Privacy Policy

Last updated: May 2026

Who we are

Mosaic CIO is a Charitable Incorporated Organisation registered in England and Wales. We work to build AI confidence and digital skills for young people aged 16–24 from underrepresented communities.

We are the data controller for the personal data we collect. You can contact us at connect@mosaic-cio.org.

What data we collect and why

We only collect data that is necessary for the purposes described below.

Enquiries and contact forms

When you get in touch with us we collect your name and email address so we can respond to you. Our legal basis is legitimate interests — you have contacted us and reasonably expect a reply.

Programme applications

If you apply to take part in a Mosaic programme we may collect additional information including your age, background, and education or employment status. This is used solely to assess eligibility and deliver the programme. Our legal basis is legitimate interests or, where required, explicit consent.

Partners and supporters

If you represent an organisation interested in partnering with or funding Mosaic, we collect your name, job title, organisation and contact details. Our legal basis is legitimate interests.

Website analytics

We may collect anonymised data about how visitors use our site (pages visited, time on site) to help us improve it. No personally identifiable information is collected for analytics purposes without your consent.

Young people's data

Where we work directly with people under 18, we take additional care. We will always seek appropriate consent and will never share the personal data of young people without clear lawful basis to do so.

How long we keep your data

  • Enquiry and contact data: up to 2 years from last contact, unless you ask us to delete it sooner
  • Programme participant data: up to 6 years in line with charity reporting obligations
  • Partner and supporter data: up to 3 years from last contact

We review data we hold regularly and delete anything we no longer need.

Who we share your data with

We do not sell, rent or trade your personal data. We may share data with:

  • Service providers who support our operations (e.g. email platforms), under data processing agreements
  • Funders or regulators where we are legally required to report
  • The Charity Commission where required by law

All third parties are required to handle your data securely and only for the purposes we specify.

Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Ask us to correct inaccurate data
  • Ask us to delete your data (the right to erasure)
  • Object to or restrict how we process your data
  • Withdraw consent at any time where consent is our legal basis

To exercise any of these rights please contact us at connect@mosaic-cio.org. We will respond within 30 days.

Cookies

Our site uses essential cookies to function correctly. We will always ask for your consent before placing any non-essential cookies. You can withdraw consent at any time by clearing your browser cookies.

Complaints

If you have concerns about how we handle your data, please contact us first and we will do our best to resolve the issue.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

ICO: ico.org.uk  ·  0303 123 1113

Changes to this policy

We may update this policy as our programmes grow. Any significant changes will be noted at the top of this page with a revised date. We encourage you to check back periodically.

Contact us

For any privacy-related questions please reach out directly.

Mosaic CIO — Data Controller

connect@mosaic-cio.org