Privacy Policy for Avanti CIC

Privacy Policy for Avanti CIC

At Avanti CIC (“we”, “our”, “us”), we are committed to protecting your privacy and respecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

1. Who We Are

Avanti CIC is a Community Interest Company registered in England & Wales (Company No. 11133822).

Registered address:
The Vestry Hall
London Road
CR4 3UD

Website: https://www.avanticic.co.uk

Data Protection Officer (DPO):
Marcella Meloni — marcella.meloni@avanticic.co.uk

2. The Information We Collect

We collect personal data in the following ways:

• Contact and registration forms – including names, contact details, and information required to deliver our services. Some forms may collect special category data (such as health information, age, gender, or ethnicity) where relevant to the services requested.
• Newsletter sign-ups – name and email address.
• Account registration and logins – for users accessing certain services.
• Website analytics – we use Google Analytics (with IP anonymisation enabled) to understand how visitors use our site.

We do not store payment card or banking details on our website.

Special category data
Where we collect special category (sensitive) data such as health information, we process it only with your explicit consent or where it is necessary to provide health or social care services to you.

3. Cookies and Tracking

Our website uses:

• Session cookies to ensure the site works correctly for logged-in users and forms.
• Google Analytics cookies to monitor website performance.
• Embedded YouTube videos in privacy-enhanced mode, which prevents tracking cookies being set until you play a video.

You can control cookies through your browser settings.

4. How We Use Your Data

We process your data for:

• Service delivery – to respond to enquiries, register referrals, and provide the services you request. (Legal basis: contract)
• Legal or contractual obligations – e.g. safeguarding and regulatory reporting. (Legal basis: legal obligation)
• Communications – sending newsletters, updates, or important information when you have given consent. (Legal basis: consent)
• Improving our services and managing our relationships (Legal basis: legitimate interests)

5. How We Store and Protect Your Data

• All personally identifiable data is stored securely, either hashed or encrypted, with two-factor authentication for staff access.
• Website and browser communication is protected by SSL encryption.
• As of late 2025, personal data will no longer be stored on the website. Instead, it is sent directly to our secure CRM (Zoho CRM).
• Historical data (prior to the change above) stored in the website database (up to 3 months) is routinely deleted.

6. Sharing of Data

We only share your data with:

• Zoho CRM, which we use to manage registrations and mailing lists.
• Regulatory bodies where we are legally required to do so (e.g. safeguarding or compliance reporting).

We do not sell or share personal data with third parties for marketing.

International transfers
Where data is transferred outside the UK (e.g. by Google Analytics), we ensure appropriate safeguards are in place such as the UK–US Data Bridge or Standard Contractual Clauses.

7. How Long We Keep Your Data

• Service users: data is retained for up to 7 years to meet regulatory and contractual obligations.
• Other contacts: data may be deleted sooner if it is no longer needed.
• Email subscribers: data is kept until you unsubscribe, which you can do at any time via the link in each email.

8. Your Rights

You have the right to:

• Access a copy of the personal data we hold about you.
• Request corrections or updates to your data.
• Withdraw consent or object to processing.
• Request deletion (“right to be forgotten”) where legally possible.

We will respond to rights requests within one month and may ask for proof of identity before releasing personal data.

To exercise your rights, contact our DPO, Marcella Meloni, at marcella.meloni@avanticic.co.uk.

9. Children’s Data

Our services are not primarily aimed at children under 18, but where we collect data relating to young people, we take extra care to ensure that consent is appropriately obtained (e.g. from parents/guardians where required).

10. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on this page.

11. How to Complain

If you are unhappy with how we process your data, please contact us first so we can address your concerns.
If you are not satisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
https://ico.org.uk/make-a-complaint/