Data Protection policy

How and why we collect personal data from you, and how we keep it safe

As you are taking part in one of A New Direction's programme, we think it is important for you to know that we collect some personal data from you and how we keep it safe.

This is standard practice – we collect information about everybody that we work with – and it is governed by the UK General Data Protection Regulation (UK GDPR). UK GDPR ensures that the way we process, handle and protect your data is lawful, and strictly controlled.

We take this very seriously at A New Direction and any breach of the UK GDPR is considered as a breach of our disciplinary policy and could also be considered a criminal offence, potentially resulting in prosecution. 

You can view A New Direction's full Data Protection Policy here, and on this page, we will summarise the key points about how we keep your data safe.

Personal data is information that can be used to identify you. If it is possible to identify you directly from the information being processed, then that information may be personal data.

The data that we can collect from you depends on the type of activity you are involved with, and may include your:

  • name;
  • contact details, including addresses, telephone numbers and email addresses;
  • health information;
  • employment data; and
  • any other information relating to you.

Some of the data we may collect from is categorised as ‘special’ – this means it is more sensitive and needs greater protection. This could include information about your national insurance number, ethnicity, sexuality or religion.

Alongside data we collect from you directly, we also collect some information automatically when you visit our website, such as your IP address, the pages you had previously visited or when you use our services, including usage, log and cookies information or similar technologies.

Our Privacy Policy sets out how we use your data.

More information can be found on the Information Commissioner’s Office Website:

ICO guide to data protection – what is personal data?

A New Direction is responsible for ensuring that your information is:

  • secure
  • accurate and up to date
  • only kept for legitimate reasons
  • only kept for as long as is necessary
  • used for legitimate purposes, and
  • not passed on to third parties without your consent.
  • and that everyone managing and handling your data understands that they are responsible for adhering to good data protection practice.

We also have a Data Protection Officer (DPO), an independent expert who reports to our highest management level. They are responsible for ensuring that A New DDirection complies with UK GDPR, including Subject Access Requests (see below), and they ensure that all your information is accurate and up to date.

Our DPO is Meagan Mirza,


We obtain your consent using standard consent documents. Where special category data is concerned, explicit written consent is required.

Your consent can be withdrawn at any time.

Subject access requests

As your personal data is held by A New Direction, you are entitled to:

  • Ask what information we hold about you and why;
  • Ask how to gain access to it;
  • Be informed on how to keep it up to date; and
  • Be informed on how A New Direction is meeting its data protection obligations.

If you ask us for this information, this is called a subject access request, and we will follow the procedure outlined in our Subject Access Request Policy.

We will always verify the identity of anyone making a subject access request before handing over any information.

Disclosing data for other reasons

In certain circumstances, A New Direction is allowed to disclose data to law enforcement agencies without your consent, upon their request.

However, we will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers where necessary.

Personal data breach

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your data. If this happens, A New Direction staff report it to their manager and/or the Data Protection officer, who will then follow the procedure outlined in our Data Breach Policy.


If you have a complaint about how your data is used you should be directed to the DPO following the complaints procedure, using a complaint form supplied by A New Direction.

You can also complain directly to the Information Commissioners Office. Details of how to make a complaint is provided within our Privacy Policy.