top of page

Privacy Policy

Last updated: November 2025

This privacy notice explains how Cast A Thought CIC handles your personal information, what you can expect from us, and your rights under data protection law.

Contact details

Telephone: 07359 307989

Email: info@castathought.co.uk

Website: www.castathought.co.uk

Address: South East England, United Kingdom

Cast A Thought CIC acts as the data controller for all personal information that we collect and use.

What information we collect, use, and why

 

We collect and use various types of personal information to provide our services and goods, including programme delivery and making referrals to third parties. The information we collect for these purposes includes:

  • Names and contact details

  • Gender

  • Pronoun preferences

  • Addresses

  • Date of birth

  • Emergency contact details

  • Next of kin details

  • Photographs or video recordings

  • Service use history

  • Health information (such as medical conditions, test results, allergies, medical requirements, and medical history)

  • Dietary information (including allergies and health conditions)

  • Website user information (user journeys and cookie tracking)

 

For donations, funding, and fundraising activities, we collect:

  • Names and contact details

  • Donation history

 

To send service updates or for marketing purposes, we use:

  • Names and contact details

  • Addresses

  • Recorded images, such as photos or videos

  • Donation history

 

We may also use special category information, such as health information, for these purposes.

For research or archiving, including programme evaluation and impact analysis, we collect:

  • Names and contact details

  • Addresses

  • Recorded images, such as photos or videos

  • Website and app user journey information

  • Records of consent, where appropriate

 

Special category information, especially health information, may also be used for research or archiving.

Lawful bases and data protection rights

 

UK data protection law requires us to have a lawful basis for collecting and processing your personal information. You can find more information about lawful bases on the Information Commissioner’s Office (ICO) website.

Under the UK GDPR, your data protection rights include:

  • Right of access: You may request copies of your personal information and details of how we use it.

  • Right to rectification: You may ask us to correct or delete inaccurate or incomplete information.

  • Right to erasure: You may request the deletion of your information in certain circumstances.

  • Right to restriction of processing: You can request that we limit how your data is used.

  • Right to object: You can object to certain types of processing.

  • Right to data portability: You may request a transfer of your data to another organisation or to yourself.

  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

We are required to respond to your request without undue delay and within one month. To exercise any of these rights, please contact us using the details provided above.

Our lawful bases for collecting and using personal information

 

To provide services and goods, including delivery and third-party referrals:

Consent – we have your permission after providing all relevant information. You may withdraw consent at any time.

Contract – we must collect or use information to enter into or carry out a contract with you.

 

For service updates or marketing purposes:

Consent – we have your permission after providing all relevant information.

Contract – where necessary to provide or maintain your service.

For research or archiving purposes:

Consent – we have your permission after providing all relevant information.

Contract – where necessary to deliver or evaluate services provided to you.

Where we get personal information from

We may receive your personal information from a variety of sources, including:

  • Directly from you

  • Regulatory authorities

  • Family members or carers

  • Other health and care providers

  • Social services

  • Charities or voluntary sector organisations

  • Schools, colleges, universities or other education organisations

Data Type
Purpose
Retention Period
After Retention
Complaint records
To manage and resolve complaints
6 years after complaint resolution
Securely deleted
Website analytics and cookies data
To understand website use and improve user experience
Up to 2 years depending on cookie type
Automatically deleted or anonymised
Donation and fundraising records
For legal, tax, and auditing purposes
6 years from date of transaction
Securely deleted
Photographs and video recordings
For marketing, reporting, or archiving with consent
5 years or until consent withdrawn
Deleted or removed from media
Marketing data (contact preferences, names, email addresses)
To send updates, newsletters, or invitations
2 years after last engagement or until consent withdrawn
Securely deleted
Research and evaluation data (anonymised programme data, survey responses, wellbeing outcomes)
To evaluate and improve services
Up to 10 years, retained in anonymised or pseudonymised form only
Retained anonymously for research use
Emergency contact and next of kin details
To ensure participant safety during programmes
Deleted immediately when no longer required or upon participant’s withdrawal
Securely deleted
Safeguarding records
To meet legal and regulatory safeguarding obligations
75 years or as required by safeguarding legislation
Securely destroyed
Health and wellbeing information (medical conditions, health notes, allergies, assessments)
To provide safe and effective support, and for safeguarding requirements
3 years after last contact or service delivery
Securely deleted
Participant records (names, contact details, gender, address, date of birth, programme participation history
To deliver and evaluate wellbeing programmes
3 years after final contact or programme completion
Securely deleted or anonymised

Who we share information with

We may share your personal information with the following parties:

  • Charities and voluntary organisations

  • Organisations we need to share information with for safeguarding reasons

  • Organisations we are legally obliged to share information with

  • Publicly on our website, social media, or other marketing and information media (only with your consent)

We do not sell your personal information to anyone. All third-party organisations we work with are required to comply with strict data protection and confidentiality standards.

How to complain

If you have concerns about how we use your personal data, please contact us using the details at the top of this notice. If you are not satisfied with our response, you can lodge a complaint with the Information Commissioner’s Office (ICO):

Address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

We Need Your Support Today!

bottom of page