Privacy Policy
PRIVACY AND DATA PROTECTION POLICY
Policy Owner: Imagine How Ltd
Approved by: Vicky Mose - Founder
Last reviewed: 15.1.26
Next review due: 14.1.27
1. Purpose of this Policy
This Privacy and Data Protection Policy explains how Imagine How Ltd (“Imagine How”) collects, uses, stores and protects personal data. It reflects our commitment to handling information responsibly, transparently and respectfully, particularly in the context of menopause, workplace wellbeing and organisational culture where trust, sensitivity and psychological safety are fundamental.
Imagine How recognises its responsibilities under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 and is committed to complying with both the legal requirements and the underlying principles of good data governance.
2. Scope of the Policy
This policy applies to all personal data processed by Imagine How Ltd in the course of its work. This includes data collected through conferences, exhibitions and events, email communication, LinkedIn engagement, webinars, surveys, diagnostics, consultancy activity and ongoing client relationships.
The policy applies to the Director of Imagine How Ltd and to any associates, contractors or partners who may process personal data on our behalf.
3. Data Controller
Imagine How Ltd acts as a Data Controller for the personal data it processes. This means we determine the purposes for which personal data is processed and the means by which it is processed.
We take accountability for this role seriously and ensure that appropriate technical and organisational measures are in place to protect personal data and uphold the rights of individuals.
Organisation: Imagine How Ltd
Operating in: United Kingdom
Contact email: vicky@imaginehow.uk
ICO registration number: Not required to register
4. Data Protection Principles
All personal data processed by Imagine How is handled in accordance with the principles set out in UK GDPR. In practice, this means that we process personal data lawfully, fairly and transparently; collect it only for specified, explicit and legitimate purposes; limit it to what is necessary; keep it accurate and up to date; retain it only for as long as required; and protect it against unauthorised access, loss or misuse.
We are also committed to the principle of accountability and are able to demonstrate compliance where required.
5. Categories of Personal Data We Collect
In the course of our work, Imagine How may collect and process the following categories of personal data.
This typically includes identity and contact information such as a person’s name, job title, organisation, work email address and work telephone number. We may also hold professional engagement data, such as details of events attended, webinars registered for, or services discussed.
Where individuals complete surveys, diagnostics or risk assessments, responses may be collected. Wherever possible, this information is anonymised or aggregated and is used to generate organisational insight rather than to identify individuals.
We may also collect limited technical data where individuals interact with our website or digital platforms, such as IP address or device information, where this is enabled through analytics or cookies.
Imagine How does not collect unnecessary personal data and does not purchase third-party marketing lists.
6. How Personal Data Is Collected
Personal data is collected directly from individuals when they engage with Imagine How. This may occur when someone speaks with us at a conference or event, shares a business card, completes a QR code or online form, contacts us via email or LinkedIn, registers for a webinar, or participates in consultancy, training or insight activity.
We aim to be clear and transparent at the point of collection and to collect only what is appropriate for the intended purpose.
7. Special Category Data and Sensitive Contexts
Given the focus of Imagine How’s work, some activities may involve discussion of menopause, health or wellbeing. In certain circumstances, this information could fall within special category data under UK GDPR.
Where special category data is involved, Imagine How applies additional safeguards. Information is collected only where necessary, handled sensitively, and anonymised or aggregated wherever possible. Our work is focused on identifying patterns, risks and organisational needs rather than assessing or making decisions about individuals.
Imagine How does not use health-related information to profile individuals or to make employment or personal decisions.
8. Purposes for Which We Use Personal Data
Imagine How uses personal data for clear and legitimate purposes. These include responding to enquiries, following up professional conversations, delivering webinars, training and consultancy services, producing insight and recommendations for organisations, managing client relationships and sharing relevant information or resources.
Personal data may also be processed where necessary to meet legal, regulatory, accounting or insurance obligations.
We do not use personal data for purposes that individuals would not reasonably expect given the context of their engagement with us.
9. Lawful Basis for Processing
Imagine How processes personal data only where there is a lawful basis under UK GDPR.
In most cases, processing is carried out on the basis of legitimate interests, where there is a clear professional relationship or reasonable expectation of contact. Where services are commissioned, processing may be necessary for the performance of a contract. Where individuals actively opt in to receive communications, we rely on consent, which can be withdrawn at any time.
In some circumstances, we may also process personal data to meet a legal obligation.
10. Email Communication and Professional Marketing
Imagine How communicates in a professional, proportionate and respectful manner. Emails are sent because an individual has engaged with us, attended an event, requested information, or has an existing professional relationship.
Communications may include insights, updates, event information, services or resources related to workplace menopause and wellbeing. Individuals can opt out of receiving communications at any time using the unsubscribe option provided or by contacting us directly.
We do not engage in aggressive or high-volume marketing.
11. Disclosure of Personal Data
Imagine How may share personal data with carefully selected third parties where this is necessary to operate our business, deliver services or meet legal obligations. This may include providers of IT systems, website hosting, email distribution, online forms, survey tools, webinar platforms and secure document storage.
We may also share personal data with professional advisers such as accountants, insurers or legal advisers where this is required for legitimate business purposes or by law. In limited circumstances, we may be required to disclose personal data to regulators, law enforcement or public authorities.
If Imagine How is involved in a business change such as a merger, acquisition or transfer of assets, personal data may be shared with relevant third parties as part of that process, but only where appropriate safeguards are in place and only to the extent necessary.
Where third parties process personal data on our behalf, they are required to protect it, keep it confidential and use it only in accordance with our instructions and applicable law.
12. International Transfers
Imagine How does not routinely transfer personal data outside the United Kingdom. However, some third-party service providers used to support our operations may process data in other countries.
Where personal data is transferred outside the UK, Imagine How ensures that appropriate safeguards are in place in accordance with UK GDPR. This may include reliance on the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or other lawful transfer mechanisms recognised under UK data protection law.
13. Data Retention
Imagine How retains personal data only for as long as necessary for the purpose for which it was collected. When determining retention periods, we consider the nature of the data, its sensitivity, the purpose for which it is used, and any legal or regulatory requirements.
As a general approach, core business records such as contracts and financial information are retained for up to six years following the end of a client relationship to support legal, tax and accounting obligations. Professional contact details obtained through conferences, events or professional communications are reviewed periodically and removed where they are no longer relevant. Survey and diagnostic outputs are anonymised or aggregated wherever possible and may be retained for longer periods for benchmarking, learning and improvement.
Individuals may request deletion of their personal data at any time.
14. Individual Rights
Individuals have rights under UK GDPR in relation to their personal data. These include the right to access personal data, request corrections, request erasure, object to or restrict processing, and withdraw consent where processing is based on consent.
Imagine How will respond to requests as soon as possible and in any event within one month of receipt. In some cases, we may need to verify identity before responding to ensure personal data is not disclosed to the wrong person. Requests are normally handled free of charge, although a reasonable fee may be charged where a request is manifestly unfounded or excessive.
Individuals also have the right to raise concerns with the Information Commissioner’s Office (ICO).
15. Data Security and Breach Management
Imagine How takes data security seriously and implements appropriate technical and organisational measures to protect personal data. This includes secure digital storage, controlled access to information and the use of reputable systems and platforms.
We have procedures in place to identify, assess and manage suspected personal data breaches. Where a breach is likely to result in a risk to the rights and freedoms of individuals, we will notify the Information Commissioner’s Office and affected individuals in line with our legal obligations.
16. Policy Review
This policy is reviewed regularly to ensure it remains accurate, appropriate and compliant with data protection law and guidance. Updates may be made to reflect changes in legislation or how Imagine How operates.
17. Contact Details
If you have any questions about this policy or how personal data is handled, please contact:
Imagine How Ltd
Email: vicky@imaginehow.uk