April 2026

About the UK IDG Data Protection Policy

Following guidance from UK Information Commission Office this policy has been developed to guide essential personal data collection, storage and use by the UK Innovation Districts Group(UK IDG). 

The UK-General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 govern data protection in the UK.  This policy is in line with UK Government criteria for data protection and businesses. 

Key commitments 

UK IDG Directors will ensure that all personal data it holds will be: 

• processed lawfully, fairly and in a transparent manner;  
• collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; 
• adequate, relevant and limited to what is necessary; 
• accurate and kept up to date; 
• kept in a form which permits identification of data subjects for no longer than is necessary; 
• processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Privacy Policy

1. Who we are

UK Innovation Districts Group (“UK IDG”, “we”, “us”) is a UK-based not-for-profit company that supports and connects innovation districts, knowledge quarters and related partners. We are the data controlling body for the personal data we collect and use in connection with our activities.​ The nominated Data Controller is the Chair of UK IDG. 

Our details are:

• Organisation: UK Innovation Districts Group (UK IDG)
• Website: https://www.ukinnovationdistricts.co.uk​
• Email: hello@ukinnovationdistricts.co.uk​

If you have any questions about this policy or how we use your data, please contact us using the details above.

2. The personal data we collect

We only collect personal data that we need to run UK IDG and deliver our services. None of the personal data held by UK IDG qualifies as high risk, although some of it may be sensitive in nature. This data may include:

• Name, job title, organisation and contact details (email, telephone, postal address).
• Information about your role, areas of professional interest and your relationship with UK IDG (for example, member, director, partner, event participant).
• Event information (registrations, attendance, feedback; and any dietary or access needs you choose to share).
• Limited financial or organisational details where needed for membership, sponsorship or payments (relating to organisations, not individuals).
• Basic technical information when you use our website, such as IP address and browser type, collected via cookies or analytics tools.

We do not routinely collect special category data (such as health or ethnicity) and we do not knowingly collect data about children.

Upon review, the data held by UK IDG has been assessed as low-level impact. 

Directors’ Data

The volume of personal data is very low. The sensitivity of the data is low-moderate: the most sensitive data being date of birth, address, contact email, phone numbers and ID verification with Companies House. Previous names and previous addresses are not held. The risk of data breach is small as the data is rarely used, with the majority of the data being held for a combination of legal obligation and legitimate interest. Overall impact: LOW 

Members’ Data 

The volume of personal data is low. The sensitivity of the data is low: the most sensitive data being organisational bank account info, contact number and e-mail address. The risk of data breach is small – primarily the accidental disclosure of names & e-mail addresses. Overall impact: LOW 

Partners & Stakeholders’ Data 

The volume of personal data is low and the sensitivity of the data is very low: the most sensitive data being contact details. The risk of data breach is small – primarily the accidental disclosure of names & e-mail addresses. Overall impact: LOW

3. How we collect your data

We collect data in three main ways:

• Directly from you – for example when you become a member or director, sign up for a mailing list or newsletter, register for an event, or contact us via the website, email or telephone.
• From your organisation or partners – for example when a member organisation nominates you as a contact, or when we co-host an event and share attendee lists in a transparent way.​
• From publicly available professional sources – such as organisational websites or professional profiles, where this is relevant to our networking and policy work.​

4. How and why we use your data

We use your personal data only for our legitimate not-for-profit purposes, including to:

• Manage our membership, governance, delivery programme and working groups.
• Organise and run events, meetings and webinars, and follow up afterwards.
• Send you information about UK IDG activities, events, publications and opportunities that we reasonably believe are relevant to your role and interests.​
• Maintain relationships with partners, funders, sponsors and other stakeholders.
• Administer our finances and comply with legal or regulatory requirements.
• Operate, secure and improve our website and digital services.​

Our main legal basis for using personal data is legitimate interests – running and developing UK IDG in a way you would reasonably expect, with minimal impact on your privacy. Depending on the context, we may also rely on:​

• Contract – for example where we have an agreement with you or your organisation and need to process data to perform it.​
• Consent – for certain newsletters, marketing-style communications or use of photographs/recordings, where this is appropriate.​
• Legal obligation – where we must keep or share information to comply with the law or with regulatory requirements.​

We do not use your personal data for automated decision-making that has legal or similar significant effects on you.​

5. Sharing your data

We do not sell your personal data and we do not share it with others for their own independent marketing.​

We may share data, where necessary and appropriate, with:

• Service providers who help us run UK IDG (for example, email platforms, event tools, cloud storage, IT support or professional advisers).​
• Event partners or co-hosts where we are jointly delivering an event and it is clear that this is the case.​
• Regulators, law enforcement or public authorities if the law requires us to do so.​

Where others process data on our behalf, they must follow our instructions, keep your data secure and only use it for the agreed purposes. 

6. How long we keep your data

We keep personal data only for as long as we need it for the purposes described in this policy, and to meet legal, accounting or reporting obligations. In general:​

• Governance and director records are retained for several years (often 5 years) after you leave your role, and sometimes longer where the law requires.
• Membership and stakeholder contact details are kept while the relationship is active and for a reasonable period afterwards (usually up to 3 years).
• Event records are normally kept for up to 3 years after the event.
• Financial records are typically kept for at least 6–7 years.

When data is no longer needed, we delete it securely or anonymise it.​

7. How we protect your data

We take appropriate technical and organisational measures to protect personal data from loss, misuse or unauthorised access. These include:​

• Limiting access to personal data to people who need it for their role.
• Using secure, password-protected systems and reputable cloud services.
• Applying appropriate security settings, backups and, where relevant, encryption.
• Providing guidance and training to directors and relevant others on handling personal data responsibly.​

No system can be guaranteed 100% secure, but we work to keep your data protected in a way that is proportionate to the risks involved.​

8. Your rights

You have several rights under UK data protection law. In most cases you can:

• Ask for a copy of the personal data we hold about you.
• Ask us to correct inaccurate or incomplete data.
• Ask us to delete your data, or to restrict how we use it, in certain circumstances.
• Object to our use of your data where we rely on legitimate interests, including for direct communications.​
• Withdraw consent at any time where we are processing data on the basis of your consent.​

To exercise any of these rights, please contact us at hello@ukinnovationdistricts.co.uk or write to us at the registered postal address. We may need to ask for information to confirm your identity and we aim to respond within one month.

If you are unhappy with how we handle your data, you can also complain to the Information Commissioner’s Office (ICO), the UK data protection regulator – details are available at www.ico.org.uk.

9. Cookies and website use

Our website (www.ukinnovationdistricts.co.uk) may use cookies and similar technologies to:​

• Make the site work properly and securely.
• Understand how visitors use the site and help us improve content and navigation.
• Remember certain preferences where you choose them.

Where cookies are not strictly necessary, we will seek your consent and provide options to manage your preferences, typically via a cookie banner or settings tool. 

10. Changes to this policy

We may update this Data Protection and Privacy Policy from time to time to reflect changes in our activities or in the law. The latest version will always be available on our website and will show the date it was last updated.​