Part of the Intelligence Corps Association
ICA Main Site ICA Membership

Privacy Policy

How we handle your personal data.

Last updated: 20 March 2026

1. Introduction

This Privacy Policy explains how The ROSE Network ("we", "us", "our"), operated as a function of the Intelligence Corps Association (ICA), Registered Charity No. 1175211, collects, uses, stores, and protects your personal data when you use our website at rose.roseandlaurel.uk.

We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

The data controller for personal data collected through this website is:

Intelligence Corps Association
Headquarters ICA
Contact: Mrs Hazel Donald
Email: ica_hq@roseandlaurel.uk

3. What Data We Collect

We may collect the following categories of personal data:

3.1 Data you provide directly

  • Contact form submissions: Name, email address, and any information you include in your message when using our contact form.
  • Mentoring or registration enquiries: Name, email address, service status, and related details submitted via email.

3.2 Data collected automatically

  • Analytics data: Pages visited, time spent on site, referral source, browser type, device type, and approximate geographic location (country/city level). This data is collected via Google Analytics (through Google Tag Manager) only if you consent to analytics cookies.
  • HubSpot tracking data: Page views, form interactions, and session data collected by HubSpot only if you consent to analytics cookies.

3.3 Data we do not collect

  • We do not collect financial or payment information.
  • We do not collect special category data (e.g. health, ethnicity, political opinions).
  • We do not knowingly collect data from children under 16.

4. How We Use Your Data

We use your personal data for the following purposes:

Purpose Lawful Basis (UK GDPR)
Responding to enquiries and contact form submissions Legitimate interest (Article 6(1)(f))
Facilitating mentoring introductions Consent (Article 6(1)(a))
Website analytics and improvement Consent (Article 6(1)(a)) — via cookie consent
Sending relevant communications about ROSE Network activities Legitimate interest (Article 6(1)(f))

5. How We Share Your Data

We do not sell, rent, or trade your personal data. We may share data with:

  • Google (via Google Tag Manager and Google Analytics) — for website analytics, subject to your cookie consent. Google processes this data under their own privacy policy.
  • HubSpot — for contact form processing and analytics, subject to your cookie consent. HubSpot processes data in the EU (eu1 region).
  • Intelligence Corps Association — as the parent organisation and registered charity, ICA may receive data necessary to fulfil its charitable objectives.

We will never share your data with commercial recruitment agencies or employment brokers. The ROSE Network does not act as a recruitment intermediary.

6. Data Retention

  • Contact form submissions: Retained for up to 24 months, then deleted unless there is an ongoing relationship.
  • Analytics data: Retained according to Google Analytics and HubSpot default retention policies (typically 14–26 months).
  • Cookie consent preferences: Stored locally in your browser (localStorage) and retained until you clear your browser data or change your preference.

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to restrict processing — request that we limit how we use your data.
  • Right to data portability — request transfer of your data in a structured, commonly used format.
  • Right to object — object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at ica_hq@roseandlaurel.uk. We will respond within one calendar month.

8. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • HTTPS encryption for all data transmitted to and from our website.
  • Use of established, reputable third-party processors (Google, HubSpot) with their own security certifications.
  • Access to personal data is limited to authorised personnel only.

9. International Transfers

Some of our third-party processors (notably Google) may transfer data outside the UK. Where this occurs, appropriate safeguards are in place, including Standard Contractual Clauses approved by the Information Commissioner's Office (ICO).

HubSpot processes data in the EU (eu1 region), which is covered by the UK adequacy decision.

10. Cookies

Our website uses cookies. For full details of the cookies we set, how they are used, and how to manage your preferences, please see our Cookie Policy.

11. Links to Other Websites

Our website contains links to external sites including the ICA main site, Veterans Gateway, SSAFA, the Royal British Legion, and COBSEO. We are not responsible for the privacy practices of these external sites and encourage you to read their privacy policies.

12. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated "Last updated" date. We encourage you to review this page periodically.