Our Privacy Policy
The Global Centre for Rehumanising Democracy (GCRD) is committed to protecting your privacy and ensuring transparency in how we collect, use, and safeguard your personal data. This Privacy Policy explains our data practices in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.
By engaging with GCRD's services, programmes, or website, you acknowledge that you have read and understood this Privacy Policy.
1. Data Controller Information
GCRD is the data controller responsible for your personal data. You can contact us at:
• Organisation: Global Centre for Rehumanising Democracy
• Location: United Kingdom
• Email: info@gcrd.org.uk
• Website: www.gcrd.org.uk
2. Personal Data We Collect
We collect and process the following categories of personal data:
2.1 Information You Provide Directly
• Contact details: Name, email address, phone number, postal address, job title, and organisation affiliation
• Programme participation data: Application materials, course enrollment information, assessment responses, and feedback
• Professional information: Career background, areas of expertise, leadership experience, and professional interests
• Communication records: Correspondence via email, contact forms, surveys, and event registrations
• Payment information: Billing details for courses, retreats, or services (processed securely through third-party payment processors)
2.2 Information We Collect Automatically
• Website usage data: IP address, browser type, device information, pages visited, time spent on pages, and referring URLs
• Cookies and tracking technologies: See Section 9 for details on our cookie usage
• Analytics data: Aggregated and anonymised usage patterns to improve our services
2.3 Information from Third Parties
• Partner organisations: Information shared by institutional partners (e.g., universities, research institutions) when you participate in collaborative programmes
• Publicly available sources: Professional profiles from LinkedIn or similar platforms, where relevant to programme participation
3. Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR:
• Consent: Where you have explicitly agreed to our processing activities (e.g., newsletter subscriptions, optional surveys)
• Contractual necessity: To deliver programmes, courses, or services you have enrolled in
• Legitimate interests: To operate our organisation, conduct research, improve our services, and communicate about our mission (balanced against your rights and interests)
• Legal obligation: To comply with applicable laws, regulations, and legal processes
4. How We Use Your Personal Data
We use your personal data for the following purposes:
4.1 Programme Delivery and Administration
• Managing applications and enrollment for contemplative leadership programmes, courses, and retreats
• Providing educational content, resources, and participant support
• Facilitating communication between participants, faculty, and GCRD staff
4.2 Research and Analysis
• Conducting research on democratic renewal, trust intelligence, and related topics
• Analysing programme effectiveness and participant outcomes (using anonymised data where possible)
• Contributing to publications, reports, and policy recommendations
4.3 Communications
• Sending programme updates, newsletters, and relevant educational content
• Responding to inquiries and providing customer support
• Notifying you about changes to our services or policies
4.4 Organisational Operations
• Processing payments and managing financial transactions
• Maintaining records for administrative and legal purposes
• Ensuring security and preventing fraud
4.5 Website Improvement
• Analysing website usage to enhance user experience
• Troubleshooting technical issues and optimising performance
5. Data Sharing and Disclosure
We do not sell your personal data. We may share your data with the following categories of recipients:
5.1 Service Providers
Third-party vendors who assist us with website hosting, payment processing, email communications, data analytics, and cloud storage. These providers are contractually bound to protect your data and use it only for specified purposes.
5.2 Partner Organisations
Universities, research institutions, and collaborative partners involved in joint programmes or research initiatives, where necessary for programme delivery.
5.3 Legal and Regulatory Authorities
Government bodies, regulators, law enforcement, or legal advisors when required by law or to protect our legal rights.
5.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to continued compliance with this Privacy Policy.
6. International Data Transfers
GCRD operates primarily within the United Kingdom. However, some of our service providers may be located outside the UK or European Economic Area (EEA). When we transfer your personal data internationally, we ensure appropriate safeguards are in place, including:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions recogniing equivalent data protection standards
• Other lawful transfer mechanisms under GDPR
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. Specific retention periods include:
• Programme participant data: Retained for the duration of your participation and up to 7 years afterward for alumni relations, impact assessment, and compliance purposes
• Financial records: Retained for 7 years in accordance with UK tax and accounting regulations
• Marketing communications: Retained until you withdraw consent or 3 years after your last engagement with GCRD
• Website analytics: Anonymised data retained indefinitely for statistical purposes
After the retention period expires, we securely delete or anonymise your personal data.
8. Your Rights Under GDPR
You have the following rights regarding your personal data:
• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure (\u2018right to be forgotten\u2019): Request deletion of your personal data in certain circumstances
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Receive your data in a structured, commonly used format and transfer it to another controller
• Right to object: Object to processing based on legitimate interests or for direct marketing purposes
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent (without affecting the lawfulness of prior processing)
To exercise these rights, please contact us at info@gcrd.org.uk. We will respond to your request within one month.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated. Visit www.ico.org.uk for more information.
9. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to enhance functionality and user experience. Cookies are small text files stored on your device that help us:
• Remember your preferences and settings
• Analyse website traffic and usage patterns
• Deliver personalised content and improve our services
Types of Cookies We Use:
• Essential cookies: Necessary for website operation (e.g., security, login functionality)
• Performance cookies: Collect anonymous data on how visitors use our site
• Functional cookies: Remember your choices and provide enhanced features
You can manage cookie preferences through your browser settings. However, disabling certain cookies may affect website functionality.
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These measures include:
• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication protocols
• Staff training on data protection and security best practices
While we strive to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining robust safeguards.
11. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child without parental consent, we will take steps to delete that information promptly. If you believe we have collected data from a child, please contact us immediately.
12. Third-Party Links
Our website may contain links to third-party websites, resources, or services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or operational needs. Any significant changes will be communicated through:
• Email notification to registered users
• Prominent notice on our website
The updated Privacy Policy will indicate the new effective date. Continued use of our services after changes are posted constitutes acceptance of the revised policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: info@gcrd.org.uk
Postal Address:
Global Centre for Rehumanising Democracy, 2nd Floor, College House, 17 King Edwards Road, Ruislip, London, HA4 7AE, UNITED KINGDOM
We are committed to addressing your inquiries promptly and working with you to resolve any concerns.