Privacy Policy
Who are we?
The Fresh Air Club’s office address is St Mary’s House, Netherhampton, Salisbury, SP2 8PU.
Throughout this policy, ‘we’ and ‘us’ means The Fresh Air Club.
‘You’ and ‘your group’ means you and your party members or anyone for whom you are making a booking.
How we collect information from you?
We obtain information about you when you use our website, for example, when you contact us about holiday clubs, after-school clubs, birthday parties, school residentials and non-residential activities, if you directly give us any information via forms, if you make booking or purchase or if you sign up to receive email communication.
What personal data is collected from you?
In operating this website, we may collect and process certain data and information relating to you and your use of this site. Your privacy is important to us and we confirm that we will never release your personal details to any third party for their mailing or marketing purposes. The data that we collect is detailed below:
• Details of visits to our website and the pages and resources that are accessed, including but not limited to, traffic data, location data and other communication data that may assist us in understanding how visitors use our website. This may also include the resources that you access, and information about where you are on the internet including the domain type, IP address and URL that you came from. This information is collected and used for our internal research purposes and to improve our customer service.
• Information you provide to us by sending us a message through our website and information provided to us when you communicate with us electronically for any reason. If you contact us, we may keep a record of your email and other correspondence.
• Information that you provide us as a result of filling in forms on our website, such as registering for information or making a purchase.
• If you make a purchase from us, your card information is not held by us, it is collected by our third-party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions, as explained below.
How and why your information is used?
Special Category Data
When The Fresh Air Club provides its service to you we often request to collect information that could reveal, details of physical or mental health, ethnic origin or religious beliefs. This information is considered “sensitive personal data” under GDPR and other data protection laws. We only collect this information where it is necessary to deliver our services to you. For example, if you inform us about specific dietary requirements, this could indicate specific religious beliefs. If you request special assistance, use of an accessible room or facilities; or provide medical information for you and/or your group, this could reveal information about health. By providing any sensitive personal data you explicitly agree that we may collect and use it in order to provide our services and in accordance with this Privacy Policy. If you do not allow us to process any sensitive personal data, this may mean we are unable to provide all or parts of the services you have requested from us.
Requesting information or a quote
Your name, contact details and query will be recorded when you fill out a contact form. We will use your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
Making an Enquiry or Booking
If you have made booking with us we may have records of your name, gender, date of birth, email and telephone number(s). For your security, your login password is not kept by us.
We hold details of your interactions with us through conversations with our admin team. For example, we collect notes from our conversations with you, details of any complaints or comments you make, details of bookings you made, items added to your basket, voucher redemptions and how and when you contact us. We do not hold payment (credit or debit card) information.
Under 16’s
We are concerned to protect the privacy of children aged 16 or under. We collect children’s names, gender and ages as part of our booking process. Once the event booked has been held, the data is destroyed.
Visiting our woods
• In the event of any accidents or incidents in the woods located in Damerham, your data may be recorded and shared with third parties as part of our duty of care.
After Your Visit
• We retain your comments and feedback
• We hold your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
SUMMARY – We may use your information:
• to make sure we can deliver you the best possible course.
• to assist us looking after the physical and emotional wellbeing of our customers.
• to ensure that the content on our website is presented in the most efficient way for you and the computer that you are using and to enable you to participate in interactive features of the site.
• to provide you with information relating to our website, product or our services that you request from us.
• to provide you with information on other products that we feel may be of interest to you in line with those you have previously expressed an interest in via our website.
• to process a booking you have made.
• to meet our obligations arising from any contracts entered into by you and us.
• to seek your views or comments on the services we provide.
• to notify you about any changes to our website, including improvements, and service or product changes.
• to send you communications about products or services that you have requested and that may be of interest to you.
• for our internal purposes including statistical or survey purposes, quality control, site performance and evaluation to improve our website.
We review our retention periods for personal information on a regular basis. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or however long is specified in any relevant contract you hold with us.
Who has access to your information?
The Fresh Air Club utilises the services of third party organisations (bookwhen, worldpay etc.) to process your personal data. We may pass your information to our third-party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to process payments and send you email). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service.
We will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, or if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our supporters and customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
Data Controller
The Fresh Air Club is the data controller and determines the purposes and means of the processing of your personal data. Where your data is processed by any third party on behalf of The Fresh Air Club we will ensure the third party is a processor under the GDPR laws. We confirm that we take steps in order to ensure that this data is processed lawfully under the law in accordance with each agreement that we have in place with each processor.
How Can I opt out?
You have a choice about whether or not you wish to receive information from us. We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent (opting in). We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted. If you no longer want to receive direct marketing communications from us, then you can change your preferences or completely unsubscribe in one of two ways:
• Click the ‘unsubscribe’ at the bottom of marketing emails sent to you
• Email hello@thefreshairclub.co.uk or telephone 07876 646207 and we will process your request within 7 days
Your Rights
You have the right to ask us for a copy of the information The Fresh Air Club hold about you. This can be done by emailing us at: hello@thefreshairclub.co.uk
The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date please contact by the above methods. From the date that we receive the required Information, we have one month to process your request. If the request is complex or numerous, we may require an additional two months and will contact to explain why the extension is necessary within the first month of your request.
Security precautions are in place to protect the loss, misuse or alteration of your information. When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information imputed on Bookwhen (such as credit or debit card details) is encrypted and protected with 128 Bit encryption on SSL across the entire website. When you are on a secure page, a lock icon will appear in the address bar of modern web browsers such as Microsoft Edge and Google Chrome.
Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Use of ‘cookies’
Like many other websites, The Fresh Air Club website uses cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. Cookies are sometimes used to improve the website experience of a visitor to a website. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to pre-fill some information on forms and to enable us to see what people view on the website and for how long. The use of cookies enables us to improve our website, deliver effective marketing and offer a more personalised service.
We may also use the cookies to gather information about your general internet use to further assist is in developing our website. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive and then stored there and transferred to us where appropriate to help us to improve our website and the service that we provide to you. It is possible to switch off cookies by adjusting your browser preferences or using a dedicated browser extension.
Links to other websites
Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access those using links from our website.
In addition, if you were referred to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third party site.
The Legal bases we rely on
The law on data protection sets out several different reasons for which a company may collect and process your personal data, including:
Consent
In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters. When collecting your personal data, we can always make clear which data is necessary in connection with a particular service.
Contractual obligations
In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you book a trip with us, we will collect your address details in order to send you booking information.
Legal compliance
If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement. We may also have to pass data to regulatory or governing bodies.
We may use your data to send you communications required by law such as updates to our Privacy Policy or to comply with any legal obligation to provide data to police.
Requesting access to your personal data
We respect your right to control your data. Your rights include:
Right of access – you have the right to access and obtain a copy of the personal data that we hold about you. We will only charge you for making such an access request where we feel your request is unjustified or excessive.
Right to rectification – you have the right to request that we correct any inaccuracies in the personal data stored about you.
Right to erasure – in certain circumstances, you have the right to request that we erase your personal data. For example, you may exercise this right in the following circumstances:
• your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by us
• where you withdraw consent and no other legal ground permits the processing
• where you object to the processing and there are no overriding legitimate grounds for the processing
• your personal data have been unlawfully processed
• your personal data must be erased for compliance with a legal obligation
Where we store your personal data for statistical purposes, we may not be able to comply with such a request where it would likely impair such statistical purposes or where we require your personal data for compliance with a legal obligation or in connection with legal proceedings.
Right to restriction – you have the right to restrict our processing of your personal data where any of the following circumstances apply:
• where you feel that the personal data which we hold about you are not accurate. This restriction will be in place for a period to enable us to verify the accuracy of your personal data
• where the processing is unlawful and you do not want your personal data be erased and request the restriction of its use instead
• where we no longer need to process your personal data (e.g. any of the purposes outlined above have been completed or expire), but we require it in connection with legal proceedings
• where you have objected to our processing of your personal data pending the verification of whether or not our legitimate business interests override your interests, rights and freedoms.
How long will we keep your personal data?
Whenever we collect or process your personal data, we will only keep it for as long as necessary for the purpose which it was collected. At the end of that period your data will either be deleted or anonymised, for example by aggregation with other data – so it can be used in a non-identifiable way for statistical analysis or business planning.
Where we keep your data for the purposes of Covid19 track and trace, your information will be kept for 21 days.
Type of data Examples – Period retained
Analytics data. Anonymised web traffic data in Google analytics: 50 months
Query data. Name, email address: 3 years
Lead booker data. Name, contact details: 3 years
Bursary request data. Name, school, free school meal eligibility, other info as provided by group leader: 12 months after visit.
Adults data. Party members Name, D.O.B, gender, dietary requirements, medical information: 12 months after visit.
Children’s data. Party members Name, D.O.B, address, gender, dietary requirements, medical information: 12 months after visit
Email correspondence. Name, contact details, other info as provided by group leader: 3 years
Feedback post trip. Feedback forms: 3 years
Payment information. Credit/Debit card information: Not retained
Complaints and issues raised: 3 years
Incident data. Accident reports, witness statements: Adults 5 years, Children 18 years
Insurance claims. Notification of claim, details of hearings: Until claim is resolved or expires
Booking info. Dietary/medical requirement: 3 years
Cookies IP address: See cookie policy
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113. Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites). If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
Reviewing our Privacy Policy
We keep this Policy under regular review. This Privacy Policy is Version 9 and was updated in January 2022.