top of page
IMPALA-logo-orange-background.png

IMPALA EDI Toolkit – Terms of Use and Privacy Policy

EU logo.png

IMPALA EDI Toolkit – Terms of Use & Privacy Policy

 

Andrewlansley.org (we), established in 2022, work with a cohort of global cultural organisations providing consultancy services. This page explains the terms of use of our website (www.andrewlansley.org/impala) and our privacy policy.

 

We are committed to protecting and respecting your privacy and to complying with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and all other applicable data protection laws.

 

What data do we collect?

 

We may collect and process the following personal data if you choose to provide it:

 

  • Your name, email address, job title, and other contact details.

  • Information that you provide by filling in forms and data fields on our site.

  • Any correspondence sent to us (for example, via andrew@andrewlansley.org)

 

We may also collect and process organisational and project-related information submitted through the Impala EDI Toolkit, including but not limited to:

 

  • Information about your organisation’s EDI activities (e.g. training, governance, HR, communications, policies).

  • Organisational profile data (e.g. name, size, location).

  • Information about business practices and environmental policies.

 

We do not intentionally collect special category (sensitive) personal data unless you explicitly provide it to us. Please avoid submitting such data unless it is strictly necessary.

 

How do we use your personal data?

 

We use personal data for the following purposes:

 

  • To notify you about changes to our service.

  • To contact you with any queries relating to data you have submitted, and/or to provide support in relation to your use of the Toolkit.

  • To carry out our obligations under our contract with IMPALA.

  • To meet obligations under any contracts with third-party contractors providing services to you.

 

We will not use your data for direct marketing without your explicit consent. We rely primarily on the legal basis of legitimate interests for this processing. We have carried out a Legitimate Interests Assessment (LIA). You may object to processing at any time.

 

How do we use organisational and project data?

 

We may use data submitted through the Toolkit to:

 

  • Calculate regional, national or international EDI mapping results.

  • Undertake research, analysis and evaluation, including publication of sector benchmarks and analysis.

 

We commit not to share any business-sensitive data publicly except in aggregated and anonymised formats (such as benchmarks or reports), unless we have obtained your explicit written agreement.

 

Data will be retained in line with IMPALA’s Privacy Policy.

 

Where do we store your information?

 

Your data may be stored and processed within the UK, the EEA, or outside these areas. Where data is transferred outside the UK or EEA, we will take reasonable steps to protect your personal data in transit and at rest. However, transmission of information via the internet is not completely secure, and we cannot guarantee the security of your data transmitted to our site.

 

Cookies and website use

 

Our website does not use cookies, analytics tools, or third-party embeds. No information about visitors is collected through the site.

 

Legal basis and roles

 

For the purposes of the UK GDPR and EU GDPR:

 

  • IMPALA is the data controller for personal data collected through the EDI Toolkit project.

  • Andrewlansley.org acts as a data processor on behalf of IMPALA for Toolkit data processing.

  • For correspondence sent directly to andrewlansley.org (e.g. to andrew@andrewlansley.org), andrewlansley.org is an independent data controller.

 

Links from our site

 

Our site may contain links to partner or third-party websites. We do not control these websites and are not responsible for their privacy policies or content.

 

What are your data protection rights?

 

Under UK and EU GDPR, you have the following rights:

 

  • The right of access to your personal data.

  • The right to request correction of inaccurate or incomplete data.

  • The right to request erasure of your personal data (‘right to be forgotten’).

  • The right to restrict or object to processing of your personal data.

  • The right to data portability, where applicable.

  • The right to withdraw consent (where processing is based on consent).

  • The right to lodge a complaint with a supervisory authority (e.g. the UK ICO or your national DPA).

 

We will respond to rights requests within one month, unless the request is complex.

 

Requests are normally free of charge, except where they may be manifestly unfounded, excessive, or repetitive.

 

Changes to this privacy policy

 

Andrewlansley.org keep this policy under regular review and will publish updates on this page. Where changes are material, we will notify users via email or site notice.

 

This policy was last updated on 21 September 2025.

 

Contact us

 

If you have any questions about this privacy policy, please contact:
Email: andrew@andrewlansley.org

© 2023 by Stint

bottom of page