Privacy Policy for Outdoor Tribe CIC

Outdoor Tribe CIC is committed to protecting your privacy and security. This policy explains how and why we use your personal data, to ensure you remain informed and in control of your information. For the purposes of data protection law, Outdoor Tribe CIC will be the controller.

We will always ask mailing list subscribers, who exercise that choice from our website, to “double opt-in” for marketing communications.

We will never sell any personal data you share with us and will only ever share it with other organisations if we are legally obliged to do so or we have obtained your permission first.

Any questions you have in relation to this policy or how we use your personal data should be sent to of****@ou**********.uk or addressed to The Data Protection Officer, Outdoor Tribe CIC, Artisans House, 7 Queensbridge, Northampton NN4 7BF.

How we use your personal information

Personal information provided by you will be used for the purposes outlined at the time of subscription to our mailing list or registration in relation to an event in accordance with the preferences you express.

Personal data collected and processed by us may be used for all or any of the following purposes:

  • Communication in relation to future or past events;
  • Administration of payments and donations;
  • Research and statistical analysis;
  • Communication about follow-on events/activities to those which you have attended.

We will ensure that any marketing communications you receive from us are relevant, for example tailored to interest you have shown through attending an event. Having subscribed, there will be an option provided in each email you receive to unsubscribe from that list.

Personal data collected and processed by us may be shared with our directors, staff and volunteers.

We rely on our directors, staff and volunteers to help us run events and when you book to attend an event, your name and telephone number will feature on a sheet we use for booking-in purposes. The information on our booking-in sheets may be used to contact you if you are late or fail to turn up. Our booking-in sheets are destroyed after the event.

What information we collect

We will collect personal data from you appropriate to need. For example: name, email, and telephone number when you complete a form on the website relating to an event. We do not normally collect or store sensitive personal data such as information relating to health. However, there are some situations where this will occur (e.g. if you volunteer with us or you are attending one of our events). If this does occur, we’ll take extra care to ensure your personal data is protected and any forms containing personal data will be stored securely.

Information we will collect for sessions/events to be attended – name, age (if under 18), email address, telephone number, emergency telephone number, name of doctor and information about any medical conditions/allergies. If you make a payment or donation to us then we will keep a record of when and how much you paid or gave.

If an accident or incident occurs at one of our events or involving one of our session leaders or volunteers, we’ll keep a record of this (which may include personal data and sensitive personal data).

We sometimes receive personal data about individuals from third parties. For example, if we are partnering with another organisation (e.g. you provide your information to another organisation which then pays for a block of sessions). We may also receive personal data from referral agencies.

We may collect information from social media if you interact on one of our social media accounts.

When visitors to our website leave comments on the site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymised string created from your email address (also called a ‘hash’) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

If you upload images to our website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our website you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices.  Login cookies last for two days, and screen option cookies last for a year.  If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after one day.

Embedded content from other websites

Articles on our website may include embedded content (e.g. videos, images, articles etc.). Embedded content from another website behaves in exactly the same way as if the visitor has visited the other website.

These other websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Sensitive personal data

If you are a volunteer, whether specifically for Outdoor Tribe CIC or if you are attending an event as a volunteer for another organisation which is running an event with us, then we may collect extra information about you (e.g. references, DBS/criminal record checks, details of emergency contacts, medical conditions etc.). This information will be retained for legal reasons to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.

How we use personal information

We will only ever use an individual’s personal data with their consent, or where it is necessary in order to:

  • Enter into or perform a contract with them;
  • Comply with a legal duty; or
  • For our own (or a third party’s) lawful interests, provided the individual’s rights don’t override these.

In any event, as stated above, we’ll only use your personal information for the purpose or purposes for which it was collected: marketing, administration and research/statistical analysis.

Marketing

We use personal data to communicate with people, to promote events and to help with fundraising. This includes keeping you up to date with news, events and fundraising information.

Administration

We use personal data for administrative purposes. This includes:

  • Fulfilling orders for events (whether placed online, over the phone or in person); and
  • Helping us respect your choices and preferences (e.g. if you request not to receive promotion/news updates material, we’ll keep a record of this).

Disclosing and sharing data

We will never sell your personal data. Occasionally, where we partner with other organisations, we may also share information with them (for example, if you register to attend an event being jointly organised by us and another organisation). We’ll only share information when legally obliged to do so or otherwise with your prior consent.

Marketing

Mailing list subscribers are required to double “opt-in” to be included on our mailing list.

We use MailChimp for email marketing and there is facility in each email to unsubscribe from our list.

When you receive a communication, sent via the email marketing platform Mailchimp, statistical information is collected about how you respond to or interact with that communication and this may affect how we communicate with you in future. This information helps us to ensure communications are relevant and timely.

Photographs, videos, pictures and stories featured on our website and on social media

Our organisation is about ‘community’ and we actively seek to share insights about our activities with the wider community. When we use photos/videos, we don’t usually include names or ages (of children), unless these facts are relevant to the piece and we have obtained the permission of the parent/carer to do so. A ‘child’ is determined as any person under the age of 18.

We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of children.  It is our practice to obtain verbal permission to use photos/videos of individuals taken at events for our website, social media platforms, video and email marketing.

Analytics

We use plug-ins which collect data on page/post visits to our website on a daily basis.

How we protect data

We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use or disclosure of, your personal information.

Data submitted to our website is done through SSL (Secure Sockets Layer) to encrypt the data between your browser and the website server.

BACS payments for events are made through secure systems set up between your bank and ours (the Co-operative bank).

Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided to us by email or to our website) are at the user’s own risk.

Personal data submitted to us on paper is stored securely when not being used during sessions.

Transfer of data

Outdoor Tribe’s operations are based in the UK and our website is on a UK based server. We use social media platforms including Facebook, Twitter and Instagram which may mean that personal data is transferred to, or accessible from the USA.

Visitor comments on our website may be checked through an automated spam detection system.

How long we store information

We will only use and store information for so long as it is required for the purposes it was collected. How long information will be stored for depends on the information in question and what it is being used for. If you ask us not to contact you by email we will comply with your request. We periodically review what personal information we hold and delete what is no longer required. We do not store payment card information.

If you leave a comment on our website, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users who register on our website, we also store the personal information they provide in their user profile. All users can see, edit or delete their personal information at any time (except that they cannot change their user name). Website administrators can also see and edit that information.

Rights you have over your data

We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, the most important of which are as follows:

  • The right to receive confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as subject access request);
  • The right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
  • The right to have inaccurate data rectified; and
  • The right to object to your data being used for marketing.

Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.

Please also be aware that if you have an account on our website, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you on the website. This does not include any data we are obliged to keep for administrative, legal or security purposes.

If you would like further information on your rights or wish to exercise them, please write to our data protection officer at Outdoor Tribe CIC, Artisans House, 7 Queensbridge, Northampton NN4 7BF.

Complaints

You can complain to Outdoor Tribe CIC directly by contacting our data protection officer using the details set out above.

If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk

Links to other sites

Our website contains hyperlinks to other websites. We are not responsible for the content or functionality of any of those external websites (but please let us know if a link is not working by using the ‘Contact us’ link at the top of the page).

If an external website requests personal information from you (e.g. in connection with an order for goods or services), the information you provide will not be covered by the Outdoor Tribe CIC Privacy Policy. We suggest you read the privacy policy of any website before providing any personal information.

When purchasing goods or services from any of the businesses that our site links to, you will be entering into a contract with them (agreeing to their terms and conditions) and not with Outdoor Tribe CIC.

Changes to this Privacy Policy

We’ll review and update this Privacy Policy from time to time to ensure it remains up-to-date and accurately reflects how and why we use your personal data. The current version of our Privacy Policy will always be posted on our website.

Outdoor Tribe CIC Privacy Policy – updated August 2024