Quick Exit

Website Privacy Policy


I have found the organisation to be indispensable to me. My ISVA is particularly good as she helps me with all manner of practical day to day requirements. She is very professional and has a depth of knowledge which I find reassuring. I have used other support services, and without a doubt RoSA is by far the best.

Female survivor

Who we are

We are RoSA – and our website address is: https://rosasupport.org.

What personal data we collect and why we collect it


When visitors leave comments on the website we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

We currently do not allow the publishing of comments, and therefore this data will not be published in the public domain.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Currently, we have no contact forms on the RoSA site.


We notify you that we make use of essential cookies, through a small notice at the bottom of our site (it takes you through to this page). Once you accept the notice, a small cookie is dropped on your device, to avoid the popup appearing repeatedly for you. This cookie lasts for one year.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. However, RoSA currently do not allow the publishing of comments, and therefore this data will not be published in the public domain.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

If you are an editor of the site, when you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

We use a security service, which drops a session cookie that helps prevent malicious use / abuse of the site. This is discarded when you close all tabs / windows in your browser that are on our site.

To help optimise site speed, we use a cache service which can drop a short-life functionality cookie, which expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. Where YouTube videos are embedded, we have opted to use the no-cookie code offered by Google, for additional privacy.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Hyperlinks to websites owned and operated by other organisations

Within RoSA’s website, there are links to other third-party websites which have their own privacy policies, including policies on their use of cookies and personal data captured – we urge you to review them. They will govern the use of personal information you submit, or which is collected by cookies whilst visiting these websites.

RoSA cannot accept any responsibility or liability for the privacy practices of such third-party websites and your use of such websites is at your own risk.


We use limited data, such as IP address (and an approximate location derived from that), to provide us with statistical information about website usage that helps us support future funding bids that deliver our services.


A visitor’s IP address and browser user agent string may be captured to help prevent malicious site usage, or hacking attempts to access any site admin areas. Depending on the type of site usage, records may persist for 30 days (e.g. access logs) or in some cases indefinitely (e.g. if malicious activity is identified, and / or action is required – such as blocking an IP address).

If malicious behaviour is detected, an IP address may be temporarily or permanently blocked automatically from accessing the site.

Who we share your data with

Our website provider

Your data (relating to your access to this site – e.g. IP address, user agent and HTTP request) may be available to our website provider, to enable us and them to deliver our services to you, obtain usage analytics / statistics, or provide security functionality for us.

Our website provider acts in accordance with GDPR regulations, and will only retain information for as long as necessary to fulfil the purpose for which is was collected. All personal information collected by our website provider is treated as confidential.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue. We currently do not allow the publishing of comments, and therefore this data will not be published in the public domain.

For users that register on our website (if any), we also store the personal information they provide in their user profile, and audit information about their activity while authenticated to the site. All users can see, edit, or delete their personal information at any time (except they cannot change their usernames, and they cannot delete logs that have been retained for security or audit purposes). Website administrators can also see and edit this information.

Standard access logs are retained for a period of 30 days, unless malicious or suspicious behaviour is detected (in which case, data such as IP addresses may be retained indefinitely, for the purposes of preventing repeat attacks).

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Our security service can intercept bad traffic on our behalf and may capture your source IP if your computer is compromised and/or is used for illegal or malicious activities.

Your contact information

RoSA’s Director is the data protection officer (DPO). Her role is to oversee and monitor RoSA’s data protection procedures, and to ensure they are compliant with GDPR. The data protection officer can be contacted by:

Email: admin@rosasupport.org
Tel: 01788 551150
Post: RoSA, PO Box 151, Rugby, CV21 3WR

The Director acts as a representative for RoSA with regards to its data controller responsibilities; she can be contacted on 01788 551150 or admin@rosasupport.org.

Additional information

How we protect your data

We ensure that there are appropriate technical controls in place to protect your personal details.

RoSA also keeps an audit trail of who made changes to this website and when those changes were made.

In the event of a breach RoSA would follow the breach procedure policy – which includes informing users who might be affected.

Analytical data

All analytics data is access controlled and limited to individuals who have a need to see information to aid the delivery of services, provide technical assistance or who are performing security-based tasks.

Security related data

All security related data is access controlled, and limited to individuals who have security or technical requirements to view it. No data is retained for technical purposes (e.g. to develop functionality for the website) for longer than it is necessary to do so.

What data breach procedures we have in place

RoSA has formal data breach procedures in relation to GDPR found within their Data Protection and Data Retention policies and procedures.

The software used to run this website is constantly updated as and when updates, including security updates, become available. If a breach is detected, we will process this in line with the legal requirements under GDPR.

To make a formal complaint about RoSA’s approach to data protection or raise privacy concerns directly with our data protection team, please contact:

The Data Protection Officer
PO Box 151
CV21 3WR
Email: admin@rosasupport.org

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

You can contact them by calling 0303 123 1113. Or go online to www.ico.org.uk/concerns (opens in a new window; please note we cannot be responsible for the content of external websites).

What third parties we receive data from

Security reports are produced by our hosting provider which enable RoSA to protect the personal information that might be contained within our website.

What automated decision making and/or profiling we do with user data

Our security service will make automated blocking decisions, based on your activity (e.g. to use your IP address to restrict access, if malicious behaviour is automatically identified).

Industry regulatory disclosure requirements

RoSA collect and use personal data in order to meet legal requirements and legitimate interests set out in the GDPR and UK law, including those in relation to the following:

  • Article 6 and Article 9 of the GDPR

You have the right to:

  • Be informed about how RoSA uses your personal data.
  • Request access to the personal data that RoSA holds.
  • Request that your personal data is amended if it is inaccurate or incomplete.
  • Request that your personal data is erased where there is no compelling reason for its continued processing.
  • Request that the processing of your data is restricted.
  • Object to your personal data being processed.

Where the processing of your data is based on your consent, you have the right to withdraw this consent at any time.