us without having first provided an acceptable reason to us and given us the opportunity to refund their money.

16. Data may be processed outside the European Union

Our websites are hosted in the United Kingdom.

We may, from time to time in other aspects of our business, also use outsourced services in countries outside the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein).

Accordingly, data obtained within the UK or any other country could be processed outside the European Union.  Where We transfer any personal data outside the EEA, We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the GDPR.

Access to your own information

17. Access to your personal information

• To obtain a copy of any personally identifiable information that we hold about you, you may send us a request at [email protected]
• After receiving the request, we will tell you when we expect to provide you with the information, and whether we require any fee for providing it to you.

18. Removal of your information

If you wish us to remove personally identifiable information from our website, you may contact us at [email protected]

This may limit the service we can provide to you.

19. Verification of your information

When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.

Other matters

20. Use of site by children

• We do not sell products or provide services for purchase by children, nor do we market to children.
• If you are under 18, you may use our website only with consent from a parent or guardian. A parental consent form can be downloaded from the project page.
• Certain areas of our website are designed for use by children. These areas include individual project pages for the campaign in which their school is participating.
• We collect data about all users of and visitors to these areas regardless of age, and we anticipate that some of those users and visitors will be children.
• Such child users and visitors will inevitably visit other parts of the site and will be subject to whatever on-site marketing they find, wherever they visit.

21. Encryption of data sent between us

We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us.

Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.

22. How you can complain

• If you are not happy with our privacy policy or if have any complaint then you should tell us by email. Our address is [email protected]
• If a dispute is not settled then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.
• If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner’s Office. This can be done at https://ico.org.uk/concerns/

23. Retention period for personal data

Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us, and for no longer than six years:

• to provide you with the services you have requested;
• to comply with other law, including for the period demanded by our tax authorities;
• to support a claim or defence in court.

24. Compliance with the law

Our privacy policy has been compiled so as to comply with the law of every country or legal jurisdiction in which we aim to do business. If you think it fails to satisfy the law of your jurisdiction, we should like to hear from you.

However, ultimately it is your choice as to whether you wish to use our website.

25. Review of this privacy policy

We may update this privacy notice from time to time as necessary. The terms that apply to you are those posted here on our website on the day you use our website. We advise you to print a copy for your records.

If you have any question regarding our privacy policy, please contact us.

Key details

• Policy prepared by: Mark Matthews
• Approved by board / management on: 1^st June 2023.
• Policy became operational on: 1^st June 2023.
• Next review date: 1^st June 2024.