1.1 Data protection principles

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We ensure that all personal data is:

• processed lawfully, fairly, and transparently
• collected for specified and legitimate purposes
• limited to what is necessary for service delivery
• accurate and kept up to date where appropriate
• stored securely
• retained only for as long as necessary

1.2 Information we collect

We may collect limited personal information to:

• respond to enquiries or return calls (where requested)
• provide requested information or resources
• monitor service quality and user satisfaction

Service users may choose to remain anonymous when contacting us.

1.3 Data storage and security

All personal information is stored securely on protected electronic systems. Any paper records are securely destroyed when no longer required (e.g. via confidential shredding).

Access to data is restricted to authorised personnel only.

1.4 Telephone and communication privacy

Our telephone systems are designed not to display caller numbers unless voluntarily provided. If a caller withholds their number or blocks anonymous calls, we may be unable to return contact.

Emails and voicemail messages are securely stored and only forwarded internally where necessary to respond to the enquiry.

1.5 Retention of data

Personal data related to contact with the service may be retained for up to 24 months for:

• service evaluation
• training purposes
• monitoring and improving service delivery

After this period, data is securely deleted or anonymised.

1.6 Anonymised data

We may use anonymised and aggregated data for:

• reporting
• service monitoring
• internal evaluation

This data does not identify individuals.