We are committed to processing your data in accordance with the law as a data controller. By visiting our website or by making a booking, you are accepting and consenting to the practices described in this Privacy Policy.

Who we are

Our business: Earthwild, POBOX 76554, London, SE27 7DY. Our website: https://earthwild.org.uk. You may contact us via hello@earthwild.org.uk

What personal data we collect and why we collect it

Personal data means any information from which an individual can be identified. It does not include anonymous (unidentifiable) data.

We may collect, use, store and transfer your personal data in accordance with the law, to fulfil our contractual obligations to you, and for our legitimate business interests (or those of a third party). In order to process your personal data for any other purposes, we would ask for your specific consent in advance.

We comply with our obligations under GDPR by:

  • Keeping personal data up-to-date
  • Storing and destroying it securely
  • Only collecting relevant and necessary data
  • Putting procedures and systems in place aimed at protecting personal data from unauthorised access, loss or misuse
  • Ensuring appropriate technical systems are present to protect your data

We may collect data such as: identity, contact, financial, transaction, technical, profile, usage, marketing and communication preferences, location.

Failure to provide data

Where we require certain personal data in order to fulfil our contractual obligations to you, and if you fail to provide that data when requested, we might not be able to go ahead with the contract we are entering into with you (eg. to allow you to book an event). In this case, we may need to cancel our contract with you or refuse to provide the service. If so, we will inform you of this at the time.

How we collect and use your personal data

We do not sell or trade your personal data. We only use your data for the purposes for which we collected it, unless we need to use it for another reason which we consider is compatible with the original purpose. Please note we may process your data without your knowledge if required or permitted by law.


Type of Data

Legitimate Interest/Legal Basis

Register you as a new user, customer, account holder

Identity, contact, profile, XXX

Performance of a contract with you

Processing your booking

Identity, contact, financial, transactional, marketing and communications

Performance of a contract with you; Necessary for our legitimate interests

Managing our relationship with you- notifying you about changes (eg. to our privacy policy), asking you to leave a review or take part in a promotion

Identity, contact, profile, marketing and communications,

Performance of a contract with you; Necessary for our legitimate interests; Necessary to comply with legal requirements

Enabling you to take part in a promotion, competition or survey

Identity, contact, profile, usage, marketing and communications

Performance of a contract with you; Necessary for our legitimate interests

Secure running and protection of our website and business- data analysis, system maintenance, testing, troubleshooting, support, reporting, data hosting

Identity, contact, technical

Necessary for our legitimate interests; Necessary to comply with legal requirements

Delivering relevant website content and marketing to you, or to measure the effectiveness of marketing or promotional services

Identity, contact, profile, usage, marketing and communications

Necessary for our legitimate interests

Data analytics to improve our- website, services, marketing, relationships, user experience

Technical, usage

Necessary for our legitimate interests

Make recommendations for suitable other relevant services or opportunities for users

Identity, contact, profile, usage, marketing and communications, technical, transactional

Necessary for our legitimate interests

We may collect your personal data through various methods:

Direct interactions

You may be giving us your identity, contact and financial data such as when: filling in forms or corresponding with us online, by phone, by post, or in person at an event. You may also provide data to us when making bookings or an order, creating an account on our website, subscribing to our marketing mailing list, entering a competition or promotion, reporting a problem, providing feedback, or searching for a service.

Creating a profile or account

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

If you request a password reset, your IP address will be included in the reset email.

Commenting (Eg. on the website)

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. Visitor comments may be checked through an automated spam detection service.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

We retain your photographic consent for 7 years or for as long as we may use the photographs or videos. Only the necessary personal data relating to the photographic consent shall be kept, for legal and legitimate purposes. Sensitive data which is not required for photographic consent should be destroyed if it is no longer required for legal or legitimate or transactional interest.

If photographic media is used, no personal details (eg. names) are used alongside.

Third Parties or publicly available sources

We may share your personal data with the third parties or sub-contractors such as those listed below. Third parties can include subsidiaries or members of our company, business partners or sub-contractors, analytics and search engine providers, professional advisors and website technicians, tax authorities and regulators.

We may receive personal data about you from third parties or public sources such as transaction data from our chosen payment services provider (eg. Paypal), data from social networks such as LinkedIn.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Bookings (subprocessors and third party suppliers)

Where we use our own website and integrated booking system to process bookings, all will come under this privacy policy and the terms & conditions of our business and website.

Earthwild website

If your booking is processed through our own website, the following third party sub-processors in order to process and manage your booking:

External booking systems providers (data processors)

Where we may use other booking systems, we are still considered the data controller, with the external booking systems being the data processor. Your bookings still fall under our privacy policy and terms and conditions. However, whilst using the external booking systems providers, they also may share your data in order to manage the running and security of the transaction.


We may use this company to provide our booking services. Bookwhen Ltd, a company registered in England and Wales, No. 08914060 with its registered office at: Belsyre Court, 57 Woodstock Road, Oxford, OX2 6HJ, England, VAT number: GB 186 6398 51.

The Bookwhen website may use some of the following sub-processors and third parties to process your data (see table below):

‘Bookwhen’ Booking System Sub-processors

Google LLC

Cloud service provider. Analytics tracking. Data backups. Hosting.

All data that customer and users provide to the Services.



Encryption of data in transit and at rest for Google Cloud Platform and Google Workspace.

External Encryption Key storage outside of Google’s technical infrastructure.


Data Transfer Mechanisms


Googleplex. 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA

Amazon Web Services Inc.

Cloud service provider. Data backups.

Data backups.



Encryption of data in transit and at rest.




Intercom Inc.

CRM services

Website visitor IP address. Email address, IP address and geographic location of logged in user. Other personal details that individuals choose to share as part of a support conversation.



Encryption of data at rest and in transit.

Security Policy



2nd Floor, Stephen Court, 18-21 Saint Stephen’s Green, Dublin 2

Slack Technologies LLC

Internal communication

Support discussions may temporarily include customer data.



Encryption of data at rest and in transit.

Privacy Policy



Slack Technologies LLC, 50 Fremont Street, San Francisco, CA 94105, United States

Linear Orbit, Inc.

Project management

Triaged support requests, occasionally including personal data.



Encryption of data at rest and in transit.

Privacy Policy



440 N Barranca Ave #4242 Covina, CA 91723, USA

Atlassian Pty Ltd

Data organisation (Trello)

Customer support, occasionally including personally identifiable feedback.



Encryption of data at rest and in transit.

Privacy Policy



Atlassian Pty Ltd, 350 Bush Street, Floor 13, San Francisco, CA 94104, USA

Stripe, Inc.

Payment processing

First Name, Last Name, Email Address, Billing Address.



Encryption of data at rest and in transit.

Data transfers



354 Oyster Point Boulevard, South San Francisco, California, 94080, USA


Payment processing

First Name, Last Name, Email Address, Billing Address.



Encryption of data at rest and in transit.

Data transfers & DPA


PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg

FIS Global (Worldpay)

Payment processing

First Name, Last Name, Email Address, Billing Address.



Encryption of data at rest and in transit.

Data transfers & DPA


Jacksonville, Florida, USA

ActiveCampaign LLC (Postmark)

Transaction emails and newsletter provider

Email addresses. IP addresses. Contents of emails.



Encryption of data at rest and in transit.




1 North Dearborn Street, 5th floor, Chicago, IL 60602

InMoment, Inc. (Wootric)

Feedback service. NPS.

Email addresses.



Encryption of data at rest and in transit.



10355 South Jordan Gateway, Suite 600, South Jordan, UT 84095 USA

Qualitista OÜ (Klaus)

Customer support QA, working with Intercom data.

Email addresses.



Encryption of data at rest and in transit.



Qualitista, Vana-Lõuna 39-1/11, Tallinn 10134, Estonia

Bookwhen Website, 28.09.23


If we use EEQU as our booking system, they may share your data with the following sub-processors or third parties:

  1. If you are a Customer or a Learner, we share your data with Mentors to the extent necessary to facilitate and administer your booking.
  2. If you are a Mentor, we share your data with visitors to the Eequ website so that they can view your listing; we also share your data with Customers and Learners to the extent necessary to facilitate and administer your booking.
  3. Stripe, the payment services processor integrated with Eequ, based in the EU and the USA.
  4. Intercom, based in the USA, who power our chatbot.
  5. Google Analytics, an industry-standard third party analytics platform that we use to understand the usage and performance of our services. The information is anonymised and not tied to your IP address.
  6. Nolt which retains some basic user data for feature requests and bug reporting.
  7. Slack, based in the USA, which we use to convey messages internally at Eequ. User data may be discussed for support purposes.
  8. Gmail is used for internal communications. User data may be discussed for support purposes.
  9. JIRA is used for internal communications. User data may be discussed for support purposes.
  10. Sendgrid, which is used for transactional emails, is based in the USA.
  11. Mailchimp is used to send marketing and some transactional email communications to Mentors and Customers and stores some preferences and other user data relating to frequency of engagement.
  12. Google Drive is used for internal communications. User data may be retained for support purposes.
  13. AWS, who provide cloud servers in the UK for Eequ.
  14. IT Contractors, based in Europe who provide software development services and IT and system administration services.
  15. Council HAF (Holiday and Food Programme) staff who are facilitating any HAF bookings that you make.
  16. In the event that we integrate an insurance provider for Eequ learning experiences, we may provide certain information to them to help set up your account with them.
  17. Professional advisers including lawyers, bankers, auditors and insurers based in who provide consultancy, banking, legal, insurance and accounting services.
  18. HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.
  19. Any specific third parties listed in the table, Purposes for which we will use your personal data, above.
  20. Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

EEQU Website, 28.09.23


We do not sell your personal data with any third party for marketing purposes.

You will need to ‘opt in’ to receive marketing communications. You may do so via email, agreeing to or requesting to be added to our mailing list. You may do so by ticking the consent box on the booking form on our website. We may need to use your identity, contact, technical, usage, and profile data for our own marketing purposes so that we can send you information on the types of services you are interested in.

You may ‘opt out’ or withdraw your consent at any time by clicking ‘unsubscribe’ link at the bottom of our marketing emails. If you ‘opt out’ or ‘unsubscribe’ then you will no longer receive further information from us about our services through our email newsletters. We may still communicate with you regarding your account with us, or your bookings with us.


We provide our newsletter and marketing email through Mailchimp. They may share data with sub-processors such as Intuit or other systems in order to provide the services you need.

Automated Technologies

When you interact with our website, we automatically collect technical data about your equipment and browsing behaviour. We collect this via cookies, server logs and other similar technologies. We may also receive data about you if you visit other websites employing our cookies. Please see the section on cookies for more information.


Cookies are small text files placed on your computer by websites you visit. We may use cookies or similar tracking technology to improve your browsing and booking experience, and to improve our services. We use both persistent cookies (for example saving future login information) and session cookies (which are deleted once you close your browser).

You are able to control cookies within your own browser settings. Please be aware that if you do not accept cookies it may prevent you from accessing the full range of website services provided.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Our use of data analytics tools

Staff and volunteer Information

All subcontractors working or volunteering with us must adhere to our policies and procedures. Personal information of staff and volunteers is held either for: as long as they have an active relationship with us, kept for three years for the purpose of providing a reference for their future employment, or be kept for seven years for legal and finance purposes. We will only hold personal data for staff and volunteers which is relevant for those purposes.

Age of Users

It is assumed and necessary that all accounts with us and users are adults (18 years and over). Our website and booking system is not designed for use by children. If children are being booked upon our courses, it is assumed that the person completing their booking forms is an adult and is authorised to do so. It is the responsibility of the parents or carers of the child in question, and the adult making the booking, to ensure this is the case and that the information they are adding is accurate and appropriate. It is not our responsibility to check this or the accuracy of the information completed. If we suspect information may have been incorrectly provided, or there are discrepancies in the data provided, we may contact the named adult who completed the form to request confirmation or the correct relevant information.

Your Rights

You may request access, deletion, or restriction of your personal data or withdraw your consent at any time, free of charge, under the Data Protection Law. We may need to request specific information for security reasons to make sure of your identity in order to process this request. We will endeavour to adhere to your request within 30 days, however it may take longer depending on the nature of your request.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

How long we retain your data

We retain your personal data for as long as is reasonably necessary to fulfil the service or purpose for which it was originally collected, or to comply with any legal, accounting or reporting requirements. We may retain your data for longer in the event of a complaint to resolve disputes, to comply with legal requests or fraud prevention, or to maintain security. To decide how long with retain your data we will reasonably decide on a length of time which is both fair and sensitive to the nature of the data being collected, and to reduce the risk of unauthorised disclosure of your personal data. We will retain your data whilst your still have an account with us or if we are still fulfilling a contract or service to you. We will retain unidentifiable data (anonymised) after your account has closed, or after our contract for service provision has ended, for reporting purposes or to comply with our consent policies such as for use of photographs. Your consent for use of photographs is advised to be kept for 7 years or whilst the photographs still may have potential to be used. The data associated with photographic consent will be separated from personal data such as health so that the only data which is retained is necessary to provide evidence of photographic consent. After you have closed your account, any information you have shared with others may remain visible and may still show up on external services such as search engine results. Your personal data will be kept for 18 months before it is deleted or made unidentifiable (anonymised) from our booking website services.

Data security and breaches

We have security measures in place to ensure your personal data is held securely. All information you provide to use is stored on secure servers. Financial transaction information will be encrypted using SSL technology. Your password is your responsibility to keep confidential and we won’t ask you for this information. We limit access to your personal data to those only who need to know. They are subject to a duty of confidentiality and will only process your data on our instruction. If we suspect a security breach has taken place, we will notify you. Although we take great care to safeguard your personal data, the transmission of data on the internet is never completely secure, and any transmission you take is at your own risk. Once we have received your personal data we will use our security features and procedures in place to try to prevent unauthorised access.


You may contact us if you feel our collection or use of your personal data is inappropriate, unfair or misleading. If you have any complaints about how we collect or use your data, please contact us. We take your complaints very seriously. If you feel your prefer to contact a UK data protection authority, you may contact The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, England, SK9 5AF.

Changes to our privacy policy

If we update our privacy policy the changes can be seen on this page, so please check back in periodically to be updated. If appropriate, larger changes may be highlighted to you via announcements on our website, email, newsletter, booking system page.

Contact us

Earthwild can be contacted at hello@earthwild.org.uk or by post to Earthwild, PO BOX 76554, London, SE27 7DY.

Date of last update to this Privacy Policy: 28.09.23