Privacy Policy

Last reviewed: 23 Aug 2025 

Next review date: Aug 2026 

 Responsible Person: Jude Williams, Chief Executive 

Introduction 

The Literacy Pirates is a charity registered with The Charity Commission in England and Wales under registration number 1145115 and is a company limited by guarantee in England and Wales under registration 7790039. Our registered office address is 136-138 Kingsland High Street, Dalston, E8 2NS. 

We must process personal data, including special category data, to deliver our services and programmes. As such, we act as a Data Controller. Our Data Protection Officer (DPO) can be contacted at admin@literacypirates.org 

We comply with the UK GDPR, the Data Protection Act 2018, and the Data (Use and Access) Act 2025. We also follow the ICO’s Age-Appropriate Design Code for services likely to be accessed by children. 

Data Protection Governance 

We take the following actions to maintain compliance: 

  • Annual policy review and six-monthly procedural review. 
  • Six-monthly data cleansing. 
  • Regular staff training on data protection. 
  • Prompt handling of Data Subject Rights requests (one month to respond; may extend by up to two months if complex; we may pause the timeframe when awaiting essential clarification from the requester under the DUA Act 2025). 
  • Breach assessment and reporting to the ICO within 72 hours where required. 

Our Lawful Bases for Processing 

We process personal data under the following lawful bases (UK GDPR Article 6) and, where applicable, an additional lawful basis for special category data (UK GDPR Article 9): 

  • Contract – to perform a contract with you (e.g., employment). 
  • Legal obligation – to comply with the law (e.g., safeguarding). 
  • Legitimate interests – to administer our programmes, evaluate effectiveness, and undertake proportionate fundraising. 
  • Consent – for marketing, photography, and certain special category data. 

For special category data, we typically rely on Article 9(2)(d) processing by not-for-profit bodies, or Article 9(2)(g) substantial public interest. 

Data We Collect 

We collect different types of data from the following groups: 

  • Young people – personal, educational, and relevant safeguarding information from parents/guardians and schools. 
  • Volunteers – contact, demographic, DBS, and relevant safeguarding information. 
  • Funders/supporters – contact, donation, and engagement history. 
  • Staff – employment, payroll, emergency contact, performance, and safeguarding information. 

We may collect photos and video footage for safeguarding, training, monitoring, and publicity (with consent where required). 

How We Store and Protect Your Data 

We store data in secure systems including Salesforce, Microsoft 365, FormAssembly, Mailchimp, Rosterfy, and Class.com. All devices used to access data are password-protected, encrypted, protected with anti-virus software, and require multi-factor authentication (MFA). Backups are encrypted and stored securely. 

Data Retention 

We retain personal data according to the following schedule: 

Data Type Retention Period Deletion Method 
Children’s records 4 years after leaving programme Secure deletion/ anonymisation 
Video footage (online lessons) Programme duration + 6 months Secure deletion 
Volunteers’ records 4 years after last session Secure deletion/ anonymisation 
Gift Aid records 7 years Secure deletion 
Job/volunteer applications 6 month post-process Secure deletion 

Direct Marketing 

We may contact you by email or SMS about our work and ways to support us using the ‘soft opt-in’ provision under the Privacy and Electronic Communications Regulations as amended by the Data (Use and Access) Act 2025. You can opt out at any time. 

Cookies and Tracking Technologies 

We use cookies and similar technologies to improve our website, understand visitor behaviour, and deliver relevant advertising. Some cookies are strictly necessary, while others require your consent. You can manage your cookie preferences at any time. 

Who We Share Your Data With 

We never sell your data. We share information only when necessary with: 

  • Schools/referral partners – for programme delivery and safeguarding. 
  • Volunteer partner organisations – for volunteer management and safeguarding. 
  • Funders/supporters – for reporting impact; and with consent share information including photos when they sign a Term and Condition Agreement for the use of the information. 

We may also share data without consent where there is a safeguarding or legal obligation. 

Your Data Protection Rights 

You have the right to access, rectify, erase, restrict, object, and port your data. Requests will be responded to within one month, with possible extensions if complex. 

How to complain about the way we handle your data 

If you would like more information, a request or wish to raise a concern about the way we have handled your data email our Data Protection Officer at admin@literacypirates.org or calling 020 3227 1777. 

You can also have the right to raise concerns to the Information Commissioner’s Office on 0303 123 1113 or at https://www.ico.org.uk  

Scroll to Top