DATA PROTECTION AND PRIVACY POLICY

You must read and accept our Data Protection and Privacy Policy before continuing. 

Branching Upwards C.I.C. takes data protection seriously. Please do not hesitate to contact us with any questions you have in relation to how your data is protected/stored and managed. Data is not stored on any hard copy and is only held via our booking system (BookWhen), payment system (Stripe) and consent forms (Google Forms). Once personal data in no longer needed, we will destroy it securely. Please be aware that we will never distribute your data without your consent and we will not share it with any third parties. Consent for holding your data/photographs can be removed at any time, please contact us should you wish us to do so. You can opt out of any newsletter/email information at any time by emailing us at branchingupwards@gmail.com 


DATA PROTECTION POLICY

We are committed to protecting personal data and this policy sets out how we will implement that commitment with respect to the collection and use of personal data. We will ensure that we comply with the eight principles of the Data Protection Act 1998 listed below, and meet the legal obligations set out in the act.

Data protection act principles:

  1. Personal data shall be processed fairly and lawfully.

  2. Personal data shall be obtained for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

  4. Personal data shall be accurate and, where necessary, kept up to date.

  5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

  6. Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998.

  7. Appropriate technical and organisational measures shall be taken against unauthorised and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

  8. Personal data shall not be transferred to a country or territory outside the United Kingdom unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. We are committed to:

  • ensuring that data is collected and used fairly and lawfully.

  • processing personal data only in order to meet our operational needs or fulfil legal requirements.

  • taking steps to ensure that personal data is up to date and accurate.

  • establishing appropriate retention periods for personal data.

  • ensuring that data subjects’ rights can be appropriately exercised.

  • providing adequate security measures to protect personal data.


Links To External Websites/Providers

Where we work with an external provider, we are not responsible for the content of any linked website and cannot take responsibility for the consequences of you using the information or services on linked websites. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. Websites that we link to may have Terms and Conditions that are different from ours. Do not assume our terms and conditions apply to those.


PRIVACY POLICY

In this policy, “us”, “we” or “our” means Branching Upwards C.I.C. If you have any questions about this privacy policy or about the personal data we hold about you, please email branchingupwards@gmail.com with the subject line ‘Data Privacy’.

The Data Controller for all personal data collected via this website is Branching Upwards C.I.C., 8 Kittlegairy Gardens, Peebles, EH45 9LY. As the Data Controller, we are responsible for deciding what data we collect and how we hold and use your personal data. We will implement appropriate data security measures for protecting the data from unauthorised access and loss, as laid out in the Data Security section of this policy.

This policy sets out:

  • what kind of information we collect;

  • how we collect it

  • why we collect it

  • how we use it

  • data retention

  • how we disclose it

  • opting in and out

  • management and security

  • requesting access to and updating your personal information and

  • how to contact us.

We are bound by the data protection act 1998. All personal data shall be processed in accordance with the rights of data subjects under this act. We may, from time to time, review and update this policy, including to take account of new or amended laws, new technology and/or changes to our operations. All personal information held by us will be governed by the most recently updated policy.  This policy was last updated in February 2021.

Who we are

At Branching Upwards Community Interest Company, we aim to help build caring and connected communities where individuals can realise their full potential, through the provision of supportive and creative experiences within the natural world. We do this through offering a range of forest school, outdoor learning and play programs, which look to build confidence, self-esteem, resilience and connections with others and with the natural world.  We these programmes within school settings, green spaces as well as in a privately owned woodland. We respect the privacy of our participants and supporters and take our duty to process your data very seriously.  We are committed to ensuring that your privacy is protected.  Should we ask you to provide certain information by which you can be identified then you can be assured that it will only be used in accordance with this privacy statement.  This document explains how we collect information, what we do with it and what controls you have. Branching Upwards may change this policy from time to time by updating this document so suggest you regularly check this to ensure you are up to date with any changes. This policy is effective from February 2021.

What personal data we collect and how we collect it

Branching Upwards C.I.C. is what is known as the ‘controller’ of the personal data you provide to us. We may collect your personal information from a variety of sources, including from you or your partners.  We may collect your personal information when you register with us our newsletter, participate in our events (by reserving spaces at our sessions via the booking system BookWhen) or when you communicate with us by e-mail, telephone or in writing. If, at any time, you provide personal or other information about someone other than yourself, you warrant that you have that person’s consent to provide such information for the purpose specified. 

We usually collect basic personal data about you or your children – such as your name, telephone number, email address and whether or not you are happy for us to use photos of you/your child on your social media/website or on promotional materials.  We do this through us of our consent/registration forms in which we use Google Forms, through the use of contact forms on our website, or by using the booking system ‘BookWhen’ (when booking on to our courses). We do this in order to collect the information we need to run programmes safely where you are a participant.

Sometimes we collect other information such as your date of birth, gender, medical conditions, allergies, additional support required or additional health details (collect via Google Forms). We will be very clear with you if we want to collect such information, give our reasons, and will only do so with your specific consent and permission.

We delete all data about you at the end of any programme in which you have been a participant, except for your photo permissions and contact details and we will only retain your contact details if you have given us permission to do so. If you change your mind you can withdraw your permission for us to process your personal data at any time by emailing us on branchingupwards@gmail.com


Why we collect it

We collect your personal data in connection with specific activities, such as programme participation, newsletter requests, feedback, donations and competition entries.  

For participants on our programmes we may also ask you for important medical information and associated permissions.  We use your contact and medical information to:

  • Get in touch with you if plans change

  • Pass on your medical details in an emergency (we will explain this when we collect this information and we will only use it with your specific consent)

The information is needed to fulfil your needs or to allow us to give you a more personalised service. You don’t have to disclose any of this information, however if you choose to withhold requested information, we may not be able to provide you with certain services.

By completing our registration form (Google Forms) you are giving consent for us to process yours and your child’s personal data for the specific purposes of being part of our outdoor setting.

By making a booking through our booking system (BookWhen) you are giving consent for us to process yours and your child’s personal data for the specific purposes of the booking being made.


How we use information

In addition to the primary purpose outlined above, we may use the personal information we collect, and you consent to us using your personal information:

  • to provide you with news and information

  • to personalise and customise your experiences

  • to assess the quality of our services

  • to ensure children’s health, safety and wellbeing

  • to communicate with you, including by email, mail or telephone

  • to investigate any complaints about or made by you, or if we have reason to suspect that you are in breach of any of our terms and conditions or that you are or have been otherwise engaged in any unlawful activity; and/or

  • as required or permitted by any law.


Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Clients’ details will be retained for 7 years for contractual purposes and to maintain tax records. Basic details (name, address, telephone numbers, email address) may be retained for a minimum of 7 years after completion of a contract.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers for tax purposes.

We store information gathered from phone and email enquiries for up to 12 months.

We store information gathered from our contact form for up to 12 months.

We store information gathered in the course of dealing with customers for up to 7 years.

In some circumstances you can ask us to delete your data: see Your legal rights below for further information. 

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

We continuously review the data we hold and delete what is no longer required.

Data Storage

Branching Upwards C.I.C. shall ensure that the following measures are taken with respect to the storage of personal data:

(a) All electronic copies of personal data should be stored securely using passwords and industry standard data encryption;

(b) No personal data should be stored on any mobile device (including, but not limited to, laptops, tablets, and smartphones), whether such device belongs to the Company or otherwise without the formal written approval of the Data Protection Officer and, in the event of such approval, strictly in accordance with all instructions and limitations described at the time the approval is given, and for no longer than is absolutely necessary; and

(c) No personal data should be transferred to any device personally belonging to an employee and personal data may only be transferred to devices belonging to agents, contractors, or other parties working on behalf of the Company where the party in question has agreed to comply fully with the letter and spirit of this Policy and of the GDPR (which may include demonstrating to the Company that all suitable technical and organisational measures have been taken).


Use of Google Forms

We use Google Forms to gather relevant information prior to our sessions. By completing the Registration & Consent Form (link will be emailed to you privately) in Google Forms, you are consenting to us collecting your data, in line with our policy guidelines. Google Forms is password protected. This information will be downloaded onto a password protected computer (finger print recognition) and only used in the ways outlined and stored in accordance to the guidance above.

How we disclose information

We only disclose information to third parties or individuals when obliged to by law, for purposes of national security, taxation and criminal investigations and the following: 

  • If you have agreed that we may do so.

  • When we use other companies to provide services on our behalf, eg. processing, mailing or delivering orders, answering customers’ questions about products or services, sending mail and emails, customer analysis, assessment and profiling, when using auditors/advisors or processing credit/debit card payments.

  • If we receive a complaint about any content you have posted or transmitted to or from one of our sites, to enforce or apply our terms & conditions or if we believe that we need to do so to protect and defend the rights, property or personal safety of Branching Upwards, our websites or our visitors and for other lawful purposes.

  • If we merge with another organisation to form a new entity, information may be transferred to the new entity.

  • We may disclose aggregate statistics about our site visitors, supporters, customers and sales to describe our services and operations to prospective partners, advertisers and other reputable third parties and for other lawful purposes, but these statistics won’t include any personally identifying information.

  • If we run an event in partnership with other named organisations your details may need to be shared. We will be very clear what will happen to your data when you register.

We do not share information about children with anyone without consent unless the law and our policies require us to do so.

We promise we will never sell or rent your personal information to other organisations.

Opting in or out

At the point we collect information from you will be asked what consent you give us in using or disclosing your personal information, other than in accordance with this policy or any applicable law. 

You will be given the opportunity to “opt out” from receiving communications from us or from third parties that send communications to you in accordance with this policy. 

For example, you will be given the option to unsubscribe from newsletters and other material sent by us. You may “opt out” from receiving these communications by following the instructions on the email or similar.  If you receive communications purporting to be connected with us that you believe have been sent to you other than in accordance with this policy, or in breach of any law, please let us know about this.


Management and security

Other than in relation to Non-Confidential Information, we will take all reasonable steps to protect the personal information that we hold from misuse, loss, or unauthorised access, including by means of firewalls, password access, secure servers and encryption of financial transactions. However, you acknowledge that the security of communications sent by electronic means or by post cannot be guaranteed. You provide information to us via the internet or by post at your own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, your personal information where the security of information is not within our control. You acknowledge that we are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose your personal information to in accordance with this policy or any applicable laws). The collection and use of your information by such third party/ies may be subject to separate privacy and security policies. If you suspect any misuse or loss of, or unauthorised access to, your personal information, please let us know immediately.

Requesting access to your personal data

We hold your information only as long as necessary for each purpose we use it. This could be because we need it to provide you with the goods, services or information you have required, to administer your relationship with us, to understand the preferences of our supporters or to comply with the law.  If you request that we have no further contact with you, we will keep some basic information in order to avoid sending you unwanted materials in the future and to ensure that we don’t accidentally duplicate information. We will always dispose of your personal information securely.

Under data protection legislation, parents and children have the right to request access to information about them that we hold. To make a request for your personal information, contact Michelle Fraser (Data Protection Officer), branchingupwards@gmail.com

You also have the right to:

  • Transparency over how we use your personal information (right to be informed).

  • To be able to request a copy of the information we hold about you, which will be provided to you within one month (right of access).

  • The opportunity to update or amend the information we hold about you if it is wrong (right of rectification).

  • To ask us to stop using your information (right to restrict processing).

  • To ask us to remove your personal information from our records (known as the right to be ‘forgotten’).

  • The chance to object to the processing of your information for marketing purposes (right to object).

  • The opportunity to obtain and reuse your personal data for your own purposes (right to data portability).

  • To not be subject to a decision when it is based on automated processing (automated decision making and profiling).

  • a right to seek redress, either through the ICO, or through the courts

If you have a concern or complaint about the way we are collecting or using your personal data, you should raise your concern with us in the first instance (branchingupwards@gmail.com) or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/

You can seek access to and update the personal information we hold about you at any time.

If you make an access request, we will ask you to verify your identity. We request that you keep your information as current as possible so that we may continue to improve the service and support we can offer you.

Cookies

Like many other website operators we use ‘cookies’ on our website to improve the customer experience, as well as learn more about how you interact with the site.

Cookies are small data files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use and navigation of the website and to compile statistical reports on website activity.

For further information visit www.aboutcookies.org or www.allaboutcookies.org

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Cookies used by Branching Upwards

_ga : Google Analytics cookie

_gid :Google Analytics cookie

ss_cid : Squarespace Analytics cookie

ss_cpvisit : Squarespace Analytics cookie

ss_cvisit : Squarespace Analytics cookie

ss_cvr : Squarespace Analytics cookie

ss_cvt : Squarespace Analytics cookie


Google Analytics

In common with many other websites when you visit www.branchingupwards.co.uk we use Google Analytics to collect standard internet log information and details of visitor behaviour patterns. We do this not to identify you personally but to analyse your use of our website in order to deliver relevant website content and advertisements to you and to understand the effectiveness of our marketing and advertising activities.

By visiting our website we may have access to your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.

This data may be processed for the purposes of analysing the use of our website and our services. The legal basis for this processing is Legitimate Interest, namely monitoring and improving our website and services.

Velvethall Alpacas does not collect personal data about individuals except where there is a legitimate business interest (see below) or when such information is provided voluntarily via consent, or by entering into a contract with us or where required to do so by law.


How to contact us

If you would like to seek access to personal information we hold about you, or if you have any questions or complaints about how we collect, use, disclose, manage or store your personal information, you can contact our Data Protection Officer (Michelle Fraser) directly:

Email: branchingupwards@gmail.com 

Telephone: 07976649902