Privacy Policy

Last updated: 21 December 2025

This Privacy Policy explains how Independent Networks Co-operative Association Limited (INCA) (we, us, our) collects, uses, shares and protects personal data, and the rights you have.

UK data protection is governed by the UK GDPR and the Data Protection Act 2018. 

1. Who we are (data controller)

Independent Networks Co-operative Association Limited (INCA) is the data controller for personal data collected via this website and through our membership and engagement activities.

Contact email (privacy and data protection): info@inca.coop

If you prefer to write to us, contact us via the details on our website.

2. What personal data we collect

We may collect and process the following categories of personal data, depending on how you interact with us:

  1. Identity and contact details
    Name, job title, organisation, business email address, telephone number.

  2. Membership and relationship information
    Membership applications, membership status, membership tier, renewal information, and records of member engagement.

  3. Events and webinars
    Event registration details, attendance, feedback, and any information you choose to provide to help us run an event (for example accessibility requirements).

  4. Communications and preferences
    Your preferences for receiving updates, your opt-in and opt-out status, and records of communications with you.

  5. Website and technical data
    IP address, device and browser information, pages you visit, approximate location (derived from IP), and cookie and analytics data.

  6. Payments and invoicing (where relevant)
    Billing details, invoice details, payment status, and transaction references. We do not store full card details on INCA systems.

3. How we collect personal data

We collect personal data when you:

  • contact us (email or web forms)

  • apply for membership or renew membership

  • register for an event or webinar

  • subscribe to updates

  • use our website (including via cookies and analytics)

4. How we use your personal data and our lawful bases

UK GDPR requires a lawful basis for each use of personal data. The lawful bases are set out in Article 6 UK GDPR and explained in ICO guidance. ICO+1

We use personal data for:

A) Membership administration and delivering member services
Purpose: manage memberships, renewals, member communications, and provide member benefits.
Lawful basis: contract (where we provide a service to you or your organisation) and legitimate interests (running INCA effectively). 

B) Events and webinars
Purpose: register attendees, deliver joining information, manage logistics, and collect feedback.
Lawful basis: contract (where paid) and legitimate interests.

C) Communications and updates
Purpose: send member updates, newsletters, event announcements, and sector communications.
Lawful basis: legitimate interests for expected operational communications; consent where required for marketing and where you have chosen to opt in. (You can opt out at any time.)

D) Finance and administration
Purpose: invoicing, taking payments, accounting, audit, and record keeping.
Lawful basis: legal obligation and legitimate interests.

E) Website operation, analytics and security
Purpose: keep the site secure, prevent abuse, understand how the site is used, and improve content and performance.
Lawful basis: legitimate interests for essential security and site operation; consent for non-essential cookies such as analytics. 

Special category data
We do not routinely collect special category data (such as health data). If you provide accessibility or dietary information for an event, we will use it only for event delivery and handle it with appropriate care.

5. Cookies and Google Analytics

We use cookies and similar technologies. Cookies rules in the UK are covered by the Privacy and Electronic Communications Regulations (PECR) and ICO guidance requires clear information and consent for non-essential cookies.

We use:

  • Strictly necessary cookies: required for core site functions and security.

  • Analytics cookies (Google Analytics): used to understand website usage and improve the site. These are set only if you consent via our cookie settings.

You can manage cookies using:

  • our cookie banner and cookie settings on the website

  • your browser settings (note that blocking some cookies may affect site functionality)

6. Who we share personal data with

We share personal data only where necessary and proportionate, and typically with:

Website hosting and IT

  • Hostinger (website hosting and related services)

Email marketing and newsletters

  • Mailchimp (email distribution and subscription management)

CRM

  • HubSpot (relationship management and engagement records)

Events and webinars

  • EventHub (event registration and attendee management)

  • Microsoft Teams (webinar delivery)

Payments

  • Stripe (payment processing)

Analytics

  • Google Analytics (website usage analytics, subject to cookie consent)

Professional advisers and compliance

  • accountants, auditors, legal advisers, and insurers (only as needed)

We require appropriate contractual protections with suppliers where they process personal data on our behalf.

7. Where data is stored and international transfers

INCA is UK-based and our operational records are managed in the UK.

Some suppliers may process or store personal data outside the UK (for example where a service provider operates globally). Where this happens, we use appropriate safeguards recognised under UK data protection law (for example, contractual protections) to protect your data.

If you want a supplier-by-supplier confirmation of data residency for your INCA setup, contact info@inca.coop.

8. How long we keep personal data

We keep personal data only for as long as necessary for the purposes described above, including for legal, accounting, or reporting requirements. The ICO expects organisations to be transparent about retention periods or the criteria used to set them.

Typical retention approach:

  • Membership records: for the life of the membership and up to 6 years afterwards for audit, finance, and handling queries.

  • Finance records (invoices, payment records): typically 6 years.

  • Event and webinar records: typically up to 24 months after the event (unless needed for finance or compliance).

  • Marketing preferences: until you unsubscribe or we refresh our lists to remove inactive contacts.

  • Website security logs: typically 6 to 12 months unless required for investigation.

9. How we protect personal data

We use appropriate technical and organisational measures designed to protect personal data, including access controls and supplier due diligence. No system can be guaranteed to be completely secure, but we work to reduce risk and respond appropriately if issues arise.

10. Your rights

You have rights under UK GDPR, including the right to be informed, access, rectification, erasure, restriction, objection, and data portability (where applicable), and the right to withdraw consent at any time where consent is the lawful basis.

To exercise your rights, click here

Complaints
You can also complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection. 

11. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

12. Children’s data

Our website, membership, and events are intended for professional and organisational use. We do not knowingly collect personal data from children.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any updates will be posted on this page with the new “Last updated” date.

Privacy Policy

Last updated: 21 December 2025

This Privacy Policy explains how Independent Networks Co-operative Association Limited (INCA) (we, us, our) collects, uses, shares and protects personal data, and the rights you have.

UK data protection is governed by the UK GDPR and the Data Protection Act 2018. 

1. Who we are (data controller)

Independent Networks Co-operative Association Limited (INCA) is the data controller for personal data collected via this website and through our membership and engagement activities.

Contact email (privacy and data protection): info@inca.coop

If you prefer to write to us, contact us via the details on our website.

2. What personal data we collect

We may collect and process the following categories of personal data, depending on how you interact with us:

  1. Identity and contact details
    Name, job title, organisation, business email address, telephone number.

  2. Membership and relationship information
    Membership applications, membership status, membership tier, renewal information, and records of member engagement.

  3. Events and webinars
    Event registration details, attendance, feedback, and any information you choose to provide to help us run an event (for example accessibility requirements).

  4. Communications and preferences
    Your preferences for receiving updates, your opt-in and opt-out status, and records of communications with you.

  5. Website and technical data
    IP address, device and browser information, pages you visit, approximate location (derived from IP), and cookie and analytics data.

  6. Payments and invoicing (where relevant)
    Billing details, invoice details, payment status, and transaction references. We do not store full card details on INCA systems.

3. How we collect personal data

We collect personal data when you:

  • contact us (email or web forms)

  • apply for membership or renew membership

  • register for an event or webinar

  • subscribe to updates

  • use our website (including via cookies and analytics)

4. How we use your personal data and our lawful bases

UK GDPR requires a lawful basis for each use of personal data. The lawful bases are set out in Article 6 UK GDPR and explained in ICO guidance. ICO+1

We use personal data for:

A) Membership administration and delivering member services
Purpose: manage memberships, renewals, member communications, and provide member benefits.
Lawful basis: contract (where we provide a service to you or your organisation) and legitimate interests (running INCA effectively). 

B) Events and webinars
Purpose: register attendees, deliver joining information, manage logistics, and collect feedback.
Lawful basis: contract (where paid) and legitimate interests.

C) Communications and updates
Purpose: send member updates, newsletters, event announcements, and sector communications.
Lawful basis: legitimate interests for expected operational communications; consent where required for marketing and where you have chosen to opt in. (You can opt out at any time.)

D) Finance and administration
Purpose: invoicing, taking payments, accounting, audit, and record keeping.
Lawful basis: legal obligation and legitimate interests.

E) Website operation, analytics and security
Purpose: keep the site secure, prevent abuse, understand how the site is used, and improve content and performance.
Lawful basis: legitimate interests for essential security and site operation; consent for non-essential cookies such as analytics. 

Special category data
We do not routinely collect special category data (such as health data). If you provide accessibility or dietary information for an event, we will use it only for event delivery and handle it with appropriate care.

5. Cookies and Google Analytics

We use cookies and similar technologies. Cookies rules in the UK are covered by the Privacy and Electronic Communications Regulations (PECR) and ICO guidance requires clear information and consent for non-essential cookies.

We use:

  • Strictly necessary cookies: required for core site functions and security.

  • Analytics cookies (Google Analytics): used to understand website usage and improve the site. These are set only if you consent via our cookie settings.

You can manage cookies using:

  • our cookie banner and cookie settings on the website

  • your browser settings (note that blocking some cookies may affect site functionality)

6. Who we share personal data with

We share personal data only where necessary and proportionate, and typically with:

Website hosting and IT

  • Hostinger (website hosting and related services)

Email marketing and newsletters

  • Mailchimp (email distribution and subscription management)

CRM

  • HubSpot (relationship management and engagement records)

Events and webinars

  • EventHub (event registration and attendee management)

  • Microsoft Teams (webinar delivery)

Payments

  • Stripe (payment processing)

Analytics

  • Google Analytics (website usage analytics, subject to cookie consent)

Professional advisers and compliance

  • accountants, auditors, legal advisers, and insurers (only as needed)

We require appropriate contractual protections with suppliers where they process personal data on our behalf.

7. Where data is stored and international transfers

INCA is UK-based and our operational records are managed in the UK.

Some suppliers may process or store personal data outside the UK (for example where a service provider operates globally). Where this happens, we use appropriate safeguards recognised under UK data protection law (for example, contractual protections) to protect your data.

If you want a supplier-by-supplier confirmation of data residency for your INCA setup, contact info@inca.coop.

8. How long we keep personal data

We keep personal data only for as long as necessary for the purposes described above, including for legal, accounting, or reporting requirements. The ICO expects organisations to be transparent about retention periods or the criteria used to set them.

Typical retention approach:

  • Membership records: for the life of the membership and up to 6 years afterwards for audit, finance, and handling queries.

  • Finance records (invoices, payment records): typically 6 years.

  • Event and webinar records: typically up to 24 months after the event (unless needed for finance or compliance).

  • Marketing preferences: until you unsubscribe or we refresh our lists to remove inactive contacts.

  • Website security logs: typically 6 to 12 months unless required for investigation.

9. How we protect personal data

We use appropriate technical and organisational measures designed to protect personal data, including access controls and supplier due diligence. No system can be guaranteed to be completely secure, but we work to reduce risk and respond appropriately if issues arise.

10. Your rights

You have rights under UK GDPR, including the right to be informed, access, rectification, erasure, restriction, objection, and data portability (where applicable), and the right to withdraw consent at any time where consent is the lawful basis.

To exercise your rights, click here

Complaints
You can also complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection. 

11. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

12. Children’s data

Our website, membership, and events are intended for professional and organisational use. We do not knowingly collect personal data from children.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any updates will be posted on this page with the new “Last updated” date.