Privacy Policy
Last updated: June 2026
1. Who we are
Project ReMAKE ("we", "us", "our") is an entrepreneurship programme for prison leavers and formerly incarcerated individuals. We are the data controller for personal data collected through this platform.
Project ReMAKE is a registered charity (no. 1198999), 20 Gainsborough Road, London, W4 1NJ (project-remake.org.uk). For any privacy query, or to exercise your data rights, contact us at support@remake365.com.
2. What data we collect
We collect the following categories of personal data:
- Identity data: full name, date of birth, age
- Contact data: email address, phone number, postal address, emergency contact details
- Protected characteristics: ethnicity, religion (voluntary)
- Application responses: education, work experience, business ideas, programme motivations
- Criminal conviction data (Article 10): conviction history, probation status, pending cases. This is special category data handled with additional safeguards.
- Digital signature: your drawn signature captured during document signing
- Uploaded files: documents and images submitted during your application or in response to information requests
- Photo consent: your preference regarding photography during programme activities
3. Lawful basis for processing
We process your data under the following lawful bases:
- Consent (Article 6(1)(a)): You provide explicit consent when submitting your application and completing onboarding forms.
- Legitimate interest (Article 6(1)(f)): To administer the programme, communicate with applicants, and improve our services.
- Criminal conviction data (Article 10): Processed under your explicit consent and in accordance with Schedule 1, Part 1 of the UK Data Protection Act 2018 for safeguarding and eligibility assessment purposes.
4. How we use your data
- To process and assess your application for the programme
- To conduct safeguarding assessments (including criminal conviction checks)
- To communicate with you about your application status, onboarding, and programme activities
- To contact your probation officer if necessary (only with your explicit consent)
- To generate programme reports and statistics (anonymised where possible)
- To send automated reminders about application deadlines and onboarding tasks
5. Data sharing
We share your data with:
- Programme staff and mentors: to assess your application and support you on the programme
- Partner universities: where relevant to your programme (e.g. Queen Mary University of London, University of Bradford)
- Google (email processor): we use Google Workspace to send application-related emails. Your email address and name are shared with Google for this purpose.
- Firebase (data storage): your application data is stored on Google Firebase infrastructure within the European Economic Area.
- Probation services: only with your explicit consent and only when necessary for safeguarding assessment
We will never sell your data or share it with third parties for marketing purposes.
6. Data retention
- Rejected applications: deleted 6 months after rejection
- Expired applications: deleted 3 months after expiry
- Accepted applicants: retained for the duration of the programme plus 6 years for safeguarding and regulatory purposes
- Criminal conviction data: retained only as long as necessary for programme eligibility assessment; deleted when the applicant leaves the programme
- Email logs: retained for 12 months
7. Your rights
Under UK GDPR, you have the right to:
- Access: request a copy of your personal data
- Rectification: request correction of inaccurate data
- Erasure: request deletion of your data ("right to be forgotten")
- Portability: receive your data in a machine-readable format
- Withdraw consent: withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal
- Object: object to processing based on legitimate interests
- Complain: lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk
To exercise any of these rights, contact us at support@remake365.com. We will respond within 30 days.
8. Cookies
This platform uses only essential cookies that are necessary for it to work, including keeping you securely signed in and protecting against fraud and abuse. These cannot be switched off.
We do not use advertising cookies, and this application platform does not load third-party analytics or tracking cookies. Some sites we link to (for example partner university websites) may set their own cookies; please refer to their cookie policies.
9. Security
We implement appropriate technical and organisational measures to protect your data, including: encrypted connections (HTTPS), role-based access controls, secure authentication, and regular security audits. Access to criminal conviction data is strictly limited to authorised programme staff.
10. Automated decision-making
We do not use automated decision-making or profiling in our application process. All applications are reviewed individually by a member of our team. You have the right to request a human review of any decision.
11. Changes to this policy
We may update this policy from time to time. Any changes will be posted on this page with an updated "last updated" date. Significant changes will be communicated to you via email.