The Safeguard Hub
The Safeguard Hub

Safety Through Education & Partnership
MASH Compliant

Privacy Policy

Last updated: May 2026

1. Introduction

The Safeguard Hub ("we", "us", or "our") is committed to protecting your privacy and ensuring the security of any personal information you provide to us. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website (safeguard-hub.org) and services.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

2. Data Controller

The Safeguard Hub is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@safeguard-hub.org

Website: safeguard-hub.org

3. Information We Collect

We may collect and process the following types of personal data:

3.1 Information You Provide

  • Contact information (name, email address) when you contact us
  • Professional information (organisation, role) for portal access requests
  • Any information you provide in correspondence with us

3.2 Automatically Collected Information

  • Technical data: IP address, browser type and version, operating system
  • Usage data: pages visited, time spent on pages, navigation paths
  • Cookie data: as described in our Cookie Policy
  • Approximate location data: On our Site Supporters page, we use your IP address to determine your approximate county or town. This allows us to show you supporters who are local to you. Your IP address is passed to a third-party geolocation service (ip-api.com) solely for this purpose. It is processed in real time, is not stored on our systems, and is not linked to any other personal information.

4. How We Use Your Information

We use your personal data for the following purposes:

  • Service delivery: To provide access to our safeguarding resources and professional portal
  • Local supporter matching: To show you Site Supporters relevant to your county or town, using your IP address for approximate geolocation. This lookup is transient — no location data is retained
  • Communication: To respond to your enquiries and provide support
  • Website improvement: To analyse usage patterns and improve our services
  • Legal compliance: To comply with our legal obligations
  • Security: To protect our website and users from fraud and abuse

5. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

  • Consent (Article 6(1)(a)): Where you have given clear consent for us to process your data for a specific purpose
  • Legitimate interests (Article 6(1)(f)): Where processing is necessary for our legitimate interests, such as improving our services and protecting our website
  • Legal obligation (Article 6(1)(c)): Where we need to comply with a legal obligation

6. Data Sharing

We do not sell your personal data. We may share your data with:

  • Service providers: Third-party companies who assist in operating our website (hosting, analytics)
  • Legal authorities: When required by law or to protect our rights
  • Safeguarding partners: Where necessary to protect children or vulnerable adults at risk (in accordance with statutory safeguarding duties)

All third parties are contractually obligated to protect your data in accordance with UK GDPR.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

  • Contact enquiries: 2 years from last contact
  • Portal access records: Duration of access plus 1 year
  • Analytics data: 26 months (anonymised)

8. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to restrict processing: Request limitation of how we use your data
  • Right to data portability: Receive your data in a portable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at privacy@safeguard-hub.org. We will respond within one month.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure hosting, access controls, and regular security assessments.

10. International Transfers

We primarily store and process your data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the ICO.

11. Children's Privacy

Our website provides safeguarding resources that may be accessed by young people. We do not knowingly collect personal data from children under 13 without parental consent. If you believe a child has provided us with personal data, please contact us immediately.

12. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk

Helpline: 0303 123 1113

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.