top of page

Privacy Policy

Connected In Nature CIC - Confidentiality & Data Protection Policy (GDPR Compliance)

Connected Nature CIC is committed to ensuring the proper handling of personal information in compliance with UK GDPR laws. This policy outlines how we collect, store, share, and protect personal data to maintain confidentiality and safeguard individuals' rights.

Data Collection


We collect personal data for the purpose of delivering our services effectively and safely. The types of data we collect include:

​

• Contact details and personal information (e.g., name, address, phone number, email, D.O.B and gender)

• Medical and emergency contact information 

• Background and additional needs (e.g., learning, mental, emotional, social, physical and behavioural as well as any known triggers and coping strategies) This may also include a strengths and difficulties or wellbeing measurement tool for more specific therapeutic interventions.

• Attendance records and participation details

• Photographs and testimonials (subject to consent)

 

Personal data is collected directly from individuals or their guardians and only for lawful purposes relevant to our activities.

Data Storage and Sharing

• Personal data is stored securely, either in password-protected digital systems or in locked storage.

​

• Data access is limited to authorised personnel only.

• Personal data will not be shared with third parties without explicit consent, except where required by law or in safeguarding situations.

• Regular data audits are conducted to ensure compliance with security standards

 

Consent for Photographs and Testimonials

• Consent is obtained before taking and using photographs or testimonials.

• Individuals have the right to withdraw consent at any time.

• Photographs and testimonials will only be used for agreed purposes, such as promotional materials, reports, school or organisations internal record or social media.


In compliance with UK GDPR, participants have the following rights regarding their data:

• The right to be informed about data collection and usage.

• The right to access their personal data upon request.

• The right to rectify inaccurate or incomplete data.

• The right to request the deletion of their data where legally applicable.

• The right to restrict or object to data processing in certain circumstances.

• The right to data portability, allowing them to receive their data in a commonly used format.

 

Implementation and Review

• All staff and volunteers are required to comply with this policy.

• Training on data protection and confidentiality is provided regularly.

• This policy will be reviewed annually and updated as necessary to ensure ongoing compliance with GDPR requirements.

bottom of page