Privacy Policy and UK GDPR Statement
Creative Active Lives CIC is committed to protecting your privacy and handling personal data responsibly, transparently, and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what information we collect, how it is used, how it is stored, and your rights.
Who we are
Creative Active Lives CIC is the data controller for the purposes of UK GDPR. If you have any questions about this policy or how your data is handled, you can contact us.
Information we collect
We may collect and process the following personal data when you use this website or our services:
- Name
- Email address
We may also collect technical data such as:
- IP address
- Browser type ("User Agent")
- Basic usage data
IP addresses may be stored temporarily for security, system integrity, fraud prevention, and troubleshooting purposes. IP addresses are not linked to individual survey responses or wellbeing data.
Survey and wellbeing data
Responses collected through the Minecraft Education wellbeing tool are anonymous. Survey and interaction data is associated only with the project and the organisation/account that created the questions. It cannot be used by Creative Active Lives CIC to identify individual participants. If an organisation running the activity chooses to collect identifiable information separately (for example, on paper forms or through their own systems), that data is not collected or stored within this platform. Data is transmitted securely and can be accessed only by authorised account holders.
How we use your data
We use personal data only for legitimate purposes, including:
- Providing access to your account
- Communicating with you about your use of the service
- Maintaining the security, performance, and integrity of the platform
- Meeting legal or regulatory obligations where applicable
We do not sell personal data and we do not use it for advertising or profiling.
We process personal data using the following lawful bases defined by UK GDPR:
- Contract (to provide the service and manage your account)
- Legitimate interests (to operate, secure, and improve the platform)
- Legal obligation where applicable
Anonymous wellbeing and survey data does not constitute personal data under UK GDPR.
Data storage and security
We take appropriate technical and organisational measures to protect data against unauthorised access, loss, misuse, or alteration. Data is stored securely using Microsoft Azure Cloud Services. Access is restricted to authorised users only. We retain personal data only for as long as necessary for the purposes for which it was collected. Where possible, we minimise the personal data we hold.
Cookies
We use essential cookies required for login and the secure operation of the website. We do not use tracking or advertising cookies.
Data sharing
We do not share personal data with third parties except where required to provide the service or where legally required to do so. We do not transfer personal data outside the UK unless appropriate safeguards are in place.
Your rights
Under UK GDPR, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your personal data
- Object to or restrict processing in certain circumstances
- Withdraw consent where consent is the lawful basis
Requests can be made by contacting us by e-mail. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
Children’s data
The platform is designed for use in educational, therapeutic, community and youth settings under appropriate supervision. Where children and young people are involved, the organisations using the tool are responsible for ensuring appropriate consent and safeguarding arrangements are in place. Children and young people should not create accounts directly.
Changes to this policy
If we update this policy, changes will be published on this page.
Last updated: 2026/02/28