Last updated: February 2026

1. Introduction

SEE Change Happen Ltd is committed to protecting the personal data of everyone who uses The Trans Inclusion Toolkit website and our related services. This policy explains how we collect, process, store, and protect personal data in compliance with the UK Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).

This policy should be read alongside our Privacy Policy, which provides broader information about cookies, analytics, and third-party services.

2. Data Controller

The data controller for personal data collected through this site is:

SEE Change Happen Ltd
Company Registration No: 13138905
Registered Address: 1 The Briars, Waterberry Drive, Waterlooville, PO7 7YH
Contact: info@seechangehappen.co.uk

As data controller, we determine the purposes and means of processing personal data and are responsible for ensuring that processing complies with data protection law.

3. What We Collect

We collect the following categories of personal data:

Personal data provided via forms

When you submit a form on this site, we collect the data you provide. This may include:

• First name and last name
• Email address
• Job role or title
• Organisation name
• Areas of interest (selected from checkboxes)
• Free-text messages

All forms are processed through HubSpot, our customer relationship management platform. Form submissions create contact records in HubSpot CRM.

Automatically collected data

We collect anonymised analytics data through Google Analytics and Jetpack Stats. This includes page views, session duration, referral source, device type, and approximate geographic location. IP addresses are anonymised before storage. This data cannot be used to identify individual users.

4. How We Use It

We use personal data for the following purposes:

• Responding to enquiries — using the contact details you provide to answer your questions and follow up on your interests
• Delivering research materials — sending you the Beyond Compliance research findings, resource packs, and related content you have requested
• Improving our services — understanding how visitors use the site helps us improve content, navigation, and functionality
• Marketing communications — with your explicit consent, sending you updates about our research, events, and services. You may opt out at any time
• Regulatory compliance — meeting our legal obligations under data protection law

5. Legal Basis for Processing

Under the UK GDPR, we must have a lawful basis for each processing activity. We rely on the following:

• Consent (Article 6(1)(a)) — you give explicit consent when you submit a form, subscribe to our communications, or accept cookies. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal
• Contract performance (Article 6(1)(b)) — where you have requested a specific service (such as a diagnostic workshop, executive briefing, or governance review), we process your data as necessary to deliver that service
• Legitimate interests (Article 6(1)(f)) — we use analytics data to improve our website and services. We have conducted a balancing test and determined that this processing is proportionate and does not override your fundamental rights and freedoms

6. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption in transit — the site uses HTTPS (TLS) encryption for all connections
• Secure data processing — form data is processed and stored by HubSpot, which maintains SOC 2 Type II certification and implements enterprise-grade security controls
• Access controls — access to personal data is restricted to authorised personnel on a need-to-know basis
• Regular review — we periodically review our security practices and update them as necessary

While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Contact form and enquiry data — retained in HubSpot CRM for the duration of the business relationship plus 2 years
• Email subscriber data — retained until the subscriber opts out or requests deletion
• Analytics data — retained according to Google Analytics and Jetpack default retention periods (typically 14–26 months)

When data is no longer needed, it is securely deleted or anonymised. You may request deletion of your personal data at any time by contacting info@seechangehappen.co.uk.

8. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

• Right of access (Article 15) — you may request a copy of the personal data we hold about you. We will provide this within 30 days of your request
• Right to rectification (Article 16) — if the data we hold about you is inaccurate or incomplete, you may request that we correct it
• Right to erasure (Article 17) — you may request that we delete your personal data. This is sometimes known as the “right to be forgotten”. We will comply unless we have a legal obligation to retain the data
• Right to restriction of processing (Article 18) — you may request that we limit how we process your data while a concern is being resolved
• Right to data portability (Article 20) — you may request your data in a structured, commonly used, machine-readable format so that you can transfer it to another service
• Right to object (Article 21) — you may object to processing based on legitimate interests or direct marketing. We will stop processing unless we can demonstrate compelling legitimate grounds
• Rights related to automated decision-making (Article 22) — we do not use automated decision-making or profiling that produces legal or similarly significant effects
• Right to withdraw consent — where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal

To exercise any of these rights, please contact info@seechangehappen.co.uk. We will respond within 30 days of receiving your request. If we need more time (up to a further 60 days for complex requests), we will inform you and explain why.

9. International Transfers

HubSpot, our CRM and marketing platform, processes some data in the United States. HubSpot maintains appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Agreement.

Google Analytics may also process data outside the UK/EEA under appropriate safeguards. For details, please refer to Google’s data transfer frameworks.

We only transfer personal data to countries or organisations that provide an adequate level of protection or where appropriate safeguards are in place.

10. Complaints

If you believe your data protection rights have been infringed, we encourage you to contact us first so we can try to resolve the issue:

Email: info@seechangehappen.co.uk
Post: SEE Change Happen Ltd, 1 The Briars, Waterberry Drive, Waterlooville, PO7 7YH

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent authority for data protection:

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: https://ico.org.uk
Telephone: 0303 123 1113

11. Policy Updates

This policy may be updated from time to time. Changes will be posted on this page with a revised “Last updated” date. We encourage you to review this policy periodically to stay informed about how we protect your data.