Privacy Policy

1. Introduction

Gymnasts for Change International (“we”, “our”, “us”) processes personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are committed to protecting the personal data we hold about members of the gymnastics community, supporters, and website users.

This Privacy Policy explains:

  • What personal data we collect

  • How we use it

  • Your rights

We will take reasonable care to keep your information secure and prevent unauthorised access, in line with the requirements under the UK GDPR.

2. Who We Are

Gymnasts for Change International is a human rights and advocacy organisation working to improve safety, safeguarding, and accountability within gymnastics.

For data protection purposes, we are the data controller.

Contact: info@gymnastsforchange.com

3. The Information We Collect

a. Information You Provide to Us

We may collect personal data when you:

  • Contact us via our website or email

  • Sign up to our newsletter

  • Participate in campaigns, surveys, or research

  • Share experiences, testimonies, or safeguarding concerns

This may include:

  • Name

  • Email address

  • Any information you choose to provide

b. Safeguarding & Special Category Data

Due to the nature of our work, you may share sensitive (special category) data, such as:

  • Experiences of abuse or harm

  • Health-related or trauma-related information

We will:

  • Only process this data where necessary and lawful

  • Apply enhanced confidentiality and access controls

  • Handle it in line with safeguarding responsibilities

c. Automatically Collected Information

When you use our website, we may collect:

  • IP address

  • Device and browser type

  • Pages visited and usage data

This is similar to standard website monitoring practices used to understand traffic and improve services. 

We use Google Analytics for this purpose.

4. How We Use Your Information

We may use your personal data to:

  • Respond to enquiries and communications

  • Manage supporter or membership engagement

  • Carry out advocacy, research, and campaigns

  • Improve our website and user experience

  • Handle safeguarding concerns appropriately

  • Comply with legal obligations

We do not sell or share your personal data.

5. Legal Bases for Processing

We process your personal data under the following UK GDPR bases:

  • Consent – where you voluntarily provide information

  • Legitimate interests – to operate and improve our organisation and advocacy work, only with your consent 

  • Legal obligation – where required by law

  • Vital interests – in rare situations where necessary to protect someone from serious harm

For collecting and processing any special category data, we rely on:

  • Explicit consent

6. How We Share Your Information

We only share personal data where necessary:

  • With trusted service providers (e.g. hosting, analytics providers)

  • Where required by law or regulatory authorities

  • Where necessary to protect individuals from harm (safeguarding)

7. International Transfers

Some of our service providers (including Google Analytics) may process data outside the UK.

Where this occurs, we ensure appropriate safeguards are in place, such as:

  • UK International Data Transfer Agreements (IDTA)

  • Adequacy decisions

8. Data Retention

We retain personal data only as long as necessary:

  • General enquiries: up to 12 Months 

  • Supporter/member data: while active + reasonable retention period

  • Safeguarding-related data: retained in line with legal and safeguarding requirements

We regularly review our retention practices.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Request deletion (“right to be forgotten”)

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent at any time

To exercise your rights:Contact: info@gymnastsforchange.com

10. Complaints

If you are not satisfied with how we handle your data, you can contact: Information Commissioner's Office

11. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Restricted access controls

  • Secure storage systems

  • Confidential handling of sensitive information

12. Third-Party Links

Our website may contain links to external websites. We are not responsible for their privacy practices.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any updates will be posted on this page.