top of page
Untitled design (3)_edited.jpg

Data Protection

Enactus UK respects your privacy and is committed to protecting your personal information. The EU General Data Protection Regulation (GDPR) came into force in the EU, including the UK, on 25th May 2018. This privacy policy will inform you how we collect and look after your personal information in accordance with GDPR and tell you about your privacy rights.



Enactus UK is the controller and responsible for your personal data (collectively referred to as “COMPANY”, “we”, “us” or “our” in this privacy notice).


Contact Details

If you want to request information about our privacy policy or the personal data that we hold you can email us at: 

Andrew Bacon, Chief Executive Officer, Enactus UK


Changes to This Privacy Notice

We regularly review our privacy policies which you can find on the Enactus UK website at

This version was last updated in August 2022. 


How/Where we Collect your Personal Data, What Personal Information we Collect and Why we Collect it

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Enactus UK will collect your personal data when you: 

  • Deal with Enactus UK or NextGenLeaders in person, by telephone, letter, fax, email or via our website

  • Join the NextGenLeaders programme Community as either a changemaker, parent or carer and support staff

  • Register to attend one of our events


NextGenLeaders Programme Events

We collect your personal information and contact details when you register for one of our events. Relevant personal data will be collected in order to ensure you are fully able to engage in the activities at the event and in order to ensure we have the relevant information to properly protect you whilst on site at our events. Once you have signed up we will share event related news and updates and may contact you about any future events we think you may be interested in. 


Changemakers, Carers/Parents and Staff

If you register as a member of NextGenLeaders we will collect your personal data in order to be able to identify you (or your child) as a changemaker. We will collect information only where relevant and send you news, updates and relevant communications. Occasionally we will ask you to participate in surveys/questionnaires which help us to assess our work and the programme delivery. We handle all our communications through the school with the contact details supplied only for emergency use for our event attendees.


Interactions with Enactus UK

If you meet an employee of Enactus UK, for example, at an event and give them your contact details they will keep this information in order to contact you in the future about topics which might be of interest to you and surveys which you might wish to participate in. They may also share this information with other staff members at Enactus UK. We advise that you discouage students to email Programme Managers directly, and instead ensure all communications come through the relevent member of staff.


Data Processing

In line with the GDPR, we must have a legal basis for processing your personal information. In the situations described above, we process your personal information for one of the legal bases set out below:

  • Legitimate interests - We may process your information where it is in our legitimate interests to do so as an organisation and without prejudicing your interests or fundamental rights and freedoms.

  • Consent - We may process your information where you give us your consent to do so. You have the right to withdraw this consent at any time by contacting us. 


Transferring Data to Other Countries

Enactus UK will not rent or sell your personal information to other third-party organisations.

However, where you have given us permission, we may share your details with partner organisations both in and outside of the EU (Including USA) on the basis anyone to whom we pass it protects it in accordance with applicable laws. We are in the process of ensuring that, in the event that we transfer information to countries outside of the EU, your personal information receives an adequate level of protection in a way that is consistent with and which respects the EU and UK laws. 


Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data. Details of retention periods for different aspects of your personal data are available in our retention policy which you can request by contacting us.


Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.


Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We will notify you and any applicable regulator of a breach where we are legally required to do so.


Your Rights

You have the right to request access to your personal information at any time. You also have the right to request a correction of any personal data or ask us to delete any of your personal data from our records at any time. To do this you can follow any of the opt-out links on any marketing message sent to you or by contacting us at any time.


What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.


Time limit to respond

We try to respond to all legitimate requests within one month. 

Please click on the link below to find out more about the GDPR Regulations:


Complaints or Queries

If you have any questions about this Privacy Policy, please contact us at: 

Andrew Bacon, Chief Executive Officer, Enactus UK

bottom of page