GDPR and Data PRivacy Policy

1. Introduction

The Centre for Popular Education (C4PE), and The Rosa Luxemburg Stiftung Great Britian (RLS), within which the C4PE sits (“we”, “us”, “our”) are committed to protecting personal data and respecting the privacy of everyone we work with. This policy explains how we collect, use, store, and protect personal data in accordance with the UK General Data Protection Regulation (UKGDPR) and the Data Protection Act 2018.

This policy applies to: - Visitors to our website - People who sign up to our mailing list - Participants in our political education courses - Trade union contacts and representatives

2. Data Controller

RLS is the data controller for the personal data we process.

Contact details:
Email: emma.williams@rosalux.org
Address: Rosa-Luxemburg-Stiftung Great Britain, Pelican House, 144 Cambridge Heath Road, London E1 5QJ

3. What PersonalData We Collect

a) Mailing List Sign‑Ups

We may collect: -Name - Email address - Trade union affiliation (optional) – Role held withinunion (optional) – Areas of interest

b) Course Participants

When someone registers for or takes part in our courses, we may collect: - Name - Email address - Phone number (if required for course administration) - Trade union and role – Educational attainment level - Accessibility or dietary requirements (where relevant) - Feedback and evaluation responses

We do not intentionally collect sensitive personal data unless it is necessary (e.g. accessibility requirements), and we handle such data with additional care.

4. Special Category Data

Some information (for example, trade union membership oraccessibility needs) may be considered special category data under UK GDPR.

We only collect this data: - Where it is necessary for delivering our courses or events, and - With your explicit consent, or where permitted by law for not‑for‑profit organisations with a political or trade union purpose.

5. How We Use Personal Data

We use personal data to: - Administer and deliver courses and events- Communicate with participants about their courses - Send newsletters and updates about our work - Improve our courses and services - Meet legal or regulatory obligations

We will not use personal data for purposes that are incompatible with these aims.

6. Lawful Bases forProcessing

Under UK GDPR, our lawful bases include:

·        Consent – for mailing list subscriptions and optional communications

·        Contract – to administer course participation

·        Legitimate interests – for organisational communications with trade unions and participants, where this does not override individual rights

·        Legal obligation – where required by law

7. Marketing andNewsletters

We send newsletters and updates only to people who have: - Actively signed up via our website, or - Explicitly agreed to receive communications when registering for a course

All newsletters: - Clearly identify us as the sender - Explain why the recipient is receiving the email - Include a clear unsubscribe link

You can opt out of communications at any time.

8. Data Sharing

We do not sell personal data.

Wemay share data with: - Trusted service providers (e.g. email platforms,course administration tools) - Trainers or facilitators, where necessary forcourse delivery

Allthird parties are required to handle data securely and lawfully.

9. Data Retention

We only keep personal data for as long as necessary: - Mailing list data: until you unsubscribe - Course participant data: typically up to 10 years for reporting and evaluation - Financial or contractual records: as required by law

Data is securely deleted when no longer needed.

10. Your DataProtection Rights

Under UK GDPR, individuals have the right to: - Be informed about how their data is used - Access their personal data - Correct inaccurate o incomplete data - Request deletion of their data - Restrict or object to processing - Withdraw consent at any time - Data portability (where applicable)

To exercise these rights, contact us at emma.williams@rosalux.org

11. Complaints

If you are unhappy with how we handle your data, you can complain to us directly. You also have the right to complain to the Information Commissioner’s Office(ICO):

www.ico.org.uk

12. Data Security

We take appropriate technical and organisational measures to protect personal data, including: - Secure storage systems - Access controls - Staffand volunteer training

13. Policy Review

This policy will be reviewed regularly and updated as required.

Last updated: 17.12.2025

‍