Privacy Policy

Last updated: April 15, 2026

Introduction

1st Congresbury Rainbows ("we", "us", or "our") is committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

Data Controller

Organisation: 1st Congresbury Rainbows

If you have any questions about this Privacy Policy or our data practices, please contact us using the contact information provided at the end of this document.

Legal Basis for Processing

We process your personal data under the following lawful bases:

  • Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., account creation, email communications)
  • Contract: Processing is necessary for a contract you have with us, or because you have asked us to take specific steps before entering into a contract
  • Legal obligation: Processing is necessary for us to comply with the law (e.g., safeguarding requirements)
  • Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by your rights and interests

Information We Collect

Personal Information You Provide

We collect the following information that you voluntarily provide:

  • Account Information: Name, email address, password (encrypted)
  • Child Information: First names and last name initials of children in your care attending Rainbows
  • Event Participation: Records of events you volunteer to help with
  • Communication Data: Messages sent through our internal messaging system

Automatically Collected Information

When you use our website, we automatically collect:

  • Log Data: IP address, browser type, pages visited, time and date of visits
  • Cookies: See our Cookie Policy for detailed information
  • Session Data: Information about your login sessions for security purposes

How We Use Your Information

We use your personal data for the following purposes:

  • Account Management: To create and manage your user account
  • Event Coordination: To manage event scheduling, volunteer sign-ups, and communicate event details
  • Communication: To send you important updates about events, changes to schedules, and administrative messages
  • Resource Management: To coordinate resources and items needed for events
  • Security: To protect our website and users from fraud, abuse, and security threats
  • Compliance: To comply with legal obligations and safeguarding requirements
  • Service Improvement: To analyze usage patterns and improve our services

Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Active Accounts: Data is retained while your account is active
  • Inactive Accounts: If you stop using our services, we may retain certain data for up to 12 months for record-keeping purposes
  • Deleted Accounts: Upon account deletion, most personal data is permanently removed, though some records may be retained as required by law
  • Email Communications: Email records may be retained for up to 2 years
  • Safeguarding Records: Records related to safeguarding may be retained for longer periods as required by law and Girlguiding policies

Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

  • Within the Organisation: Information is shared with authorised administrators and leaders as necessary for event coordination
  • Parent/Guardian Communication: Names of volunteers are visible to other parents for event coordination purposes
  • Legal Requirements: We may disclose information if required by law, court order, or governmental authority
  • Safeguarding: Information may be shared with appropriate authorities if there are safeguarding concerns
  • Service Providers: We may use third-party service providers (e.g., email delivery, hosting) who process data on our behalf under strict confidentiality agreements

We do not transfer personal data outside the United Kingdom.

Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of passwords and sensitive data
  • Secure HTTPS connections
  • Regular security updates and monitoring
  • Access controls limiting who can view personal data
  • Regular backups to prevent data loss

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right to Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can request that we correct inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances. You can delete your account directly through your profile settings.

Right to Restrict Processing

You can request that we limit how we use your personal data.

Right to Data Portability

You can request a copy of your personal data in a machine-readable format.

Right to Object

You can object to processing of your personal data in certain circumstances.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw your consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
Website: ico.org.uk

Children's Privacy

Our service is intended for parents and guardians of children attending Rainbows. We do not knowingly collect personal information directly from children under 13. We only collect limited information about children (first name and last name initial) as provided by their parents/guardians for organisational purposes.

If you believe we have inadvertently collected information from a child, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Updating the "Last updated" date at the top of this Privacy Policy
  • Sending an email notification to registered users for material changes
  • Displaying a prominent notice on our website

You are advised to review this Privacy Policy periodically for any changes.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read the privacy policies of any third-party sites you visit.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us:

Email: Contact your unit leader or administrator through the website's messaging system
Response Time: We will respond to your inquiry within 30 days

Back to Home