Data Protection


The protection of personal data is paramount to us. This policy outlines our commitment to ensuring that data is collected, stored, processed, transferred and used in compliance with the UK GDPR and the amended version of the DPA 2018.

This policy applies to all members, volunteers and staff. It encompasses all personal data processed, regardless of the data medium or where the data is stored. Our practices are anchored on transparency, fairness and lawful reasons for data processing.

Principles of Data Protection

We adhere to the principles relating to the processing of personal data as outlined in the UK GDPR, including:

Lawfulness, Fairness, and Transparency: Data is processed lawfully, fairly, and transparently.

Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes.

Data Minimisation: Only necessary data for the specified purpose is processed.

Accuracy: Data kept is accurate and up-to-date.

Storage Limitation: Data is kept only as long as necessary for its purpose.

Integrity and Confidentiality: Data is processed in a manner that ensures its security.

Data Subject Rights

All individuals have specific rights concerning their personal data, including:

  • The right to be informed
  • The right to access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights related to automated decision-making, including profiling

We are committed to honouring these rights and will maintain procedures to ensure they can be exercised effectively.

Our Privacy Policy is here.

CRM System

We use the CRM system for our contact data management. Our installation on this platform includes GDPR-specific functionality, ensuring enhanced protection and compliance. For more details on Hubspot’s GDPR resources, visit: Hubspot GDPR Resources.

ICO Registration and Exemption

While many organisations need to pay a data protection fee to the Information Commissioner’s Office (ICO), Autistic Community Hub CIC, as a non-profit organisation, is exempt from this requirement. To maintain our exemption status, we pledge to:

  • Process only the necessary information to establish or maintain membership or support.
  • Only process information essential to provide or administer activities for our members or those who have regular contact with us.
  • Ensure that the personal data we process is restricted only to the information that aligns with our exempt purpose.

Data Breaches

In the unfortunate event of a data breach, we will promptly notify the individuals affected and the ICO, as per the requirements of the UK GDPR.


This guidance will be reviewed annually to ensure that it remains effective and aligned with the needs and aspirations of Autistic Community Hub CIC and its community of members, staff, volunteers and partners.

This policy was last updated March 2024.