boundless outdoors logo in white

Boundless Outdoors Privacy Policy

Last updated: 15 December 2025

1) Who we are and how to contact us

This policy explains how Boundless Outdoors (we, us, our) collects and uses personal information across our outdoor education, residentials, activities, venue hire and events.

Email: enquiries@boundlessoutdoors.co.uk
Phone: 01684 574546
Post (Malvern centre): Boundless Outdoors, Old Hollow, Malvern, Worcestershire, WR14 4NR
Bell Heath centre: Quantry Lane, Belbroughton, Worcestershire, DY9 9UU

If you have a privacy request, email us with the subject line: Privacy Request.

2) What this policy covers, including Boundless Events

Boundless Events was a separate website owned by the same organisation and used to promote venue hire and event related services at www.boundlessevents.co.uk. This single policy now covers Boundless Outdoors and any services previously marketed via Boundless Events.

3) The information we collect

We collect information in three main ways.

Information you give us
This may include:

  • Name, email, phone number, address

  • Organisation, school or group details and your role

  • Booking and enquiry details such as dates, numbers, requirements

  • Payment and invoicing details

  • Emergency contacts where relevant to a booking

  • Health, medical, dietary, allergy, accessibility or additional needs information when relevant for safety and inclusion

  • Preferences such as marketing choices and contact preferences

Information we receive from others
For some bookings, especially schools and groups, we may receive participant information from the organiser such as a school, group leader, or parent or guardian so we can plan safely and deliver the service.

Information collected automatically online
When you use our websites we may collect: IP address, device and browser information, pages viewed, approximate location based on IP address, and cookie and analytics data.

4) Special category data such as health information

Some visits require information like allergies, medication needs, disabilities or dietary requirements so we can keep people safe and included. We only collect what we need, we limit who can access it, and we keep it only as long as necessary.

5) Why we use your information and our lawful bases

UK data protection law requires us to have a lawful basis for using personal data. We may rely on one or more of the following, depending on the situation: contract, legal obligation, legitimate interests, consent, and vital interests.

Delivering services and managing bookings

  • Responding to enquiries, providing quotes, managing bookings, and customer support
    Lawful basis: contract and legitimate interests

Safety, safeguarding and welfare

  • Risk management, emergency planning, incident handling, and inclusion support
    Lawful basis: vital interests, legal obligation, and legitimate interests
    If special category data is involved, we apply additional legal conditions and extra safeguards.

Payments, accounts and audit

  • Taking payment, processing refunds, invoicing, and record keeping
    Lawful basis: contract and legal obligation

Marketing and communications

  • Sending updates, offers, brochures, and open day invites
    Lawful basis: consent where required and or legitimate interests where permitted
    You can opt out at any time.

Website improvement and analytics

  • Understanding how our website performs and improving user experience
    Lawful basis: consent for non essential cookies where required, plus legitimate interests for essential site operation and security

6) Who we share your information with

We do not sell your personal information.

We may share information with trusted suppliers who help us run our services, such as:

  • Payment processing providers such as PayPal

  • Website hosting and content systems such as WordPress

  • Analytics providers such as Google Analytics

  • Email and communications tools used to send service messages and, if you opt in, marketing

  • Professional advisers such as insurers, auditors, and legal advisers where necessary

  • Authorities and emergency services where required or appropriate

We put contracts in place to require suppliers to protect your data and use it only for the services they provide to us.

7) International transfers

Some suppliers may process personal data outside the UK. When this happens, we use appropriate safeguards to protect your information.

8) Cookies and similar technologies

We use cookies and similar technologies to make our websites work and to understand how they are used. You can manage cookie preferences through your browser settings and, where available, our cookie controls. If you disable certain cookies, parts of the site may not work as intended.

9) How long we keep information

We keep personal information only for as long as necessary for the purpose it was collected, including where we must keep records for legal or accounting reasons.

Typical examples include:

  • Enquiries kept for a limited period to manage follow up and reporting

  • Booking and finance records kept for statutory timeframes

  • Health and safety information kept only as long as needed for the booking and any required follow up

10) Keeping your information secure

We use appropriate technical and organisational measures to protect personal information, including access controls, staff training, secure systems, and data minimisation. No method of transmission or storage is completely secure, but we work hard to protect your data.

11) Children’s information

We provide services that involve children and young people, often through schools and group leaders. We handle children’s information carefully and only use it to deliver services safely and appropriately.

Where we use photos or video for marketing, we use clear permission processes and respect opt outs, particularly for children.

12) Your rights

Depending on your circumstances, you can:

  • Request access to your personal data

  • Ask for correction, deletion, or restriction

  • Object to certain processing, including some marketing

  • Withdraw consent where we rely on consent

  • Request portability where applicable

To exercise your rights, contact enquiries@boundlessoutdoors.co.uk.

You can also raise a concern with the UK regulator, the Information Commissioner’s Office.

13) Do Not Track

Some browsers offer a Do Not Track setting. There is no agreed standard for how organisations should respond, so we do not currently respond to these signals.

14) Updates to this policy

We may update this policy to reflect changes in law, guidance, or how we operate. We will post the latest version on our website and update the last updated date at the top of this page.