The EU General Data Protection Regulation (GDPR)

    The General Data Protection Regulation (GDPR) will apply from 25 May 2018, when it supercedes the UK Data Protection Act 1998 (DPA). Significant and wide-reaching in scope, the new law brings a 21st century approach to data protection. It expands the rights of individuals to control how their personal data is collected and processed, and places a range of new obligations on organisations to be more accountable for data protection.

    Data protection is the process of protecting data and involves the relationship between the collection and dissemination of data and technology, the public perception and expectation of privacy and the political and legal underpinnings surrounding that data.

    At Bigfoot we have asked ourselves 7 key questions and provided the following answers:

    Who is collecting the data?

    Bigfoot Adventures Ltd receives a list of participant details for each and every expedition from the school.

    What data is being collected?

    Participants names, emergency contact details and any medical history. Notable issues during expedition such as injury, behaviour or a particular need will be recorded where appropriate.

    What is the legal basis for processing the data?

    A mandatory health and safety policy and duty of care.

    Will the data be shared with any third parties?


    How will the information be used?

    To enable staff to organise and know who they have in their care along with any medical needs. Emergency contact details will only be used if parents need to be spoken to directly.

    How long will the data be stored for?

    Following each expedition a master copy of all participant details will be appended to the expedition "job report" and securely stored for a 3 year period. All additional copies will be destroyed.

    How can the data subject raise a complaint?

    By contacting us directly