Privacy Policy - GDPR

Headway Derby takes the concept of confidentiality very seriously and does all in its power to restrict personal information to those who genuinely need to know.  We endeavour to ensure that strict confidentiality of personal data is maintained in all of our work, whether the information is stored on a computer or a manual filing system.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

Headway Derby is a ‘data controller’ – this means we are responsible for making sure that your personal data is secure, used in an appropriate way and in accordance with the General Data Protection Regulation (GDPR).  This says that the personal information we hold about you must be:

Used lawfully, fairly and in a transparent way

Collected only for valid purpose that we have clearly explained to you and not used in any way that is compatible with those purposes

Relevant to the purposes we have told you about and limited only to those purposes

Accurate and kept up to date

Kept only for as long as necessary for the purpose we have told you about

Kept securely


Why we need your personal data

We need your data to operate effectively and provide you with an efficient and high quality service.  This data includes personal details (e.g. name, address, email) to keep you informed about what we’re doing and help us to improve your service experience.

How we use your personal data

·         Storing and logging your data on a secure, password protected system

·         Maintaining records to ensure your safety, health and wellbeing if participating in an activity

·         Mailing or emailing you with Headway Derby news or events, or in regards to fundraising

·         Mailing, emailing or phoning you about a donation you’ve made (e.g. thank you)

·         Processing your information if applying for work experience, placements or volunteering

·         Informing you of any changes to our privacy policy or consent statements

·         Using your data to personalise communications (e.g. ‘Hi John’ instead of ‘Dear Sir’)

·         Anonymising data for research purposes

We will not share your data with any third parties formarketing purposes


Your rights and complaints

When we use your data, we ensure we take account of and keep your personal data rights in high regard.  You have the right to see your data at any time.  You can also object to how it is used, have it corrected or deleted.  We systematically suppress old and unnecessary records in our systems.

If you wish to raise a complaint on how we have handled your personal data, please contact our Data Protection Controller who will investigate the matter.

Our Data Protection Controller is:

Rebecca Manship, Operations & Development Manager

She can be contacted at

or 01332 365270

Our Data Protection Compliance Officer is:

Debra Morris, Chair of Trustees

She can be contacted at

or 01332 365270

If you are not satisfied with our response or believe we are not in accordance with the law, please contact the Information Commissioner’s Office (ICO) by visiting their website or by calling their helpline on 0303 123 1113.