Policies

Current legal and governance policies for theChangeTracker platform.

Privacy Policy

Updated

theChangeTracker – operated by Just Enough Change Ltd

For information on how we use cookies, please see our Cookie Policy. For terms governing use of the Platform, please see our Terms of Use.

1. Introduction

This Privacy Policy explains how we collect, use, and protect personal data when you use theChangeTracker platform (the “Platform”).
We respect your privacy and comply with UK data protection laws, including the UK GDPR and the Data Protection Act 2018.
Just Enough Change Ltd is the data controller for personal data processed through the Platform.
By using the Platform, you agree to the collection and use of your personal data as described in this Privacy Policy.

2. Personal Data We Collect

We limit personal data to what is necessary for Platform functionality:
  • First name
  • Last name
  • Email address (optional, for notifications or communications)
  • Role or job title, which may be associated with a department or stakeholder group

No other sensitive personal data is collected. Users must be at least 18 years old. We do not knowingly collect data from minors.

3. How We Use Personal Data

We use personal data for the following purposes, including the lawful basis for each:
  • Account management, login, and access control (lawful basis: contract performance)
  • Providing Platform functionality, including pulse surveys, reports, and AI-based insights (optional features only) (lawful basis: contract performance)
  • Analysing anonymised or aggregated data to improve the Platform (lawful basis: legitimate interest)
  • Communications relating to your account or subscription (lawful basis: contract performance)
  • Marketing communications only if you have opted in (lawful basis: consent)

Users must review AI-generated outputs independently; AI tools are advisory only.

4. Third-Party Service Providers

We may share personal data with third-party service providers who help us operate or maintain the Platform, including hosting providers, billing processors, and analytics providers.
These providers process data only as necessary and are required to protect your data in line with UK data protection law.
We do not list provider names to avoid unnecessary security risks.

5. International Data Transfers

All operational data is hosted in the UK. Certain services used to deliver the Platform may process data outside the UK.
We ensure that any international transfer of personal data is carried out with appropriate safeguards under UK GDPR.

6. Data Retention

  • Personal account data: retained while the account is active, plus 12 months after deletion or cancellation
  • Anonymised or aggregated analytics: retained up to 3 years for trend analysis and product improvement

We do not retain personal data longer than necessary.

7. Your Rights

Under UK GDPR, you have rights including access, correction, deletion, objection, and data portability.
Requests should be sent to info@theChangeTracker.com. We will respond within statutory timeframes.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data. No system is completely secure; use of the Platform is at your own risk.

9. Sharing Data with Consultants

Clients may grant Consultant Users access to their data. Clients remain the data controller; Consultant Users must use data only for authorised purposes. We are not responsible for how clients share access internally.

10. Changes to this Privacy Policy

We may update this Privacy Policy. Significant changes will be communicated where appropriate. Continued use constitutes acceptance of the updated Privacy Policy.

11. Contact

For questions about this Privacy Policy or your personal data:
  • Email: info@theChangeTracker.com
  • Address: Central House Suite 1, Central Way, Warrington, England, WA2 7TT

Cookies

Essential cookies are on.

Accept all if you want us to remember your theme preference.

Cookie Policy