Compliance & GDPR / Data Protection
Protecting Your Privacy & Data
At Sparrow Mediation, respecting your privacy and safeguarding your personal information is fundamental to how we work. Mediation often involves sharing sensitive details, and we are fully committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
What This Policy Covers
This policy explains how we collect, use, store, share, and protect your personal data, and what rights you have. It applies to anyone using our website, requesting a consultation, or taking part in mediation with us.
1. Who We Are & Scope
Data Controller
Sparrow Mediation acts as the data controller for any personal data you provide. This means we decide how and why your data is processed when you use our services.
2. Our Data Protection Principles
We strictly follow the UK GDPR principles. Your personal data will be:
Processed lawfully, fairly, and transparently
Collected for clear and legitimate purposes
Adequate, relevant, and limited to what is necessary
Accurate and, where required, kept up to date
Stored only as long as needed
Protected with appropriate security measures
Managed responsibly — we are accountable for how we use your data
3. What We Collect & Why
Category of DataPurposeName & contact details (email, address)To arrange and manage mediation sessions, send updates, and follow upCase details / backgroundTo understand your situation and provide effective mediationNotes, documents, or evidenceTo support the mediation processPayment & invoicing informationTo process payments and maintain accurate recordsWebsite usage dataTo operate and improve our site
We only collect what we need. If any special category data (e.g., health details) is shared, we’ll ask for your explicit consent and protect it with additional safeguards.
4. Legal Bases for Processing
We process your data under one or more of these legal grounds:
Contract – to deliver our mediation services.
Legitimate interests – for administration, service improvement, and security.
Consent – when required (especially for special category data). You can withdraw this at any time.
Legal obligations – if the law requires us to retain or disclose certain data (e.g., safeguarding or court orders).
5. Sharing Your Data
We do not sell or rent your data. We only share when necessary:
With your consent – e.g., if you agree we share certain information with legal or professional advisers.
Service providers – such as secure IT and cloud systems that help us deliver our service.
Legal requirements – if required by law, court order, or to meet safeguarding obligations.
Protection of life – if there’s a serious risk of harm to you or others.
Where data is transferred outside the UK, we ensure appropriate safeguards (such as UK Standard Contractual Clauses).
6. Data Retention
We keep personal data only as long as it’s needed for:
Delivering mediation and follow-up services
Meeting legal or regulatory requirements
Defending or pursuing legal claims
Once no longer needed, we securely delete or destroy it.
7. Your Rights
You have the right to:
Access the personal data we hold about you
Correct inaccuracies
Request deletion in certain situations
Restrict or object to how your data is used
Request data portability (have your data sent to you or another provider)
Withdraw consent at any time if we rely on it
Complain to the UK Information Commissioner’s Office (ICO) if you believe your rights have been breached
To exercise your rights, email us at mediate@sparrowmediation.co.uk with “GDPR Request” in the subject line. We will respond in line with legal timeframes.
8. Policy Updates
We may update this page from time to time to reflect legal or operational changes. We will post the latest version here and update the “last modified” date.
9. Contact Us
If you have any questions, concerns, or requests about your personal data or this policy, please contact:
Data Protection Lead
Sparrow Mediation
Email: mediate@sparrowmediation.co.uk
If you’re unhappy with how we handle your data, you can also contact the Information Commissioner’s Office (ICO): www.ico.org.uk.