Privacy Policy
Privacy Notice (How we use client information)
We will ask for a completed booking form for every booking. The booking form will ask for active consent from every client for this data. This will include:
-
Name
-
Date of Birth
-
Address
-
Telephone Numbers
-
Name and contact details of next of kin
-
Medical information such as allergies, medication, illnesses or treatments that may be relevant to the activities for which you are booking
-
Photo and social media consent
The completed booking forms will be sent to us via electronic means or post and are stored securely. During the booked activity, the following information is shared electronically with the instructor to ensure it can be referenced during the activity and in the case of a medical emergency:
-
Client name and contact number
-
Next of kin name and contact number
-
Medical information pertinent to the activity being undertaken
Once the activity or course is completed the instructor will delete this information from their electronic device.
Why we collect and use this information
We use your data to:
-
to provide you with the services for which you have contracted us
-
to ensure appropriate medical treatment is provided or sought
-
to ensure that any dietary needs including allergies are met
-
to assess the quality of our services
-
to comply with the law regarding data sharing
Where explicit consent is given we may use images and or video footage on our web site or social media networks
The lawful basis on which we use this information
We process client data in line with legislation. Article 6 of the GDPR sets out the legal bases for processing personal data. We rely on the following reasons:
-
Consent - the client has given us clear consent to process their personal data for a specific purpose
-
Contract - the processing is necessary for a contract we have with the client
-
Legal obligation - the processing is necessary for us to comply with the law (not including contractual obligations
-
For the purpose of our legitimate interests
-
The lawful bases for processing Special Category Data (medical data) are set out in Article 9 of the GDPR. We rely on the following bases:
-
The individual has given explicit consent to the processing of their personal data for one or more specified purposes.
Collecting client information
Whilst the majority of information you provide to us is necessary for us to provide you with the services you have requested, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain client information to us or if you have a choice in this.
Storing client data
We store your data on secure computers and in paper records which are secured physically. We are legally required to store personal data about you after your course or activity has finished. To meet these obligations, we hold client data for a period of 7 years before securely destroying it.
Who we share client information with
We will share contact and pertinent medical information with instructors contracted to us and who are working with you on your course or activity. Other than to meet legal or regulatory obligations we do not share your information with any external bodies or organisations.
Requesting access to your personal data
Under data protection legislation, clients have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your data, please contact us directly.
You also have the right to:
-
object to processing of personal data that is likely to cause, or is causing, damage or distress
-
prevent processing for the purpose of direct marketing
-
object to decisions being taken by automated means
-
in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
-
claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner's Office at https://ico.org.uk/concerns/
COVID-19 track and trace – Additional Notice – October 2020
In addition to our standard privacy notice, Lakes Adventure is also collecting and recording the contact details of clients, to support NHS England’s COVID-19 track and trace scheme. Your contact details will be used to enable NHS England to contact you if you have attended a course around the same time as someone who has tested positive for coronavirus. Contacting people who might have been exposed to the virus is an important step in containing any spread.
Reasons for data collection
In order to assist in the containment of the virus, Lakes Adventure will only share your data when it is requested directly by NHS England, for use in the track and trace scheme. Further information on the NHS England track and trace scheme is available on the NHS website:
https://www.covid19.nhs.uk/
Type of data collected
Along with the date and time of your booking, we will collect the following personal data:
-
Your name
-
Contact telephone number
If you do not have a telephone number, you have the option to provide:
-
A postal address or an email address
-
Lawful basis for collecting this data
Under data protection law, GDPR Article 6(1), Lakes Adventure has a number of lawful bases that allow us to collect and process personal information. In this case, the lawful basis for processing your data is legal obligation; Lakes Adventure has a common law duty of care to protect the welfare and wellbeing of individuals who make use of our services.