Privacy Policy

Innovate Educate Ltd
Blake House
18 Blake Street
ICO contact number: 00010294353

Privacy Statement
Innovate Educate is a heritage and learning consultancy. We specialise in creating learning strategies, learning resources and in the evaluation of heritage projects. We work with and provide consultancy services to a range of organisations.
This privacy statement outlines why, on occasion, we collect personal data, how we use it, keep it safe and the rights of those whose data we hold.

Why we collect data:
We collect, store and process personal data of clients, potential clients, employees and our consultants for the purposes of fulfilling our contractual and legal obligations and responsibilities.

How we use personal data:
We use personal data to fulfil our contractual obligations with clients, employees and consultants who work with us. Personal data of individuals who we provide services for, or on behalf of our clients is used to maintain our relationships and to deliver our consultancy and evaluation services.

In our reports unless express permission has been given we will not identify individuals by name. We may however use job titles.

We will only send out information about our consultancy services, training and our latest advice, guidance and blog posts via our mailing list if you have actively consented to us doing so (e.g. you have opted to join our mailing list). Individuals signed up to our mailing list can withdraw their consent at any point by unsubscribing from the email or by contacting us at

What personal data do we collect?

  • Clients and attendees on our workshops: we collect personal data (name, contact details, job title, organisation) for the purposes of fulfilling our services.
  • Consultants: we collect personal data (name, date of birth, contact details etc). Additional data collected (e.g. financial, etc) is collected for the purposes of making payments.
  • We also collect emails and names from people subscribing to our mailing list.
  • From time to time, as part of our contractual relationships with our clients, we may process personal details of third parties for the purposes of providing our services, such as rights clearances.

We use standard WordPress statistics which record visitor numbers and their country of origin.

Our legal process for processing personal data

Under the Data Protection Act 1998 and subsequent successor legislation, including but not restricted to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, organisations are required to have a legal basis for processing personal data. The legal basis we use for processing data are:

  • Legitimate interests for the purposes of fulfilling our consultancy activities and the provision of our services.
  • Contractual basis for the purposes of fulfilling our obligations to Innovate Educate Ltd’s Consultants and clients.
  • On the basis of consent when people opt into our mailing list.
  • On the basis of consent when people agree to take part in data gathering for research purposes.

How long do we keep data?

We store and retain personal data for various periods of time in line our legal obligations, financial regulations and internal requirements. Typically, we will delete personal data collected during project work such as rights clearance after six months.

How we keep data secure


We have robust processes, procedures, contracts and agreements in place to ensure secure collection, storage and processing of personal data. Only authorised employees, consultants and third-party data processors (e.g. those who process data on our behalf) have access to personal data we hold.


Personal data is stored securely on our network, on encrypted devices (iPads, laptops, smart phones etc) and within third party systems (e.g. bulk email distribution platform) whose tools we use to process data.

International transfer of data

Prior to engaging or using third party systems to process data, we ensure that sufficient safeguards, contracts/agreements are in place to protect personal data and that all parties comply with the requirements of the Data Protection Act 1998 and subsequent successor legislation, including but not restricted to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. For example, where data may be transferred outside of the European Economic Area (EEA) to the United States (e.g. if a third party uses multiple servers to back up data), we will ensure that the third party is registered under the EU-US Privacy Shield, such as DropBox which ensures adequate protection of data.

Who we share data with:

In line with our legal obligations we share personal data about employees with HMRC, pensions providers and payroll services. We will also share data with appropriate authorities (e.g. police, law enforcement agencies and other parties) where we have a legal obligation. For example, for the detection and prevention of fraud, or where data is required in relation to a criminal offence.

We do not sell or share data with any other third parties other than those listed above and where we use a third party to securely process our data on our behalf.

Your rights:

Under the Data Protection Act 1998 and subsequent successor legislation, including but not restricted to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, you have the following rights:

  • The right to request access to the data we hold about you. This is known as a Subject Access Request
  • The right to have incorrect data rectified or incomplete data completed
  • The right to have data erased (also known as the right to be forgotten)

You can make a request at any point by email We will respond to a request within one month of receipt. However, where a request is received to erase data, we may not be able to delete all data (for example where data is linked to financial transactions that must be kept for a set period of time under financial regulations).


If you would like to find out more about how we process data, or if you would like to make a complaint, please contact us at

We are grateful to Naomi Korn for her workshop, advice and guidance in creating this document.