Join

Privacy Notice – Represent AI

 

Last updated: 12 April 2026

 

This Privacy Notice explains how Represent AI (“Represent AI”, “we”, “us”) uses personal data when you visit our website, sign up to receive communications, interact with us on social media (including Instagram), or participate in our community (including by joining our WhatsApp group).

  1. Who we are

Represent AI is a community group. We are not currently incorporated as a company, charity,
CIO, CIC or other registered entity.
For data protection purposes, Represent AI (acting through its volunteer organisers) is the
data controller for the processing described in this Privacy Notice.

Contact

If you would like to know which organiser is responsible for handling data protection queries,
contact us using the details above.

  1. When this notice applies

This notice applies when you:

  • Subscribe to our email list / updates;
  • Ask to join, or join, our WhatsApp group;
  • Sign up for events, training sessions, or other community activities;
  • Contact us (eg. by email or via a sign-up/contact form);
  • Follow or interact with us on LinkedIn, Instagram, or other social media; or
  • Visit or browse our website.
  1. The personal data we collect (what you give us)

We aim to collect the minimum personal data needed to run the community.
Depending on what you sign up for, we may collect:

A. Identity and contact details

  • Name;
  • Email address;
  • Phone number (including where you join the WhatsApp group); and
  • Any profile name you provide through the relevant channel (eg WhatsApp display name, Instagram username).

B. Sign-up and community information

  • Which communications you requested (eg newsletters, event alerts);
  • Your preferences (eg topics you want to hear about);
  • Participation history (eg whether you attended an event you registered for); and
  • Where relevant, confirmation that you registered for an event or activity via a third-party platform.

C. Third-party platforms

Some Represent AI events or activities may be organised or ticketed through third-party platforms (for example, Eventbrite).

Where you register for an event through such a platform:

  • That platform acts as a separate data controller in respect of the personal data it collects directly from you;
  • The platform may collect information in accordance with its own privacy notice and terms, including information that may constitute special category data; and
  • Represent AI does not control which data those platforms require or how they use it.

We will typically receive only the information necessary to administer your participation in the relevant Represent AI event (for example, your name, contact details, and attendance status), and we will process that information in accordance with this Privacy Notice.

We encourage you to review the privacy notice of any third-party platform carefully before submitting your information.

D. Communications

  • Emails or messages you send to us; and
  • If you join the WhatsApp group, the content you post in the group.

E. Special categories of data

By the nature of the Represent AI community, which is focused on women and LGBTQIA+ individuals, our handling of personal data involves special category data within the meaning of the UK GDPR (for example, information relating to sex, sexual orientation, gender identity or related characteristics).

We do not require you to actively provide sensitive personal data through structured questions. However, your participation in the community, or the fact that you join certain channels (including the WhatsApp group), may itself reveal special category information by implication, and you may also choose to share such information in communications or discussions.

Where we process special category data, we do so only to the extent necessary for operating and safeguarding the community, and we rely on an appropriate legal condition – most commonly your explicit consent, given through your voluntary participation and engagement with the community.

  1. Website technical data (even if you don’t sign up)

Even if you do not sign up, our website (which is hosted on WordPress, operated by Automattic Inc., and hosted by HostGator, a brand of Newfold Digital, Inc., on servers located in the United States) and its security providers will typically process limited technical data so the site can be delivered and protected (eg IP address, device/browser information, timestamps, and basic server logs).

We do not use this technical data to build marketing profiles about visitors who have not signed up.

  1. How we use your data and our lawful basis

We use your personal data for the purposes below.

A. Community communications you request

Purpose: to send you newsletters, updates, event announcements, and community information you ask to receive.

Lawful basis: consent (you can unsubscribe at any time).

B. WhatsApp group administration and community updates

Purpose: to add you to the group (where you join/request access), communicate group updates, moderate and manage the group, and address misuse.

Lawful basis: legitimate interests (running the community safely and effectively) and/or consent (because joining the group is a clear affirmative action).

C. Handling enquiries

Purpose: to respond to messages and keep appropriate records of correspondence.
Lawful basis: legitimate interests (operating the community and responding to enquiries).

D. Events / sessions administration

Purpose: managing registrations, sending operational information (eg joining details), and handling waiting lists.

Lawful basis: legitimate interests (and, where relevant, contract if you sign up for a paid-for event/service).

E. Website security and basic operation

Purpose: preventing fraud/abuse, troubleshooting, and maintaining availability.
Lawful basis: legitimate interests (secure operation of the website).

F. LinkedIn, Instagram, and social media engagement

Purpose: to operate and post content on our Instagram account, interact with followers and community members, and share community updates and event information.

Lawful basis: legitimate interests (promoting the community and engaging with members and the public on social media).

  1. Marketing rules (email, WhatsApp, and messages)
  • Email: we will send marketing-style emails only where you have actively opted in. You can unsubscribe using the link in our emails.
  • WhatsApp: joining the WhatsApp group is optional. We use the group primarily for community updates. We will not send you 1:1 marketing messages on WhatsApp unless you have asked us to do so (or you have otherwise clearly opted in to that channel).
  • Instagram: we may post community content, event announcements, and updates on our Instagram page. Meta/Instagram processes your interactions with our page under its own privacy policy. We will not send you direct marketing messages via Instagram unless you have separately opted in.
  • LinkedIn: we may post community content, event announcements, and updates on our LinkedIn page. LinkedIn processes your interactions with our page under its own privacy policy. We will not send you direct marketing messages via LinkedIn unless you have separately opted in.
  1. WhatsApp group: important information before you join

If you join our WhatsApp group, you should understand:

  1. Other members may see your phone number and profile information, depending on your WhatsApp settings;
  2. WhatsApp/Meta processes your data under its own privacy policy and terms. We do not control WhatsApp’s processing;
  3. Anything you post in the group may be copied, shared or screenshotted by other members. We cannot prevent this;
  4. If you leave the group, you will stop receiving group messages, but messages you already posted may remain in other members’ chat history; and
  5. We may moderate the group to keep it safe and remove content or members who breach community rules.
  1. Social media and messaging platforms: important information

If you follow or interact with us on WhatsApp, Instagram, or LinkedIn, you should understand:

  • WhatsApp and Instagram are operated by Meta Platforms, Inc. (a US-based company), which acts as a separate data controller for its platforms. LinkedIn is operated by LinkedIn Corporation (a subsidiary of Microsoft Corporation). We do not control how these companies process your personal data when you use their services;
  • Your data may be transferred to and processed in the United States;
  • Any interactions you have with our posts (likes, comments, direct messages) may be visible to other users depending on your privacy settings;
  • We may receive anonymised or aggregated analytics about our followers and post engagement from Instagram Insights and LinkedIn Page Analytics; and
  • For details of how Meta processes your data, see WhatsApp’s Privacy Policy (https://www.whatsapp.com/legal/privacy-policy-uk) Instagram’s Data Policy (https://help.instagram.com/155833707900388), and LinkedIn’s Privacy Policy (https://www.linkedin.com/legal/privacy-policy).

We encourage you to review your privacy settings on each platform and the relevant provider’s privacy policy.

  1. Cookies and analytics

We aim to minimise tracking. We use strictly necessary cookies to support website functionality and security.

Our website is built on WordPress, which sets cookies necessary for the site to function (for example, session cookies and login cookies for administrators). MailerLite (our email service provider) uses a tracking pixel in emails to record whether an email has been opened, for the purpose of measuring engagement. You can disable image loading in your email client to prevent this.

If we introduce non-essential cookies (eg analytics), we will provide a cookie banner and choices, and explain the details in a Cookie Policy.

  1. Who we share your personal data with

We do not sell personal data.

We may share personal data with:

  • WhatsApp/Meta (because the WhatsApp group runs on their platform), and, by design, other WhatsApp group members (who can see certain details within the group);
  • Instagram/Meta, as Meta provides us with aggregated insights about engagement with our page; note, however, that Meta acts as an independent controller of personal data processed via its platform;
  • LinkedIn Corporation (a subsidiary of Microsoft Corporation), which provides us with aggregated analytics about engagement with our LinkedIn page;
  • Automattic Inc. (WordPress, our website hosting platform) Newfold Digital, Inc. (trading as HostGator, our server hosting provider), and other IT providers supporting the site;
  • Email/newsletter providers MailerLite, operated by UAB MailerLite (Lithuania);
  • Event administration providers Eventbrite and similar platforms as applicable; and
  • Professional advisers and authorities where necessary for compliance, safeguarding, or legal claims.

We share only what is necessary for the relevant purpose.

  1. International transfers

The following providers may process personal data outside the United Kingdom:

  • Meta Platforms, Inc. (WhatsApp and Instagram): Meta is a US-based company. Meta relies on safeguards for transfers of personal data from the United Kingdom to the United States, including the EU–US Data Privacy Framework (including the UK Extension, known as the UK–US Data Bridge) and Standard Contractual Clauses (SCCs) for transfers to the United States (see Meta’s Privacy Policy at https://www.facebook.com/privacy/policy/);
  • Automattic Inc. (WordPress): Automattic stores data on servers located in both the United States and the European Union. Automattic relies on safeguards, including Standard Contractual Clauses (SCCs) for transfers outside the United Kingdom (see Automattic’s Privacy Policy at https://automattic.com/privacy/);
  • MailerLite (UAB MailerLite): MailerLite is a Lithuanian company and stores subscriber data in data centres located within the European Union. Where its sub-processors access data from outside the EEA, MailerLite relies on Standard Contractual Clauses (see MailerLite’s Privacy Policy at https://www.mailerlite.com/legal/privacy-policy and Data Processing Addendum at https://www.mailerlite.com/legal/data-processing-agreement); and
  • Eventbrite, Inc. (event management platform): Eventbrite operates through UK and EU entities but may transfer personal data outside the United Kingdom, including to the United States. Eventbrite relies on safeguards such as being certified under the EU-US Data Privacy Framework (including the UK Extension), the use of Standard Contractual Clauses (SCCs), and the UK International Data Transfer Addendum (see Eventbrite’s Privacy Policy at https://www.eventbrite.co.uk/help/en-gb/articles/460838/eventbrite-privacy-policy/).
  • LinkedIn Corporation (professional networking): LinkedIn is a US-based company (a subsidiary of Microsoft Corporation). LinkedIn relies on safeguards such as the Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework (including the UK Extension) for transfers to the United States (see LinkedIn’s Privacy Policy at https://www.linkedin.com/legal/privacy/eu).
  • Newfold Digital, Inc. (trading as HostGator, server hosting provider): HostGator is operated by Newfold Digital, Inc., a US-based company. HostGator’s servers are located in the United States. Transfers of personal information outside the UK by Newfold’s UK companies (and transfers to third parties) are made pursuant to Standard Contractual Clauses for the transfer of personal data to third countries (see the UK GDPR Addendum at https://www.newfold.com/privacy-center/addendum-uk-gdpr).

You may request further information about these safeguards by contacting us using the details in section 1. 

  1. How long we keep your data

We keep personal data only as long as needed for the purposes above:

  • Email subscribers: until you unsubscribe, plus a minimal “do not contact” record to respect your opt-out;
  • WhatsApp group: while you are a member; we may retain limited moderation/admin records where needed to keep the group safe;
  • Instagram followers: we do not independently store your Instagram data. Meta retains data in accordance with its own data retention policies;
  • LinkedIn followers and connections: we do not independently store your LinkedIn profile data. LinkedIn retains personal data in accordance with its own data retention policies; where you contact us via LinkedIn, we may retain message content for up to 12 months after the last correspondence (or longer where necessary for legal or compliance purposes);
  • Enquiries: typically up to 12 months after the last correspondence, unless a complaint or safeguarding issue requires longer; and
  • Event registrations: typically up to 24 months after the relevant event, unless longer retention is needed for legal/accounting reasons.
  1. Your rights

Subject to legal conditions, you have rights including:

  • Access, rectification, erasure, restriction, and data portability;
  • Objection (including an absolute right to object to direct marketing); and
  • Withdrawal of consent (where we rely on consent).

To exercise your rights, contact us using the details in section 1.

We do not carry out any automated decision-making or profiling as defined by Article 22 of the UK GDPR.

  1. Complaints

If you are unhappy with our handling of your data, please contact us first.

You can also complain to the Information Commissioner’s Office (ICO) (the UK supervisory authority) at https://ico.org.uk/make-a-complaint/data-protection-complaints/

  1. Updates to this notice

We may update this Privacy Notice from time to time. The current version will always be available on our website, with the “Last updated” date at the top.