GDPR

LKF CIC UK is committed to protecting the privacy and security of your personal information. This policy explains how we collect, use, store, and protect your data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. LKF CIC UK is a registered Community Initiative Company under Companies House: 14478087.

  1. What Information We Collect? We may collect and process the following personal data:
  • Personal identifiers: Name, date of birth, gender.
  • Contact details: Address, email, phone number.
  • Education/employment details: CV, qualifications, apprenticeship/work experience records.
  • Sensitive data (special category): Health information or religious affiliation (only where necessary for safeguarding, programme delivery, or legal obligations).
  • Financial information: Bank details (for payroll, stipends, or donations).
  • Digital information: Website analytics, cookies, and communication records.

2. How We Use Your Information – We will only use your personal data where it is lawful and necessary, including:

  • Delivering apprenticeship, work experience, and community programmes.
  • Safeguarding and welfare purposes.
  • Processing donations and financial transactions.
  • Communicating updates about our services, events, or opportunities.
  • Meeting legal, regulatory, and safeguarding obligations.

3. Legal Basis for Processing – We process personal data under the following lawful bases:

  • Consent – where you have given clear permission.
  • Contract – where processing is necessary for an agreement (e.g., apprenticeship placement).
  • Legal obligation – where required by law (e.g., safeguarding, financial records).
  • Legitimate interests – where processing supports our mission without overriding your rights.

4. Data sharing – We may share personal data with:

  • Partner organisations (e.g., apprenticeship providers, employers) where necessary.
  • Regulators, funding bodies, or government agencies (only when legally required).
  • IT service providers that support our systems.

5. Data Storage and Security

  • Data is stored securely on encrypted systems and protected physical files.
  • Access is restricted to authorised staff/volunteers only.
  • Regular reviews and updates ensure compliance with GDPR standards.

6. Data Retention – We retain personal data only for as long as necessary:

  • Participant and apprentice records: up to 7 years (in line with safeguarding and funding requirements).
  • Financial records: 6 years (for HMRC compliance).
  • Marketing/communications: until you withdraw consent.

7. Yours rights under GDPR – You have the right to:

  • Access a copy of your data.
  • Request correction of inaccurate data.
  • Request deletion of your data (where lawful).
  • Restrict or object to processing.
  • Withdraw consent at any time (for communications/marketing).
  • Request data portability.

8. Cookie and Website Data – Our website may use cookies to improve user experience and gather anonymous analytics. You can manage or disable cookies via your browser settings.

9. Updates to this Policy – We may update this policy to remain compliant with GDPR and best practice. Please check our website for the latest version.

10. Complaints

If you have concerns about how we handle your data, please contact us directly. If unresolved, you can lodge a complaint with the Information Commissioner’s Office (ICO): 0303 123 1113 www.ico.org.uk