Privacy Policy
Last updated: 12 May 2026
1. Who We Are
This website is operated by 1Gesture CIC, a Community Interest Company registered in England and Wales.
- Company number: 17037466
- Registered office: Mjg, Hollinwood Business Centre, Oldham, Lancashire, OL8 3QL, United Kingdom
- Contact email: partners@1gesture.org
When we say "1Gesture", "we", "us", or "our" in this policy, we mean 1Gesture CIC. We are the data controller for the personal data described below.
2. What Data We Collect
When you complete the Impact Partner registration form on this website, we collect the following information:
| Data | Required? |
|---|---|
| Organisation name | Yes |
| Your name | Yes |
| Email address | Yes |
| Website URL | No |
| Impact categories selected | No |
We do not collect any special category data (e.g. health, ethnicity, political opinions), nor do we collect payment information through this form.
Separately from the form, our analytics and customer platform providers (Microsoft Clarity and HubSpot) automatically collect technical and interaction data when you browse the site, such as your IP address (masked where supported), device and browser information, referring URL, and on-page interactions like clicks, scrolls, and page views. See Section 9 for details and how to opt out.
3. How We Use Your Data
We use your personal data for the following purposes:
- To respond to your enquiry: we will contact you by email to discuss your interest in becoming a 1Gesture Partner.
- To keep a record of expressions of interest: your submission is stored so we can manage and progress your application.
- To send you relevant updates: if you tick the marketing consent box on the registration form, we may email you with occasional updates about the 1Gesture Partner Programme. You can withdraw this consent at any time using the unsubscribe link in any email we send or by emailing us.
We will not use your data for any other purpose without your consent.
4. Lawful Basis for Processing
Under the UK General Data Protection Regulation (UK GDPR), our lawful bases for processing your personal data are:
- Legitimate interest (Article 6(1)(f)), for responding to your enquiry and managing your expression of interest. You have submitted an enquiry expressing interest in partnering with us, and it is in both our interests for us to follow up and manage that relationship. We have assessed that this processing does not override your rights and freedoms.
- Consent (Article 6(1)(a)), for sending you marketing updates about the 1Gesture Partner Programme, which only applies where you have explicitly ticked the marketing opt-in checkbox on the registration form. You can withdraw this consent at any time without affecting the lawfulness of any processing carried out before you withdrew it.
You have the right to object to processing based on legitimate interest at any time. See Section 8 for how to exercise your rights.
5. Where We Store Your Data
Your data is stored in the following locations:
- Google Sheets (provided by Google LLC), where your form submission is saved to a secured Google spreadsheet. Google processes this data on servers within the EEA and the United States. Google LLC is certified under the EU-US Data Privacy Framework. For more information, see Google's Privacy Policy.
- HubSpot CRM (provided by HubSpot, Inc.), where we create a contact record for you if you have given marketing consent via the cookie banner, so we can manage the enquiry and send you any updates you have opted into. The contact record is created via HubSpot's in-browser tracking script using your HubSpot visitor cookie; it is populated with the details you submitted on the registration form together with your consent state. HubSpot processes this data on servers in the United States and the European Union. HubSpot, Inc. is certified under the EU-US Data Privacy Framework. For more information, see HubSpot's Privacy Policy.
- Email: we send you an acknowledgement email and may follow up via email. Our email service processes data in accordance with its own privacy policy.
- Microsoft Clarity (provided by Microsoft Corporation), our analytics provider, processes interaction data and masked IP addresses on servers in the United States and the European Union. Microsoft is certified under the EU-US Data Privacy Framework. For more information, see Microsoft's Privacy Statement.
- HubSpot (provided by HubSpot, Inc.), our customer platform and website analytics provider, processes interaction data, cookie identifiers, and contact records on servers in the United States and the European Union. HubSpot, Inc. is certified under the EU-US Data Privacy Framework. For more information, see HubSpot's Privacy Policy.
We do not sell, rent, or share your personal data with any third parties for marketing purposes.
6. How Long We Keep Your Data
We retain your data for as long as is necessary to manage your expression of interest and any subsequent partnership relationship. Specifically:
- If you become an Impact Partner, we retain your data for the duration of the partnership and for 12 months after it ends.
- If your expression of interest does not proceed, we will delete your data within 12 months of our last contact with you.
You can request deletion of your data at any time (see Section 8).
7. Data Security
We take reasonable and appropriate measures to protect your personal data from unauthorised access, loss, or misuse. Access to your data is limited to authorised members of the 1Gesture team. Our Google Sheets storage is protected by access controls and two-factor authentication.
However, no method of transmission or storage over the internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security.
8. Your Rights
Under the UK GDPR, you have the following rights in relation to your personal data:
- Right of access — request a copy of the data we hold about you.
- Right to rectification — ask us to correct inaccurate or incomplete data.
- Right to erasure — ask us to delete your data ("right to be forgotten").
- Right to restrict processing — ask us to limit how we use your data.
- Right to object — object to our processing of your data based on legitimate interest.
- Right to data portability — request your data in a structured, machine-readable format.
To exercise any of these rights, email us at partners@1gesture.org. We will respond within 30 days.
9. Cookies and Analytics
When you first visit the site, a cookie consent banner appears. No non-essential cookies are set and no analytics or marketing scripts are loaded until you make a choice:
- Accept all: we load Microsoft Clarity and HubSpot and may set the cookies described below.
- Reject all: we do not load Microsoft Clarity or HubSpot, and no cookies from these providers are set.
Your decision is stored in a first-party cookie named 1g_consent, which contains your category preferences, the version of this policy you consented to, and the timestamp of your choice. This cookie is essential for honouring your consent choice and is set without your explicit consent on the basis of strict necessity. It expires after 12 months, after which we will ask again. You can revisit your decision at any time via the Cookie preferences link in the footer.
We use Microsoft Clarity to understand how visitors use our website, so we can improve the site and the 1Gesture Partner sign-up experience. Clarity provides session replays, heatmaps, and aggregated click and scroll data.
Clarity sets cookies in your browser and may collect the following when you visit the site:
- Your IP address (masked by Clarity by default)
- Device, browser, and operating system information
- The referring URL and pages you visit on our site
- On-page interactions such as clicks, scrolls, and mouse movement
We do not use Clarity for advertising, cross-site tracking, or building profiles about you. Our lawful basis for this processing is legitimate interest (Article 6(1)(f) UK GDPR), improving our website and sign-up flow. We have balanced this against your rights and rely on Clarity's default PII-masking behaviour.
We also use HubSpot as our customer platform to manage partner enquiries and understand how visitors engage with the site. HubSpot is loaded via a tracking script on every page and sets first-party cookies in your browser.
HubSpot may collect the following when you visit the site:
- A HubSpot visitor identifier stored in a first-party cookie (
hubspotutk) and session cookies (__hssc,__hssrc,__hstc) - Your IP address (truncated by HubSpot before storage for EU visitors where required)
- Device, browser, operating system, and approximate location (country/region, derived from IP)
- The referring URL and pages you visit on our site, together with time spent on each page
- If you submit the partner registration form, HubSpot links your submitted contact details to the visitor identifier so we can respond to your enquiry and maintain an accurate record of our communications
We do not use HubSpot for advertising, profiling for automated decision-making, or cross-site behavioural advertising. Our lawful basis is legitimate interest (Article 6(1)(f) UK GDPR) for analytics and for responding to partner enquiries. For any marketing emails, we rely on your consent (Article 6(1)(a) UK GDPR) and you can withdraw it at any time using the unsubscribe link in any email or by emailing us.
How to opt out: you can block Clarity and HubSpot by using browser extensions that block analytics and tracking scripts, by rejecting or clearing cookies in your browser, by enabling "Do Not Track" or Global Privacy Control in your browser, or by emailing us at partners@1gesture.org to request that any recorded data linked to you is deleted. HubSpot honours Global Privacy Control signals in jurisdictions where required.
For more information about how these providers handle your data, see Microsoft's Privacy Statement and HubSpot's Privacy Policy.
Personalised demo links: some shared links to our demo pages (for example, 1gesture.org/demo?firstname) include a first name in the URL so the demo can greet you by name. The name is read by your browser and rendered into the page on the demo only. 1Gesture does not store, transmit, or otherwise process that name on our servers. However, if you have accepted analytics cookies, Microsoft Clarity will record the full URL and the rendered page content as part of normal session analytics, which means the name will appear in our Clarity session data alongside the rest of the recording. If you would prefer not to have the name captured, decline cookies or open the demo without the personalisation, for example by visiting 1gesture.org/demo directly.
10. Third-Party Links
This website may contain links to external sites. We are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policy of any website you visit.
11. Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
We would appreciate the chance to resolve any concerns directly, so please contact us first at partners@1gesture.org.
12. Changes to This Policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.