Last Updated: 23/02/2026
Version: 1.0

​

1. INTRODUCTION

 

GRIIT (Gender Equity Research and Inclusive Innovation Technology Group) is a research group within Aston University. We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.

​

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website (griit.com and associated subdomains) and interact with our services.

​

​

2. DATA CONTROLLER

 

The data controller for your personal information is:

 

GRIIT, Aston University
Aston Triangle
Birmingham, B4 7ET
United Kingdom

Data Protection Officer: Athena Gapasin (Communication Manager)
Email: info@griit-network.co.uk

​

​

3. WHAT PERSONAL DATA WE COLLECT

 

We collect and process the following personal data:

​

3.1 Newsletter Subscriptions

 

- Name
- Email address
- Subscription preferences
- Date of subscription

​

3.2 Contact Form Submissions

 

- Name
- Email address
- Organization (optional)
- Inquiry type
- Message content
- Date and time of submission

 

3.3 Website Analytics

 

- IP address (anonymized where possible)
- Browser type and version
- Device type
- Pages visited
- Time spent on pages
- Geographic location (country/region)
- Referral source

 

3.4 Cookies and Similar Technologies

 

- Essential cookies (for website functionality)
- Analytics cookies (for understanding website usage)
- See our Cookie Policy section below for details

 

3.5 Event Participation (Workshops, Conferences)

 

- Photographs and videos taken during GRIIT-organized events
- Testimonials provided by participants
- Comments or feedback shared during or after events

​

4. HOW WE COLLECT YOUR DATA

 

We collect personal data through:

- Newsletter subscription forms on our website
- Contact forms on our website
- Website analytics tools (Wix Analytics, and potentially Google Analytics)
- Cookies placed on your device
- Photography and videography at in-person events (with notice provided)
- Direct communications with you

​

5. LEGAL BASIS FOR PROCESSING

 

We process your personal data under the following legal bases:

 

5.1 Consent (GDPR Article 6(1)(a))

​

- Newsletter subscriptions: You provide explicit consent when subscribing
- Event photography/videography: Notice is provided at events; attendance constitutes consent
- Analytics cookies: You provide consent through cookie banner

​

5.2 Legitimate Interests (GDPR Article 6(1)(f))

 

- Contact form inquiries: Processing is necessary to respond to your inquiry
- Website analytics: Improving website functionality and user experience
- Security: Protecting our website from malicious activity

​

6. HOW WE USE YOUR DATA

 

We use your personal data for the following purposes:

 

6.1 Newsletter Subscriptions

 

- Sending you updates about GRIIT's research, projects, and events
- Sharing relevant resources, toolkits, and publications
- Informing you of partnership and collaboration opportunities

​

6.2 Contact Form Submissions

 

- Responding to your inquiries
- Processing requests for collaboration, resources, or information
- Maintaining a record of our communications

​

6.3 Website Analytics

 

- Understanding how visitors use our website
- Improving website design and functionality
- Identifying technical issues
- Measuring the effectiveness of our content

​

6.4 Event Media

 

- Promoting GRIIT's work and impact
- Documenting research activities
- Sharing on our website and social media channels

​

7. DATA STORAGE AND RETENTION

 

7.1 Where We Store Your Data

 

- Newsletter and contact form data: Stored on Wix servers (cloud-based)
- Website code repository: Stored privately on GitHub (secure)
- Hack4All game files: Stored on AWS S3 (secure, password-protected access)
- Event media: Stored on GRIIT-managed secure storage

 

7.2 Data Retention Periods

 

- Newsletter subscribers: Until you unsubscribe or request deletion
- Contact form submissions: Retained indefinitely as part of our correspondence records
- Website analytics: Aggregated data retained indefinitely; individual user data anonymized after 26 months
- Event media: Retained indefinitely unless you request removal

​

7.3 Data Security

​

We implement appropriate technical and organisational measures to protect your data, including:

- Secure (HTTPS) website connections
- Password protection for sensitive systems
- Access controls limiting who can view personal data
- Regular security updates

​

8. DATA SHARING AND THIRD PARTIES

​

We may share your data with the following third parties:

​

8.1 Service Providers

 

- Wix (website hosting, forms, newsletter service): https://www.wix.com/about/privacy
- AWS (file storage for Hack4All game): https://aws.amazon.com/privacy/
- GitHub (private code repository): https://docs.github.com/en/site-policy/privacy-policies
- Google Analytics (if implemented): https://policies.google.com/privacy

​

8.2 Legal Obligations

 

We may disclose your data if required by law, court order, or regulatory authority.

​

8.3 Partner Organizations

 

We do NOT share your personal data with partner organisations, funders, or collaborators unless you have explicitly consented or it is necessary to fulfil a service you requested.

​

9. INTERNATIONAL DATA TRANSFERS

 

Some of our service providers (Wix, AWS, GitHub) may process or store data outside the UK and European Economic Area (EEA). Where this occurs:

- We ensure adequate safeguards are in place (Standard Contractual Clauses, adequacy decisions)
- Data is protected to the same standard as within the UK/EEA

​

10. YOUR RIGHTS UNDER GDPR

 

You have the following rights regarding your personal data:

 

10.1 Right of Access (Article 15)

 

You can request a copy of the personal data we hold about you.

 

10.2 Right to Rectification (Article 16)

 

You can ask us to correct inaccurate or incomplete data.

​

10.3 Right to Erasure / "Right to be Forgotten" (Article 17)

​

You can request deletion of your data in certain circumstances.

​

10.4 Right to Restrict Processing (Article 18)

 

You can ask us to limit how we use your data.

​

10.5 Right to Data Portability (Article 20)

​

You can request your data in a machine-readable format.

 

10.6 Right to Object (Article 21)

 

You can object to processing based on legitimate interests.

​

10.7 Right to Withdraw Consent

 

You can withdraw consent at any time (e.g., unsubscribe from newsletter).

 

10.8 Right to Lodge a Complaint

​

You can complain to the Information Commissioner's Office (ICO):

- Website: https://ico.org.uk
- Phone: 0303 123 1113

​

11. HOW TO EXERCISE YOUR RIGHTS

​

To exercise any of these rights, contact us at: info@griit-network.co.uk

​

We will respond to your request within one month. In complex cases, we may extend this by two additional months and will inform you of the delay.

​

12. COOKIES POLICY

​

12.1 What Are Cookies?

​

Cookies are small text files stored on your device when you visit our website.

​

12.2 Types of Cookies We Use

​

Essential Cookies (Always Active)

- Purpose: Enable core website functionality
- Cannot be disabled

​

Analytics Cookies (Require Consent)

- Purpose: Understand how visitors use our website
- Tools: Wix Analytics, Google Analytics (if implemented)
- Data collected: Page views, time on site, geographic location, referral source

​

12.3 Managing Cookies

​

You can control cookies through:

- Our cookie consent banner (appears on first visit)
- Your browser settings (to block or delete cookies)

​

Note: Disabling cookies may affect website functionality.

​

12.4 Third-Party Cookies

​

We may use cookies from:

- Google Analytics (analytics)
- Embedded content (YouTube videos, Google Maps, LinkedIn feeds)

​

These third parties have their own privacy policies.

​

13. EMBEDDED THIRD-PARTY CONTENT

 

Our website may include embedded content from:

- YouTube (videos)
- Google Maps (location information)
- LinkedIn (social media feeds)

 

When you interact with this content, these platforms may collect data about you according to their own privacy policies. We recommend reviewing their policies:

- YouTube: https://policies.google.com/privacy
- Google Maps: https://policies.google.com/privacy
- LinkedIn: https://www.linkedin.com/legal/privacy-policy

​

14. CHILDREN'S PRIVACY

​

Our website is not directed at children under 16. We do not knowingly collect personal data from children under 16 without parental consent.

​

If we become aware that we have collected data from a child under 16 without parental consent, we will take steps to delete it promptly.

​

15. CHANGES TO THIS PRIVACY POLICY

 

We may update this Privacy Policy from time to time. When we make significant changes, we will:

- Update the "Last Updated" date at the top of this policy
- Increment the version number
- Notify newsletter subscribers (for material changes)

​

We encourage you to review this policy periodically.

​

16. CONTACT US

 

If you have questions about this Privacy Policy or how we handle your data:

 

Email: info@griit-network.co.uk
Postal Address:
GRIIT, Aston University
Aston Triangle
Birmingham, B4 7ET
United Kingdom

​

17. SUPERVISORY AUTHORITY

 

If you are unhappy with how we handle your data, you have the right to lodge a complaint with:

 

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF
United Kingdom

Website: https://ico.org.uk
Helpline: 0303 123 1113

​