Report a safeguarding concern

Privacy Policy

Who we are

This website is operated by Together Active, a company registered in the United Kingdom. Our website address is www.togetheractive.org

For any privacy-related enquiries, you can contact us at hello@togetheractive.org.

Last updated: 06/03/2026

Privacy Policy

We at Together Active, Staffordshire University Business Village, Dyson Way, Staffordshire Technology Park, Stafford, ST18 0TW  (“Together Active”, we” or “our” or “us”) want to make sure all the personal information we have collected about you is safe and secure, whether we collect it through our website at www.togetheractive.org (“Site”) or from other sources.  This Policy sets outs our commitments to you, in compliance with and beyond the General Data Protection Regulation (commonly known as the GDPR) and explains how we collect, store and use your personal information.

Privacy Notices

Collecting specific, relevant personal information is a necessary part of us being able to provide you with any services you may request from us or to manage our relationship with you.

When we hold or use your personal information we will provide you with a privacy notice which sets out in detail:

  • how we will use your personal information and the reasons for these uses
  • details of whether we will pass on your personal information (and if so to whom and the reason for this)
  • the length of time your personal information will be retained by us
  • a link to this Privacy Policy
  • whether your personal information will be stored outside of the European Economic Area (EAA)

Where we collect personal information from you directly, we will provide this privacy notice at the time we collect the personal information from you.  Where we receive your personal information indirectly, we will provide this privacy notice when we first contact you, first pass the data to someone else or within a month, whichever is the earlier.

We will only provide this privacy notice to you once, generally at the start of our relationship with you.  However if the applicable privacy notice is updated substantially, then we may provide you with details of the updated version.

Please note that it is possible for you to be covered by more than one privacy notice, for example you may receive our e-newsletter and volunteer at our events.  In this example both relevant privacy notices would apply to you.

The Difference Between Data Controllers / Processors

A data controller controls how personal information is processed and used.  A data processor processes and uses personal information in accordance with the instructions of a third party, i.e. the data controller.

This distinction is important.  You have certain rights in relation to your personal information, for example the right to be provided with the personal information held about you and details of its use and the right to have certain of your personal information either erased or anonymised, commonly referred to as the right to be forgotten (see below to see what rights you have).  These rights can generally only be exercised against a data controller of your information.  Together Active is the data controller of your personal information where appropriate.

In any case where Together Active is not the data controller this means that you cannot exercise these rights against us directly (i.e. where we only act as a data processor), but you can do so against the data controller (i.e. the person who controls how we process the personal information).  In these cases we will endeavour to inform you who is the data controller of your personal information so that you can direct any such requests to them.

Where we process your personal information as a data processor for a third party, that third party should provide you with a privacy notice which will set out details regarding the processing of your personal information, which should also include the processing to be carried out by us on their behalf.

How Do We Use Your Personal Information?

We will use your personal information as described in the privacy notice provided to you, and we may use your personal information to send you information we think you might find useful, provided you have indicated that you are happy to be contacted for these purposes.

Who Do We Share Your Personal Information With?

Details of who we will share your personal information with are set out in the relevant privacy notice provided to you. In such circumstances, we will put in place arrangements to protect your personal information.  Outside of that we do not disclose your personal information unless we are required to do so by law.

If we transfer personal information about you outside the European Economic Area (EEA), we will let you know and ensure that all reasonable security measures are taken and that any third party processers will be required to process the information in accordance with information protection laws and we will notify you in your privacy notice if we are the information controller.

We do not sell, trade or rent your personal information to others.

How Long Do We Hold On To Your Personal Information?

Further details of how long we hold onto your personal information for are set out in the relevant privacy notice provided to you, but we will only hold your information for as long as is necessary or where you ask us to delete records we may delete it earlier.

The duration for which we retain your personal information will differ depending on the type of information and the reason why it was collected.

What Are Your Rights?

Full details of your rights are set out below, but you are entitled by law to ask for a copy of your personal information at any time. You are also entitled to ask us to correct, delete or update your personal information, to send your personal information to you or another organisation and to object to automated decision making. Where you have given us your consent to use your personal information in a particular manner, you also have the right to withdraw this consent at any time.

The GDPR gives everyone a number of rights.  Full details of these can be found on the Information Commissioner’s Office website (https://ico.org.uk/for-the-public/) but in summary these include the right to:

  • Transparency over how we use your personal information (right to be informed).
  • Request a copy of the information we hold about you (right of access).
  • Update or amend the information we hold about you if it is wrong / changes (right of rectification).
  • Ask us to restrict the processing of your information in certain circumstances (right to restrict processing).
  • Ask us to remove your personal information from our records in certain circumstances (right to erasure).
  • Object to the processing of your information if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests (right to object to processing).
  • Obtain and reuse your personal data for your own purposes in certain circumstances (right to data portability).
  • Not be subject to a decision when it is based on automated processing (right to object to automatic processing).

To exercise any of your rights, or if you have any questions relating to your rights, please contact us by using the details set out in the “Contact” section below. You can also unsubscribe from any direct marketing by clicking on the unsubscribe link in the marketing messages we send to you.

You should note that some of your rights may not apply as they have specific requirements and exemptions which apply to them and they may not also apply to personal information recorded and stored by us.  However your right to withdraw consent or object to processing for direct marketing are absolute rights.

If you are unhappy with the way we are using your personal information you can complain to the UK Information Commissioner’s Office or your local data protection regulator. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.  However, we are here to help and would encourage you to contact us to resolve your complaint first.

Linking With Third Party Sites

Our Site contains links to and from other relevant websites.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and they will be a data controller of your personal information. We do not accept any responsibility or liability for these policies and you should check these policies before you submit any personal information to these websites.

In addition, if you linked to this Site from a third-party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third-party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.

Security

We employ a variety of technical and organisational measures to keep your personal information safe and to prevent unauthorised access to, or use, or disclosure of it. Unfortunately, no information transmission over the Internet is guaranteed 100% secure nor is any storage of information always 100% secure, but we do take all appropriate steps to protect the security of your personal information.

Cookies

Certain parts of our Site use “cookies” to keep track of your visit and to help you navigate between sections. A cookie is a small data file that certain websites store on your computer’s hard-drive when you visit such websites. Cookies can contain information such as your user ID and the pages you have visited. The only personal information a cookie contains is information that you have personally supplied.

We use cookies on our Site to enable us to deliver content that is specific to your interests and gives us an idea of which parts of the Site you are visiting and to recognise you when you return to the Site. Reading cookies does not give us access to other information on your computer’s hard-drive and our Site will not read cookies created by other websites that you have visited.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. If, however, you select this setting you may be unable to access certain parts of the Site. Unless you have adjusted your browser settings so that it will refuse cookies, our system will issue cookies when you access the Site.

Please note providers of third party content may also use cookies over which we have no control. For detailed information on the cookies we use and the purposes for which we use them see the table below.

Log Files

In common with most websites, our Site logs various information about visitors, including internet protocol (IP) addresses, browser type, internet service provider (ISP) information, referring / exit pages and date / time stamp.

We may use this information to analyse trends, administer the Site, track your movement around the Site and gather broad demographic information.

Contact

In the event of any query or complaint in connection with the information we hold about you, please email hello@togetheractive.org 

Whilst this privacy policy sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.

Version 1 Date: March 2026

Information About Cookies

A cookie is a small piece of text stored on your computer, phone or whatever you use to surf the net. Cookies have many uses but fundamentally they are used to store information about you on your computer.

We encourage you to accept the cookies our website uses as they help us to improve the user experience for you and many others. We use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience.

To find out more about cookies and how they work you can visit aboutcookies.org.

Media

If you upload images to the website, please avoid including embedded location data (EXIF GPS), as visitors can download and extract this data.

Cookies

We use the CookieYes plugin to manage cookie consent preferences. You can review our cookie policy and manage your preferences here: [Insert Cookie Policy Link].

Cookies help improve website functionality and provide analytics. By using our site, you agree to the use of cookies in accordance with our policy.

Embedded content from other websites

Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the original website.

These websites may collect data, use cookies, embed additional third-party tracking, and monitor interactions, including tracking if you have an account and are logged into that site.

Who we share your data with

We do not sell or share personal data with third parties, except in the following circumstances:

  • Hosting Provider: Form submissions are processed through the website’s hosting provider. If hosted by MeThree, data is stored securely on our ISO 27001, ISO 9001, and Cyber Essentials-certified hosting provider. For client-managed hosting, data is handled according to the client’s chosen provider. Data is not shared externally unless otherwise stated.
  • Email services: If SMTP is enabled, form submissions may be routed through an external mail server (e.g., Google Workspace, Microsoft 365, SendGrid).
  • Email marketing services: If you have integrated Mailchimp, Brevo, or another provider, form data may be processed by your chosen service.
  • Analytics tools: If analytics tracking is enabled (e.g., Google Analytics), anonymised data may be collected.
  • Legal Requirements: We may disclose data if required by law or to protect our legal rights.
  • Spam Prevention: Visitor form submissions may be checked through an automated spam detection service.

How long we retain your data

  • Form submission data: Stored on the website’s hosting provider’s servers (either MeThree’s managed hosting or the client’s own hosting) for 12 months, unless deleted earlier at your request. If SMTP is enabled, emails may also be stored on the configured mail server.
  • Email marketing data: Retained by Mailchimp, Brevo, or other email marketing services in accordance with their policies.
  • Analytics data: Stored for 26 months or based on your analytics provider’s retention policy.
  • Registered user data: Users can edit or delete their profile information at any time (except usernames).

If you wish to request deletion of your data, please contact hello@togetheractive.org

What rights you have over your data

Under UK data protection law, you have the right to:

  • Request a copy of the personal data we hold about you.
  • Request that we correct or erase any personal data we hold.
  • Withdraw consent for processing where applicable.

Suggested text:
If you have an account on this site or have submitted data via a form, you can request an exported file of your personal data or request deletion. This does not include data we are required to retain for administrative, legal, or security purposes.

To make a request, please contact hello@togetheractive.org

Where your data is sent

  • Form submissions: Processed through the website’s hosting provider (either MeThree’s managed hosting or the client’s chosen provider). If SMTP has been requested, emails may be sent via an external mail server.
  • Email marketing: If you have opted into newsletters or marketing emails, your data may be sent to Mailchimp, Brevo, or another provider.
  • Spam Detection: Visitor comments and form submissions may be checked through an automated spam detection service.

Changes to this policy

We may update this privacy policy from time to time. Any changes will be posted on this page. We recommend reviewing this policy periodically.