PRIVACY & DATA PROTECTION POLICY

This Privacy Notice explains how Discover Tribe Ltd collects, uses, stores, and protects personal data. We are committed to handling personal data lawfully, fairly, and transparently, and to respecting the privacy and rights of adults and children who engage with TRIBE.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, both in law and in spirit.

We will only use personal data in the ways described in this notice, and in line with your rights under data protection law.

1. WHO WE ARE

Business Name:
    Discover Tribe Ltd

Contact Phone:
    07947 722 958

Registered Company Number:
    10573263

Registered Address:
    77 Cemetery Road, Dronfield, S18 1XX

Trading Address:
    TRIBE Bushcraft Centre, Holmesfield Park Wood, Holmesfield. S18 7WA

 

2. DEFINITIONS

Personal data
Any information relating to an identified or identifiable living individual. This includes names, contact details, dates of birth, online identifiers, and other information linked to a person.

Special category data
Certain types of personal data that require additional protection, including information about health, medical needs, learning or behavioural needs, dietary requirements, sex or gender, and safeguarding information.

Data controller
Discover Tribe Ltd is the data controller. This means we decide how and why personal data is processed.

Data processor
A third party that processes personal data on our behalf, under our instructions and subject to data protection obligations.

3. WHAT DOES THIS NOTICE COVER?

This notice explains:

  • What personal data we collect

  • How we collect it

  • Why we use it and the lawful bases for doing so

  • How we store and protect it

  • How long we keep it

  • Your rights under data protection law

4. WHERE DO WE COLLECT DATA FROM?

We may collect personal data in the following ways:

  • Directly from you, for example via booking forms, consent forms, emails, phone calls, or face-to-face conversations

  • Through our website, including information you enter into forms

  • Via automated technologies such as cookies, where permitted

  • From third parties, such as schools, councils, or partner organisations, where lawful and appropriate

  • From publicly available sources, including social media, where you have chosen to make information public

Publicly available information is still treated as personal data and handled in accordance with this Privacy Notice.

5. WHAT PERSONAL DATA DO WE PROCESS?

Adults (parents, carers, customers, contacts)

  • Name

  • Contact details (email address, phone number, postal address)

  • Communication preferences

  • Booking and attendance history

  • Payment and invoicing information

  • Communications with us

Children and young people

  • Name

  • Date of birth

  • Emergency contact details

  • Attendance records

  • Relevant health, medical, dietary, learning, or behavioural information

  • Safeguarding or welfare information where necessary

We only collect children’s data that is necessary to provide safe, appropriate activities or to meet legal obligations.

6. Why we use personal data and our lawful bases

We use personal data for the following purposes.

Providing activities and services

  • Managing bookings and enquiries

  • Delivering activities and courses

  • Managing attendance and registers

  • Providing age-appropriate and safe experiences

Lawful basis: performance of a contract, legal obligation, and or vital interests.

Operational communications (required)

We contact parents, carers, and adult participants to deliver our services safely and effectively. This includes:

  • Booking confirmations and changes

  • Timings, locations, and kit lists

  • Invoices and payments

  • Emergency contact related to an activity

Lawful basis: contractual necessity.

These communications are required and cannot be opted out of while you have an active booking or relationship with TRIBE.

Safeguarding and welfare communications (required)

We may contact you where there is a safeguarding, welfare, medical, or safety concern relating to a participant.

Lawful basis: legal obligation and or vital interests.

These communications are essential and cannot be withdrawn.

Marketing communications (optional)

We may contact adult contacts about future TRIBE activities, events, courses, or parties.

Marketing communications are optional and managed by communication channel. You can choose whether to receive marketing via:

  • Email

  • Phone

  • Post

Lawful basis: consent or legitimate interest, depending on context.

You can withdraw marketing consent at any time without affecting bookings or participation in activities.

We use Mautic as our email marketing platform. Mautic processes personal data on our behalf as a data processor and is subject to appropriate data protection safeguards.

7. Children’s data and marketing

We do not send marketing communications directly to children.

Marketing communications are always sent to parents or adult contacts. Children’s data, such as date of birth, may be used only as contextual information to help us provide relevant and age-appropriate information to adults.

Children’s data is never used to determine consent.

8. Special category data

We process special category data only where necessary and lawful, including:

  • Health, medical, dietary, learning, or behavioural information

  • Safeguarding and welfare information

  • Information required to ensure safety, accessibility, and appropriate staffing

Lawful bases include: explicit consent where appropriate, legal obligation, vital interests, and the provision of care and safeguarding.

9. Sharing personal data

We do not sell personal data.

We may share personal data with trusted third parties where necessary, including:

  • Payment processors such as Stripe

  • Email and communication platforms such as Mautic

  • IT and hosting providers

  • Partner organisations, schools, councils, or instructors where relevant

All third parties are required to handle personal data securely and in accordance with data protection law.

10. International transfers

We store personal data in the UK or the European Economic Area. Where data is transferred outside these areas, appropriate safeguards are used to ensure equivalent protection.

11. Data retention

We keep personal data only for as long as necessary for the purposes it was collected, including legal, safeguarding, and insurance requirements.

Further details are set out in our Data Retention and Destruction Policy, available on request.

12. Your rights

You have the right to:

  • Be informed about how your personal data is used

  • Access your personal data

  • Have inaccurate data corrected

  • Request erasure in certain circumstances

  • Restrict or object to processing

  • Data portability where applicable

  • Withdraw marketing consent at any time

You also have the right to complain to the Information Commissioner’s Office.

13. Cookies

We use cookies to ensure our website functions correctly and to understand how it is used. Where required, we seek your consent before using non-essential cookies. Please see our Cookies Policy for full details.

14. ACCESSING YOUR PERSONAL DATA

In accordance with the GDPR you are entitled to know:

  1. If we have any personal data concerning you; and if so
  2. What data we hold.

Accessing such data or finding out if we have any data concerning you is known as a “subject access request” (SAR). SARs should be made in writing and sent via either email or post to the contact details given below. We have a standard Subject Access Request form for you to use which can help in making the request clear. However, you do not have to use this form if you do not wish to.

There is normally no charge for a subject access request. However, the law allows us to make a reasonable charge to cover our administrative costs if your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests).

We will respond to your subject access request within 1 calendar month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

15. COOKIES POLICY

Cookies are small text files that we store on your computer whilst you are visiting our website. There are 4 basic types of cookie:

  1. Session cookies – allow websites to link your actions during a specific session – these cookies expire when the session is ended.
  2. Persistent cookies – these are stored on your device between sessions and they allow your choices and browsing history across the site or across multiple sites to be recorded. These cookies can be used to target advertising. They will remain on your device unless you either delete them or they time expire
  3. First party cookies – these are cookies set by our website.
  4. Third party cookies – these are cookies set by a domain different from our site whilst you are using our site.

Since 2011 there has been a requirement for us to obtain subscribers’ or users’ consent to the use of certain types of cookie. There are 4 categories of cookie that can be used:

  1. “Strictly necessary” cookies – these are normally first party session cookies that are essential for you to be able to use all the features of our website. These cookies enable the services that you have requested and as such consent is not required for these. However, the law narrowly defines “strictly necessary” and restricts them to those cookies that store a unique identifier that manages and identifies you in respect of other current users of the site so that a consistent and accurate service can be provided. These cookies will not be used for marketing purposes or for remembering your preferences and ID outside of the current session. 
  2. “Performance” cookies – these are cookies that may be either first or third party, session or persistent and are used to collect information about how you use the site but they do not collect any personal information that could identify you. The information is made anonymous by aggregating it together so that we can improve the performance of the site. Examples may include web analytics, advertising response rates, affiliate tracking, and error management but they should not be used to retarget adverts – if they do then they will need to be classified under category 4 as well. We need your consent for the use of these cookies during your session.
  3. “Functionality cookies” – these are cookies that may be either first or third party, session or persistent and will generally be the result of your actions where they will remember the choices that you have made. They may also be used to deliver a service that you have not explicitly requested but is being offered to you. They can also be used to prevent you being offered a service that you have previously rejected. These cookies should not be used to retarget adverts – if they do then they will need to be classified under category 4 as well. We need your consent for the use of these cookies during your session.
  4. “Targeting or advertising” cookies: these are cookies that are normally 3rd party persistent (but time limited) cookies that are used to deliver adverts that are more relevant to you by collecting information about your browsing habits. Where these are being used as part of an advertising network that collects browsing habits in order to target relevant adverts to you we will advise you of such. We need your consent for the use of these cookies during your session.

You are in control of the use of cookies. With regards to cookies then you can normally control these via your browser. Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third-party cookies. Blocking all cookies will, however, have a negative impact upon the usability of many websites, including this one.

If you are happy to continue with our use of cookies as detailed above on this site, then we require your informed consent as we do not rely on “implied consent” as some other sites do. You will therefore have to “Accept Cookies” in order to have full use and functionality of our site.

16. CONTACT INFORMATION

If you wish to contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:

For the attention of Alison Ball:

Email address:
    alison.ball@discovertribe.co.uk

Telephone number:
    07823443335

Postal Address:
    77 Cemetery Road
    Dronfield
    S18 1XX

17. CHANGES TO THE PRIVACY POLICY

We may update this Privacy Notice from time to time to reflect changes in law or how we operate. The latest version will always be available on our website.