Co-create Privacy Notice

 

This privacy notice tells you what to expect us to do with your personal information.

1. Contact details
2. What information we collect, use, and why
3. Lawful bases and data protection rights
4. Where we get personal information from
5. How long we keep information
6. Who we share information with
7. How to complain

 

1. Co-create contact details

Registered name: Danny Sherwood Solutions Ltd
Contact name: Danny Sherwood, Managing Director
Post: 15 Paternoster Row, Sheffield, Sheffield, South Yorkshire, S1 2BX GB
Telephone: 07393 462653
Email: [email protected]

 

2. What information we collect, use, and why

 

As a principle, we only collect information that is necessary and proportional for the provision of the best possible services to Clients.

The data we collect for web users is different to what we collect for contractors and projects so is separated below into two sections (2a and 2b).

2a) Website Users

We collect a limited amount of data from our Website Users which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes information such as how you use our website, the frequency with which you access our website, your browser type, the location you view our website from, the language you choose to view it in and the times that our website is most popular.

What are cookies and how do we use them?

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to Client needs. We use Google Analytics to do this. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

 

2b) Projects and contractors

Clients:

To provide the best possible service to you, we need to collect certain information about you, for example, contact details. We only ask for details that will genuinely help us to help you, and the information we ask for is generally very limited.

Participants:

If you are part of a Co-create project as a participant we may collect demographic details from you to ensure we’re working with the right range of people. This will only be collected with consent after information is given to you and we only ask for details which are relevant to the project.

Suppliers:

Usually all we require is contact details of relevant individuals at your organisation so that we can communicate with you, such as names, telephone numbers and email addresses. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).

Contractors:

We are committed to ensuring that our data processes are aligned with our approach to equal opportunities and best practice project delivery. Some of the data we may collect about you (in appropriate circumstances and in accordance with local law and requirements) comes under the umbrella of “diversity information”. This could be information about your ethnic background, gender, disability, age, sexual orientation, religion or other similar beliefs, and/or social-economic background. Where appropriate and in accordance with local laws and requirements, we’ll use this information on an anonymised basis to monitor our compliance with our equal opportunities policy and project delivery. We may also disclose this (suitably anonymised where relevant) data to Clients where this is contractually required or the Client specifically requests such information to enable them to comply with their own employment processes.

This information is what is called ‘sensitive’ personal information and slightly stricter data protection rules apply to it. We therefore need to obtain your explicit consent before we can use it. We will ask for your consent by offering you an opt-in. This means that you have to explicitly and clearly tell us that you agree to us collecting and using this information.

We may collect other sensitive personal data about you, such as health-related information, religious affiliation, or details of any criminal convictions if this is appropriate and/or is required for a role that you are interested in applying for. We will never do this without your explicit consent.

Detail:

We may collect or use the following information to provide services, including project delivery:

•   Names and contact details including addresses
•   Photographs or video recordings
•   Records of meetings and decisions
•   Information relating to compliments or complaints
•   Records of consent, where appropriate

 

Sensitive information:

• Racial or ethnic origin
• Gender
• Pronoun preferences
• Occupation
• Date of birth
• Relevant health information (such as medical records or health conditions, dietary requirements)
• Religious or philosophical beliefs
• Sexual orientation
• Membership of a trade union

 

3. Lawful basis and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There are six possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website here.

Our lawful basis for the collection and use of your data:

We have four lawful bases for collecting or using personal information within the different areas of our business:

• Consent – we have permission from you after we gave you all the relevant information about why we are collecting data. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. For Co-create to use this as a lawful basis we must:
  • identify a legitimate interest;
  • show the collection and use of personal information is necessary to achieve this; and
  • balance our own interests against the person’s interests, rights and freedoms.

 

Which lawful basis we rely on may affect your data protection rights, which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

• Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.
  
• Your right to rectification – You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.
  
• Your right to erasure – You have the right to ask us to delete your personal information. You can read more about this right here.
• Your right to restriction of processing – You have the right to ask us to limit how we can use your personal information. You can read more about this right here.
  
• Your right to object to processing – You have the right to object to the processing of your personal data. You can read more about this right here.
  
• Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.
  
• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.

If you make a request, we must respond to you without undue delay and in any event within one month. To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

 

4. Where we get personal information from

•   Directly from you
•   Publicly available sources
•   Suppliers and service providers

 

5. How we hold information

• We understand that your personal information and privacy are important to you. We make every effort to ensure that the information you share with us is recorded accurately, retained securely and used only according to your wishes. We protect your personal information and adhere to all current data protection act legislation with respect to protecting privacy.
• We keep information for as long as it is relevant or necessary to Co-create projects or marketing purposes.
• We review data collected for projects yearly. If data relates to a discreet project and there is no evaluation or research reason to keep data, then it is deleted on yearly review.
• If data relates to recruitment and there is no expectation of work with Co-create then it will be deleted after 6 months.
• If data relates to marketing then it is reviewed on a yearly basis.
• In addition to this, for personal data that is kept on an ongoing basis: We will hold personal data on our internal systems for a maximum of 10 years before contacting you to check that you are still happy for us to keep your data for the original reasons that you identified. 

 

6. Who we share information with

• Organisations we need to share information with for safeguarding and/or legal reasons.
• Publicly on our website, social media or other marketing and information media, but only non-sensitive information and with your consent.

 

7.  How to complain  

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated – 21 February 2025