Who are we?

Fractal Knowledge Limited, trading as Fractal (‘we’, ‘our’ or ‘us’) is the controller of personal data collected and processed in accordance with this policy, meaning that we are the organisation legally responsible for deciding how it is used and for what purposes. We are a registered company (number 11939075) in England and Wales. Our address is: Suite 6a 10 Duke Street, Liverpool, England, L1 5AS.

About this Privacy Policy

This Privacy Policy tells you what to expect us to do with your personal information when you contact us, sign up for our newsletter, attend one of our events or use one of our services.

Please read this policy carefully, as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your personal data). It also explains your rights about your personal data and how to contact us or a regulator in the event you have a complaint.

What personal data do we collect and process?

We collect and process various types of personal data depending on your relationship with Fractal. We may collect and process personal data relating to clients, contractors, consultants or website users.

The types of personal data we may process, for the purposes described below, include: Name, Email address, Phone number, Communication preferences (primarily through our mailing list), IP addresses, Pages accessed on our website, Cookie session data.

Generally, we do not collect or keep a record of sensitive personal data and only do so in limited circumstances, primarily when you have chosen to provide us with this data. We process some sensitive personal data, for example, about our staff, contractors or consultants as far as necessary to fulfil our duties towards you. On occasion, we may also process sensitive personal data of others engaging with us, for example where an individual provides us with information relating to health and accessibility needs for attending one of our organised events, or where an individual contacts us and their communication includes sensitive personal data. We do not use this data for any other purpose other than that for which it is provided.

Why do we collect and process personal data?

We may collect and process personal data for the following necessary purposes:

• To provide you with services you have requested;

• To administer our website;

• To respond to any communications, queries, or requests for information or services from you, howsoever received;

• For organising and managing campaigns, events and activities in connection with our services;

• To receive and process payments;

• For auditing purposes;

• For procurement of services; and

• To understand our customers’ engagement with us and our services;

• To comply with our legal or regulatory obligations.

We also collect and process data when you communicate with us through various means. Communications from the public or our supporters via our website’s ‘contact us’ form and are reviewed by our staff, sent onwards when necessary to other members of our team. Information we receive by post is collected and reviewed by our staff and may be shared as necessary with other team members.

We will only process personal data when we have a legal basis for doing so. The legal basis that we will rely on will depend on the circumstances in which we collect and use your personal data. In almost all cases, the relevant legal basis to process personal data is that the processing will be one of the following:

• Based on your consent to use your data in a certain way (for example, to communicate with you through our mailing list). Your consent may subsequently be withdrawn at any time by contacting us as specified in this Policy's How to Contact Us section without affecting the lawfulness of processing based on consent before its withdrawal.

• Necessary in order to take steps prior to entering into a contract or for the performance of a contract (for example, for providing you with any services you have requested or to allow you to participate in an event we have organised, and to manage our staff providing you with services);

• Necessary to comply with legal requirements (for example, to comply with applicable regulatory obligations); and

• Necessary for our legitimate interests (for example, to administer our websites, to provide our services and to engage with our clients and partners). We will only rely on this legal basis where we’ve identified the purpose (the legitimate interest), assessed that the processing is necessary for that purpose and conducted a balancing test to ensure that this interest is not overridden by the interests, rights and freedoms of the individual.

How do we protect personal data?

Personal data shall be subject to additional safeguards to ensure this data is processed securely. For example, access to your data will be strictly limited to a minimum number of individuals and subject to confidentiality commitments.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy. Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to any of our websites; any transmission is at your own risk. Once we have received your information, we will use security features to try to prevent unauthorised access. When possible, encryption is used, both in transit and storage. Access controls within the organisation limit who may access information.

We never transfer your data outside of the United Kingdom ("UK") or the European Economic Area ("EEA") unless we have your explicit consent for it, or based on specific safeguards in individual circumstances of which we will let you know if they apply to your data.

Who Do We Share Personal Data With?

At Fractal, we administer, run, and use a series of services and infrastructure that may process your personal data.

As necessary in connection with the above purposes, your personal data may be transferred to Fractal staff members or our authorised third-party service providers and partners. We select and review authorised third parties when possible and review their privacy and security policies.

Some of these personnel and authorised third parties (for example payment processors or technology partners) may transfer data outside the UK or European Union (“EU”). We take appropriate steps to ensure that data remains within jurisdictions with adequate protections for personal data and ensure that recipients of personal data from us are bound to duties of confidentiality, where relevant or appropriate. Where this is not possible, we rely on data minimisation, and as much as possible, the selection of trusted companies with privacy policies and auditable processes which we have reviewed, and seek to ensure that there are adequate safeguards in place for protecting transferred data, for example, Standard Contractual Clauses. For more information on the safeguards for transfer in a particular operation please contact us. We may also be required to disclose or otherwise process your personal data in the context of a regulatory audit to which we may be subject from time to time.

These services may include:

• Internet resources we administer and control but are hosted by third parties, e.g. our website (https://fractal.legal and our hosting service) and our analytics service, . These are hosted by providers who will have log data and with whom we have data processing agreements under which they act as processors for us.

• Internet resources we do not control where we have accounts operated by third parties, e.g. Google Drive, email, social media, third party content providers (search engines, podcasts, video), surveys, payment processors, calendaring, conferencing services. These third parties have privacy policies in place that govern how users' data are used.

• Services where our client data may be processed, including external services that we administer and control with a third party host; services we administer but are hosted in the cloud; services where we are administrative users but do not control (e.g. email, calendaring), and services where we are users (e.g. email). These are governed as described above based on agreements and/or policies.

How Long Do We Keep Personal Data?

We ensure that personal data is retained only for as long as necessary per the above purposes and applicable laws.

Website Privacy Policy

As with most websites, our website maintains a log of activity. Your IP address will be recorded, along with other information which may or may not be supplied by your browser. This includes the address of the site that referred you to the website, the type and version of the browser you are using, the operating system you use, and the screen resolution at which you viewed the site.

This information is used solely to help us improve our delivery of the services on our website. This information is collected under the lawful basis of legitimate interests.

Sometimes you can choose if you want to give us your personal data and let us use it. If so, we will tell you and give you the choice before you give the personal data to us. We will also tell you whether declining to share that personal data will have any effect on your use of our website or any services on it.

Our database

We store personal and organisational details that we collect through the website and through our interactions in carrying out our services. We hold this data and process this for the legitimate interests of Fractal.

We need to process this data as part of the delivery of our service to enable us to monitor the activities that we are undertaking, to improve our services and report to our investors and stakeholders.

Links to other websites

Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.

Cookies

When you visit our website, the pages you view, along with small text files called ‘cookies', may be stored on your device.

Each time you visit the website your device may download a session cookie. This cookie only remains on your device temporarily, and is not used to identify you personally in any way. When we use session cookies, they are used to compile anonymous, aggregated statistics that allow us to understand how visitors use the site. This information helps us improve the site’s functionality.

Your computer may also download a persistent cookie when you first visit the site. These remain in your browser’s cookie store between browsing sessions. Persistent cookies allow us to recognise repeat visitors to the site. Persistent cookies are also used to allow registered users to use the site without logging in on every visit. Persistent cookies can be removed through the browser, and will usually have an expiry date.

You may opt to view the site without cookies by adjusting your browser's settings. See your browser's 'Help' menu for information on how to do this. If you disable cookies some functions of the site may incur reduced functionality.

Your rights

You have rights under data protection law over your personal data.

You are entitled to request access to, rectification of, or erasure of your personal data. You are also entitled to request restriction of collection and/or processing of, or object to certain types of collection and/or processing of your personal data. You have the right to ask us not to collect and/or process your personal data for marketing purposes; we currently require your consent by opting-in, and you can change your preferences at any time. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You may also, in some circumstances, have a right to data portability.

For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us (see ‘How to contact us’ below). You may also find it helpful to refer to the guidance from the UK’s Information Commissioner on your rights under the UK GDPR.

If you would like to exercise any of those rights, please email, call or write to us—see below: ‘How to contact us’. When contacting us please:

• Provide enough information to identify yourself (eg your full name, address and customer or matter reference number) and any additional identity information we may reasonably request from you;

• Let us know which right(s) you want to exercise and the information to which your request relates.

We will provide you with a response to your requests in accordance with UK data protection law. Requests can be submitted at any time using our website contact form, or by post to the physical address set out below. You also have the right to lodge a complaint with the the Information Commissioner’s Office (ICO) as the UK supervisory authority. The ICO’s contact details are: https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.

Keeping your personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine need to access it.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Changes to this privacy policy

We may change this privacy policy from time to time, when we make significant changes we will take steps to inform you, for example by including a prominent link to a description of those changes on our website for a reasonable period or by other means, such as email.

How to contact us

You can contact us by post or using our website form if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.

Our contact details are: Carpenter Court 1 Maple Road, Bramhall, Stockport, Cheshire, United Kingdom, SK7 2DH.

Revision Information

Version 3 of this privacy policy was created in January 2025. Further details about any future updates will be published here.