Privacy Policy

1. Who we are and how to contact us

WolverhamptonInterchange operates the website wolverhamptoninterchange.co.uk and is the controller of the personal data processed through this site.

Contact for privacy matters: privacy@wolverhamptoninterchange.co.uk

Data Protection Officer (DPO): dpo@wolverhamptoninterchange.co.uk

We are based in the United Kingdom and primarily comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR). If you are located in the European Economic Area (EEA), we also comply with the EU GDPR where it applies.

2. Scope of this policy

This Privacy Policy explains what personal data we collect when you use our website, how and why we use it, the legal bases we rely on, how long we keep it, the rights you have, and how we keep it secure. It covers data collected through our website, forms, email communications and cookies/analytics. It does not cover the privacy practices of third-party websites or services that we do not control.

3. Personal data we collect

3.1 Data you provide to us

  • Contact details: name, email address, telephone number, and the content of your messages when you contact us or request information.
  • Newsletter or updates: name and email address when you subscribe to updates or alerts.
  • Event or service enquiries: details relevant to your enquiry or booking request (if applicable), such as preferred dates, accessibility needs or organisation name.
  • Feedback and surveys: your opinions, ratings, and any information you choose to include.
  • Job or volunteer interest: curriculum vitae/resumé and application details if you submit them through the site.

3.2 Data we collect automatically

  • Technical data: IP address, device identifiers, browser type and version, operating system, time zone, and approximate location derived from your IP address.
  • Usage data: pages visited, time spent, navigation paths, referral source, and interactions (such as clicks and scrolls).
  • Cookies and similar technologies: identifiers and preferences set on your device. See section 6 for details.
  • Security and diagnostics data: logs and signals used to detect and prevent spam, fraud, and abuse.

3.3 Data from third parties

  • Analytics and measurement partners may provide aggregated or pseudonymous insights about how our site is used.
  • Public sources or partners may provide updates about service disruptions or events that we publish on our site.

We do not intentionally collect special category data (such as health or biometric data) through the website. Please avoid including sensitive information in free-text fields unless we specifically request it for a clear purpose.

4. Purposes and legal bases for processing

We process your personal data for the following purposes and under the following legal bases:

  • Providing and operating the website, responding to your enquiries and requests
    • Legal basis: Performance of a contract or taking steps at your request prior to entering into a contract; and/or our legitimate interests in operating an informative and accessible website.
  • Sending service updates and important notices (for example, operational changes or disruptions)
    • Legal basis: Legitimate interests in keeping users informed; or legal obligation where applicable.
  • Sending newsletters or marketing communications by email
    • Legal basis: Your consent; or our legitimate interests under the PECR “soft opt-in” where permitted for similar services to existing users who have not opted out.
  • Improving our site, services and user experience (analytics, testing, troubleshooting)
    • Legal basis: Legitimate interests in understanding and improving how the site is used; where required for non-essential cookies/analytics, your consent.
  • Ensuring security, preventing fraud and misuse, and protecting our rights
    • Legal basis: Legitimate interests in maintaining security and integrity; and/or legal obligation.
  • Complying with legal and regulatory requirements, and establishing, exercising or defending legal claims
    • Legal basis: Legal obligation; and legitimate interests in protecting our legal rights.

Where we rely on legitimate interests, we balance our interests against your rights and freedoms and take steps to minimise impacts (for example, by using pseudonymised or aggregated analytics where possible). Where we rely on consent, you can withdraw it at any time (see section 9).

5. What happens if you do not provide data

Where we need personal data to respond to a request or provide a service you have asked for, we may be unable to fulfil your request if you choose not to provide that data.

6. Cookies and similar technologies

Cookies are small files placed on your device to help the site function and to understand how it is used. We use:

  • Strictly necessary cookies: required for core functionality such as security, load balancing and accessibility.
  • Preference cookies: remember choices such as language or dismissals of notices.
  • Analytics cookies: help us understand site traffic and performance so we can improve the site.
  • Security/anti-spam tools: detect unusual activity to protect the site and users.

Non-essential cookies (such as analytics) are set only with your consent. You can accept or reject non-essential cookies via the cookie banner when you first visit and change your preferences at any time using the Cookie Settings link available in the website footer. You can also adjust your browser settings to block or delete cookies. Blocking some cookies may affect site functionality.

Cookie lifespans: strictly necessary and preference cookies typically last up to 12 months; analytics cookies typically last up to 13 months. Session cookies expire when you close your browser.

7. Data sharing and recipients

We do not sell your personal data. We share data only as necessary for the purposes described in this policy, with the following categories of recipients:

  • Service providers acting as processors, such as website hosting, cloud infrastructure, content delivery networks, email and newsletter platforms, analytics providers, security/anti-spam and maintenance providers.
  • Professional advisers (legal, compliance) where necessary to obtain advice or protect our rights.
  • Authorities and regulators where required by law or to protect safety, security, rights or property.
  • Successors in the event of a reorganisation, merger or transfer relating to our website services, in which case personal data would remain subject to this policy or a policy with equivalent protections.

When we engage processors, we require them by contract to use personal data only on our instructions, to keep it secure and to comply with applicable data protection laws.

8. International data transfers

Your data is primarily processed in the United Kingdom. If we transfer personal data outside the UK (or the EEA, where applicable), we will ensure appropriate safeguards are in place, such as:

  • Transfers to countries with UK adequacy regulations;
  • Using the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs);
  • Implementing supplementary measures where needed to ensure essentially equivalent protection.

You can obtain more information about international transfers and safeguards by contacting our DPO.

9. How long we keep your data

We keep personal data only for as long as necessary for the purposes set out in this policy, and to meet legal, accounting or reporting requirements. Typical retention periods are:

  • Enquiries and correspondence: up to 24 months after last contact.
  • Newsletter subscriptions: until you unsubscribe; suppression records to respect opt-outs are kept for up to 24 months after unsubscribe.
  • Event or service-related records (where a contract is formed): up to 6 years after completion to meet legal and tax obligations.
  • Website analytics data: up to 13 months in a form that identifies you; aggregated or anonymised analytics may be kept longer.
  • Security and server logs: up to 12 months, unless a longer period is needed to investigate incidents.
  • Job or volunteer applications: usually up to 12 months after the process ends unless we obtain your consent to keep details on file longer.

We may keep data for longer if necessary to establish, exercise or defend legal claims.

10. Your rights

Under the UK GDPR (and the EU GDPR where applicable), you have the following rights:

  • Access: request a copy of your personal data and information about how we process it.
  • Rectification: ask us to correct inaccurate or incomplete data.
  • Erasure: ask us to delete your data in certain circumstances.
  • Restriction: ask us to restrict processing in certain circumstances.
  • Portability: receive your data in a structured, commonly used, machine-readable format and ask us to transmit it to another controller where feasible.
  • Object: object to processing based on our legitimate interests, and to direct marketing at any time.
  • Withdraw consent: where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise your rights, contact our DPO at dpo@wolverhamptoninterchange.co.uk. We may need to verify your identity. We aim to respond within one month, or notify you if more time is needed for complex requests. You also have the right to lodge a complaint with the Information Commissioner’s Office. Postal address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Telephone: 0303 123 1113.

11. Data security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, secure configuration, vulnerability management and staff awareness. While no system is completely secure, we regularly review our safeguards to reduce risks of unauthorised access, disclosure, alteration or destruction.

12. Children’s privacy

Our website is not directed to children under 13, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact our DPO so we can take appropriate steps.

13. Automated decision-making

We do not use personal data to make decisions based solely on automated processing that produce legal or similarly significant effects for individuals.

14. Third-party websites and services

Our website may reference third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy information before providing personal data to them.

15. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. If we make material changes, we will take appropriate steps to inform you, for example by displaying a notice on the website. Please review this policy periodically.

Effective date: 6 December 2025

About The Editorial Team Terms of Service Legal Notice Privacy Policy Sitemap Contact
© 2025 WolverhamptonInterchange