Close this search box.

Data Protection / Privacy Policy

1. Introduction

This policy describes how Envision collects, uses and protects personal data we receive from young people, volunteers and individuals both internal and external to our charity, including through our website.

For the purposes of data protection law, Envision acts as both a data controller and a data processor depending upon the circumstance and source of the information.  In most cases, including our relationship with schools, we are the data controller.  This includes personal information collected through our website and data that we otherwise collect in relation to our programmes.  We may share the information with other persons as described below.

As a continuously improving independent charity Envision systematically collects data about our contacts, participants and organisations such as schools, in order to improve our services and measure our impact on our beneficiaries. Envision respects the confidentiality of all the individuals with whom we engage and this policy describes the way in which we process, analyse, archive and dispose of such data to ensure confidentiality and compliance with the General Data Protection Regulations (GDPR).

All Envision staff are trained on this policy and sign to confirm that they agree to comply with it.

We have a legal duty to protect any personal information we collect from you. All personal data is processed in accordance with the Data Protection Act.

By visiting and continuing to use our website you are consenting to the practices described in this policy.

2. What information Envision may collect about you and how we use it

A. Programme delivery

Young people

As part of their partnership agreement with Envision, schools provide us with the following information on all participants:  name, gender identity, ethnicity, FSM/PP eligibility, 16-19 bursary eligibility (KS5 only), FSM Ever6 eligibility (KS5 only) and GCSE retakes (KS5 only). We also collect information on participants that have special educational needs and/or disabilities (SEND), whether they are a Young Carer, whether English is an Additional Language (EAL), low levels of confidence or self-esteem, information on adjustments needed, the participants school email address, any allergy or dietary requirements and parental history of higher education. 

Throughout the programme we collect attendance data and information necessary for us to evaluate impact and to administer the programme, such as participant self-evaluation surveys and qualitative surveys.

We use this information to:

  • Ensure we are working with the participants who need us most whilst keeping them safe. The quality and completeness of the information provided will support our facilitators to tailor and deliver the best experience for participants; particularly those with additional needs.
  • Collate information that we need from participants to assess performance for challenges and cross-school events.
  • Enable us to understand the relationship between activities and outcomes in order that we can continuously improve our impact.
  • Report our impact to donors and partners and evidence that we have fulfilled partnership and funding agreements.

Only Envision staff can identify the pupils by name and all data is anonymised for use in impact evaluation and reporting.

We will not disclose a young person’s personal information except for security, safeguarding or in an emergency (for example, for medical purposes); or where we are required to do so by law.

To support the welfare of a child or young person, we collect and record the nature of all safeguarding incidents that occur on our programme. These are then stored in a confidential folder on our server which is only accessible to the designated safeguarding leads at Envision.  These incidents are then reviewed and anonymised where appropriate on an annual basis.  As we work in delivery partnership with schools, in most cases we will inform the designated safeguarding lead at the school by email of the incident that has occurred. We will only share information on the young person and incident externally from the partnership if we are contacting a body or service to ensure the child/young person’s safety or welfare e.g. Social services or police.

If you are engaged in our programme and aged 16 or over, we will take you off school site for activities without a school member of staff. For this reason, we will ask you to provide us with details of person to contact in case of emergency.  We will also ask you for personal contact details (mobile and email) so that we can facilitate your participation in activities throughout the programme. With your consent we will use these contact details to remain in touch after the programme. This is because we want to support you with future opportunities for continued social action and news about Envision. We also want to understand what our alumni go on to do.  You can give or withdraw your consent at any time. We will never sell your personal information to third party marketing agencies.

With your permission (or if you are aged under 16, the permission of your parent or guardian) we may also store photos and video footage of you which we have collected during the programme. These will only be used to help us promote Envision’s work.

Envision’s work.

Volunteer mentors

We collect the following information from volunteer mentors: name, gender identity, ethnicity and email address. We also collect whether they were FSM/PP eligible, took GCSE retakes, were Young Carers, have Special Education Needs and/or Disabilities (SEND), whether English is an Additional Language (EAL) and their parental history of higher education whilst they were at school.     

We use aggregate information for reporting and evaluation purposes, but this will not include personal data; for example, we create statistics and related graphs to show the level of ethnic diversity and age across our volunteer mentors through figures and do not include names.

With your permission, we would also use these details to contact you about Envision’s work and other opportunities to support young people.  We gather stories, quotes, photos and videos from your volunteering and may use these to promote Envision’s website, social media platforms and marketing materials.

You can withdraw your consent at any time, and we will not sell your personal details to third party agencies.


We collect information for the purposes of contacting and keeping track of applicants, and for equal opportunities monitoring within Envision. We will not sell your personal details to third party agencies.

If an applicant is successful, the information will be used for personnel records and payroll and other payment purposes which will be processed both manually and automatically.

We will retain personal and sensitive information about their health and well-being and their progress throughout their employment. We will also retain appraisal notes and observation records.  We follow the ICO retention and disposal timelines for all our personnel records (please see the ICO’s website for more details).

We gather stories, quotes, photos and video footage recording employees’ experiences and may use this to communicate our work.


Envision will use your data to apply for DBS checks where necessary in line with our safeguarding policy.  Where a DBS check is required, we will ask you to apply online to our third party DBS check provider, First Advantage and this will require you to share your personal details with First Advantage and, subsequently, DBS.  We will also be required to see original identification documentation to verify that DBS check application. Your personal data supplied for the purpose of this application will be kept for as long as necessary. Once the checks are submitted or you are unsuccessful in gaining a place on the programme, we will delete scans/shred paper copies of documentation that you provided for the purpose of your DBS application.

B. Donor relations

Envision collects details about corporate, trust and institutional funders, individual donors, and prospective supporters. We also record contact details of key contacts at our current funders and prospective funders’ organisations under legitimate interest (name, email address, organisation, and job title) to support with the stewardship of our partners and new business funding requests.

When making an individual donation, contacts’ details (name, address, email address, telephone number), and information about the amount donated is collected. We use this information to process donations and to collect Gift Aid on donations.

With your consent we use your details to keep you informed about our work, the difference we are making and opportunities to continue to support us such as attending events or giving donations to future projects. You can withdraw your consent at any time, and we will never sell your details to third party agencies.


C. Promotion and marketing

To sustain our services Envision needs to inform stakeholders, members of the public, political figures, potential funders, and recruits about our mission and how they can support with growth and impact of the programme. It is essential that we collect contact details and personal information about those who interact with us, or may wish to, to increase Envision’s communication reach.

You are in control of how your information is used for marketing. We will ask you for your consent before we send you any marketing messages about our products and services or share any marketing information about you. If you consent, we may send you information about opportunities to support young people for example by participating in events.  We will never sell this information to third parties.

3. How is data protected?

We will keep all personal data secure. Most of the data collected across departments is stored and safely protected (via password access) in Salesforce. Data may also be stored in Envision’s Microsoft Office 365 shared drive which is only accessible to Envision staff by role (via personal login and two step verification), and some folders/documents with particularly sensitive data will be password protected with restricted access to only the necessary members of relevant staff.

By locking computers when staff are away from their desks, especially if individuals are not on Envision premises, Envision reduces the risk of personal data being accessed by unauthorised individuals.

Our data servers are continuously monitored and underlying infrastructure is used to protect them from threats, including spam, malware, viruses and other forms of malicious code.

Where a physical document is required, the documents are stored in locked filing cabinets, and the data is shredded and destroyed as soon as it is no longer needed.

4. How long do we store data for?

Our approach is that we do not keep any information about individuals for longer than needed for reasonable operational need, legal, tax and accounting purposes.

Data auditing is also something that occurs periodically across the organisation. We may contact individuals to ask for updated details at regular intervals.

5. Sharing data with third parties

We may share your data with third parties who provide services on our behalf.

All our third-party service providers are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with out instructions.

We may also share your personal data with third parties if we are under a duty to disclose or share your personal data to comply with any legal obligation, or to protect the rights, property or safety of our site, our users, and others.

Where your data is shared with third parties, we will seek to share the minimum amount necessary.

6. How to access, correct or delete your information? (Your rights)

Data protection law allows you to request copies of personal information that we hold about you, to require inaccurate person information to be corrected and, in some circumstances, to object to our processing of your personal information. If you wish to exercise any of these rights, or if you have a query or complaint about this privacy policy or about the site, or to give or withdraw your consent to our use of your personal information to send you marketing communications, then you can get in touch with us (see below).

7. How Envision uses cookies?

On our website we use cookies to get information about how people use the site, such as which pages are the most popular. This helps us decide how to make the website useful and easy to use.  We do not use cookies to gather personal information about our website visitors.  We use Google Analytics and Google AdWords to get information about how website visitors use the website. This information is stored in cookies. The cookies send that information (including website visitors’ IP address) to Google, who stores it on servers in the United States.  Google uses that information to evaluate our website visitors use of the website, to produce reports on website activity for website operators and to provide other services relating to website activity and internet usage. Google may also send this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.  Google will not associate website visitors’ IP address with any other data held by Google.  By accepting cookies from this website, website visitors consent to Google processing data about their activity in the manner and for the purposes set out above.

Cookies on our website and how to reject them

Website visitors can block our cookies altogether by selecting the appropriate settings in their browser (visit for more information).  However, please remember that doing this may result in visitors not being able to use the full functionality of our website.

Third Party Cookies on our website

Please note that during visits to our website, visitors may notice some cookies that are not related to Envision or other parties mentioned in this document.  When visiting a page with embedded content (from, for example, YouTube or Vimeo), visitors may be presented with cookies from those websites. Envision does not control the setting of these cookies. Visitors should check the third-party websites for more information about these.

8. Data breach procedure

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, our Director of Finance & Resources should be notified immediately.   He will advise the CEO on the risk to people’s rights and freedoms and if appropriate report this breach to the relevant party/Information Commissioner’s Office (more information on the ICO website).

9. Data breach procedure

We reserve the right to change our privacy policy without prior notice however we will endeavour to update this page as regularly as feasibly possible. We therefore urge you to review this statement from time to time to ensure you are up to date with how we are using and protecting your information.

10. Contact us

Please contact us if you have any questions about information we hold about you or about this Policy:

  • Send an email to
  • Write to us at FAO: Director of Finance & Resources, Canopi Borough, 7-14 Great Dover Street, London SE1 4YR.

Updated: April 2024

Interested in the Envision programme