Privacy policy.

Last updated: 4 May 2025

Why this policy exists

We believe that trust and transparency are essential when we Engage, Nurture and Develop young people (and everyone else who connects with us). The UK GDPR and Data Protection Act 2018 say we must tell you:

  1. What personal information we collect.

  2. Why and how we use it.

  3. Your rights and our responsibilities.

This policy covers all people who interact with ENDZ Group CIC (“we”, “us”, “our”) – whether you’re visiting our website, signing up for updates, joining a programme, applying for a role or volunteering. Read it once, keep it handy, and ask us if anything isn’t clear.

1. Who we are & how to contact us

ENDZ Group CIC – a youth‑led social enterprise based in Greenwich, London.
Email: talk@endz.uk
Phone: 020 8129 2143
(We’ll always get back within five working days.)

2. The information we collect (and what for)

Below are the main types of personal information we may hold and why we need them. We keep each piece of information only if – and for as long as – it truly serves the purpose described.

  • Contact details (name, email, phone, postal address) – so we can send the info you ask for, reply to queries, or deliver resources and updates.

  • Date of birth / age range – to tailor activities safely, check eligibility requirements, and make sure communications are age‑appropriate.

  • Equality & diversity details (optional) – to ensure our services are inclusive and to report anonymised statistics to funders.

  • Programme data (attendance, progress notes, feedback) – to run sessions smoothly, improve support, and evidence our impact.

  • Application information (CVs, cover letters, references) – to assess job, placement or volunteer applications fairly and transparently.

  • Emergency contact details – to keep participants safe during in‑person or live‑online activities.

  • Donation & payment information – to process payments securely, claim Gift Aid where relevant, and meet our finance and audit duties.

  • Device & usage data (IP address, cookie ID, browser type, on‑screen actions) – to keep the website secure, fix technical issues, and see which pages people find useful.

  • Photos, video or creative work – to celebrate achievements, promote our mission, and record our story (only ever with appropriate consent).

  • Questions, complaints or survey responses – to answer you, learn from your experience, and continually improve.

We only ask for sensitive information (for example health or access needs) when it is absolutely necessary to support you, and we keep it extra‑secure.

3. Our legal reasons (lawful bases)

Under UK GDPR we must have a valid reason each time we use personal data.

a) Consent

When you actively agree.
Examples: signing up to our newsletter; letting us use your photo.

b) Contract

When we have promised to deliver something.
Examples: enrolling you on a programme, issuing a volunteering agreement, processing an online order.

c) Legitimate interests

When the benefit to you / us is greater than any low privacy risk. We always balance interests and provide opt‑outs.

Our legitimate interests include:

  1. Service delivery & referrals – We need basic data to manage sessions, track engagement and connect individuals to trusted third‑party support.

  2. Donations & fundraising management – Processing supporter details enables us to raise funds that keep services free or low‑cost.

  3. Updates & community news – Sharing relevant information with people already involved helps everyone stay informed; messages always include an unsubscribe link.

  4. Impact research & archiving – Analysing anonymised or minimal data lets us evidence change and design better projects.

  5. Handling queries, complaints & claims – Keeping records ensures fair, timely resolutions and accountability.

d) Legal obligation / vital interests

We may retain or share data if the law requires it (e.g. safeguarding, finance rules) or if someone’s life is at risk.

4. How we keep data safe

  • Locks and passwords on every system

  • Encryption for payments and sensitive info

  • Access limited to trained staff & volunteers who need it

  • Regular reviews and audits of security measures

5. How long we keep data

We keep personal info only as long as necessary for the purpose we collected it, or as long as the law requires (for example seven years for financial records). When it’s no longer needed we delete it or turn it into anonymous statistics.

6. Sharing & transferring data

We never sell or swap your information. We only share it with:

  • Service partners (trainers, venue hosts, tech providers) who help deliver our work and must keep data confidential.

  • Payment processors & banks to handle donations or reimbursements securely.

  • Funders & auditors who need anonymised evidence of our impact.

  • Legal, safeguarding or emergency bodies if required to protect someone or obey the law.

Some cloud services store data outside the UK. Where that happens we rely on contracts or frameworks that give your data equivalent protection.

7. Cookies & similar tech

Cookies are tiny files saved on your device. We use them to:

  • remember your preferences;

  • keep the site secure; and

  • see which pages get the most visits. You can block non‑essential cookies in your browser settings any time.

8. Your rights

You can:

  1. Access – ask for a copy of your data.

  2. Correct – fix something wrong.

  3. Erase – request deletion (sometimes we must keep limited records, e.g. finance).

  4. Restrict or object – pause or stop certain uses.

  5. Port – move your data to another service.

  6. Withdraw consent – at any time when consent is the basis.

Email talk@endz.uk and we’ll respond within one month.

9. Young people under 18

We design everything with young people in mind and use clear language. If you’re under 13 we’ll normally need your parent or guardian’s consent for things like photos or newsletters.

10. Complaints

Start with us – email talk@endz.uk and we’ll do our best to resolve things. If you’re still unhappy, you can contact the UK Information Commissioner’s Office (ICO): ico.org.uk or 0303 123 1113.

11. Updates to this policy

We review this policy regularly. Big changes will be flagged on our website or emailed to people directly affected.

Thanks for reading. Together we can create a city where every young person – and everyone who supports them – feels connected, included and empowered.