Introduction
Women’s Inclusive Team (WIT) is committed to protecting the privacy and personal data of individuals we work with. This policy explains what personal data we collect, why we collect it, how we use it, how we protect it, and your rights in relation to your data. It applies to all WIT projects and services for children, young people and adults.
What personal data do we collect?
We collect personal data to deliver our services effectively and in compliance with legal requirements. This may include:
- Personal details: name, date of birth, gender, contact details (address, phone, email), emergency contact information.
- Identity and eligibility information: national insurance number or equivalent, safeguarding risk factors, legal guardianship or parental responsibility where applicable.
- Family and household information: household composition, carers, dependents, children’s names and dates of birth.
- Health and wellbeing: medical conditions, disabilities, special educational or care needs, mental health information (where relevant to care).
- Education and employment: school/college details, qualifications, occupation, income/benefits information.
- Financial information: banking details for payments, direct debits, funding or bursary eligibility. Communications: notes from meetings, correspondence, complaints and feedback.
- Data generated by services: activity logs, assessments, progress reports, attendance, safeguarding records, photos and videos (with consent).
- Digital data: IP address, device identifiers, and other technical data collected when using our online services and forms.
How we collect your data?
- Directly from you: via registration forms, consent forms, surveys, emails, and in-person meetings.
- From referrals, health and social care professionals, schools and partner organisations.
- Automatically: when you interact with our digital services (e.g., online forms, secure portals), we may collect device and usage data.
Why we collect this information and our lawful basis
We process personal data to fulfil contractual obligations, provide and improve services, comply with legal duties, and protect the vital interests of individuals. Our legal bases include:
- Consent (where required and revocable).
- Contractual necessity to provide services.
- Legal obligations (safeguarding, reporting requirements, data sharing with statutory bodies).
- Public task (delivering community services and public-interest activities).
- Legitimate interests (improving services, safeguarding, ensuring safety and welfare).
How we use your data
We use your data to:
- Deliver and manage services for children, young people and adults.
- Safeguard and promote welfare.
- Assess and address health, educational or welfare needs.
- Communicate about services, updates, appointments, and information relevant to you.
- Process payments, funding and procurement.
- Prepare reports for funders and regulators in line with contractual obligations.
- Monitor, audit and improve service quality and safety.
- Maintain records for legal and regulatory compliance, including safeguarding and child protection.
- Share data securely with authorised partners where necessary to deliver the service (see “Who we share your data with” below).
Data sharing
We may share your data with:
- Health, social care and education authorities, and safeguarding partners as required by law. Funding bodies, commissioners, and other programme partners.
- Service providers and software suppliers who support our operations (e.g., secure portals, CRM systems).
- Insurers and legal advisers, as needed.
- Professional advisors or auditors for compliance and safeguarding reviews.
We will not sell or rent your data. We will only share data as necessary and with appropriate safeguards (e.g., data processing agreements, DP assurances).
Data security
We implement appropriate technical and organisational measures to protect personal data from unauthorised access, loss, or damage, including:
- Access controls and role-based permissions.
- Encryption for data in transit and at rest where feasible.
- Secure storage of physical records in locked, access-controlled spaces.
- Secure disposal of data when no longer required.
- Regular staff training on data protection and safeguarding.
Data retention
We retain personal data for as long as necessary to provide services, comply with legal obligations, and fulfil safeguarding duties. Specific retention periods depend on the service and legal requirements. When data is no longer needed, we securely delete, archive it or anonymise it.
Your rights
You have rights regarding your personal data, including:
- Right to access and obtain a copy of your data.
- Right to rectify inaccurate data.
- Right to erasure and to restrict processing.
- Right to data portability.
- Right to object to processing (in certain circumstances).
- Right to withdraw consent (where consent is the basis of processing).
- Right to lodge a complaint with the Information Commissioner’s Office (ICO).
To exercise these rights or if you have questions, please contact our Data Protection Lead.
Email: contact@wit.org.uk
Data Protection Lead: Sahra Mire
Changes to this policy
We will review this policy regularly and update it as required. You will be notified of material changes.
Data Complaints
If you have concerns about how we handle your personal data, please contact us in the first instance by writing to our Board of Trustees at Trustees@wit.org.uk
If you remain dissatisfied, you may complain to the ICO: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. www.ico.org.uk