1. Introduction
Please read this privacy notice carefully as it sets out how and why ROAM CIO (“ROAM”, “we”, “us”, “our”) uses your personal data when you access our website and/or services, as well as explaining certain legal rights that you have under data protection laws.
ROAM is a Charitable Incorporated Organisation in the UK and is registered with the Charity Commission. ROAM enables and promotes children’s free, undirected play in nature, and as part of our work, we regularly run play sessions for children in the local community.
In accordance with UK data protection laws, ROAM is registered on the public Register of Data Controllers as maintained by the UK’s data protection regulator, the Information Commissioner’s Office (ICO). This means that ROAM is legally responsible for handling your and your child’s/dependant’s personal data.
If you have any questions or comments about this privacy notice, please see section 13 “How can you contact us?” for the relevant contact details.
We may change this privacy notice from time to time by updating this page. This privacy notice does not apply to any third-party websites to which you may be directed from our website and we encourage you to read the privacy statements on the other websites you visit. We do not accept any responsibility or liability for the privacy practices of such third parties and your use of them is at your own risk.
2. What personal data do we collect about you?
a. Registration data
In order to provide our Services, e.g., to make bookings for our events/sessions, we will need to collect and use certain data about you such as:
- your name;
- email address;
- telephone number.
b. Your child’s/dependant’s personal data
In addition, and due to the nature of the services we provide, we will need to collect certain personal data about your child/dependant. Personal data about children is afforded extra protection under data protection laws and so we ask for the explicit consent of the child’s parent/guardian (and the child where they are aged between 13 and 16) before collecting the following information:
- your child’s/dependant’s name;
- your child’s/dependant’s age/date of birth;
- any medical needs or disability that your child/dependant has that you may wish to tell us about so that we can make reasonable adjustments.
We will usually obtain this data directly from you when you sign up to attend one of our sessions (either through our website, our booking system, or by emailing us).
c. Images/Videos
We may capture photo images or videos at our sessions, which we use to promote our Services (e.g., on social media), to report back to our funders and to include in our annual report. You (and your child where they are aged between 13-16) will be asked for explicit consent before your child’s/dependant’s data is used for this purpose (see section 4 for more information on consent).
d. Automated interactions
As you interact with our website, we may automatically collect information from your device by using cookies and other similar technologies. Processing such information is necessary for us to pursue our legitimate interests in improving our website and providing a more relevant service to our users. This information is not used to develop a personal profile of you. For further details, please see our cookies policy.
3. How do we use your personal data?
Your personal data will be used so that we can provide our Services to you. This includes tailoring our sessions to the ages and abilities of the children in attendance (e.g., making reasonable adjustments to cater for any additional/medical needs). We also use your personal data to communicate with you, either in the course of delivering our Services, or to promote our charity (see section 5 on Marketing). Furthermore, your personal data may also be used for internal administration purposes, e.g., responding to your enquiries/complaints, to improve our website and Services and to comply with any legal and/or regulatory requirements placed on ROAM, including health and safety and child safeguarding obligations.
4. On what legal basis does ROAM process your personal data?
There are a limited number of legal grounds on which an organisation is permitted to handle personal data, known as the “legal basis for processing”. The main legal ground that ROAM relies on for handling your child’s/dependant’s personal data is consent. We obtain your explicit consent and the explicit consent of your child/dependant where they are aged between 13-16.
Please note that you may withdraw consent at any time after you have given it, although this would not affect the lawfulness of ROAM’s prior use of that personal data. However, due to the specific nature of our services, it is necessary for us to collect and use your child’s/dependant’s personal data to book them in for sessions/events and deliver the sessions to them. So please note that withdrawing your consent will directly impact our ability to engage with/provide our services to you.
In addition, we use certain personal data because it is necessary in order for ROAM to enter into and perform a contract with you, e.g., where you engage with us as a volunteer etc.
Furthermore, it is necessary in ROAM’s legitimate interests to collect your personal data in order to:
- administer and improve our website;
- provide our services to/otherwise engage with you;
- manage the security of our sessions and systems;
- maintain relevant insurances; and
- develop our charitable goals, including to communicate with you about our services, events and other activities,
but only in circumstances where these interests are not outweighed by the need to protect your privacy.
Finally, it may be necessary to use your and your child’s/dependant’s personal data to comply with legal requirements placed on ROAM, e.g., in the context of ensuring health and safety at our sessions/events and for child safeguarding purposes.
5. Does ROAM use your personal data for marketing purposes?
ROAM may use your personal data for marketing purposes, i.e., to form a view on which of our Services may be of interest to you.
You will receive marketing communications from us if you have requested to receive information from us, or have signed up to use our Services and you have not opted out of receiving that marketing.
In line with direct marketing rules, where we send marketing messages to you by email, you can ask us to stop at any time by following the unsubscribe link in the email.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of signing up to/engaging with our Services.
We may also use photos/videos taken at our sessions to give feedback to our funders, to include in our Annual Report and promote our services via our Social Media channels, but this will always be with your explicit consent and the explicit consent of your child (where they are aged between 13-16) (see section 2(c) and section 4 above for more information).
6. Who do we share your personal data with?
We may share the personal data that you have provided to us as necessary with service providers acting on our behalf (such as providers of our event booking system/other IT services providers), who will only use the data to provide that service under appropriate contractual arrangements with ROAM. However, we will retain control of your data and any third-party service provider that we use must act in accordance with our instructions and UK data protection laws.
In some circumstances, we may have to disclose your and/or your child’s/dependant’s personal data for legal or regulatory purposes, such as where we have to report a safeguarding issue to a relevant authority or where a court, the police or other law enforcement agency or regulatory body has asked us for it.
7. Is your personal data transferred overseas?
ROAM does not generally transfer personal data outside of the UK. However, in the event that we do, we put in place contractual or other appropriate protections to ensure that your data is safeguarded to the same standards as UK data protection law.
8. What rights do you have concerning your personal data?
You may have various legal rights in relation to your and/or your child’s/dependant’s personal data, such as the right to complain to the UK’s Information Commissioner’s Office (see section 9 below). This privacy notice does not list every right that you have under UK data protection laws, but we have set out the ones we consider most relevant to the handling of your and/or your child’s/dependant’s personal data by ROAM in the context of providing our Services to you.
You may have the right to ask ROAM to:
- provide a copy of your or your child’s/dependant’s personal data;
- correct any inaccuracies in your or your child’s/dependant’s personal data;
- withdraw your consent at any time to ROAM handling your or your child’s/dependant’s personal data, where we rely on consent as the legal basis to do this (see section 4); and
- delete your or your child’s/dependant’s personal data, where there is no lawful justification for ROAM to retain it.
You may also have the right to object to ROAM using your personal data, where we do this for the purposes of our legitimate interests as outlined in section 4 above. If you lodge such an objection, we will stop using the relevant data unless we identify compelling legitimate grounds for continuing to use your personal data which override your rights and interests.
To exercise or enquire about the above rights, please see section 13 below.
9. Complaining to the Information Commissioner’s Office
If you are unhappy with the way ROAM is handling your and/or your child’s/dependant’s personal data, please let us know.
Alternatively, if you do not agree with the way we have processed your and/or your child’s/dependant’s personal data or responded to your concerns, you have a right to submit a complaint to the ICO:
https://ico.org.uk/make-a-complaint/
10. How long do we retain your personal data for?
We will hold your and your child’s/dependant’s personal data for as long as is necessary:
- for performance of the Services you have requested;
- as required by law; or
- for accounting or regulatory purposes.
11. Children
Due to the nature of the Services being provided, we will be processing the personal data of children under the age of 13. In line with UK data protection laws and as set out in section 4 above, all processing of your child’s/dependant’s personal data will only take place after obtaining the consent of the child’s parent or legal guardian and the child in question (where they are aged between 13-16).
12. How do we keep your personal data secure?
We are committed to ensuring that any personal data that you provide to us in the course of using our Services is kept securely. This includes implementing appropriate physical and technological security measures, such as access controls and careful selection of staff and third-party service providers. Where data is sent overseas, appropriate contractual provisions are in place to ensure the continued security of your personal data, as per section 7 above.
13. How can you contact us?
If you have any queries relating to this Privacy Notice, please contact Faye Cutler – faye@roam.org.uk