Introduction

Capability for Change provides practical solutions which are easy to understand and simple to apply for building skills and developing confidence when leading organisations through change. At Capability for Change, we understand the importance of maintaining the security and privacy of your personal information.

This policy explains how we collect information, what we do with it and what controls you have over your personal information when interacting with us. We are committed to complying with Data Protection Legislation including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Your Privacy

Capability for Change aims to be transparent and respectful when processing your personal information.

We may change this Privacy Policy from time to time to reflect the latest view of what we do with your information. Please check back frequently; you will be able to see if changes have been made by the date it was last updated at the end of the document.

Refer to the sections below for more details on how and why we use your personal information:

Website Usage

Our website uses cookies. Cookies are small text files that are placed on your device (e.g. computer, smartphone or other electronic device) when you browse websites, to help provide you with the best experience we can (e.g. by helping us to recognise you and your device and store some information about your preferences or past actions).

You will be given a choice about which cookies to accept or decline when you access the website.

When you join the Change Capability Community

Being a member of the Change Capability Community gives you exclusive access to news, events and guidance for effectively managing change. Capability for Change will send you regular updates and invites to exclusive events. If you no longer wish to be a Member of the Change Capability Community, you may unsubscribe at any time.

When you contact us via our website form

When you make an enquiry via our website form, the information provided will only be used to respond to your request or question, you won’t be added to any mailing lists unless you ask us to. We try to respond to email queries as promptly as possible but it can take the team up to 48 hours to respond to email queries especially at busy times, so please be patient with us.

When you book a demo of Changeability Pro

When you complete a form to book a demo of Changeability Pro, the information on the form will be used to contact you and confirm your demonstration about your required membership level and provide more information about the membership and its benefits. Most of our demonstrations take place over teams. After the demo we may contact you for feedback.

When you become a Member or Registered User

When you become a Member or Registered User, we maintain your personal information to be able to provide you with membership benefits, communicate with you, update you with relevant news and information as well as notifying you of events, special offers and training.

We only collect sufficient information to be able to provide you with member services.

When you take part in online research or surveys

Occasionally, we ask for feedback on your interaction with the website, our services, change management or your membership experience. We will use a secure online platform to gather your responses which may include your name and contact details in case we need to contact you to follow up on your answers.

Links to other websites

In order to be able to provide you with additional services, we may redirect you from our website to a third-party website owned and operated by certain trusted third parties.

We cannot ensure the security of these websites and we recommend that you review the privacy policies for any third-party websites you visit as we cannot accept any liability for the way they manage your personal information.

Staying up to date

We would like to send you information about key issues, products and services, and special offers, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS), automated call or push notification.

The information we need

Capability For Change is what’s known as the ‘data controller’ of the personal information you provide to us. This means that we decide what information we need, how we manage and secure it and when we delete it. Your relationship with us determines how much information we collect from you. For example, your name, address and contact details are required to manage your membership and access to our systems. We require bank account or payment details to collect payment for invoices for services and Changeability Pro fees. We will only ever collect the information needed to provide you with advice and services.

We will be very clear with you about the reason for collecting information and how we intend to use, share and store that information at the point we collect it.

Collecting your personal information

We collect personal information from you through a variety of different methods including when you:

• Sign up to find out more about our membership and other services
• Become a member or Registered User
• Ask for more information
• Send us correspondence via email
• Give us feedback

If you have not directly provided your personal data to us, it may have been disclosed (or approved for disclosure) to Capability For Change by your employer, in the course of becoming a Capability For Change member or Registered User. When personal data has been disclosed to Capability For Change in this way your employer is responsible for ensuring that you have been informed of how your data will be used.

By registering or allowing the registration of your personal data with us, either personally or through corporate membership, you are declaring that you are aware of our processing of your personal data.

Children

The website is not intended for anyone under 16 and we do not knowingly collect or use personal information relating to children.

Where is your information stored?

Wherever possible, all the personal information we process is processed within the UK or European Economic Area (EEA).  Some of our third-party service providers, for example our CRM, are based outside the UK or EEA so their processing of your personal information will involve a transfer outside the UK or EEA.

Whenever we transfer your personal information outside of the UK or EEA, we do our best to make sure a similar degree of security of personal information by ensuring at least one of the following safeguards is implemented:

• ​We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission; or
• Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission or Information Commissioner’s Office which give personal information the same protection it has in the UK.

If you fail to provide the information requested

If you fail to provide the information requested where we need the personal information for either legal or accounting purposes or to fulfil our contract with you, we may need to cancel your services. Before cancelling your services, we will notify you that you are required to provide the missing information and give you a further reminder before cancellation.

Sharing your information

Other than in the following circumstances, we do not share your information with organisations outside Capability For Change unless we are obliged to by law, for purposes of national security, taxation or criminal investigations:

• If you have agreed that we may do so
• If we run an event in partnership with other named organisations, your details may need to be shared. We will be very clear what will happen to your personal information when you register.

And we will never sell your personal information to other organisations.

Lawful Basis

When we process your personal information, we have a lawful basis in place. There are different lawful bases on which we rely.

The legal bases we may rely on include:

consent: where you have given us clear consent for us to process your personal information for a specific purpose. An example of this would be an enquiry form which you have completed allowing us to respond to your query.

contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract. An example of this would be the personal information related to your membership so that we can provide you with membership benefits and advice.

legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations). An example of this would be the record of invoices paid because we need to retain that information for seven years for accounting purposes.

vital interests: Where our use of personal information is necessary to protect someone’s life and the individual is incapable of giving consent. An example of this would be someone requiring medical attention at one of our events and the need to provide information to ensure medical care for the individual.

public task: where our use of your personal information is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.

legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests).

Wherever we use legitimate interests as a lawful basis, we will have undertaken a Legitimate Interest Assessment to assess the impact on you and to provide an audit trail of the decisions and justification for processing on the basis of legitimate interests.

Retaining your information

We hold your information only as long as necessary for each reason that we use it. For example, invoices are retained for a period of seven years to comply with accounting requirements. We have a retention policy in place and during the retention period we ensure the security and integrity of the information held. If you wish to know more about our retention practices, then please contact us.

Securing your information

We have put in place security measures to prevent your personal information from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We ensure that only those employees and partners, who need access to your personal information as part of their business role, are given access. They will only process your personal data on our instructions and our contracts ensure that the information is kept confidential.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we need to.

What are your rights?

You have a number of rights about how the personal information you provide can be used. These are:

• Transparency over how we use your personal information (right to be informed).
• The ability to request a copy of the information we hold about you, which will be provided to you within one month (right of access).
• Update or amend the information we hold about you if it is wrong (right of rectification).
• Ask us to stop using your information (right to restrict processing).
• Ask us to remove your personal information from our records (right to be ‘forgotten’).
• Object to the processing of your information for marketing purposes (right to object).
• Obtain and reuse your personal information for your own purposes (right to data portability).
• Not be subject to a decision when it is based on automated processing (automated decision making and profiling).

If you would like to know more about your rights under data protection law, you can find out more at the Information Commissioner’s Office website, www.ico.org.uk.

If you wish to raise a complaint on how we have handled your personal information, please contact us so that we may investigate the matter. If you are not satisfied with our response or believe we are not processing your personal information in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).

How to contact us

If you wish to talk through anything in our privacy policy, find out more about your rights or obtain a copy of the information we hold about you, please contact us by:

• emailing admin@capabilityforchange.co.uk or
• writing to Capability For Change, 33 Eastgate Street, Stafford, England, ST16 2LZ.

We will be happy to help.

Do you need extra help?

If you would like this Privacy Policy in another format (for example: audio, large print, braille) please contact us (see ‘How to contact us’ above).

About Us

Capability For Change is registered with the Information Commissioner’s Office as a Data Controller. Our registration number is ZB390923.

Capability for Change Limited is a company registered in England and Wales. Registered company number: 14135856 whose registered office is 33 Eastgate Street, Stafford, England, ST16 2LZ.

Last Updated April 2025