Privacy Policy


Data Orchard website privacy policy

01432 800523 Mon-Fri 9am-5pm

We respect your privacy and are committed to protecting your personal data. This policy explains how we manage the personal information of users of Data Orchard’s websites including the Data Maturity Self-Assessment Tool and the Data4Good Conference.

The websites, subdomain, and are owned by Data Orchard CIC (the data controller) and provide visitors with anonymous access. You can access and browse our website without disclosing your personal data. However, our site requires registration for certain services for which you will be required to provide personal data.

Personal data

Personal data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. You can find out more about personal data from the Information Commissioners Office. We may collect, use, store and transfer different kinds of personal data about you as follows:

  • If you subscribe to our mailing list: We add your email address, name, job title, organisation and organisation’s postcode to Data Orchard’s newsletter mailing list, which is managed via Mailchimp. Note that Mailchimp may transfer personal data outside the European Union (EU), in compliance with EU data protection laws. You can read more, or contact Mailchimp with questions or concerns about this.

  • If you set up an account to use our data maturity self-assessment tools: We collect your name and email address, job title, and the name of the organisation you work for. These are stored on Amazon servers hosted in the EU.

  • If you make a donation: Your name, payment and security details are held by the payment processor (Paypal). Your name, email address, postal address (the billing address of your card and/or your home address — if applicable — to claim Gift Aid), the last few digits of your card or bank account number, and the donation amount are then made available to us. We do not use this data for purposes other than processing your donation, and company accounting — which may involve sharing data with our accountant or HMRC.

  • If you contact us via email: Your email address, message, and phone number if you’ve requested a call, will be accessible to our small team of support staff and may be forwarded to the person or people in the organisation best equipped to respond. We adhere to strict internal privacy policies which comply with the 2018 Data Protection Act including GDPR.

  • If you sign up to our events: Your name, email address, job title/role, organisation, address, and event preferences (different for each event, but including eg dietary requirements, session ideas or preferences, consent to be photographed and name put on public guest list, newsletter preferences, attendance preferences, accessibility needs etc) will be collected via Tito, based in Ireland with all data stored in the EU.

  • If you register interest to sponsor or exhibit at our events: Your name, job title, organisation, email address, phone number and additional information you provide will be forwarded to the person handling these enquiries.

  • If you take part in any Data Orchard online research or consultations via our website we may use Google Forms or Survey Monkey to collect personal data. The purposes for these will be specified in the context of the individual survey or consultation concerned.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

We do not collect or use personal data for any purpose other than those indicated at the time your personal data is volunteered and we will not use your personal information for new purposes without first asking you for your consent for your personal data to be used for these purposes.

If you fail to provide personal data

Where we need to collect your personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to provide you with goods or services. In this case, we may have to cancel a product or service you have with us. We will notify you if this is the case at the time.


Data Orchard CIC uses ‘cookies’ on its websites. A cookie is a small data file that sent by a website and stored by your browser. When you visit Data Orchard’s website, your browser checks to see if it has any cookies for it and sends the information contained in those cookies back to the site. We use cookies for:

  • Authentication – to identify and recognise you when you visit and revisit our websites and as you navigate our sites.

  • Status – to determine whether you are logged into our website.

  • Security – to protect user accounts, including fraudulent use of login credentials and to protect our websites and services generally.

  • Analysis – to monitor and statistically analyse our audience reach and usage patterns to optimise the site functionality.

  • Storing preferences – in relation to the use of cookies more generally and to allow us to customise our site according to your individual preferences.

Cookies are not used to collect personally identifiable data about you. If you wish to restrict or block the cookies which are set by our websites or any other this can be done through your browser settings. However, this may mean you are unable to access certain services on our site. The help function in your browser should give you this information or alternatively visit for information on how to do this. Here you will also find information about how to delete cookies from your computer as well as more general information about cookies.

Third party cookies

Our websites may include content embedded from other sites and services such as Twitter, LinkedIn, Facebook, PayPal, Tito, GSuite and Survey Monkey; these sites may set additional cookies but we do not pass any personally identifiable information to these services. We do not take responsibility for third party cookies.

Google Analytics

We use Google Analytics to analyse the use of our websites. Google Analytics sets a cookie in order to collect anonymous usage and visitor behaviour information – this includes IP address, operating system, browser type and pages visited. We use this to track how our website is used, measure our site’s effectiveness, and improve our content and user experience.

Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using Data Orchard’s websites, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

You can reject this cookie and information on how to do this can be found at

How we use your information

We collect information about you to answer queries and/or provide services. We use information collected from your visits to our website to personalise your future visits and improve the experience we provide to our online users. For example, information like the browser and device you are using helps us to maintain usable and accessible websites for all our audiences.

We also use your information to help us develop products and services that our client sectors need and to monitor geographic diversity of our service reach. Where we have a lawful basis and permission to contact you, we may use it to send you relevant and timely information about the help and support that we offer.

Legal basis of processing

Data protection laws, including the Data Protection Act (2018) and General Data Protection Regulation 2016/679 require us to have a legal justification to process your personal information. We use the following depending on the type of data and the type of processing: consent, legitimate interest, to fulfil a contractual obligation, and legal obligation.

Where we store your information

Online forms

Some of the forms on our websites are built using platforms hosted in the US, so the information you provide to us may initially be stored there. The contracts we have with Mailchimp and Survey Monkey, ensure their practices comply with the EU data protection laws. You can read more about their policies here: Mailchimp privacy; Survey Monkey privacy.

Data maturity self assessment accounts

Personal data provided through setting up Data Maturity Self-Assessment Accounts are stored on Amazon servers hosted in the EU.

Security and encryption

Data Orchard takes appropriate measures to ensure we keep your information secure, accurate and up to date. We also take care to ensure that we have secure systems for processing payments through our payment services provider. We primarily store personal data, using encryption, on a Box secure cloud storage system in the EU with managed access controls. We may also share some data with suppliers where they are contracted to support us deliver services using Google’s G Suite. Please read Google’s G Suite Privacy policy, the data, which may be collected through Google forms, is not owned by Google and they thus will not share it with third parties or use it for advertising.

We take great care to ensure that our websites operate at the highest security levels, using industry standard secure server software (SSL) and that our suppliers are committed to best practice in digital security. All financial data is encrypted in transmission. However, the security of data transmission via the Internet can never be 100% guaranteed, and the data transmission is at your own risk.

We have implemented security policies, rules and technical measures to protect the personal data that we have under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. All our employees and data processors, who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of our visitors’ personal data.

We ensure that your personal data will not be disclosed to other institutions and authorities except if required by law or other regulation or unless we have already sought your consent.

Retention periods

In all cases listed above, we retain your personal data until it is no longer needed for the purposes it was collected or until such a time as you unsubscribe or ask us to remove your details.

If you contact Data Orchard via our contact form, we reserve the right to keep your message indefinitely. This is to aid continuity and so that we can view any historic context which may have bearing on subsequent support mail, even if members of the support staff change. Support staff adhere to strict internal privacy and security policies.

We are obliged to keep records relating to financial transactions for at least six years following the end of the accounting period in which the transaction took place. We destroy our records after this point; if you require information on payment processors’ policies, please contact them directly.

If you require further information on retention policies for event bookings via Tito, the platform we subscribe to please visit Tito’s site. We keep records of attendees at our events for the purposes of an audit trail and to keep track of who has attended, sponsored, or exhibited at previous events.

Sharing your information with other organisations

Data Orchard will not sell your information to any third party. We may share your information with third parties where we have a legal duty to do so, to provide you with a service you have asked for, or where you have given explicit permission for us to do so. For example we use third party suppliers to support: our marketing and communications for events and e-newsletter; processing of financial transactions and accounting; and for developing and hosting our data maturity self-assessment services. We have contracts in place with all third party suppliers to ensure they are obligated to treat our customers’ personal data in compliance with the Data Protection Act 2018 and ensure privacy, confidentiality, and non-disclosure to any other parties.

If Data Orchard is acquired by a third party, personal data held by Data Orchard will be one of the transferred assets. Any personal data that is transferred to a new owner or newly controlling party will, under the terms of this privacy policy, only be permitted to be used for the same purposes for which it was originally collected by us.

Your rights

Your right to access

You may contact us at any time to ask to see what personal data we hold about you. Please contact us to request this. Although we may require you to provide proof of your identity in advance, we will aim to respond to your request within two weeks and we will provide the information without any charge. We will also allow you to challenge the data that we hold about you and, where appropriate, you may have the data erased, rectified, amended, or completed.

Your right to erasure

You may request that we destroy the personal data that we hold about you, provided that there is no legitimate reason for us continuing to hold it, that is to say if it does not relate to financial transactions or is unlikely to be of any legal or practical purpose in the future. Please contact us to request this.

How to unsubscribe from the newsletter

Every newsletter contains a quick and easy unsubscribe link in its footer. When you unsubscribe from a newsletter managed via Mailchimp, your details remain on the list of past recipients. This is a measure to prevent circumstances such as a member of staff accidentally manually re-adding you. Mailchimp states: “As a compliance measure, subscribers who unsubscribe themselves can’t be deleted from your list.” However, provided you are still a subscriber at the point when you contact us, on request your details can be permanently removed from the list – please get in touch if you would like this to happen.

Your right to complain

If you believe that we have mishandled your data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can report a concern here (but do contact us first, so that we can try and help).

Privacy compliance

Our privacy policy is compliant with the following instruments:

  • Data Protection Act 2018 including the General Data Protection Regulations 2016/679

  • UK Privacy and Electronic Communications

Changes to our privacy policy

We keep our privacy policy under regular review and we will place any updates on this website. This privacy policy was last updated on 27th September 2019.

Contact us about our privacy policy

If you have an enquiry or concern about our privacy policy, please contact us at

Data Orchard CIC is registered with the Information Commissioner’s Office, registration reference: ZA045001

If you are not satisfied with our response to your concern you may wish to contact Information Commissioner’s Office (

Data Orchard CIC is a social enterprise registered as a community interest company and company limited by guarantee in England and Wales with Companies House. Our company number is 08674626 and our registered office at Lower House Business Park, Staunton-on-Wye, Hereford HR4 7LR.