Purpose
Uplift Ventures CIC collects and uses personal data to deliver community programmes, training, events, and support. This policy explains how we handle personal information in a lawful, transparent, and secure way.

Our Principles
We follow the UK GDPR and Data Protection Act 2018. We commit to:
- Only collecting the information we genuinely need.
- Keeping data accurate and up to date.
- Storing it securely.
- Never selling personal data.
- Giving people control over their information.

What We Collect
Depending on the programme, we may collect:
- Names and contact details.
- Demographic information (age, postcode, etc.).
- Attendance data.
- Feedback forms.
- Photos and media consent.
- Digital skills assessments or course progress.

Lawful Bases for Processing
We rely on:
- Consent.
- Contract (where support is delivered to a registered participant).
- Legitimate interests (for community engagement.
- Legal obligation (for safeguarding or funder reporting).

How We Use Data
- To contact participants.
- To run training and events.
- To evaluate impact and improve our work.
- To report anonymised statistics to funders.
- To meet safeguarding responsibilities.

Data Sharing
We only share information when required for:
- Safeguarding concerns.
- Legal reporting.
- Funder monitoring (always anonymised).
- Partner organisations supporting programme delivery.
- We never sell personal information.

Data Security
- Password protected systems.
- Limited access based on job role.
- Staff and volunteers trained in GDPR and confidentiality.

Data Retention
We keep data only for as long as needed for programme delivery, legal obligations, or funder requirements. After this it is securely deleted.

Your Rights
Participants can request:
- A copy of their data.
- Corrections.
- Deletion (unless we must keep data for legal reasons).
- Withdrawal of consent.

Requests can be made by email to: hello@upliftventures.co.uk