Privacy Policy

Refugee Ride Collective CIC
Company number: 16436456
Last updated: 3 June 2025

1. Who We Are

Refugee Ride Collective CIC is a small, volunteer-run organisation supporting people with lived experience of the UK asylum system to participate in road cycling. We are based in London, UK.

Our website address is: www.refugeeridecollective.cc
Our contact email is: info@refugeeridecollective.cc

2. What We Collect

We may collect and process the following types of personal information:

  • Name

  • Contact details (email, phone number, address)

  • Date of birth

  • Gender identity

  • Country of origin

  • Refugee or asylum status (e.g. whether status is secured and approximate date)

  • Optional indicators of vulnerability (e.g. destitution, disability, mental illness – only if freely shared)

  • Consent preferences (e.g. media use, contact permissions)

We aim to only collect information that is necessary and proportionate to the activities you’re taking part in.

3. How We Use Your Data

We use your data to:

  • Contact you about activities you’ve signed up for

  • Deliver our cycling-related programmes safely and effectively

  • Report anonymised demographic data (such as date of birth, country of origin, and refugee status) to funders and supporters

  • Promote our work, including through anonymised stories and photographs, only with your explicit consent

  • Understand and improve who we reach

  • Keep track of your communication and consent preferences

We do not use your data for automated decision-making or profiling.

4. How Long We Keep Your Data

We only keep your data for as long as necessary for the purposes described in this notice. As a matter of best practice, we will securely delete or anonymise your personal data if you have not engaged with us for three years.

You can ask us to delete your data at any time by contacting info@refugeeridecollective.cc.

5. Data Storage and Security

We use the following services to collect and store data securely:

  • Cognito Forms (used for sign-up forms): All data is encrypted in transit and at rest. Hosted on Microsoft Azure, which is PCI Level 1 and HIPAA compliant.

  • Airtable (used for internal data management): Uses 256-bit SSL/TLS encryption in transit and AES-256 encryption at rest.

  • Mailchimp (used for mailing list communications): Hosted in the US, uses TLS 1.2+ encryption, and offers two-factor authentication and comprehensive infrastructure security.

  • Donorbox (used for donation processing): Securely handles payment and donor data in accordance with PCI DSS standards and GDPR compliance.

All services used are password protected and offer encryption. Access is restricted to authorised individuals only. We ensure these third-party services meet high standards of data security and protection.

6. Sharing Your Data

We do not sell or share your personal data with third parties for marketing purposes.

We may share your information with:

  • Our team of trusted volunteers and delivery partners, only where necessary and under strict confidentiality

  • Regulators or safeguarding agencies if legally required or if someone may be at risk of harm

  • Our third-party services listed above, strictly for the purposes of processing and storing data

7. Your Rights

You have the right to:

  • Request access to the data we hold about you

  • Ask us to correct inaccurate or incomplete data

  • Withdraw your consent at any time

  • Request deletion of your data

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise any of these rights, contact us at info@refugeeridecollective.cc.

You can provide or withdraw your consent for the use of photos and videos depicting you at: www.refugeeridecollective.cc/media-consent