A people-first think tank and engagement lab

Always With Democracy

Futures Projects

A people-first think tank and

engagement lab

Privacy Policy

Privacy Policy (UK GDPR)


Effective date: 28 April 2025
Who we are: Democracia84 CIC (community interest company limited by guarantee), Company number 16411973, ("we", "us").
Controller: We are the data controller for the personal data described in this notice.
Contact: hello@demo84.com, Arch 33 Croft Walk, Worcester, United Kingdom, WR1 3BD


We believe privacy is a democratic right. This policy explains, in plain English, what we collect, why, how long we keep it, and your rights. If anything here isnt clear, contact us and well help.


What this notice covers:

  • Visitors to our website and social channels.

  • People who contact us or join our mailing list.

  • People who take part in our research, workshops, and events.

  • Funders, partners, suppliers and applicants we work with.


This policy does not cover thirdparty sites we link to. Check their privacy notices.


Data we collect (and typical sources)

  • Contact details (name, email, role, organisation) from forms, emails, or event signups.

  • Comms content (messages, feedback) from emails or contact forms.

  • Newsletter preferences from your subscription choices.

  • Event details (attendance, access needs) from registrations.

  • Research participation data consent forms, interviews, surveys, audio/video, demographic info you choose to share.

  • Technical data IP address, device/browser, pages viewed. We only use nonessential cookies/analytics with your consent. Essential cookies may be used to make the site work.

  • Supplier/funder details contracts, invoices, payment info (business bank details), duediligence notes.

  • Job/contractor applications CVs, references (where provided).


We do not buy personal data and we dont sell personal data.


Why we use your data (purposes) and lawful bases


We only process personal data when we have a lawful basis and a clear purpose. The bases we rely on are:

  • Consent newsletters; nonessential cookies/analytics; using quotes, images or recordings in public outputs; research participation (including any special category data).

  • Contract to deliver services or pay suppliers; to arrange events you have booked; to assess and contract with freelancers.

  • Legitimate interests to secure and maintain our website and IT; to manage routine business relationships; to evaluate and improve our work using aggregated or anonymised information; to keep basic suppression lists (e.g. "do not contact").

  • Legal obligations company, tax and accounting records; safeguarding and risk reporting where required by law.


Where we rely on consent, you can withdraw it at any time (see Your rights). Where we rely on legitimate interests, we balance our interests against yours and use the least intrusive approach.


Research participants (how we protect you)

  • We collect only whats necessary, explain the project in plain English, and ask for freely given, informed, specific and unambiguous consent before recording or publishing anything.

  • If a study could involve special category data (e.g. health, ethnicity, beliefs), we use explicit consent and take extra safeguards (pseudonymisation, restricted access, secure storage, and a Data Protection Impact Assessment where required).

  • You can withdraw from a study at any time. If you withdraw before anonymisation, we will delete your personal data. Once data has been anonymised and combined, it cant usually be linked back or removed.

  • Unless we say otherwise, research outputs are published in aggregated or anonymised form. If we ever wish to attribute a quote or image to you, we will ask for separate consent.


Cookies and analytics

  • Essential cookies help the site work (e.g. page load, security). These run without consent.

  • Nonessential cookies/analytics (e.g. audience measurement or embedded media) run only if you optin via our cookie banner. You can change your choice anytime via Cookie settings on our site.

  • We do not use advertising cookies or hidden tracking pixels.


Who we share data with (and why)


We share personal data only when necessary, under contracts that protect your information:

  • Service providers (e.g. secure cloud storage, email, survey tools, event platforms, web hosting, accountants).

  • Project partners/funders limited to whats needed to deliver or evaluate a project; wherever possible we share anonymised or aggregated information.

  • Professional advisers and regulators where required (legal, safeguarding, audit, HMRC).
    We never sell your data.


International transfers


Some providers may store data outside the UK. When that happens, we use approved safeguards (e.g. the UK International Data Transfer Agreement or the UK Addendum to EU Standard Contractual Clauses) and a transfer risk assessment. We keep these measures under review.


How long we keep data (retention)


We keep personal data only as long as needed for the purpose collected, then delete or anonymise it.


Typical periods are:

  • Enquiries and routine emails: up to 12 months after closing.

  • Newsletter subscribers: until you unsubscribe (we keep a minimal suppression record to avoid recontact).

  • Event records (incl. access needs): up to 6 months postevent; financial records 6 years for accounting.

  • Research data: consent forms and contact details for the project lifecycle; raw recordings up to 12 months unless otherwise stated; anonymised datasets and outputs may be kept indefinitely for public interest, evaluation or archiving.

  • Supplier/contractor records: contract plus 6 years.


Exact periods may vary by project; well tell you in the relevant notice or consent form.


Your rights


You have the right to: be informed; access your data; rectify inaccuracies; erase data; restrict or object to processing; data portability (for data you provided to us under consent or contract); and to withdraw consent at any time. We do not use automated decisionmaking that produces legal or similarly significant effects.


How to use your rights: email us at hello@demo84.com and well respond within one month. For security we may ask you to verify your identity.


Complaints: You can contact us first, or you can complain to the UK Information Commissioners Office (ICO) at ico.org.uk or 0303 123 1113. Their postal address is Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.


Security

We use appropriate technical and organisational measures including encryption at rest and in transit where possible, access controls, staff training, leastprivilege permissions, and regular reviews. No system is 100% secure; if we identify a risk to your rights, well act and, where required, notify you and the ICO.


Changes to this policy


Well post any changes here and update the effective date. For significant changes, well provide a clear notice on the website or via email to subscribers.

Version control

  • Version 1.0 28 April 2025.

  • Version 1.1 12 November 2025.

A people-first think tank and

engagement lab