PRIVACY POLICY

Last updated 13 March 2026

The University of Chester (Imagining Possible Futures study) is committed to protecting the rights and freedoms of individuals, as detailed in relevant Data Protection legislation, including looking after any personal data that we collect, use or hold.

This Privacy Notice for the University of Chester (‘we‘, ‘us‘, or ‘our‘), describes how and why we might access, collect, store, use, and/or share (‘process‘) your personal information when you use our services (‘Services‘). This notice is issued under your right to be informed about how the University processes your personal data including when you:

• Visit our website at https://imaginejustice.co.uk//, or any website of ours that links to this Privacy Notice
• Engage with us in other related ways, including providing feedback on the resources available on the website .
  We will comply with data protection legislation, which says that the personal information we hold about you must be:
• Used lawfully, fairly and in a transparent way
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
• Relevant to the purposes we have told you about and limited only to those purposes
• Accurate and kept up to date
• Kept only as long as necessary for the purposes we have told you about
• Kept securely

1. WHAT INFORMATION DO WE COLLECT?
   We only collect personal information either that you voluntarily provide to us or automatically when accessing our website such as cookies.

• Website usage data such as IP address, browser type, device information, and pages visited.
• Optional contact information provided when downloading resources or submitting feedback.

We collect your personal information when you visit, use or navigate our Services and that you provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us. Information is automatically collected such as your Internet Protocol (IP) address, log and usage data, and/or browser and device characteristics and cookies. You may voluntarily provide your name, email address, job role, topics of interest when downloading our resources and feedback when we contact you when you have provided your consent.
We do not process special category or sensitive data.
Cookies: We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.
You can find out more about this in our Cookie Notice: https://imaginejustice.co.uk//cookie-policy/.
Google API: Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

2. WHY DO WE PROCESS YOUR INFORMATION?
   We process your information to provide and manage access to our services and resources, communicate with you, keep our services secure and meet our legal obligations.

“Imagining Possible Futures” is the first large scale study of lived experience-led criminal justice across the United Kingdom and Ireland. With your consent, we may also contact you to ask for feedback on materials you choose to download. This helps us understand how our resources are used and report on the impact of our research. Any information shared with research funders will be anonymised and combined with other responses, so you cannot be identified.

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
   We may share information in specific situations described in this section and/or with the following third parties. We share personal data only with:

• University of Chester staff who administer the site.
• Trusted service providers offering analytics or technical support. The University users web provider Yoma see https://yomadigital.com/privacy-policy/

Only anonymised feedback will be shared with Research Excellence Framework. For more information see https://www.ukri.org/who-we-are/privacy-notice/. We do not sell personal data.

4. HOW LONG DO WE KEEP YOUR INFORMATION?
   We retain your personal information only for as long as necessary to fulfil the purposes outlined in this Privacy Notice and in accordance with university retention policy, unless otherwise required by law.
   We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). We will either delete or anonymise such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. Personal information shared by you for the purposes of providing feedback on resources will only be kept for up to 24 months after which it will be deleted and feedback will be anonymised. You may request deletion of your data earlier than this retention period and at any time.
5. HOW DO WE KEEP YOUR INFORMATION SAFE?
   We are committed to protecting your personal information with appropriate safeguards in place to ensure adequate levels of security for your data and in accordance with the University of Chester Information Security Policy.
   We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.
6. DO WE COLLECT INFORMATION FROM MINORS?
   We do not knowingly collect data from children under 18 years of age.
   We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at dataprotection@chester.ac.uk
7. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
   We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e. legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfil our contractual obligations, to protect your rights, or to fulfil our legitimate business interests.

• Consent (e.g., when you access our website services and submit your email to receive follow-up about resources).
• Where it is necessary for the performance of a task in the public interest (University provided services and research)
• Legitimate Interests (e.g., site monitoring and security).
• Legal Obligation (e.g., where required by law).

4. WHAT ARE YOUR PRIVACY RIGHTS?
   Depending on your state of residence such as the United Kingdom (UK), European Economic Area (EEA), Switzerland, Australia, New Zealand, South Africa, Canada, in the US or other regions, you have rights that allow you greater access to and control over your personal information.
   Summary of your rights under UK GDPR or under GDPR if resident in EU/EEA:

• Withdraw consent – where the University has used consent as the legal basis for processing;
• Be informed – about how the University, collects and uses your data;
• Access your personal data that the University holds and process;
• Rectify or correct any inaccuracies in your personal data that we hold;
• Be forgotten by requesting that your details are removed from the University systems;
• Restrict the processing of your data whilst it is being verified or corrected;
• Port your data in a machine readable and commonly used format;
• Object to certain processing by the University including direct marketing, automated decision making, profiling, scientific/historical research and statistics;
  Other data protection laws if resident in:
• United States – state privacy rights (California, Colorado, Virginia, etc.) including access, correction, deletion, and opt-out of targeted advertising
• Canada – PIPEDA requirements regarding meaningful consent and access.
• Australia – Privacy Act 1988 rights to access and correction.
• New Zealand – Privacy Act 2020 rights.
• South Africa – POPIA access, correction, and complaint rights.
  These rights are respected wherever applicable to your jurisdiction.
  We will consider and act upon any request in accordance with applicable data protection laws.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us at g.buck@chester.ac.uk

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. For further information, please see our Cookie Notice: https://imaginejustice.co.uk//cookie-policy/.

9. CONTROLS FOR DO-NOT-TRACK FEATURES
   Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (‘DNT’) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognising or honouring DNT signals, we do not respond to them at this time.

10. DO WE MAKE UPDATES TO THIS NOTICE?
    Yes, we will update this notice as necessary to stay compliant with relevant laws.
    We may update this Privacy Notice from time to time. The updated version will be indicated by an updated ‘Revised’ date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.
11. HOW TO CONTACT US
    You may withdraw your consent or ask us to delete your data at any time, without giving a reason, by contacting: g.buck@chester.ac.uk

If you have questions or comments about this notice, or wish to exercise your privacy rights, you may contact our Data Protection Officer (DPO) by email at dataprotection@chester.ac.uk or contact us at:

University of Chester
Data Protection Officer
Parkgate Road
Chester, Cheshire CH1 4BJ
England

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

---

Version 2.0