Privacy and Cookies Policy
1. Who we are
1.1. The Filo Project operates www.thefiloproject.co.uk and is responsible for protecting any personal data you provide to us.
1.2. Contact:
■ 0333 939 8225
1.3. Data Protection Officer: Caroline James
1.4. Chief Operating Officer: Jude Pinder
2. The information we collect
2.1. We only collect the information we genuinely need to provide our services or respond to your requests. This may include:
■ General enquiries: your name, email address, phone number, and
message
■ Online referrals: your name and contact details, your relationship to the
person being referred, and details of the individual being referred
(including relevant health or care information)
■ Website usage: your IP address, browser type, and pages visited (via
cookies and analytics tools)
3. Why we collect your data
■ Purposes: responding to enquiries, processing online referrals, sending newsletters or updates and improving our website and services
■ Data Collected: contact details and message, referrer and client details (including health data), email address and IP address, usage data
■ Legal Basis: consent / legitimate interests, consent / vital interests/provision of health or social care, consent and legitimate interests
4. Special category data
4.1. For online referrals, we may process health-related information. We handle this securely and lawfully under Article 9(2)(h) UK GDPR, as part of providing health and social care services.
5. Who we share your data with
5.1. We only share data with:
■ Secure IT, hosting, and email providers
■ Trusted systems that manage referrals and service delivery
■ Legal or regulatory bodies, if required by law
5.2. All partners are bound by strict confidentiality and data protection agreements.
6. Transfers outside the UK
6.1. If we need to transfer data outside the UK, we ensure that appropriate safeguards are in place—such as adequacy decisions or approved contractual terms—so your data remains protected.
7. How long do we keep your data
7.1. We keep data only for as long as needed:
■ Enquiries: up to 2 years
■ Online referrals: in line with service delivery and safeguarding requirements
■ Newsletter subscriptions: until you unsubscribe
■ Analytics data: up to 12 months, anonymised where possible
8. Your rights
8.1. You can:
■ Ask for a copy of your personal data
■ Have incorrect data corrected
■ Request deletion of your data
■ Restrict or object to processing
■ Withdraw consent at any time
■ Make a complaint to the Information Commissioner’s Office (ICO) at www.ico.org.uk
9. How we protect your data
9.1. We take data protection seriously. Measures we use include:
■ Encrypted storage and transmission of data
■ Access is limited to authorised staff only
■ Regular reviews of security procedures
■ We also embed “privacy by design” into all our systems and processes
10. Cookies & tracking
10.1. We use cookies to make our site work effectively and to understand how visitors use it. You can manage your cookie preferences via your browser settings or, where available, through our cookie consent tool.
11. Changes to this policy
11.1. We review and update this policy at least once a year, or whenever our data handling practices change. Any significant updates will be clearly posted on our website.
Policy drafted by Chief Operating Officer (JP), 12 August 2025
Policy approved by Directors (LP & LD), 14 August 2025
Policy start date, 14 August 2025
Policy review due, 14 August 2025