The Children’s Challenge - Privacy Policy

The Children’s Challenge Ltd has produced this privacy statement to explain how and why we collect your data, how it is stored and protected, and what rights you have relating to it.

You have certain legal rights to control what we do with your information. This includes the right to get access to your personal information, to request us to correct or update information, to object to or request that we restrict processing your information in certain circumstances and to object to direct marketing.

The Children’s Challenge Ltd may change this policy occasionally by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

Here are some key terms used in this policy:

We, us, our - The Children’s Challenge Ltd

Personal Information - Any information relating to an identified or identifiable individual

By making a booking or otherwise giving your personal information to us, we will transfer, store or process it as set out below. We will take all reasonably necessary steps to ensure that your personal information is treated securely and in accordance with this Privacy Policy.

What Information is Collected:

Expeditions & Virtual Challenges:

  • When you make an Expedition booking with us we will usually collect your name, e-mail address, telephone number, names of other members of your party, details of next of kin, medical and physical conditions, payment card details and meal preferences. We need this information in order to customise your event, book the services you are requesting and deliver your specific requirements.

  • We may have to ask if you have any special requirements. You may give us information concerning dietary requirements, health/medical conditions and additional needs (known as special category personal information). This special category personal information is used to determine your fitness to undertake an activity; provide you with special assistance; or fulfil special dietary requirements. We may have to share that data with our third-party suppliers (who help deliver services), as described in this Privacy Policy. If you do not want to provide this information to us, or after you have provided us with information you ask us to stop processing the information, it may mean that we will not be in a position to provide all or parts of the services you have requested. Please be aware that if we have to cancel your booking arrangements you may incur cancellation charges in accordance with the terms and conditions. Where you (or any participant travelling) provides us with special categories of personal information you agree that you have voluntarily provided such information, and you consent (and the participant travelling consents) for us to use that information for the purposes for which it was collected.

  • In the case of virtual challenges, the information that is gathered is far less. For school events, participants typically just submit the year group and the school that the participating child attends. There is generally no need for the full name of any child. The information is typically submitted via Google Forms or through Squarespace and straight to Google Sheets, within a Google Drive account. At the end of a school virtual challenge, any personalised information held is destroyed or anonymised.

  • In the case of a corporate virtual challenge, the information typically includes the participants name and the department or site location where they are employed. At the end of a corporate virtual challenge, any personalised information held is destroyed or anonymised.

  • If you contact us online, we may keep a record of your email correspondence.

  • If you contact us by telephone, we may record and/or monitor telephone conversations for training and customer services reasons.

  • If you report a problem with our services we will collect your name and relevant contact information.

  • If you make a complaint in connection with our services we will collect your name and relevant contact information.

  • Your transaction/payment information. Please note that full debit card and credit card information is not processed by us as it is passed through to a third-party payment provider in accordance with good industry standard. Anyone involved with the processing, transmission, or storage of card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). The Children’s Challenge currently uses Stripe for all payments. Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider.

  • Details of your visits to our website, and of the resources that you access are recorded trough Squarespace analytics. We may use visitor information to measure the entry and exit points of visitors to the website and respective numbers of visitors to various pages and sections of the website and details of searches performed. We may also use this information in the future to measure the usage of advertising banners, and other "click throughs" to and from the website. Squarespace, has security processes in place to ensure that your personal information is not accessible by any unauthorised persons. However, persons such as IT systems suppliers may need to have access to the system from time to time.

  • Details of the website(s) you visited before you use a link to our website, pages visited in our website, and time spent on each. Information about your computer, or mobile device. This is statistical data about our users’ browsing actions.

How long your personal information will be kept:

  • Where you have made a booking or undertaken a virtual challenge with us, your personal information will be retained to ensure we provide the best possible customer service to you. We retain your personal information for as long as is necessary for us to use your personal information as set out in this Privacy Policy. We will not retain your personal information for longer than necessary for the purposes set out in this policy. When it is no longer necessary to retain your personal information, we will delete or anonymise it.

Electronic Mailing List:

  • Information collected for our electronic mailing list is provided by you either at the time of booking a course, participating in a virtual challenge, or by letting us know that you would like to be included on our mailing list in person. You can opt-out of our marketing emails at any time by clicking the ‘unsubscribe’ button in any such email, or by contacting us directly.

  • We may get in touch to let you know about relevant news, events, activities or opportunities to support us that we think may be of interest to you. Broadly speaking, this means that we can process your data if we have genuine and legitimate reason to do so, as long as this does not harm any of your rights as an individual.

Cookies:

  • Cookies are small text files that are placed on your computer by websites when you visit. They are widely used in order to make websites work, or work more efficiently, as well as provide information to the owners of the site.

  • Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, please visit www.allaboutcookies.org

  • Several of the cookies we use are essential for parts of the site to operate, in particular, our booking systems. You may delete and block all cookies from our sites, but parts of the site will not function correctly.

Your Rights:

You have a right to:

  • Access: You have the right to access your personal data and obtain a copy of it

  • Rectification: You can correct incomplete or inaccurate data we hold about you

  • Erasure: You can ask us to erase the personal data we hold about you

  • Restrict: You can ask us to restrict our handling of your personal data

  • Portability: You can ask us to transfer your personal data to a third party

  • Object: You can object to how we are using your personal data

  • Complain: You always have the right to lodge a complaint with us or the Information Commissioner’s Office, the supervisory authority for data protection issues in England and Wales

If you are based outside of England and Wales, you can find your relevant supervisory authority here

To do any of these things, please contact our CEO, Stephen Lamacraft. Please note that under UK data protection laws, like the GDPR, we have one month to get back to you.

Stephen Lamacraft is the data controller at The Children’s Challenge.

How to make a complaint.
If you would like to make a complaint about how we use your personal information, please reach out to our CEO, Stephen Lamacraft. We will do our very best to resolve any problems. 

If you’re not happy with our response, you can refer your complaint to a data protection supervisory authority. The UK’s supervisory authority is the Information Commissioner’s Office (ICO). For more details, you can visit their website.