Squiggly Adventures: UK GDPR Privacy Policy

At Squiggly Adventures, we are committed to protecting the privacy and security of your personal data. This policy outlines how we collect, use, store, and protect your information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Squiggly Adventures is a small business providing outdoor water sports coaching and guided trips in canoeing, kayaking, and paddleboarding. We act as a 'Data Controller' for the personal data we collect.

2. The Data We Collect About You

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows:

* Identity Data: First name, last name, date of birth.

* Contact Data: Billing address, email address, telephone numbers.

* Medical/Health Data: Relevant medical conditions or allergies (only where necessary for your safety during activities, e.g., for emergency contact or to ensure appropriate support during a trip). This is considered 'special category' data and is processed with your explicit consent.

* Financial Data: Payment details for bookings (processed securely via third-party payment providers; we do not store full payment card details).

* Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us.

* Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.

* Usage Data: Information about how you use our website, products, and services.

* Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.

3. How We Collect Your Data

We use different methods to collect data from and about you, including:

* Direct Interactions: You may give us your Identity, Contact, Medical/Health, and Financial Data by filling in forms on our website or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you:

* Book or enquire about our products or services.

* Sign up for our newsletter.

* Request marketing to be sent to you.

* Give us feedback.

* Automated Technologies or Interactions: As you interact with our website, we may automatically collect Technical Data about your equipment, Browse actions, and patterns. We collect this personal data by using cookies and other similar technologies.

* Third Parties: We may receive personal data about you from various third parties, such as payment providers.

4. How We Use Your Data and Our Lawful Basis

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

* Contractual Necessity: To perform the contract we are about to enter into or have entered into with you (e.g., to process your booking, provide coaching services).

* Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., to improve our services, for direct marketing, or to keep our records updated).

* Legal Obligation: Where we need to comply with a legal or regulatory obligation.

* Consent: Where you have given your explicit consent for us to process your special category data (e.g., medical information for safety purposes) or for specific marketing activities. You have the right to withdraw consent at any time.

Purposes for processing your data:

* To process and manage your bookings and payments.

* To communicate with you about your booking, changes to services, or important safety information.

* To provide the coaching or guiding services you have booked, ensuring your safety and tailoring the experience where appropriate (e.g., using medical information).

* To send you newsletters and marketing communications about our services that we think may be of interest to you (if you have opted in).

* To improve our website, products, and services.

* To comply with legal and regulatory requirements.

5. How We Store and Protect Your Data (Data Security)

We take the security of your personal data seriously. We have implemented appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed.

* Data is stored securely on password-protected systems.

* Access to your personal data is limited to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

* We use reputable third-party service providers (e.g., for website hosting, payment processing, email marketing) who are also committed to GDPR compliance.

6. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

7. Your Legal Rights

Under UK GDPR, you have the following rights concerning your personal data:

* The right to be informed: About how your personal data is being used.

* The right of access: To your personal data (commonly known as a "data subject access request").

* The right to rectification: To have inaccurate personal data corrected.

* The right to erasure ("the right to be forgotten"): To have your personal data erased in certain circumstances.

* The right to restrict processing: To block or suppress the processing of your personal data in certain circumstances.

* The right to data portability: To obtain and reuse your personal data for your own purposes across different services.

* The right to object: To processing based on legitimate interests or direct marketing.

* Rights in relation to automated decision-making and profiling.

If you wish to exercise any of these rights, please contact us at [Your Squiggly Adventures Email Address].

8. Cookies

Our website uses cookies to improve your experience. For detailed information on the cookies we use and the purposes for which we use them, please refer to our separate [Link to Cookie Policy - if you have one, otherwise integrate here].

9. Changes to This Privacy Policy

We may update this policy from time to time by publishing a new version on our website. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

10. Contact Us & Complaints

If you have any questions about this privacy policy or our data protection practices, please contact us by email at [Your Squiggly Adventures Email Address].

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Last updated: 3rd July 2025