Privacy Policy

Privacy Policy (our commitment to you)

Preventable Surprises takes your privacy very seriously. This privacy policy tells you what personal data we collect, how we use it, and your rights relating to our use of your data. If you have any questions, comments or requests in relation to this privacy policy, your personal data, or data protection generally, please write to us at:

Data Protection, Preventable Surprises, Flat 26, Exchange Building, 132 Commercial Street, London, E1 6NG.

Who we are

Preventable Suprises is a research and advocacy organisation, registered in the UK as a Company Limited by Guarantee No 09814751 and a Community Interest Company. As such, we operate in accordance with United Kingdom Data Protection Act 1998. We will process any personal information we collect about you in accordance with current data protection laws (currently the Data Protection Act 1998).


Data protection legislation applies to ‘personal data’ (data that relates to a living individual such as a name, home address or mobile telephone number) and regulates how that data is collected, held and processed. Data protection in the UK is currently governed by the Data Protection Act 1998 (the “DPA”), and from the 25th May 2018 by the new General Data Protection Regulation (GDPR).

For the purposes of the DPA, Preventable Surprises is the ‘data controller’ of the personal data of Preventable Surprises users (i.e. the organisation that is responsible for, and controls the processing of, that personal data).

Preventable Surprises believes that you ultimately own and should have control over your personal data.

What do the following terms mean?

In this privacy policy, references to:

  1. “Preventable Suprises” means the Preventable Surprises – the UK Company Limited by Guarantee No 09814751 and a Community Interest Company
  2. The “Website” means the website located at
  3. “We”, “us”, and “Preventable Surprises” mean Preventable Surprises CIC.
  4. “You” means you in your capacity as a registered subscriber to communications from Preventable Surprises or a visitor to the website.

Your data

Why we use your information

We will only use your information where we have a legal basis to do so and will always respect your rights.

Where we use your information, it is generally because you have consented to us doing so in order to provide a information to you or it may be because we consider we have a legitimate interest to do so. Where we rely on a legitimate interest to use your information, we will always ensure that this is done in a way so as not to be intrusive and that respects your rights. Other reasons may include using information because we have a legal obligation to do so or because we have to fulfil contractual obligations.

What personal data do we process?

We process the following types of personal data about you:

  1. Information provided by you. We collect personal data, such as your name, email address and phone numbers, when you subscribe to receive communications from us. As part of your personal profile, you may choose to submit additional information such as your gender, your place of work, job title and your location.
  2. Information collected automatically. Preventable Surprises receives and stores information which is transmitted automatically from your computer when you browse the Internet and visit This includes information from cookies (which are described in the section below on Cookies), your IP address and browser type. Your IP address is the unique address of your computer which is automatically provided to other computers when your web browser requests a web page from those computers on the Internet.

How do we use your personal data?

We will use your personal data in order to communicate with you about our work. This includes using your personal data to:

  1. Manage your user profile in SalesForce Not For Profit CRM (information on SalesForce privacy statement is available here) and Mailchimp (information on Mailchimp privacy statement is available here).
  2. Provide you with information about our work and invitations to participate in our work through events, and collective actions that match your interests
  3. To respond to or fulfil any requests, complaints or queries you make to us

If you contact us directly we will use the information you give to us to handle your enquiry or request. This may include responding to your query or feedback, or sending you relevant information. We may also keep a record of conversations we have with you, feedback you provide and any support materials we send out to you. This can help us to handle queries more efficiently.

Unless you choose to tick the relevant boxes to sign up to our newsletter and other email updates, you will not receive any further mailings other than a reply to your enquiry. If you would like to stop receiving further mailings from us, you can unsubscribe from our newsletters using the unsubscribe link on every email newsletter. You can also choose to delete your account.

How long we keep your data

Your details are automatically removed from our database if you have not used your account for more than three years. We will also remove your details if we are unable to contact you or you do not confirm your email address.

Disclosure to third parties

We may provide your personal data and the data generated by cookies and the aggregate information to the service agencies that we may engage to assist us in providing you information. Such third-party entities will be obligated to use your personal data solely to provide services to us in connection with Preventable Surprises, and for no other purpose. These third parties are Google Analytics (information on Google Analytics privacy statement is available here) and Cloudflare (information on Cloudflares privacy statement is available here).

We will disclose your personal data if we reasonably believe we are required to do so by law, regulation or other government authority or to protect the rights and property of Preventable Surprises, its affiliates or the public. We may also cooperate with law enforcement agencies in any official investigation and we may disclose your personal data to the relevant agency or authority in doing so.

We reserve the right to transfer your personal data in the event of a transfer of ownership of Preventable Surprises, such as acquisition by or merger with another company.

Your rights

Under the General Data Protection Regulations (GDPR) you have the following rights:

  • Information Right – the right to receive the information contained in this policy and our data collection forms about the way we process your personal data.
  • Personal Data Access Right – the right to know that we are processing your personal data and, in most circumstances, to have a copy of the personal data of yours that we hold. You can also ask for certain other details such as what purpose we process your data for and how long we hold it.
  • Personal Data Correction Right – You have the right to request that we correct inaccurate data or complete incomplete data that we hold on you.
  • Personal Data Erasure Right – Known as the Right to be forgotten. In certain circumstances you may request that we erase your personal data held by us.
  • Personal Data Restriction Right – You have the right to restrict the way we process your personal data in certain circumstances, for example if you contest the accuracy of the data, if our processing is unlawful, to pursue legal claims, where we are relying on legitimate interests to process data.
  • Data Processing Objection Right – You have the right to object to us processing your data for (i) direct marketing purposes (ii) research or statistical purposes and (iii) purposes of profiling related to direct marketing or based on our legitimate interests
  • Data Portability Right – you have the right to receive a copy of certain personal data or to have it transferred to another organisation in some circumstances

Right to Withdraw Consent at any time

Where we use your personal information based on your prior consent, such as where you have given us permission to send you communications by email, mobile messaging or by direct message on social media, you can withdraw your consent at any time by contacting us.

Right to complain to the Information Commissioner’s Office (ICO)

You have the right to be confident that Preventable Surprises handles your personal information responsibly and in line with good practice.

If you have a concern about the way we are handling your information, then in the first instance you should raise this with us. We will take your concern seriously and work with you to try to resolve it. However if you are still unhappy with our response you can raise a concern with the ICO, the UK data protection regulator – see the links below for details:

Links to other sites

This Website may contain links to other websites that are not owned or controlled by Preventable Surprises. Please be aware that we are not responsible for the privacy practices of such other websites.

We encourage you to be aware when you leave our Website and to read the privacy statements on the other websites that you visit.

Cookies and other technologies we use

We use cookies and/or similar technologies to analyse customer behaviour, administer the website, track users’ movements, and to collect information about users. This is done in order to personalise and enhance your experience with us.

A cookie is a tiny text file stored on your computer. Cookies store information that is used to help make sites work. Only we can access the cookies created by our website. You can control your cookies at the browser level. Choosing to disable cookies may hinder your use of certain functions.

We use cookies for the following purposes:

  • Necessary cookies – these cookies are required for you to be able to use some important features on our website, such as logging in. These cookies don’t collect any personal information.
  • Functionality cookies – these cookies provide functionality that makes using our service more convenient and makes providing more personalised features possible. For example, they might remember your name and e-mail in comment forms so you don’t have to re-enter this information next time when commenting.
  • Analytics cookies – these cookies are used to track the use and performance of our website and services
  • Advertising cookies – these cookies are used to deliver advertisements. In addition, they are used to limit the number of times you see an advertisement.

You can remove cookies stored in your computer via your browser settings. Alternatively, you can control some 3rd party cookies by using a privacy enhancement platform such as or For more information about cookies, visit

We use Google Analytics to measure traffic on our website. Google has their own Privacy Policy which you can review here. If you’d like to opt out of tracking by Google Analytics, visit the Google Analytics opt-out page.

Security and confidentiality

Preventable Surprises uses industry standard technology designed to help keep your personal data safe (such as HTTPS). Please bear in mind though, that it is impossible for us to guarantee that impenetrable security measures are in place.

For example, we cannot control any illegal and/or unforeseen activity of other users that may allow them to get around the privacy or security settings on the Website. Consequently, you acknowledge that there are circumstances in which your personal data may be accessed by unauthorised persons.

Preventable Surprises also takes appropriate organisational and security measures to safeguard your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. Our objective is to protect your personal data as follows:

  • Access to your personal data is permitted only to those employees, contractors and third-party service providers that need to access the information for the purposes outlined in this privacy policy
  • All of our systems, hardware and software used in relation to your personal data are kept secure in accordance with standard industry practice
  • All employees, contractors and third-party service providers are informed of their obligations under the DPA and the restrictions in place on their use of the personal data.
  • All our servers are hosted within the European Union (EU) using GDPR compliant hosting facilities that meet industry security standards.

In accordance with and as permitted by applicable law and regulations, we reserve the right to transfer your information, process and store it outside your country of residence to wherever we or our third-party service providers operate.

Changes to this Privacy Policy

We reserve the right to modify this privacy policy at any time, so please review it frequently. If we make material changes to this policy, we will notify you by means of a notice on our home page.

This privacy policy was last updated on 11 May 2018