Allia Impact Limited (“we”, “us”, “our”) is registered in England and Wales (company number 11559182) and registered with the ICO under registration number ZA536202.
We are committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains how we, as a data controller, collect, use, disclose, and safeguard your information when you visit our website and engage with our services.
- Personal data we collect
We may collect and process the following categories of personal data:
- Information you provide to us
This includes, but is not limited to:
- name, job title, employer
- contact details (address, email, phone number)
- billing and payment information
- information contained in correspondence
- information provided through contact forms, application forms and surveys
- Data collected automatically
- IP address
- browser type and version
- device information
- pages visited and time spent on our website
- cookies and tracking technologies
- Data from third parties
- employers or organisations providing access to our services
- analytics providers (e.g., website analytics tools)
- CRM or sales platforms
Our services are not intended for children under the age of 18 and we do not knowingly collect personal data from children.
- How we use your data
We may process your data for the following purposes:
- delivery of enterprise support programmes and other services
- evaluating the effectiveness of our services
- managing contracts and customer relationships
- responding to enquiries
- processing payments and invoices
- improving our website and services
- sending service-related communications
- marketing communications (where lawful)
- complying with legal obligations
- Lawful bases for processing
Under UK GDPR, we rely on the following lawful bases:
| Purpose | Lawful basis |
| Delivering business support programmes and contracts | Contract |
| Maintaining relationships with users and stakeholders, managing and developing our services, direct marketing, internal administration, ensuring business continuity | Legitimate interest |
| Marketing communications and website analytics | Consent |
| Legal compliance | Legal obligation |
Where personal data is processed on the basis of legitimate interests, we balance these interests against your rights.
- Sharing your information
We may share your personal data where we consider necessary with:
- employees and authorised contractors
- other members of the Allia Group
- programme delivery partners
- IT and cloud service providers (including Microsoft, Hubspot and Airtable)
- payment processors
- professional advisers (legal, financial)
- regulatory authorities (where required)
All third parties are required to respect the security of your data and process it lawfully. A full and up-to-date list of our sub-processors is available on request.
We do not sell your personal data.
- International transfers
We only transfer personal data outside the UK for processing by specific sub-processors. When we do so, we will only make a transfer that is covered by:
- UK adequacy regulations
- appropriate safeguards (as set out in Article 46 of the UK GDPR)
- an exception (as set out in article 49 of the UK GDPR)
- Data retention
We retain personal data only as long as necessary. Our standard retention periods include:
| Data type | Retention |
| Unsuccessful applications for support or funding | 12 months |
| Data from programme participants | 6 years after end of programme |
| Financial records | 6 years from end of relevant financial year |
| Contracts and agreements | 6 years after contract ends |
| Marketing data | 2 years after last activity |
| Website analytics | 2 years |
| Complaints and feedback | 3 years after closure |
At the end of a retention period, or earlier if data is no longer needed, we will erase (as far as practicable) or anonymise data so that it is no longer in a form that permits identification of individuals.
- Data security
Allia Impact is Cyber Essentials certified. We implement appropriate security measures, including:
- access controls and authentication
- encryption where appropriate
- regular security reviews and testing
- staff training on data protection
- Automation
We do not carry out any automated individual decision-making or profiling.
- Your rights
Under UK GDPR, you have the right to:
- access your personal data
- request correction of inaccurate data
- object to direct marketing
- request erasure of your data
- restrict or object to processing
- request data portability
- withdraw consent at any time (where applicable)
All marketing communications will contain a link to opt out.
To exercise your rights in any other way, contact us using the details below. We aim to respond to all valid requests as soon as possible and within one calendar month, as required under UK GDPR.
- Data breach handling
In the event of a data breach we will, where required, notify the Information Commissioner’s Office (ICO) without undue delay and within 72 hours. If the breach is considered likely to result in a high risk of adversely affecting your rights and freedoms, you will also be informed directly and without undue delay.
- Complaints
If you are not satisfied with how we handle your data, please contact us using the details below so we can resolve your complaint.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
ICO Website: https://www.ico.org.uk
ICO Helpline: 0303 123 1113
- Cookies
We use cookies in accordance with UK GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003. This includes:
- strictly necessary cookies
- performance/analytics cookies (with consent)
- functionality cookies
You can manage preferences via our cookie banner or browser settings. We will not set non-essential cookies without your prior consent.
For more details, see our Cookie Policy.
- Third-party links
Our website may include links to external sites. We are not responsible for their privacy practices.
- Changes to this policy
We may update this Privacy Policy periodically. Updates will be posted on this page with a revised effective date.
- Contact us
Allia Impact Limited
Email: gdprcompliance@allia.org.uk
Address: Future Business Centre, King’s Hedges Road, Cambridge, CB4 2HY
Effective date: 5 June 2026