Part of the Intelligence Corps Association
ICA Main Site ICA Membership

Privacy Policy

How we handle your personal data.

Last updated: 16 April 2026

1. Introduction

This Privacy Policy explains how The ROSE Network ("we", "us", "our"), operated as a function of the Intelligence Corps Association (ICA), Registered Charity No. 1175211, collects, uses, stores, and protects your personal data when you use our website at www.therosenetwork.co.uk.

We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

The data controller for personal data collected through this website is:

Intelligence Corps Association
Headquarters ICA
Contact: Mrs Hazel Donald
Email: ica_hq@roseandlaurel.uk

3. What Data We Collect

We may collect the following categories of personal data:

3.1 Data you provide directly

  • Contact form submissions: Name, email address, and any information you include in your message when using our contact form.
  • Opportunity submissions: Submitter name and email, together with role title, organisation, location, salary, summary, link, and application deadline when posting a job or public appointment via the Opportunities page.
  • Event submissions: Submitter email, together with event title, organiser, description, date, location, venue, and link when posting an event via the Events page.
  • Business directory listings: Business name, sector, description, website, LinkedIn URL, contact name and email of the listing owner.
  • Contract and tender posts: Title, description, organisation, deadline, source URL, and contact details of the poster.
  • Mentor applications: Name, email, service background, industry, expertise, and any other details supplied when applying to mentor Service Leavers.
  • Member accounts (registration): First name, last name, email address, password (stored as a hash), and service status.
  • Mentoring or registration enquiries: Name, email address, service status, and related details submitted via email.

3.2 Data collected automatically

  • Analytics data: Pages visited, time spent on site, referral source, browser type, device type, and approximate geographic location (country/city level). This data is collected via Google Analytics (through Google Tag Manager) only if you consent to analytics cookies.
  • HubSpot tracking data: Page views, form interactions, and session data collected by HubSpot only if you consent to analytics cookies.

3.3 Data we do not collect

  • We do not collect financial or payment information.
  • We do not collect special category data (e.g. health, ethnicity, political opinions).
  • We do not knowingly collect data from children under 16.

4. How We Use Your Data

We use your personal data for the following purposes:

Purpose Lawful Basis (UK GDPR)
Responding to enquiries and contact form submissions Legitimate interest (Article 6(1)(f))
Reviewing, listing, and managing opportunity, event, business directory, and tender submissions Legitimate interest (Article 6(1)(f))
Contacting submitters about their submission (e.g. to clarify or confirm details) Legitimate interest (Article 6(1)(f))
Processing mentor applications and matching mentors with Service Leavers Legitimate interest (Article 6(1)(f))
Creating and administering member accounts and providing access to member services Performance of a contract (Article 6(1)(b))
Sending occasional updates and communications about ROSE Network activities, events, opportunities, and initiatives Legitimate interest (Article 6(1)(f)) — you may opt out at any time
Website analytics and improvement Consent (Article 6(1)(a)) — via cookie consent

5. How We Share Your Data

We do not sell, rent, or trade your personal data. We may share data with:

  • Google (via Google Tag Manager and Google Analytics) — for website analytics, subject to your cookie consent. Google processes this data under their own privacy policy.
  • HubSpot — for contact form processing, CRM, and analytics, subject to your cookie consent. HubSpot processes data in the EU (eu1 region).
  • Supabase — provides the database infrastructure that stores opportunity, event, business directory, tender, mentor, and member-account records. Supabase processes data in the EU.
  • Vercel — hosts the website and processes request logs in the course of serving pages.
  • Sentry — receives automated error reports when something goes wrong in the browser. Each error report includes the error message, stack trace, page URL, browser type, approximate geography, and your IP address (used to associate related errors and estimate scope of impact). Sentry is processed in the EU under legitimate interest for site reliability. We do not deliberately send personal data beyond the IP address; Sentry's data-scrubbing rules remove sensitive content from payloads where we pass user input.
  • Sendible — may receive the public content of opportunity and event listings (not submitter contact details) for distribution via our social channels.
  • Intelligence Corps Association — as the parent organisation and registered charity, ICA may receive data necessary to fulfil its charitable objectives.
  • Mentees (Service Leavers) — where you have applied as a mentor, we will share relevant details from your mentor profile with Service Leavers seeking guidance.

Public-facing submissions (approved opportunities, events, business listings, tenders) are published on the website. Submitter contact details are held internally and are not published unless you expressly include them in the public content.

We will never share your data with commercial recruitment agencies or employment brokers. The ROSE Network does not act as a recruitment intermediary.

6. Data Retention

  • Contact form submissions: Retained for up to 24 months, then deleted unless there is an ongoing relationship.
  • Opportunity and event submissions: Published listings are retained until their deadline or event date has passed, then archived for up to 12 months. Submitter contact details are retained for up to 24 months after publication. Rejected submissions are deleted within 3 months.
  • Business directory and tender listings: Retained while the listing remains active. Removed within 3 months of a request from the listing owner, or when the business ceases to be active.
  • Mentor applications: Retained for the duration of your involvement in the programme, plus 12 months after your last activity. Withdrawn applications are deleted within 3 months.
  • Member accounts: Retained while your account remains active. Inactive accounts (no login for 24 months) may be deleted after written notice.
  • Marketing communications preferences: Opt-out records are retained indefinitely to honour your preference.
  • Analytics data: Retained according to Google Analytics and HubSpot default retention policies (typically 14–26 months).
  • Cookie consent preferences: Stored locally in your browser (localStorage) and retained until you clear your browser data or change your preference.

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to restrict processing — request that we limit how we use your data.
  • Right to data portability — request transfer of your data in a structured, commonly used format.
  • Right to object — object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at ica_hq@roseandlaurel.uk. We will respond within one calendar month.

To opt out of marketing communications from The ROSE Network (e.g. updates about events, opportunities, or initiatives), email info@therosenetwork.co.uk or click the unsubscribe link in any message we send. Opting out does not affect communications about an active submission or your member account.

8. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • HTTPS encryption for all data transmitted to and from our website.
  • Use of established, reputable third-party processors (Google, HubSpot) with their own security certifications.
  • Access to personal data is limited to authorised personnel only.

9. International Transfers

Some of our third-party processors (notably Google) may transfer data outside the UK. Where this occurs, appropriate safeguards are in place, including Standard Contractual Clauses approved by the Information Commissioner's Office (ICO).

HubSpot processes data in the EU (eu1 region), which is covered by the UK adequacy decision.

10. Cookies

Our website uses cookies. For full details of the cookies we set, how they are used, and how to manage your preferences, please see our Cookie Policy.

11. Links to Other Websites

Our website contains links to external sites including the ICA main site, Veterans Gateway, SSAFA, the Royal British Legion, and COBSEO. We are not responsible for the privacy practices of these external sites and encourage you to read their privacy policies.

12. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated "Last updated" date. We encourage you to review this page periodically.