We are committed to processing your data in accordance with the law as a data controller. By visiting our website or by making a booking, you are accepting and consenting to the practices described in this Privacy Policy.
Who we are
Our business: Earthwild, POBOX 76554, London, SE27 7DY. Our website: https://earthwild.org.uk. You may contact us via hello@earthwild.org.uk
What personal data we collect and why we collect it
Personal data means any information from which an individual can be identified. It does not include anonymous (unidentifiable) data.
We may collect, use, store and transfer your personal data in accordance with the law, to fulfil our contractual obligations to you, and for our legitimate business interests (or those of a third party). In order to process your personal data for any other purposes, we would ask for your specific consent in advance.
We comply with our obligations under GDPR by:
- Keeping personal data up-to-date
- Storing and destroying it securely
- Only collecting relevant and necessary data
- Putting procedures and systems in place aimed at protecting personal data from unauthorised access, loss or misuse
- Ensuring appropriate technical systems are present to protect your data
We may collect data such as: identity, contact, financial, transaction, technical, profile, usage, marketing and communication preferences, location.
Failure to provide data
Where we require certain personal data in order to fulfil our contractual obligations to you, and if you fail to provide that data when requested, we might not be able to go ahead with the contract we are entering into with you (eg. to allow you to book an event). In this case, we may need to cancel our contract with you or refuse to provide the service. If so, we will inform you of this at the time.
How we collect and use your personal data
We do not sell or trade your personal data. We only use your data for the purposes for which we collected it, unless we need to use it for another reason which we consider is compatible with the original purpose. Please note we may process your data without your knowledge if required or permitted by law.
|
Purpose/Activity |
Type of Data |
Legitimate Interest/Legal Basis |
|
Register you as a new user, customer, account holder |
Identity, contact, profile, XXX |
Performance of a contract with you |
|
Processing your booking |
Identity, contact, financial, transactional, marketing and communications |
Performance of a contract with you; Necessary for our legitimate interests |
|
Managing our relationship with you- notifying you about changes (eg. to our privacy policy), asking you to leave a review or take part in a promotion |
Identity, contact, profile, marketing and communications, |
Performance of a contract with you; Necessary for our legitimate interests; Necessary to comply with legal requirements |
|
Enabling you to take part in a promotion, competition or survey |
Identity, contact, profile, usage, marketing and communications |
Performance of a contract with you; Necessary for our legitimate interests |
|
Secure running and protection of our website and business- data analysis, system maintenance, testing, troubleshooting, support, reporting, data hosting |
Identity, contact, technical |
Necessary for our legitimate interests; Necessary to comply with legal requirements |
|
Delivering relevant website content and marketing to you, or to measure the effectiveness of marketing or promotional services |
Identity, contact, profile, usage, marketing and communications |
Necessary for our legitimate interests |
|
Data analytics to improve our- website, services, marketing, relationships, user experience |
Technical, usage |
Necessary for our legitimate interests |
|
Make recommendations for suitable other relevant services or opportunities for users |
Identity, contact, profile, usage, marketing and communications, technical, transactional |
Necessary for our legitimate interests |
We may collect your personal data through various methods:
Direct interactions
You may be giving us your identity, contact and financial data such as when: filling in forms or corresponding with us online, by phone, by post, or in person at an event. You may also provide data to us when making bookings or an order, creating an account on our website, subscribing to our marketing mailing list, entering a competition or promotion, reporting a problem, providing feedback, or searching for a service.
Creating a profile or account
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
If you request a password reset, your IP address will be included in the reset email.
Commenting (Eg. on the website)
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. Visitor comments may be checked through an automated spam detection service.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
We retain your photographic consent for 7 years or for as long as we may use the photographs or videos. Only the necessary personal data relating to the photographic consent shall be kept, for legal and legitimate purposes. Sensitive data which is not required for photographic consent should be destroyed if it is no longer required for legal or legitimate or transactional interest.
If photographic media is used, no personal details (eg. names) are used alongside.
Third Parties or publicly available sources
We may share your personal data with the third parties or sub-contractors such as those listed below. Third parties can include subsidiaries or members of our company, business partners or sub-contractors, analytics and search engine providers, professional advisors and website technicians, tax authorities and regulators.
We may receive personal data about you from third parties or public sources such as transaction data from our chosen payment services provider (eg. Paypal), data from social networks such as LinkedIn.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Bookings (subprocessors and third party suppliers)
Where we use our own website and integrated booking system to process bookings, all will come under this privacy policy and the terms & conditions of our business and website.
Earthwild website
If your booking is processed through our own website, the following third party sub-processors in order to process and manage your booking:
External booking systems providers (data processors)
Where we may use other booking systems, we are still considered the data controller, with the external booking systems being the data processor. Your bookings still fall under our privacy policy and terms and conditions. However, whilst using the external booking systems providers, they also may share your data in order to manage the running and security of the transaction.
Bookwhen
We may use this company to provide our booking services. Bookwhen Ltd, a company registered in England and Wales, No. 08914060 with its registered office at: Belsyre Court, 57 Woodstock Road, Oxford, OX2 6HJ, England, VAT number: GB 186 6398 51.
The Bookwhen website may use some of the following sub-processors and third parties to process your data (see table below):
|
‘Bookwhen’ Booking System Sub-processors | ||||||
|
Google LLC |
Cloud service provider. Analytics tracking. Data backups. Hosting. |
All data that customer and users provide to the Services. |
UK, USA |
Encryption of data in transit and at rest for Google Cloud Platform and Google Workspace. External Encryption Key storage outside of Google’s technical infrastructure. |
Googleplex. 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA | |
|
Amazon Web Services Inc. |
Cloud service provider. Data backups. |
Data backups. |
EU |
Encryption of data in transit and at rest. | ||
|
Intercom Inc. |
CRM services |
Website visitor IP address. Email address, IP address and geographic location of logged in user. Other personal details that individuals choose to share as part of a support conversation. |
EU, USA |
Encryption of data at rest and in transit. |
2nd Floor, Stephen Court, 18-21 Saint Stephen’s Green, Dublin 2 | |
|
Slack Technologies LLC |
Internal communication |
Support discussions may temporarily include customer data. |
USA, EU |
Encryption of data at rest and in transit. |
Slack Technologies LLC, 50 Fremont Street, San Francisco, CA 94105, United States | |
|
Linear Orbit, Inc. |
Project management |
Triaged support requests, occasionally including personal data. |
USA |
Encryption of data at rest and in transit. |
440 N Barranca Ave #4242 Covina, CA 91723, USA | |
|
Atlassian Pty Ltd |
Data organisation (Trello) |
Customer support, occasionally including personally identifiable feedback. |
USA |
Encryption of data at rest and in transit. |
Atlassian Pty Ltd, 350 Bush Street, Floor 13, San Francisco, CA 94104, USA | |
|
Stripe, Inc. |
Payment processing |
First Name, Last Name, Email Address, Billing Address. |
USA |
Encryption of data at rest and in transit. |
354 Oyster Point Boulevard, South San Francisco, California, 94080, USA | |
|
PayPal |
Payment processing |
First Name, Last Name, Email Address, Billing Address. |
USA |
Encryption of data at rest and in transit. |
PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg | |
|
FIS Global (Worldpay) |
Payment processing |
First Name, Last Name, Email Address, Billing Address. |
USA |
Encryption of data at rest and in transit. |
https://www.fisglobal.com/contact-us Jacksonville, Florida, USA | |
|
ActiveCampaign LLC (Postmark) |
Transaction emails and newsletter provider |
Email addresses. IP addresses. Contents of emails. |
USA |
Encryption of data at rest and in transit. |
1 North Dearborn Street, 5th floor, Chicago, IL 60602 | |
|
InMoment, Inc. (Wootric) |
Feedback service. NPS. |
Email addresses. |
USA |
Encryption of data at rest and in transit. |
10355 South Jordan Gateway, Suite 600, South Jordan, UT 84095 USA | |
|
Qualitista OÜ (Klaus) |
Customer support QA, working with Intercom data. |
Email addresses. |
EU |
Encryption of data at rest and in transit. |
Qualitista, Vana-Lõuna 39-1/11, Tallinn 10134, Estonia | |
Bookwhen Website, 28.09.23
EEQU
If we use EEQU as our booking system, they may share your data with the following sub-processors or third parties:
|
EEQU Website, 28.09.23
Marketing
We do not sell your personal data with any third party for marketing purposes.
You will need to ‘opt in’ to receive marketing communications. You may do so via email, agreeing to or requesting to be added to our mailing list. You may do so by ticking the consent box on the booking form on our website. We may need to use your identity, contact, technical, usage, and profile data for our own marketing purposes so that we can send you information on the types of services you are interested in.
You may ‘opt out’ or withdraw your consent at any time by clicking ‘unsubscribe’ link at the bottom of our marketing emails. If you ‘opt out’ or ‘unsubscribe’ then you will no longer receive further information from us about our services through our email newsletters. We may still communicate with you regarding your account with us, or your bookings with us.
Mailchimp
We provide our newsletter and marketing email through Mailchimp. They may share data with sub-processors such as Intuit or other systems in order to provide the services you need.
Automated Technologies
When you interact with our website, we automatically collect technical data about your equipment and browsing behaviour. We collect this via cookies, server logs and other similar technologies. We may also receive data about you if you visit other websites employing our cookies. Please see the section on cookies for more information.
Cookies
Cookies are small text files placed on your computer by websites you visit. We may use cookies or similar tracking technology to improve your browsing and booking experience, and to improve our services. We use both persistent cookies (for example saving future login information) and session cookies (which are deleted once you close your browser).
You are able to control cookies within your own browser settings. Please be aware that if you do not accept cookies it may prevent you from accessing the full range of website services provided.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Our use of data analytics tools
Staff and volunteer Information
All subcontractors working or volunteering with us must adhere to our policies and procedures. Personal information of staff and volunteers is held either for: as long as they have an active relationship with us, kept for three years for the purpose of providing a reference for their future employment, or be kept for seven years for legal and finance purposes. We will only hold personal data for staff and volunteers which is relevant for those purposes.
Age of Users
It is assumed and necessary that all accounts with us and users are adults (18 years and over). Our website and booking system is not designed for use by children. If children are being booked upon our courses, it is assumed that the person completing their booking forms is an adult and is authorised to do so. It is the responsibility of the parents or carers of the child in question, and the adult making the booking, to ensure this is the case and that the information they are adding is accurate and appropriate. It is not our responsibility to check this or the accuracy of the information completed. If we suspect information may have been incorrectly provided, or there are discrepancies in the data provided, we may contact the named adult who completed the form to request confirmation or the correct relevant information.
Your Rights
You may request access, deletion, or restriction of your personal data or withdraw your consent at any time, free of charge, under the Data Protection Law. We may need to request specific information for security reasons to make sure of your identity in order to process this request. We will endeavour to adhere to your request within 30 days, however it may take longer depending on the nature of your request.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
How long we retain your data
We retain your personal data for as long as is reasonably necessary to fulfil the service or purpose for which it was originally collected, or to comply with any legal, accounting or reporting requirements. We may retain your data for longer in the event of a complaint to resolve disputes, to comply with legal requests or fraud prevention, or to maintain security. To decide how long with retain your data we will reasonably decide on a length of time which is both fair and sensitive to the nature of the data being collected, and to reduce the risk of unauthorised disclosure of your personal data. We will retain your data whilst your still have an account with us or if we are still fulfilling a contract or service to you. We will retain unidentifiable data (anonymised) after your account has closed, or after our contract for service provision has ended, for reporting purposes or to comply with our consent policies such as for use of photographs. Your consent for use of photographs is advised to be kept for 7 years or whilst the photographs still may have potential to be used. The data associated with photographic consent will be separated from personal data such as health so that the only data which is retained is necessary to provide evidence of photographic consent. After you have closed your account, any information you have shared with others may remain visible and may still show up on external services such as search engine results. Your personal data will be kept for 18 months before it is deleted or made unidentifiable (anonymised) from our booking website services.
Data security and breaches
We have security measures in place to ensure your personal data is held securely. All information you provide to use is stored on secure servers. Financial transaction information will be encrypted using SSL technology. Your password is your responsibility to keep confidential and we won’t ask you for this information. We limit access to your personal data to those only who need to know. They are subject to a duty of confidentiality and will only process your data on our instruction. If we suspect a security breach has taken place, we will notify you. Although we take great care to safeguard your personal data, the transmission of data on the internet is never completely secure, and any transmission you take is at your own risk. Once we have received your personal data we will use our security features and procedures in place to try to prevent unauthorised access.
Complaints
You may contact us if you feel our collection or use of your personal data is inappropriate, unfair or misleading. If you have any complaints about how we collect or use your data, please contact us. We take your complaints very seriously. If you feel your prefer to contact a UK data protection authority, you may contact The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, England, SK9 5AF.
Changes to our privacy policy
If we update our privacy policy the changes can be seen on this page, so please check back in periodically to be updated. If appropriate, larger changes may be highlighted to you via announcements on our website, email, newsletter, booking system page.
Contact us
Earthwild can be contacted at hello@earthwild.org.uk or by post to Earthwild, PO BOX 76554, London, SE27 7DY.
Date of last update to this Privacy Policy: 28.09.23