Privacy Notice

Good Governance Institute sees the new General Data Protection Regulation, known as GDPR, as an opportunity for you to have more control over how your data is used. The changes will help to better protect your personal data and will allow you to access the information on file faster and more effectively.

We are strongly committed to protecting personal data and will ensure your information is confidential. This privacy statement describes why and how we collect and use personal data, and provides information about your individual rights. This applies to personal data provided to us, both by you or by others. We may use the personal data provided to us for any of the purposes described in this privacy statement, as contractually agreed, or as stated at the point of collection.

Personal data is any information relating to you. The Good Governance Institute collects and processes personal data for two reasons, as part of a contractual relationship, or to keep you informed on events, reports and announcements. When collecting and using your personal data, our policy is to be transparent about why and how we process that data.

Types of data we collect and process

We collect information in cases where there is a contractual relationship to deliver a programme of work, and we need to process personal data to comply with our obligations under the contract. Additionally, information is collected when we are asked to provide a proposal for work which may include email addresses.

At GGI, knowledge sharing forms an important component of our work, enabling us to share our expertise, experience and learning. Our tools, resources and events focus on best practice across various sectors, supporting organisations to improve governance practice and creating opportunities for partners to connect and share learning. We collect personal data which includes email addressed, job titles and employer information in order to keep people informed of news about our events, resources and learning opportunities, as well as to ensure our records are right, which will involve verifying every now and then that you are happy for us to continue to store your information.

For visits on our website,, we use a third-party service, Google Analytics, to collect standard internet log information and visitor patterns. We do this to find out the number of visitors to the various parts of the site for example, however, this information is processed in a way which does not identify anyone. Neither GGI or Google collects any information related to the identity of those visiting our website.


Cookies are small files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

How do I change cookie settings?

You can change your cookie preferences at any time by changing your browser settings. You may need to refresh your page for your settings to take effect.

Alternatively, most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit

Find out how to manage cookies on popular browsers:

Data storage

We ensure the security of all the personal data that we have on record through use of the data storage system Drupal CiviCRM, which is hosted in the European Union on a secure certificated server. Additionally, we have a framework of policies, procedures and training in place which address data protection, confidentiality, security and regular review of the measures we employ to keep data secure. We (GGI LTD) are registered with the Information Commissioner’s Office, ICO (Registration number: ZA077038), and we are also registered with NHS Digital (our organisational code is 8K008) for the Data Security and Protection Toolkit.

Our Staff

It is essential to GGI that our staff understands the importance of protecting personal data and apply the organisation’s privacy policy. We provide appropriate training which ensures that staff employ secure IT methods in the collection of data and that they comply to the Data Protection Act.

Data controller and contact information

Please contact Laura Botea, data controller for the Good Governance Institute and GGI Ltd, if you have any questions about this privacy statement including how and why we process personal data:

Laura Botea
Good Governance Institute
70 South Lambeth Road, London SW8 1RL
Email: [email protected]
Phone: 0773 268 1132

Your rights

The introduction of GDPR ensures that it is the responsibility of GGI as a data controller to enable you to have access and control over your personal data.

If you wish to see full details of the information we have on file, you can make a subject access request under the General Data Protection Regulations to [email protected].

To update personal data we are holding or to withdraw consent, you may email us at [email protected], and we will promptly amend any information found to be incorrect, or remove any personal information from our system.

Changes to this privacy statement

At GGI, ensuring your personal data is kept secure is seen as an ongoing responsibility, therefore we will keep this privacy statement under regular review. This privacy statement was last updated on 21 May 2018.


If you are unhappy about our use of your personal data, please send us an email with the details of your complaint to [email protected], and we will respond promptly. You also have the right to lodge a complaint with the Information Commissioner’s Office. For further information on your rights and how to complain to the ICO, please visit the ICO website.