top of page

Privacy Policy

​

 

 

Effective Date: June 2025

​ 

1. Introduction

At Leafy Legends, we respect your privacy and are committed to protecting your personal data. This policy explains how we collect, use, store, and safeguard your information in compliance with GDPR and other data protection laws.

​

2. What Information We Collect

We may collect and process the following personal data:

  • Identity Data (name, contact details).

  • Transaction Data (payment details, purchases).

  • Technical Data (IP addresses, browser type, device information).

  • Usage Data (interactions with our website, forms, and services).

  • Marketing Preferences (newsletter and promotional opt-ins).

  • Images & Videos (photographs and recordings taken during Forest School activities and events, with consent).

​

3. How We Use Your Information

We use personal data to:

  • Provide and manage Forest School programs, our website, and shop.

  • Process payments securely.

  • Respond to inquiries and share updates.

  • Improve our services.

  • Use images and videos for promotional, educational, and marketing purposes, including social media, our website, and print materials.

We never sell your data to third parties.

​

4. Use of Images and Videos

Leafy Legends may capture photos and videos of activities for:

  • Marketing and promotion (social media, website updates, printed materials).

  • Educational content (case studies, storytelling about our work).

  • Event documentation (celebrating participation and achievements).

​​

Consent & Opt-Out Options

We respect your right to control your image.

  • We always seek consent before using identifiable photos or videos of individuals for marketing.

  • If you do not want to be photographed or filmed, you can inform us at any time.

  • You can withdraw consent after a photo or video has been taken. Contact us at Leafy Legends, 11a Mornington Rise, Derbyshire, DE4 3EQ and we will remove or refrain from using the content.

  • Parents or guardians must provide explicit consent for images of children.

​​

5. Legal Basis for Processing

We process personal data based on:

  • Consent (opting in for marketing or event photography).

  • Contractual obligations (processing transactions).

  • Legitimate interest (service improvements).

  • Legal requirements (record keeping).

​​

6. Data Protection Measures

We ensure:

  • Secure storage and encryption of sensitive data.

  • Access restrictions to prevent unauthorized use.

  • GDPR-compliant handling of personal information.

​​

7. Data Retention

  • Transaction data: Retained for tax and legal reasons.

  • Accounts and communication: Stored until requested for deletion or after inactivity.

  • Media usage: Kept until consent is withdrawn or no longer relevant.

​​

8. Your Rights Under GDPR

You have the right to:

  • Access your data.

  • Correct inaccuracies.

  • Request deletion of personal information.

  • Restrict processing where applicable.

  • Object to marketing use of images/videos.

  • Withdraw consent at any time.

To exercise your rights, contact Leafy Legends leafylegends@outlook.com

​

9. Third-Party Services & Cookies

We use GDPR-compliant third-party tools (e.g., payment processors, analytics) and may use cookies to improve website functionality.

You can manage cookie preferences via browser settings.

10. Policy Updates

We may update this policy periodically. Changes will be posted on our website, and significant updates will be communicated directly.

11. Contact Information

For privacy concerns, contact:
Leafy Legends leafylegends@outlook.com

​

12. Compliance with GDPR & Privacy Laws

Leafy Legends is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. We ensure compliance by following key principles:

​

Lawful, Fair & Transparent Processing

  • We collect and process personal data lawfully, fairly, and transparently—meaning we only use your information when we have a valid reason and explain clearly why we do so.

  • We provide a clear privacy policy, detailing how and why we process data, including your rights.​​

​​

Purpose Limitation

  • We only collect personal data for specified, legitimate purposes—such as delivering Forest School programs, processing transactions, and improving services.

  • We do not use your data for unrelated purposes without obtaining consent first​.​

​​

Data Minimization

  • We only collect necessary information, ensuring that we do not process excessive personal data.

​​

Accuracy

  • We strive to keep personal data accurate and up to date.

  • You can request corrections to inaccurate information at any time.

  • ​

Storage Limitation

  • We retain personal data for 2 years, following GDPR guidelines.

  • Data is deleted or anonymized when no longer required.

  • ​

Confidentiality & Security Measures

  • We implement strict security protocols to protect personal data from unauthorized access, loss, or damage.

  • Data is stored securely, with encryption and controlled access measures in place.

​​

Individual Rights Under GDPR

​

We uphold your rights, including:

  • Access: You can request a copy of your personal data.

  • Correction: You can ask us to fix inaccurate information.

  • Deletion (Right to be Forgotten): You can request removal of your data.

  • Restriction: You can limit how we process your data.

  • Objection: You can object to certain uses of your data.

  • Data Portability: You can request a structured transfer of your data.​

​​

Consent & Opt-Out Options

  • We seek explicit consent before processing personal data for marketing purposes (e.g., newsletters, images/videos).

  • Individuals have the option to opt out of promotional content, photography, and non-essential data processing.

​​

Third-Party Compliance

  • We ensure that any third-party services we use (e.g., payment processors, analytics tools) comply with GDPR.

  • We review service agreements with third parties to protect user data.

​​

Cookies & Website Data Usage

  • Our website may use cookies to enhance functionality.

  • You can manage your cookie preferences through browser settings.

​​

Reporting Data Breaches

  • In case of a data breach, we follow GDPR protocols, including notifying affected individuals and reporting to the Information Commisioners Office ICO where required.

​

General Retention Timeframes

​

Financial & Transaction Data  

  • Typically 6 years, required for tax and accounting compliance.

​​

Employee Records

  • Kept for 6 years after employment ends, although payroll records may be retained for at least 3 years.

​​

Health & Safety Records 

  • Depending on the type, some records (such as accident reports) must be kept for at least 3 years, while asbestos-related health records must be retained for 40 years.

​​

Marketing & Customer Data

  • Personal data for marketing must not be kept indefinitely—organisations must regularly review and delete inactive records. If consent was given, data should be deleted when consent is withdrawn. In our case 2 years.

​

Website & Cookie Data

  • Retention will be for 2 years

​

Contact for Privacy Concerns

For any GDPR-related concerns or requests regarding your personal data, please contact:
Leafy Legends leafylegends@outlook.com

Leafy Legends Logo
bottom of page