Included, Not Excluded – Every autistic learner. Every choice. Every future.
We know privacy policies can feel dense, so here is a simple overview:
If you would like more detail, the full policy is set out below.
Last updated: April 2026
BeyondAutism (“we”, “us”, “our”) is committed to protecting and respecting your personal data.
This policy explains what personal data we collect, why we use it, how we keep it safe, and the rights you have.
We process personal data in line with the UK GDPR, Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), and current UK guidance.
Personal data means any information that can identify you, either directly or indirectly.
We aim to be clear and transparent about how we use your information, so you can feel confident in how it is handled.
We use personal data in a way that is lawful, fair and transparent. Depending on the activity, we rely on one or more of the following legal bases:
Where we rely on legitimate interests, we carry out appropriate assessments to ensure your rights are protected.
| Activity | Lawful Basis |
|---|---|
| Service delivery (education, care, admissions) | Contract; Legal obligation |
| Safeguarding and child protection | Legal obligation; Vital interests; Substantial public interest |
| Training and outreach services | Contract; Legitimate interests |
| Fundraising communications | Consent; Soft opt-in (legitimate interests under PECR) |
| Marketing (general updates, newsletters) | Consent; Soft opt-in |
| Donor management and Gift Aid | Legal obligation; Legitimate interests |
| HR and staff management | Contract; Legal obligation |
| Website analytics and improvement | Consent; Legitimate interests (for essential functionality) |
We take the security of your personal data seriously.
We have appropriate technical and organisational measures in place, including:
While we take all reasonable steps to protect your data, information sent over the internet is not completely secure. Once we receive your data, we use strict procedures to reduce the risk of unauthorised access.
We only collect and use personal data where it is necessary for our work.
In most cases, BeyondAutism acts as a data controller, meaning we decide how and why your data is used.
In some situations, such as when we deliver services on behalf of local authorities or partners, we act as a data processor, following their instructions. In these cases, appropriate agreements are in place to protect your data.
We will make our role clear where this affects how your data is used.
We collect and process personal data to deliver education, care and support services.
We may also contact you about relevant services where permitted.
Where we process sensitive data, such as health information, we do so under appropriate legal bases and safeguards.
We retain data only as long as necessary and in line with our Data Retention Policy.
We process data relating to training participants and professionals.
Data is retained only as long as necessary for delivery, compliance and audit purposes.
We process personal data to communicate with supporters, donors and stakeholders.
We send marketing communications by email, SMS or similar channels where:
Soft opt-in applies only to individual subscribers (not corporate subscribers) and allows us to contact you where:
For the purposes of soft opt-in, “similar services” means communications relating to:
We do not use soft opt-in for:
You can opt out at any time by:
Opting out of marketing communications will not affect our ability to contact you regarding services you are receiving, or other essential administrative or safeguarding communications.
We process personal data to manage employment and volunteering.
We retain staff data in accordance with employment law and regulatory requirements.
We collect personal data when you:
We use cookies in line with UK guidance:
You can manage cookie preferences via our cookie banner.
We do not sell, rent or trade personal data to third parties.
We only share personal data where it is necessary and lawful. This may include sharing with:
We ensure appropriate safeguards and contracts are in place whenever data is shared.
We may also share data where required by law, or where necessary to protect individuals.
Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:
We assess transfers on a case-by-case basis and implement additional safeguards where necessary to ensure that personal data receives an equivalent level of protection.
You have rights over your personal data. These include the right to:
We aim to respond to all requests within one month. If a request is complex, we may take longer, but we will keep you informed.
In some cases, we may not be able to fulfil a request, for example where we must retain data for legal or safeguarding reasons. If this applies, we will explain why.
To exercise your rights, contact: info@beyondautism.org.uk
If you have concerns, contact us first at info@beyondautism.org.uk.
You also have the right to complain to the Information Commissioner’s Office (ICO):
https://ico.org.uk/concerns
BeyondAutism
Gatehouse by Spacemade
1 Armoury Way
London
SW18 1TH
Email: info@beyondautism.org.uk
We keep this policy under regular review to reflect legal and regulatory updates.
Significant changes will be clearly communicated on our website.