You are here:

Privacy Policy

Windsor Castle.

Privacy Policy

This policy sets out the basis of how Windsor Leadership collects and processes your information.

The Windsor Leadership Trust (Windsor Leadership) complies with the General Data Protection Regulation (GDPR) of May 2018. We will not sell, trade or license your information. We will not share your personal information with others, unless required to do so by law, or for fulfilling the services that we deliver and that you have signed up to.

This policy was most recently updated in June 2018.

How we will protect information about you

We do our utmost to protect your privacy.  We follow stringent security procedures regarding the storage and disclosure of information which you have given us, in order to avoid unauthorised loss or access. As such we have implemented industry-standard security systems and procedures to protect information from unauthorised disclosure, misuse or destruction.

How we use your information

We ask for business and personal information from you. The business-related information is used to manage you through the process of attending our programmes, joining our Alumni group for networking, supporting our work, and supporting you with information and events around personal development. Personal data is required for security clearance in Windsor Castle, assessment of your application form to join our programmes and to keep in contact with you after the programme (with your agreement). Read more about how and why we use your data here:

Administration on our programmes and events

We ask for information to process your application forms and provide you with access to our programmes and events.

  • Your name, business and organisational details
    • Details such as your name, job title, organisation, and experience are used before the event to help us ascertain the right level of programme for you. This data is also used to manage the logistics of your attendance before, during and after an event/programme. You and your organisational details will be shared amongst the event/programme team, your co-participants and service providers directly associated with the delivery of the event/programme, including venues and taxi companies. This information is kept as a record of your attendance and will be used for subsequent communications related to your personal development with Windsor Leadership, and any communications promoting other opportunities where we have your consent.
  • Diversity
    • Through the application forms, we collect diversity information about yourself, including ethnicity and faith. There is no obligation to provide this information, but should you agree to do so, it helps to ensure diversity amongst our event syndicate groups, and to ascertain the diversity of our participants over a year, which we report on in our Trustees end-of-year report. None of this information is attributed to you personally outside of our database, but it is kept within your record after the event in case, with your consent, you wish to be notified of upcoming events, or we wish to invite you to contribute or speak at future events highlighting the diversity topic.
  • Security
    • Personal information about you, including your name, date of birth, home address and a passport style photo, is required by the security department at Windsor Castle. All attendees on all of our castle based events must have security clearance to be allowed in. Car details are shared where applicable.
  • Emergency contact details
    • All programme attendees, staying overnight, are asked for the name and phone number of a contact to be used in the case of emergencies. This is shared with the venue concerned and our event/programme team only, and all copies are collected back in and destroyed after the event. These are also deleted from your file after the event or Part Two of your programme, unless you have requested otherwise (e.g. you may attend our events regularly, and do not wish to submit the same information over and over).
  • Personal details
    • You may choose to provide your personal email addresses as a back-up, as this enables us to keep in touch with you even after you have moved from your current organisation to another. By informing us, you may choose for these details to be your primary means of communication, and these will be kept on file until you request otherwise. To meet security pass requirements, we collect your date of birth, which we keep on file to also help assess age distribution of our attendees, as well as your home address, to allow us to contact you about alumni events taking place close to your home region.
  • Programme Feedback
    • At the end of each event/programme, we ask for feedback from you to help shape our future programmes. The returned information is kept on your record indefinitely as it may be referred back to in the future, e.g. when you come back for another event/programme with us. We share feedback pertaining to our speakers and programme team to help with their own development, but this is shared anonymously and never attributed to you without your express permission.


On each programme we take a group photograph of programme participants as a souvenir for participants. This is shared with participants of the programme by email, on our alumni portal and sometimes used for marketing and PR purposes. In addition, we occasionally take photographs at programmes and events for PR and Marketing purposes.

We will always let you know in advance if we are doing this, and if you do not wish to appear in any of these photographs please let a member of the Windsor Leadership Team know. No names will be attributed to the photographs when used, unless express permission is given.

Use of our alumni portal network

Our Alumni portal, is used for networking and information sharing around leadership development. Those who sign up, agree to terms specific to the portal (supplied by Graduway), meaning Windsor Leadership can maintain communication via email for newsletters, information about upcoming events, requests for introductions and programme nominations, updates on our Alumni Giving and membership schemes, and information believed to be useful to support Alumni further around their own leadership development.

Individual Alumni have control over their own data record on the portal, including the ability to update or delete their information.

Alumni Giving Scheme (AGS)

If you choose to join our regular giving scheme we require certain details to manage your account and to collect payment, including name, address and payment details. Personal addresses will be required to support Gift Aid declaration, and to enable any required invoicing. All other payments are electronic. Banking details will be required and held securely, please see the section on 'Payments and financial records' for more information. 

We will write via email to tell you about the impact of your donation, and to administer your payment(s). With your consent, we will email you to promote events and benefits relating to the Alumni Giving Scheme.

Speakers, Chairs and Facilitators

How we use and store your personal and contact information is covered within this Privacy Policy, including under ‘Administration on our Programme and Events’, above.

In addition, where we receive feedback from participants on your delivery/facilitation etc., this will be shared with you anonymously. This feedback will then be stored within your file for reference in the future. You are welcome to ask for past feedback at any time.

After agreeing to speak or work with us, we will promote the associated programme or event using your name, photograph and brief biography. This will be kept on your file for use on further events, in order that we can use it again. You may request for any of this information to be amended or erased.

Keeping in touch

We value our Alumni and supporters and encourage on-going contact to provide information on leadership, invitations to events, and introductions for programme nominations or networking. To do this, we communicate via email, with consent, using Outlook, Mailchimp (MailChimp store their data in the US but participates in and has certified its compliance with the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield) and our Alumni Portal, Graduway (Graduway stores the data on the portal in the European Union and uses a third-party provider for mass emailing services who are based in the US and are Privacy Shield certified.) Consent can be withdrawn at any time.

  • Networking
    • Although mostly managed through our Alumni Portal, we are sometimes asked by an Alumnus/a to be introduced to someone. The requested party is then contacted by email, and then only after they have agreed, we connect both parties by email.
  • Nominations
    • Our Alumni are our best providers of nominations for the programmes, and so we write occasionally to request nominations, especially when seeking participants from particular sectors, with certain levels of experience, or who may be interested in specific topics.
  • Further development
    • We notify Alumni about upcoming events, including the Annual Lecture, Breakfast Briefings, the Leadership Academy, workshops and discussion groups.
  • Newsletter and surveys
    • We send regular Windsor Leadership newsletters and an annual survey, administered through Survey Monkey (SurveyMonkey stores its data in the US but participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield). The survey helps us to develop our thinking and offerings and has been instrumental in shaping the positive changes to Windsor Leadership over the years.

When you visit our website

Our own web site, and the use of it, is covered by this policy. If you leave our site via a link or otherwise, you will then be subject to the policy of that website provider. We may collect and process the following data about you:

  • Information that you provide by filling in forms on our site
  • A record of correspondence, when you contact us
  • Details of your visits to our site including, but not limited to, traffic data, location data, weblogs, operating system, browser usage and other communication data. To find out more please read our cookies policy.

Payments and financial records

  • Programmes and Events
    • For attendees paying for themselves by BACS or cheque, we require your name and a personal address for invoicing, which is then recorded on our finance software, Sage. For those paying by credit card, we will take your credit card details for processing payment, but we do not keep these details.
  • Alumni Giving Scheme and personal donations
    • For annual and monthly personal donations – we require your name, address and bank details to set up a Direct Debit. Your bank details are kept secure within our CAF Donate software, and are deleted after your Direct Debit period has finished. We will only need your name and address when you are using other payment methods if you are requiring an invoice.

      • None of your personal banking details are shared with any third party, except our bank, CAF Bank.

      • We keep records of banking and financial transactions, as well as Gift Aid forms for a minimum of 6 years from the end of the financial year to which they relate, in line with Government stipulation.

  • Some of Sage’s applications or services or parts of them may also be hosted in the United States or otherwise outside of the EEA. In each case, such transfers are made in accordance with the requirements of Regulations (EU) 2016/679 (the General Data Protection Regulations or “GDPR”) and may be based on the use of the European Commission’s Standard Model Clauses for transfers of personal data outside the EEA.

Your rights

You have the right to access, amend, erase, or object to the data that we hold on your file. Details on these procedures are found here:

  • Access
    • You have a right to access any information that we hold about you. If after receiving this information, you wish to delete any of your personal data you may request to do so. You can also contact us to discuss and understand how we use and process your personal data. The reason we collect personal data is explained within this Privacy Policy, but should you have further questions or concerns, please speak to any member of Windsor Leadership staff. If you do not feel satisfied with the answer, you may arrange to speak with our Data Protection Lead, who will deal with your query.
  • Amend
    • You have a right to review and amend the information that we hold within your file. We are grateful to receive any updates on your own circumstances – change of job role, new contact details etc., and will amend accordingly. Those using our Alumni Portal have direct access to make their own amendments within the portal.
  • Erase
    • You have the right to request for any of your personal data to be deleted from your file. We will acknowledge your initial request within 72 hours. If Windsor Leadership feel they have the need or a legal obligation to keep some of your information on file, this will be explained to you. If this still does not meet your deletion request, you may take the request to a more senior staff member within Windsor Leadership, or take any complaint to the ICO
  • Object
    • You have the right to object to the way Windsor Leadership processes your personal data. Any objection should be addressed to our Data Protection Lead, who will then assess your objection, and discuss next steps with you. If our resolution does not meet your objection statement, you may take your objection further to the ICO, who will decide on the final course of action for both parties.
  • Unsubscribe
    • You have the right to unsubscribe from any of our email or direct marketing communications at any time. To unsubscribe you can either email, call 01753 830202 or follow the unsubscribe link at the bottom of our marketing emails. If you wish to unsubscribe from a particular type of marketing communications please ask to speak to our Alumni Relationship Manager or our Data Protection Lead who will discuss the options with you. We will keep a note on your file to log an unsubscribe request so that we do not write to you again.

Data breach 

If you are aware of a breach of our data security or feel a breach might be imminent, please inform Windsor Leadership at once, by calling or emailing our office and addressing your concerns. The Data Protection Lead will note the details of your concern and will action accordingly, including further preventative action. An assessment will be made as to the severity of the breach or the potential breach, and relevant parties will be notified. These might include the ICO and the data subjects affected. Decisions for action will occur within 72 hours of any notification and all notification actions and outcomes will be logged.  

How to contact us

All enquiries relating to our Privacy Policy should be addressed to: Windsor Leadership, Adair House, Madeira Walk, Windsor, SL4 1EU or emailed to Tel. 01753 830202.

How to contact The Information Commissioners Office (ICO) 

If you are not happy with the way we process, store and use your personal data you can raise your concern with Windsor Leadership. You can also complain to the Information Commissioners Office here.