Privacy Policy

Who we are

Impact Brixton CIC is an open community of purpose-driven entrepreneurs, creatives, doers and dreamers, powered by a shared workspace and learning environment.

Impact Brixton CIC is registered in England and Wales (company registration number 11745103) at 17a Electric Ln, Brixton, London SW9 8LA.

Impact Brixton is a data controller registered with the UK Information Commissioner’s Officer.

What this policy covers

This Privacy Policy applies to your use of our website, and the services we provide to you. Your privacy is important to us. It is our policy to respect your privacy regarding any information we may collect from you.

What data do we collect about you?


As part of the service we provide you, we may collect Personal Data. Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified.

We only request personal data relevant to providing you with a service, and only use it to help provide or improve this service. As part of providing a service to you, we ask for the following personal data:

  • Name
  • Email
  • Phone number
  • Business and mailing address
  • Payment information
  • Social media profiles (optional)
  • Gender (optional)
  • About your business (optional)
  • A personal summary (optional)


When you visit our website, our servers may automatically collect standard data provided by your web browser. This data“non-identifying information”, as it does not personally identify you on its own. It may include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit and the webpage that referred you to our website, the time and date of your visit, the time spent on each page, and other details.

We may also collect data about the device you are using to access our website. This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.

How we collect your personal data

We collect your personal information by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used. You are free to refuse our request for this information, with the understanding that we may be unable to provide you with some of your desired services without it.

We will collect your personal information when you voluntarily submit it to us in one or more of the following occasions:

  • When you subscribe to a membership in person or through our website;
  • When you subscribe to our newsletter via our website;
  • When you attend an event organized by us.

How we use your personal data

Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data will be used for the following purposes:


  • Providing and managing your membership with us. Your personal data is required in order for us to enter into a contract with you.
  • Providing and managing your access to our Membership Management System.
  • Supplying services to you.
  • Communicating with you regarding your membership. This may include responding to emails or calls from you.


With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email, telephone and/or post with information, news, and offers on our services. You will not be sent any unlawful marketing or spam.

We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out in any correspondence we send.

How long we keep your personal data

We may retain information for a period of six years after your association with us has come to an end. We only retain personal information for as long as necessary to provide a service, or to improve our services in future, or where we are legally required to do so.

While we retain this data, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure, and cannot guarantee absolute data security.

As stated below, you have the right to require us to erase personal data.

How we share your personal data

We share your data with external third parties that are based both inside the EEA and outside of the EEA. We will only transfer your personal data to countries outside of the EEA that the European Commission has deemed to provide an adequate level of personal data protection. More information is available from the European Commission.

If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR.

In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

Third-party access to personal data

We use third-party services for:

  • Analytics tracking
  • Membership management
  • Email marketing
  • Payment processing
  • Email

We contract with the following third parties to supply certain services, which in turn allows us to provide our service to you:

Nexudus Limited

Data submitted by:   You through a sign-up form and interactive portal

Accessed by:            You and Impact Brixton CIC

Main uses:                Member sign up, Membership management, Bookings management, Invoice management, Email communication

Registered address:  Nexudus Limited, Hideaway Workspace, London, SW16 2BF, United Kingdom

Privacy Policy:

The Rocket Science Group, LLC (Mailchimp)

Data submitted by:   Impact Brixton CIC

Accessed by:            Impact Brixton CIC

Main uses:                Email marketing

Registered address:  The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA

Privacy Policy: 

GoCardless Ltd.

Data submitted by:   You (via Nexudus)

Accessed by:             Impact Brixton CIC

Main uses:                 Processing direct debits

Registered address:  GoCardless Ltd., Sutton Yard, 65 Goswell Road, EC1V 7EN, London, United Kingdom

Privacy Policy: 

Stripe, Inc

Data submitted by:   You (via Nexudus or Optix)

Accessed by:            Impact Hub Brixton CIC

Main uses:                Processing one off payments

Registered address: Stripe, Inc. 185 Berry Street, Suite 550 San Francisco, CA 94107

The entity that provides Services in Europe is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin.

Privacy Policy:

Alphabet, Inc (Google)

Data submitted by:    You and Impact Brixton CIC

Accessed by:             Impact Hub Brixton CIC

Main uses:                 Email communication, Google Analytics, London Google Group

Registered address:  1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA

Privacy Policy: 

ThinPrint Cloud Services, Inc. (ezeep)

Data submitted by:     You and Impact Brixton CIC

Accessed by:              You and Impact Brixton CIC

Main uses:                   Printing within our space

Registered address:    ThinPrint Cloud Services, Inc. 7600 Grandview Ave, Suite 200, Denver, CO 80002

Privacy Policy:   

These third parties may access our data solely for the purpose of performing specific tasks on our behalf. We do not give them permission to disclose or use any of our data for any other purpose.

We may, from time to time, allow limited access to our data by external consultants and agencies for the purpose of analysis and service improvement. This access is only permitted for as long as necessary to perform a specific function. We only work with external agencies whose privacy policies align with ours.

We will refuse government and law enforcement requests for data if we believe a request is too broad or unrelated to its stated purpose. However, we may cooperate if we believe the requested information is necessary and appropriate to comply with legal process, to protect our own rights and property, to protect the safety of the public and any person, to prevent a crime, or to prevent what we reasonably believe to be illegal, legally actionable, or unethical activity.

We do not otherwise share or supply personal information to third parties. We do not sell or rent your personal information to marketers or third parties.

Can I control my personal data?

In addition to your rights under the GDPR, when you submit personal data to us, you may be given options to restrict our use of your personal data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails.

Personal data that you may have voluntarily submitted when subscribing for a membership can be updated or partially deleted through the “My Account” space in the Nexudus portal, accessible at with your login details. In here, you can also change your communications preferences in everything that is related to the “Community Message Board” hosted by Nexudus. These preferences can also be updated by following the link provided in the footer of every email sent with posts in the Nexudus “Community Message Board”.

Personal data that we have collected for email marketing purposes or for sending you our Newsletter, through Mailchimp, can also be updated by you through the “Update subscription preferences” link included in the footer of every of these communications. Similarly, should you prefer that we don’t contact you anymore for either of these reasons, you can let us know by following the “Unsubscribe from this list” link provided in the footer of every email we send you through Mailchimp.

How can I delete my personal data that you have collected?

According to the GDPR you can, at any time, ask us to delete the personal information we have collected from you under the “right to erasure”. You should understand that, in some circumstances, this will prevent us from providing you the services you have contracted with us. This request should be made by email addressed to

Barring any lawful obligations or exceptions provided by the GDPR or other laws or regulations, we will strive to comply with your request within the timeframe legally provided. If, for any reason, we understand we should refuse your request to have your data deleted, our decision will be communicated to you with a justification, as provided by the GDPR.

Can I withhold personal data?

You may access our website without providing any personal data at all. However, in order for us to provide a service to you, the personal data set out above is required.

Can I access my personal data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

All subject access requests should be made in writing. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

What Are My Rights?

Under the GDPR, you have the following rights, which we will always work to uphold:

  • The right to be informed about our collection and use of your personal data.
  • The right to access the personal data we hold about you.
  • The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
  • The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have.
  • The right to restrict (i.e. prevent) the processing of your personal data.
  • The right to object to us using your personal data for a particular purpose or purposes.
  • The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
  • Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

Do you use cookies?

We use “cookies” to collect information about you and your activity across our website. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our website. This helps us serve you content based on preferences you have specified. Please refer to our Cookie Policy for more information.

Changes to this policy

At our discretion, we may change our privacy policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our website. If we hold contact details for you and you have not opted out of communications, we will notify you using the contact details we have saved. Your continued use of our service after any changes to this policy will be regarded as acceptance of our practices around privacy and personal information.

This policy is effective as of 26 June 2019.

How to contact us

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:

  • Email address:
  • Telephone: +44 (0)20 3923 0283
  • Postal Address: Impact Brixton, 17a Electric Ln, Brixton, London, SW9 8LA