Glass Futures Ltd Customer Privacy Notice

Author: Alanna Halsall

Date: 26/11/25

 

Contents

Contact details   2

What information we collect, use, and why  2

Lawful bases and data protection rights   3

Where we get personal information from     6

How long we keep information   6

Who we share information with   7

How to complain   7

Last updated   7

November 2025   7

 

 

 

Contact details

Post
Glass Futures, James Roby Way, St Helens, Merseyside, WA9 5DT, England

Email
info@glass-futures.org

What information we collect, use, and why

We collect or use the following information for the operation of customer accounts and guarantees:

  • Names and contact details
  • Addresses
  • Payment details (including card or bank information for transfers and direct debits)
  • Account information, including registration details
  • Marketing preferences

 

We collect or use the following information for service updates or marketing purposes:

  • Names and contact details
  • Addresses
  • Marketing preferences
  • Location data
  • Recorded images, such as photos or videos
  • Website and app user journey information

 

We collect or use the following information for recruitment purposes:

  • Contact details (e.g. name, address, telephone number or personal email address)
  • Date of birth
  • National Insurance number
  • Copies of passports or other photo ID
  • Employment history (e.g. job application, employment references or secondary employment)
  • Education history (e.g. qualifications)
  • Right to work information

 

We only collect special categories of personal data about you in very specific circumstances, such as where we are required to do so in connection with any recruitment or funding opportunities which may be used to benefit you or your organisation (this may include details about your race or ethnic origin and information about your health and/​or any disability).

 

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information for the operation of customer accounts and guarantees are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • We process personal information for the operation of member accounts and guarantees because it is essential to provide the services and benefits that individuals expect as part of their membership. This includes maintaining accurate records, enabling secure access to member-only resources, and ensuring that any guarantees or entitlements linked to membership are fulfilled. The benefits of collecting and using this information are significant:
      • Efficient Service Delivery – Members can access tailored communications, resources, and benefits without unnecessary delays.
      • Account Security – Accurate personal data helps us protect members from fraud and unauthorised access.
      • Compliance and Guarantees – We can uphold contractual obligations and provide the guarantees associated with membership.
    • These benefits outweigh potential risks because we implement robust safeguards, including secure storage, restricted access, and compliance with data protection legislation. We only collect information necessary for these purposes and do not use it in ways that would unfairly prioritise our needs over members’ rights. Members retain control through clear privacy notices and the ability to exercise their data rights at any time.

 

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

 

Our lawful bases for collecting or using personal information for service updates or marketing purposes are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • We process personal information for marketing purposes to keep members informed about relevant services, benefits, events, and opportunities that support their membership experience. This includes sending updates, newsletters, and tailored communications that help members make the most of what we offer. The benefits of collecting and using this information are:
      • Relevant and Timely Information – Members receive updates about services, events, and offers that are directly connected to their interests and membership.
      • Enhanced Member Experience – Personalised communications ensure members can access opportunities that add value to their membership.
      • Community Engagement – Marketing helps maintain a strong connection between members and the organisation, fostering a sense of belonging and participation.
    • These benefits outweigh potential risks because we use secure systems, respect members’ communication preferences, and provide clear options to opt out at any time. We only process information necessary for these purposes and do not use it in ways that would unfairly prioritise our needs over members’ rights. Our approach complies with data protection legislation and ensures transparency and choice for members.

 

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

 

Our lawful bases for collecting or using personal information for recruitment purposes are:

  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

 

Where we get personal information from

  • Directly from you

 

How long we keep information

  • We collect email addresses to communicate with members, individuals interested in joining, and applicants for recruitment purposes. This enables us to provide updates, manage membership services, and process applications effectively. Our lawful basis for processing is legitimate interests, as ongoing communication is essential for delivering value and managing recruitment processes.
  • We keep email addresses only for as long as they are necessary for these purposes:
    • Membership and Engagement: To maintain communication with current and prospective members.
    • Recruitment: To process applications and maintain contact during recruitment. If you are unsuccessful, we will retain your details for a limited period (typically 6) to manage queries or consider you for future opportunities, unless you request deletion sooner.
  • We regularly review retention periods and remove data when it is no longer required. You can request deletion of your email address at any time by contacting us, in line with your rights under UK GDPR.

Who we share information with

Under recruitment and employee contracting purposes, we will share personal information with

  • Data processors
  • Insurance companies
  • Health care providers
  • Professional or legal advisors
  • Relevant regulatory authorities
  • External auditors or inspectors
  • Organisations that we’re legally obliged to share personal information with
  • Emergency services
  • Previous employers
  • Suppliers and service providers
  • Other relevant third parties

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated

November 2025