Privacy Policy

Effective Date: August 2025

Introduction

This Privacy Policy describes how we collect, use, and protect your personal information when you visit or interact with our website, [https://www.bramblewoodplay.com], which is built and hosted on the Wix.com platform in compliance with GDPR and other data protection laws.

By using our Site, you agree to the collection and use of information in accordance with this policy.

Bramblewood operates this website.
We are the Data Controller for the personal data we collect through this Site.

Registered address: Holt Hall, Holt Lane, Matlock, Derbyshire.
Email: bramblewood100@gmail.com

What Information We Collect

We may collect and process the following personal data:

Identity Data (name, contact details).
Transaction Data (payment details, purchases).
Technical Data (IP address, browser type, device type, operating system, and browsing actions collected through cookies and analytics tools).
Usage Data (interactions with our website, forms, and services).
Marketing Preferences (newsletter and promotional opt-ins).
Images & Videos (photographs and recordings taken during Forest School activities and events, with consent).
Wix platform data: Wix may collect data necessary to provide and secure its hosting services, including visitors’ network and connection information. You can learn more here: https://www.wix.com/about/privacy

How We Use Your Information

We use personal data to:

Provide and manage Forest School programs and our website.
Process payments securely.
Respond to inquiries and share updates.
Improve our services.
Use images and videos for promotional, educational, and marketing purposes, including social media, our website, and print materials.

We never sell your data to third parties.

Use of Images and Videos

Bramblewood may capture photos and videos of activities for:

Marketing and promotion (social media, website updates, printed materials).
Educational content (case studies, storytelling about our work).
Event documentation (celebrating participation and achievements).

Consent & Opt-Out Options

We respect your right to control your image.

We always seek consent before using identifiable photos or videos of individuals for marketing.
If you do not want to be photographed or filmed, you can inform us at any time.
You can withdraw consent after a photo or video has been taken. Contact us at bramblewood100@gmail.com and we will remove or refrain from using the content.
Parents or guardians must provide explicit consent for images of children.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience and analyse website traffic.

What are cookies?

Cookies are small data files placed on your device when you visit a website. They help websites remember your actions and preferences.

Managing cookies

You can manage or delete cookies at any time via your browser settings.
You can also use the cookie consent banner on our Site to set your preferences.

For more information, visit https://www.aboutcookies.org.

Legal Basis for Processing

Legal Basis for Processing (UK GDPR)

We process your personal data based on the following lawful grounds:

Consent – when you have given clear consent (e.g. for marketing emails or event photography).

Contract – when processing is necessary to perform a service you’ve requested.

Legitimate interests – for improving our services or protecting our website.

Legal obligation – when we must comply with the law.

Data Protection Measures

Our website is hosted by wix.com which provides secure hosting with SSl encryption and continuous monitoring.

We ensure we are GDPR-compliant handling of personal information and take appropriate measures to protect personal data against loss, misuse and unauthorised access.

Data Sharing

We may share data with:

Wix.com Ltd. – our website hosting provider.

Third-party service providers – such as analytics, marketing, or email services.

Legal authorities – where required by law or to protect our rights.

All third parties are required to keep your data secure and use it only for agreed purposes.

Data Retention

Transaction data: Retained for tax and legal reasons.
Accounts and communication: Stored until requested for deletion or after inactivity.
Media usage: Kept until consent is withdrawn or no longer relevant.

International Data Transfers

As our website is hosted on Wix.com, your data may be stored on servers located outside the UK or EEA.
Wix complies with international data protection laws and provides appropriate safeguards.

Your Rights Under GDPR

Under UK data protection law, you have the right to:

Access your personal data

Request correction or deletion

Object to processing
object to marketing use of images/videos

Withdraw consent

Request data portability

To exercise your rights, please contact us at bramblewood100@gmail.com.

If you are unsatisfied, you can also contact the Information Commissioner’s Office (ICO): https://www.ico.org.uk

Third-Party Services & Cookies

We use GDPR-compliant third-party tools (e.g., payment processors, analytics) and may use cookies to improve website functionality.

You can manage cookie preferences via browser settings.

Policy Updates

We may update this policy periodically. Changes will be posted on our website, and significant updates will be communicated directly.

Contact Information

For privacy concerns, contact:
Bramblewood bramblewood100@gmail.com

Compliance with GDPR & Privacy Laws

Bramblewood is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. We ensure compliance by following key principles:

Lawful, Fair & Transparent Processing

We collect and process personal data lawfully, fairly, and transparently—meaning we only use your information when we have a valid reason and explain clearly why we do so.
We provide a clear privacy policy, detailing how and why we process data, including your rights.

Purpose Limitation

We only collect personal data for specified, legitimate purposes—such as delivering Forest School programs, processing transactions, and improving services.
We do not use your data for unrelated purposes without obtaining consent first.

Data Minimization

We only collect necessary information, ensuring that we do not process excessive personal data.

Accuracy

We strive to keep personal data accurate and up to date.
You can request corrections to inaccurate information at any time.

Storage Limitation

We retain personal data for 2 years, following GDPR guidelines.
Data is deleted or anonymised when no longer required.

Confidentiality & Security Measures

We implement strict security protocols to protect personal data from unauthorized access, loss, or damage.
Data is stored securely, with encryption and controlled access measures in place.

Individual Rights Under GDPR

We uphold your rights, including:

Access: You can request a copy of your personal data.
Correction: You can ask us to fix inaccurate information.
Deletion (Right to be Forgotten): You can request removal of your data.
Restriction: You can limit how we process your data.
Objection: You can object to certain uses of your data.
Data Portability: You can request a structured transfer of your data.

Consent & Opt-Out Options

We seek explicit consent before processing personal data for marketing purposes (e.g., newsletters, images/videos).
Individuals have the option to opt out of promotional content, photography, and non-essential data processing.

Third-Party Compliance

We ensure that any third-party services we use (e.g., payment processors, analytics tools) comply with GDPR.
We review service agreements with third parties to protect user data.

Cookies & Website Data Usage

Our website may use cookies to enhance functionality.
You can manage your cookie preferences through browser settings.

Reporting Data Breaches

In case of a data breach, we follow GDPR protocols, including notifying affected individuals and reporting to the Information Commisioners Office ICO where required.

General Retention Timeframes

Financial & Transaction Data

Typically 6 years, required for tax and accounting compliance.

Employee Records

Kept for 6 years after employment ends, although payroll records may be retained for at least 3 years.

Health & Safety Records

Depending on the type, some records (such as accident reports) must be kept for at least 3 years, while asbestos-related health records must be retained for 40 years.

Marketing & Customer Data

Personal data for marketing must not be kept indefinitely—organisations must regularly review and delete inactive records. If consent was given, data should be deleted when consent is withdrawn. In our case 2 years.

Website & Cookie Data