Privacy & Web Usage Policy

Last updated: 9 May 2026

1. Who We Are and How to Contact Us

Ariel Trust Limited is committed to protecting the privacy and security of your personal information. This Privacy & Web Usage Policy explains how we collect, use, store, share and protect your personal information, and describes your rights in relation to that information. It applies to anyone who interacts with us, including participants in our educational programmes, visitors to our websites, funders, partners, job applicants, and other individuals with whom we work.

Data Controller: Ariel Trust Limited Registered Charity No. 519688 | Company No. 2113575 The Florence Institute, 377 Mill Street, Liverpool, L8 4RF Email: admin@arieltrust.com

Ariel Trust Limited is registered with the Information Commissioner's Office (ICO) as a data controller, Registration Reference - Z8572440. If you have any questions about this Policy or our data protection practices, please contact us using the details above.

If you have a specific data protection concern or complaint, you may address it to our Data Protection Lead at the postal address or email address above, marking your correspondence "Data Protection."

2. What Personal Information We Collect

We collect personal information about you in various ways, including through our websites, social media channels (such as Instagram, Facebook, X (formerly Twitter), and LinkedIn (in accordance with LinkedIn's terms of service)), via email, job applications, job boards, and in connection with our educational portal and other digital resources.

The categories of personal information we may collect include:

Names, postal addresses, email addresses and telephone numbers
Professional information, including job title and employer
Information contained in CVs, covering letters and application forms
Educational and training information relevant to our programmes
Feedback, responses and evaluations provided to us
Usage data relating to our websites (including IP addresses and cookie data — see Section 10 below)
Any other personal information you provide to us in the course of our relationship

Where we need to collect personal data to deliver a service to you or to fulfil a contract with you, and you fail to provide that information when requested, we may not be able to provide the relevant service or fulfil the contract.

3. How We Use Your Personal Information

We may use your personal information for the following purposes:

To provide our educational services to you and facilitate access to our web-based resources
To keep you informed about our projects, activities and publications
To develop and maintain our business and charitable relationships
To process job applications and manage our recruitment processes
To send your information to our funders as part of the monitoring and evaluation of our funding contracts
To promote our work, for example by quoting anonymised or attributed feedback in evaluation reports or similar documents (we will seek your permission where appropriate)
To comply with legal obligations to which we are subject
To respond to enquiries and correspondence

4. Our Lawful Basis for Processing Your Personal Information

Ariel Trust processes your personal information lawfully in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The UK GDPR provides that personal data may only be processed where at least one lawful basis applies. We rely on the following lawful bases, depending on the specific processing activity:

Processing Activity	Lawful Basis
Delivering educational services and facilitating access to resources	Performance of a contract / Legitimate interests
Monitoring and evaluation reporting to funders	Performance of a contract / Legal obligation
Processing job applications	Steps taken prior to entering a contract / Legitimate interests
Keeping you updated about our projects and activities	Legitimate interests / Consent (where required)
Sharing feedback or quotes in evaluation reports	Consent
Complying with regulatory or legal requirements	Legal obligation
Communicating with you regarding your enquiries	Legitimate interests

Legitimate interests: Where we rely on legitimate interests as our lawful basis, we have considered whether our interests are overridden by your rights and freedoms. Our legitimate interests include operating and developing our charitable activities, maintaining relationships with beneficiaries and stakeholders, and promoting our educational work. We will always balance our interests against your rights and will not process your information in a way that causes you undue harm or prejudice.

Consent: Where we rely on your consent as our lawful basis, you have the right to withdraw that consent at any time by contacting us using the details in Section 1. Withdrawal of consent does not affect the lawfulness of any processing carried out before you withdrew consent.

5. Special Categories of Personal Data

Certain categories of personal data are afforded additional protection under the UK GDPR (for example, health information, racial or ethnic origin, criminal convictions). Where our work requires us to process any such special category data, we will identify an appropriate additional condition for processing under Schedule 1 of the Data Protection Act 2018 and will inform you separately of this at the time of collection.

6. Third Parties and Sharing Your Information

We may share your personal information with third parties in the following circumstances:

Funders and commissioners: Where required for the performance of a contract or to satisfy reporting and monitoring requirements
Service providers: Third parties retained to provide services on our behalf, such as IT support, website hosting, and referencing or criminal record checking services — these providers act as data processors under our instruction and are subject to appropriate contractual safeguards
Regulators and law enforcement: Where we are required to do so by law or a court order, or to comply with a legal obligation
Professional advisers: Such as lawyers, auditors and insurers, where necessary for legitimate business purposes

Ariel Trust will not sell your personal information to third parties. Where third parties process data on our behalf, we ensure that appropriate data processing agreements are in place.

7. International Transfers of Personal Data

Ariel Trust's primary operations are based in the United Kingdom, and we aim to keep your personal data within the UK. However, some of our service providers or hosting infrastructure may from time to time be located in countries outside the UK.

Where we transfer personal data outside the UK, we will ensure that such transfers are made only to countries that are the subject of adequacy regulations made under Section 17A of the Data Protection Act 2018 (i.e., countries determined to provide an adequate level of data protection), or that appropriate safeguards are in place, such as standard data protection clauses approved for use under Article 46 UK GDPR. You may request further information about the specific transfer mechanisms we rely on by contacting us using the details in Section 1.

8. Data Security

We have put in place appropriate technical and organisational measures to prevent your personal information from being accidentally lost, used, accessed, altered or disclosed in an unauthorised manner. These measures include access controls, staff training on data protection, and secure storage systems. We limit access to your personal information to those employees, contractors and other third parties who have a legitimate business need to access it, and they are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected personal data breach. Where we are legally required to do so, we will notify you and the ICO of a breach.

9. Data Retention

We will retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting or reporting obligations. In determining the appropriate retention period, we consider:

The amount, nature and sensitivity of the personal data
The potential risk of harm from unauthorised use or disclosure
The purposes for which we process the data and whether those purposes can be achieved by other means
Applicable legal, regulatory or contractual requirements

As a general guide, we apply the following indicative retention periods (which may be subject to variation depending on specific circumstances):

Category of Data	Indicative Retention Period
Programme participant and beneficiary records	Duration of participation plus 7 years
Funder and contract monitoring records	Duration of contract plus 7 years
Job applicant records (unsuccessful)	6 months from notification of outcome
Employee/volunteer records	Duration of engagement plus 6 years
Website usage/analytics data	Up to 13 months
General correspondence	3 years from last contact

If you have any questions about a specific retention period applicable to your personal data, please contact us.

10. Cookies and Website Usage

Our websites use cookies. Cookies are small text files placed on your device when you visit a website. Some cookies may constitute personal data (for example, where they are linked to an identifiable individual, such as through an IP address).

We use cookies for the following purposes:

Strictly necessary cookies: These are essential for our websites to function and cannot be switched off. No consent is required for these.
Analytics/performance cookies: These allow us to understand how visitors interact with our websites, enabling us to improve their performance. We will seek your consent before placing these cookies where required under the Privacy and Electronic Communications Regulations 2003 (PECR).
Functional cookies: These enable enhanced functionality and personalisation.

Where we rely on your consent to place cookies, you may withdraw that consent at any time by adjusting your browser settings or using our cookie preference tools on www.arieltrust.com and www.arieltrust.com/portal.

For full information about the cookies we use, the purposes for which they are used, and how to manage your preferences, please see our Cookie Policy - arieltrust.com/cookies or contact us as set out in Section 1.

11. Your Rights in Connection with Your Personal Information

Under the UK GDPR, you have the following rights in relation to your personal information. Some of these rights are not absolute and may be subject to conditions and exemptions. We will respond to all valid requests within one month of receipt, although in complex cases or where we receive a high volume of requests, this may be extended by a further two months (in which case we will notify you within the first month).

(a) Right of access — You have the right to request a copy of the personal information we hold about you (commonly known as a Subject Access Request). We will provide this free of charge unless your request is manifestly unfounded or excessive.

(b) Right to rectification — You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.

(c) Right to erasure — You have the right to request that we delete your personal information where, for example: it is no longer necessary for the purposes for which it was collected; you withdraw your consent and there is no other lawful basis for processing; you successfully object to the processing; the data has been unlawfully processed; or erasure is required to comply with a legal obligation. This right is not absolute and does not apply where we are required to retain your data for legal, regulatory or public interest reasons, or for the establishment, exercise or defence of legal claims.

(d) Right to restriction of processing — You have the right to ask us to suspend the processing of your personal information, for example whilst you contest its accuracy or the reason for processing it.

(e) Right to data portability — Where we process your personal information on the basis of your consent or for the performance of a contract, and that processing is carried out by automated means, you have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to request that we transmit it directly to another controller where technically feasible.

(f) Right to object — You have the right to object to processing based on our legitimate interests (or those of a third party) where you have particular grounds relating to your situation. We will comply with your objection unless we have compelling legitimate grounds that override your interests, or the processing is necessary for legal claims. You have an absolute right to object to processing for direct marketing purposes at any time, and we will always comply with such a request.

(g) Right to withdraw consent — Where processing is based on your consent, you may withdraw that consent at any time by contacting us. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

(h) Right to complain — You have the right to lodge a complaint with the ICO if you are unhappy with the way in which we have handled your personal information:

Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Telephone: 0303 123 1113 Website: www.ico.org.uk

We would, however, always appreciate the opportunity to address any concern you raise with us directly before you contact the ICO.

To exercise any of the above rights, please contact us in writing using the details set out in Section 1.

12. Automated Decision-Making and Profiling

Ariel Trust does not currently carry out any processing that involves solely automated decision-making (including profiling) which produces legal or similarly significant effects on individuals.

13. Your Duty to Inform Us of Changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the course of your relationship with us.

14. Website Terms: Intellectual Property

All copyright and other intellectual property rights (including database rights, trademarks whether registered or unregistered) in and to our websites and their contents are owned by or licensed to Ariel Trust Limited, or are used by us as permitted under applicable law. You may use, view, download, copy or print content from our websites solely for the purpose of enquiring about or otherwise engaging with our services, provided that you do not alter or remove any copyright, trademark or proprietary notices. You may not use our content in any manner that gives a false or misleading impression of Ariel Trust. Any other use requires our prior written consent.

15. Website Terms: Prohibited Activities

You must not use any device, software or routine to interfere with the proper working of our websites, nor attempt to decipher, decompile, disassemble or reverse engineer any software forming part of our websites. You agree to use our websites for lawful purposes only and in a manner that does not infringe the rights of any third party.

16. Website Terms: Liability

Our websites and their contents are provided for general information purposes only. Whilst we take reasonable care in the preparation of our websites and their contents, we cannot guarantee that all content is completely up to date and free of errors. To the extent permitted by law, Ariel Trust excludes all warranties, representations and undertakings (express or implied) in respect of our websites and their contents, and excludes all liability (save for death or personal injury caused by our negligence) arising in connection with the websites and their contents, whether in contract, tort, negligence, breach of statutory duty or otherwise.

Our websites are directed at persons accessing them from England and Wales. We make no representation that their contents may be lawfully viewed or downloaded outside England and Wales. If you access our websites from outside England and Wales, you do so at your own risk and are responsible for compliance with the laws of your jurisdiction.

17. Website Terms: Computer Viruses and Errors

Whilst we will use reasonable endeavours to ensure our websites are free from viruses, errors, bugs and other harmful components, we cannot guarantee this will always be the case. We recommend that you use up-to-date antivirus software. To the fullest extent permitted by law (and save for death or personal injury caused by our negligence), we exclude all liability arising from damage or loss caused by viruses, errors, bugs or harmful components originating from our websites.

18. Website Terms: Termination of Access

Ariel Trust reserves the right to immediately terminate your access to our websites if, in our reasonable opinion, you have breached these terms or engaged in conduct we consider unacceptable.

19. Changes to This Policy

Any changes to this Policy, whether arising from changes to our business or to applicable legislation, will be posted on this page. We encourage you to review this Policy periodically to stay informed about how we protect your personal information.

This policy was last updated on 9 May 2026.

Summary of Principal Changes Made

Section	Change
Scope	Corrected to cover all data subjects, not only those in a "working relationship"
Section 1	Added ICO registration reference and data protection contact
Section 3	Expanded list of purposes
Section 4	Added a table mapping lawful bases to specific purposes; added consent and legal obligation as lawful bases; added right to withdraw consent
Section 5	New section on special category data
Section 6	Expanded third party sharing with reference to data processing agreements
Section 7	Expanded to include reference to adequacy regulations and Article 46 safeguards
Section 8	New section on data security and breach notification
Section 9	Added indicative retention periods by category
Section 10	Substantially revised cookies section referencing PECR and consent
Section 11	Corrected right to erasure; corrected right to portability; added ICO website and phone number; added right to withdraw consent
Section 12	New section confirming no automated decision-making
Social media	Updated "Twitter" to "X (formerly Twitter)"

Terms & Conditions