Privacy Policy

1. Information We Collect

2. How We Use Your Information

We use your personal information for the following purposes:

• To respond to your inquiries and provide requested services
• To process bookings for tours, workshops, and consultations
• To send educational resources and updates about our heritage preservation work
• To improve our website functionality and user experience
• To analyze usage patterns and optimize our services
• To comply with legal obligations and protect our rights
• To fulfill our mission as a Community Interest Company

3. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent for specific purposes
• Contract: To fulfill our contractual obligations when you book services
• Legitimate Interests: To operate our C.I.C. and improve our services
• Legal Obligation: To comply with legal and regulatory requirements

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

• Service Providers: Trusted third parties who assist with website hosting, email services, and analytics
• Partners: Heritage organizations, universities, or educational institutions when relevant to our mission
• Legal Authorities: When required by law or to protect our rights and safety
• Community Interest: Anonymized data for public reports on our social impact

All third parties are required to maintain appropriate data protection standards.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These include:

• SSL/TLS encryption for data transmission
• Secure data storage with access controls
• Regular security assessments and updates
• Staff training on data protection practices
• Incident response procedures

6. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, please contact us at privacy@heritagedynamic.org

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Typically:

• Contact inquiries: 2 years from last contact
• Booking records: 7 years (for legal and financial compliance)
• Marketing consent: Until you withdraw consent
• Website analytics: 26 months

8. International Data Transfers

Your data is primarily stored and processed within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

9. Children's Privacy

Our website is not directed at children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting a notice on our website or via email. Your continued use of our services constitutes acceptance of the updated policy.