Privacy & GDPR

This policy explains how DRose collects, uses, stores and protects personal data in line with UK data protection legislation. It ensures that all information is handled securely, lawfully and with respect for privacy and confidentiality.

Privacy & GDPR Policies

Please view the DRose Academy Website Privacy Policy by clicking the button.

Privacy Policy Statement

DRose is committed to protecting the privacy and security of personal data. This privacy policy outlines how we collect, use, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We use multiple online platforms, including Microsoft, Go High Level, Altitude AI, and 123 Reg, to deliver our services and interact with stakeholders.

Data Controller:

Sabrina Shadie is the data controller responsible for the personal data we process. Our contact details are:

- Address: 399 Silbury Boulevard, Central Milton Keynes, Buckinghamshire, MK9 2AH

- Email: [email protected]

Data Collection:

We collect personal data to provide our services effectively. The types of personal data we collect include:

- Contact Information: Name, email address, and phone number.

- Professional Information: Job title, company name, and industry.

- Usage Data: Information about how you use our services and interact with our platforms.

Purpose of Data Processing:

We process personal data for the following purposes:

- To provide and manage our services.

- To communicate with stakeholders and respond to inquiries.

- To improve our services and user experience.

- To comply with legal obligations.

Lawful Basis for Processing:

Our lawful bases for processing personal data include:

- Consent: Where you have given clear consent for us to process your personal data for a specific purpose.

- Contract: Where processing is necessary for the performance of a contract with you.

- Legal Obligation: Where processing is necessary to comply with a legal obligation.

- Legitimate Interests: Where processing is necessary for our legitimate interests, provided these are not overridden by your rights and interests.

Data Sharing:

We may share personal data with third parties, including:

- Service Providers: Such as Microsoft, Go High Level, Altitude AI, and 123 Reg, to facilitate our services.

- Legal Authorities: Where required by law or to protect our legal rights.

Data Security:

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. These measures include encryption, access controls, and regular security assessments.

Data Retention:

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations. Once data is no longer needed, we will securely delete or anonymise it.

Your Rights:

You have the following rights regarding your personal data:

- Access: The right to request access to your personal data.

- Rectification: The right to request correction of inaccurate or incomplete data.

- Erasure: The right to request deletion of your personal data.

- Restriction: The right to request restriction of processing.

- Objection: The right to object to processing based on legitimate interests.

- Data Portability: The right to request transfer of your data to another organisation.

Contact Us:

If you have any questions or concerns about this privacy policy or your personal data, please contact us at:

- Email: [email protected]

- Complete the Enquiries Form on our website

Review:

This policy will be reviewed annually and updated as necessary to ensure ongoing compliance with data protection legislation and best practices.

Next review – December 2026

GDPR Policy Statement

DRose is committed to protecting the privacy and security of personal data. We adhere to the principles of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ensuring that all personal data is handled ethically and transparently.

Objectives:

1. To comply with all relevant data protection legislation and guidance.

2. To ensure that personal data is processed lawfully, fairly, and transparently.

3. To protect the rights of individuals whose data we process.

4. To ensure our commitment to ethical practices and equitable stakeholder relationships.

Scope:

This policy applies to all personal data processed by DRose, including data related to our community members, contractors, associates, partners, and clients.

Key Principles:

1. Lawfulness, Fairness, and Transparency: Personal data will be processed lawfully, fairly, and in a transparent manner.

2. Purpose Limitation: Data will be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

3. Data Minimisation: Only data that is necessary for the purposes stated will be collected and processed.

4. Accuracy: We will ensure that personal data is accurate and, where necessary, kept up to date.

5. Storage Limitation: Data will be kept in a form that permits identification of data subjects for no longer than is necessary.

6. Integrity and Confidentiality: Personal data will be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

7. Accountability: We will be responsible for, and be able to demonstrate, compliance with these principles.

Implementation:

- Data Collection: We will collect personal data only for legitimate business purposes and ensure that individuals are informed about how their data will be used.

- Data Security: Appropriate technical and organisational measures will be implemented to protect personal data.

- Data Subject Rights: We will respect and facilitate the rights of data subjects, including the right to access, rectify, erase, restrict processing, and object to processing of their personal data.

- Data Breaches: Any data breaches will be reported promptly in accordance with legal requirements, and measures will be taken to mitigate any adverse effects.

- Training and Awareness: All contractors, associates, and partners will be made aware of this policy and their responsibilities under it.

Responsibility:

The management team at D’Rose is responsible for ensuring compliance with this policy. They will oversee the implementation and monitoring of data protection practices.

We recognise the trust of our community members, associates, contractors, affiliates and clients when sharing their data with us. Data provided is stored on our online platforms, further details can be provided on request.

D’Rose will never share data with external parties without explicit consent.

Review:

This policy will be reviewed annually and updated as necessary to ensure ongoing compliance with data protection legislation and best practices.

Next review – December 2026

Equality Data Policy Statement

DRose is committed to promoting equality and diversity in all our activities. We recognise the importance of collecting and using equality data ethically and transparently to support our commitment to the principles of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Public Sector Equality Duty.

Objectives:

1. To ensure that equality data is collected and used in compliance with data protection legislation.

2. To support the elimination of discrimination and the promotion of equality and diversity.

3. To use equality data to inform our practices and improve our services.

Scope:

This policy statement applies to all equality data collected and processed by D’Rose, including data related to our contractors, associates, partners, customers and clients.

Key Principles:

1. Lawfulness, Fairness, and Transparency: Equality data will be collected and processed lawfully, fairly, and in a transparent manner.

2. Purpose Limitation: Data will be collected for specified, explicit, and legitimate purposes related to promoting equality and diversity.

3. Data Minimisation: Only data that is necessary for the stated purposes will be collected and processed.

4. Accuracy: We will ensure that equality data is accurate and, where necessary, kept up to date.

5. Storage Limitation: Data will be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which it is processed.

6. Integrity and Confidentiality: Equality data will be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

7. Accountability: We will be responsible for, and be able to demonstrate, compliance with these principles.

Implementation:

- Data Collection: We will collect equality data only for legitimate purposes related to promoting equality and diversity. Individuals will be informed about how their data will be used.

- Data Security: Appropriate technical and organisational measures will be implemented to protect equality data.

- Data Subject Rights: We will respect and facilitate the rights of data subjects, including the right to access, rectify, erase, restrict processing, and object to processing of their equality data.

- Data Breaches: Any data breaches will be reported promptly in accordance with legal requirements, and measures will be taken to mitigate any adverse effects.

- Training and Awareness: All contractors, associates, and partners will be made aware of this policy and their responsibilities under it.

Responsibility:

The management team at D’Rose is responsible for ensuring compliance with this policy. They will oversee the implementation and monitoring of data protection and equality practices.

Review:

This policy will be reviewed annually and updated as necessary to ensure ongoing compliance with data protection legislation and best practices in equality and diversity.

Next review – December 2026

COMPANY

Copyright 2026 | DRose Academy