Our privacy information statement
Longtown Outdoor Learning Trust (LOLT) is a not for profit organisation. The personal information you supply will be added to our database and mailing list so that we can communicate with you. We will not share your information with any organisation or person outside of Longtown Outdoor Learning Trust.
If you would like any more information about how we process your personal data or would like to have your data removed from our system, please contact us by:
Telephone: 01873 860 225
What is GDPR?
GDPR (General Data Protection Regulation) came into action on the 25 May 2018.
It is a new law which replaces the previous data protection act. It improves individual rights on how their data is stored and used.
The GDPR provides the following rights for individuals:
- the right to be informed
- the right of access
- the right to rectification
- the right to erasure
- the right to restrict processing
- the right to data portability
- the right to object
- rights in relation to automated decision making and profiling
GDPR applies to all sectors.
The Information Commissioner's Office (ICO) regulates the data protection law.
A data protection breach means a "breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or, access to, personal data". Controllers of data must report a data breach to the ICO no later than 72 hours after being aware of the breach.
The consequences of noncompliance are fines of up to 20 million Euro (or 45 of annual revenue – which ever is greater) plus the risk of law suits.
Direct Marketing is the sending or directing of any advertising or marketing material to particular individuals, for example sending a fundraising appeal to someone in the post, emailing them, or sending them a text message.
'Advertising or marketing material' includes any material which promotes the aims and objectives of the organisation – not just promoting products or services. So if you're sending charity newsletters, fundraising appeals, or campaigning material to people using their contact details you'll be doing direct marketing. Under GDPR you need a lawful basis, 'consent', to process an individual's data to send direct marketing. Consent essentially means someone has said 'yes'.
For consent to be valid it will need to be:
- freely given, specific, informed and unambiguous
- given by a statement or clear affirmative action
- able to be withdrawn as easily as it is given
- proven by the data controller
There are different ways for individuals to give their consent such as choosing a 'yes' option on a website, ticking a box on a paper form, or given orally or through action.
What does it mean for Longtown Outdoor Learning Trust?
As a not-for-profit organisation, Longtown Outdoor Learning Trust is exempt from having to register with the ICO.
Currently at Longtown Outdoor Learning Trust data is collected from individuals for one of the four purposes:
- To enable them to be set up on the eVisit Educational Visit planning system.
- To register the individual on an EVC or VL training course.
- To make a booking for residential or non-residential activities at the centre.
- To share relevant information for participation in an activity.
For items 1 to 3 above, we may collect:
- email address
- telephone number
- job title and / or organisation
- date of birth (required for 1 only)
This data is stored on our secure IT system and will not be shared with third-parties. The information will only be stored on the LOLT server and the QES server for 1 and Outdoor Education Advisors Panel (OEAP) server for 2.
For item 4, Longtown Outdoor Learning Trust collects the information to ensure the safety and wellbeing of course participants.
We will not share this information with anyone, except medical professionals in the event of a need for treatment. The information will be securely stored at the Centre during the course, and then transferred to a locked cabinet. Information provided on this form will be kept for the time required by the Limitation Act 1990. This is 7 years for adults, until a young person reaches 25, or, in the case of Looked After Children, for 99 years. At the end of this period, the paper copies will be destroyed.
If you wish to access the personal information that we hold, you should contact us by:
Telephone: 01873 860 225
In addition to the data above, we store additional data for our staff and trustees, such as date of birth, address.
We never share personal data with other organisations.
As a result of GDPR individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.
We must provide individuals with information including: our purposes for processing their personal data, our retention periods for that personal data, and who it will be shared with – this information must be shared with individuals when we collect data from them.