Skip to content

GDA is committed to protecting the privacy of the people whose personal information we process and to meeting our obligations under Data Protection legislation.

Personal data

GDA collects and processes the personal data of:

Legitimate purposes

We only collect, use and otherwise handle personal data for purposes where we have a legal basis to do so under Data Protection legislation.

These include:

Processing information

GDA processes personal data for a variety of purposes, including:

What information we collect

The type and quantity of data we collect and use depends on why it has been provided.

Personal information collected may include: name, address, telephone number and e-mail address.

For those involved in focus groups, consultations, blogs, campaigns, awareness raising, personal stories/case studies, events and so on we may also collect feedback, comments, personal circumstances and photographs.  We may also capture views on video or audio, depending on the activity.  If we are filming or photographing an event, this will be made clear to all attendees in advance and there will be the option of not being photographed.  We will only use information and/or images if agreed.

We will keep records of skills, attendance and training specific to our staff, Board and volunteers.

We will keep records of bank account details, contractual information, attendance and absence, training and performance of our employees. Our staff are provided with a detailed privacy notice outlining the information we hold about them, the purposes of collection, retention and destruction procedures.

We sometimes need to process more sensitive personal information, which we collect and handle in compliance with the more robust rules around special category data under Data Protection law. This is includes information relating to any accessibility or dietary requirements and information regarding health, gender, sexual orientation, race/ethnicity, criminal proceedings, outcomes and sentences, offences and alleged offences.

Sharing data

Personal data will be only be shared internally with those GDA staff who have a legitimate reason to access it.

We may need to share personal information with other organisations to carry out our work, for example taxi companies, tutors or care agencies. Where this is necessary, we are required to comply with data protection legislation. We will only disclose or share personal information with your consent or where there is a legitimate and lawful purpose to do so.

GDA will never sell or inappropriately disclose your personal data to any other external organisation or individual. Any information shared with funders or other external agencies is done so on a statistical and/or completely anonymised basis, unless we have specific consent to do otherwise.

Transfer of data overseas

It may sometimes be necessary to transfer your personal information overseas, out with the European Economic Area (EEA). Any transfers made will be in full compliance with all aspects of Data Protection legislation. Mailchimp, for example, are a US-based third-party provider that we use to deliver our newsletter: Mailchimp are signed up to the EU-US Privacy Shield.

How long we retain personal data

We will only retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. At the end of this period the information will be destroyed or deleted in line with our confidential destruction procedures.  We retain anonymised statistical information to help inform our work, but you cannot be identified from that data.

Security of your Information

We are committed to ensuring the right to privacy is respected and that personal information is secure and only available to those who have a right to see it.

We have monitoring and incident management procedures in place to detect, resolve and report any personal data breaches as quickly as possible and to improve our controls by addressing the underlying causes of such breaches.

Your Rights

Under the GDPR, you have a number of rights in relation to your personal information. You have the right to:

  1. know what data we hold relating to you and why, and to receive a copy of it,
  2. request rectification of your personal information which means you are able to have inaccurate personal information corrected without undue delay;
  3. request erasure of your personal information when certain conditions apply;
  4. restrict processing under certain circumstances;
  5. object to processing;
  6. data portability in some circumstances.

There are also specific legal rights relating to automated decision making but GDA does not use any such processes.
Requests that relate to rectification, erasure or restricting data processing will be passed to any recipients of your personal information.

There may be occasions when GDA is unable to comply with requests to exercise the rights detailed above. Should this apply to a request you make, it will be explained to you why we are unable to comply with the request and any options available.

Where your personal information is being processed using consent, one further right is the right to withdraw your consent at any time. You should be aware that, while we will stop using your information for that purpose with immediate effect, it may not always be possible to remove information from the public domain, for example where it has been used in hard copy publications. You should also be aware that the ability to withdraw consent only applies to information considered to be personal. It does not usually apply to information about groups or organisations.

You are not required to pay any charge for exercising your rights. If you make a request, we will respond without undue delay and at least within one month.

For more information on your data protection rights see .

To exercise any of these rights or for more information, please contact our Data Protection Compliance Officer, via the GDA office.

If you are dissatisfied with our response to a complaint you send us, or have any concerns about our handling of your personal data, you can complain to the Information Commissioner’s Office by using the details below:

Changes to our Privacy Notices

We will keep our privacy notices under regular review to make sure they are up to date and accurate. This notice is due for review in December 2019.


Analytics & Trackers

  • Google Analytics

    Google Analytics is a web analytics service offered by Google that tracks and reports website traffic.

    Read the Privacy Policy