top of page

Privacy Policy

Privacy Policy

Pathfinders Cymru – Privacy Notice 
Last updated: June 2026 

Who We Are

Pathfinders Cymru is a registered charity providing educational, social, creative and wellbeing opportunities for children, young people, families and volunteers. 
This Privacy Notice explains what personal information we collect, how we use it, how long we keep it, and your rights under UK data protection law. 
 

Contact Details

If you have any questions about this Privacy Notice or how we use your information, please contact: 
Data Protection Lead 
Pathfinders Cymru 
Email: bethan@pathfinderscymru.com 
You also have the right to complain to the Information Commissioner's Office (ICO) if you are unhappy with how we have handled your data. 

What Information We Collect
Depending on the activities you take part in, we may collect: 


Participants and Families 
●    Names 
●    Dates of birth or age ranges 
●    Contact details 
●    Emergency contact information 
●    Medical, allergy or accessibility information 
●    Attendance records 
●    Membership information 
●    Photographs and videos (where permission has been given) 
●    Information required for specific projects, awards or activities 


Volunteers 
●    Names and contact details 
●    Application and induction information 
●    References 
●    DBS status and certificate details 
●    Training records 
●    Emergency contact details 


Website and Online Services 
When you use our website or booking systems, we may collect: 
●    Contact information submitted through forms 
●    Booking information 
●    Technical information such as IP addresses, browser type and website usage statistics 


Why We Use Your Information 
We use personal information to: 
●    Deliver activities, events and services 
●    Communicate with participants, parents, carers and volunteers 
●    Maintain attendance and membership records 
●    Meet health, safety and safeguarding requirements 
●    Administer awards, qualifications and accreditation schemes 
●    Manage volunteers 
●    Evaluate projects and report to funders 
●    Send information about activities you have requested information about

● Improve our services 


We will only process personal information where we have a lawful basis to do so. 


Lawful Bases for Processing 
Depending on the circumstances, we process information under one or more of the following lawful bases: 
●    Consent 
●    Contract
●    Legal obligation 
●    Vital interests 
●    Legitimate interests 


Where we rely on consent, you may withdraw that consent at any time. 


Photography and Video 
We occasionally take photographs and videos during activities for: 
●    Publicity and promotion 
●    Social media 
●    Funding reports 
●    Displays and presentations 


We will seek appropriate consent before using identifiable images of children and young people. 
Consent may be withdrawn at any time by contacting us. 


Sharing Information
We will never sell personal information. 
We may share information where necessary with: 
●    Awarding organisations (such as AQA, Arts Award or Duke of Edinburgh) 
●    Funding bodies where anonymised or required information is needed for project reporting 
●    Professional advisers 
●    Regulatory bodies 
●    Emergency services or safeguarding agencies where necessary to protect a child, young person or vulnerable adult 
Information will only be shared where there is a lawful basis to do so. 


Online Platforms and Digital Services 
Pathfinders Cymru uses a range of digital systems to support its activities, including cloud storage, email services, online booking systems, learning platforms and communication tools. 
Where personal information is processed using third-party providers, we take reasonable steps to ensure appropriate security and data protection safeguards are in place. 


WhatsApp Groups and Communications 
Pathfinders Cymru may use WhatsApp groups and direct messages to communicate with volunteers, trustees, session leaders and, where appropriate, parents or carers. 


Participation in WhatsApp groups is voluntary. Members of a group will be able to see the names, profile information and telephone numbers of other group members. 
Information shared within WhatsApp groups should be limited to that required for the organisation and delivery of Pathfinders Cymru activities. 


Volunteers, trustees and staff are expected to follow Pathfinders Cymru's safeguarding, confidentiality and communication policies when using WhatsApp for charity-related communications. 
WhatsApp messages may be retained for as long as reasonably necessary for operational, safeguarding or administrative purposes and will be deleted when no longer required. 


Discord and Online Communities 
Some projects include access to moderated online communities, including Discord servers. 
Participation is voluntary and subject to our community rules and safeguarding procedures. 
Usernames, messages, moderation records and participation information may be retained for safeguarding, moderation and community management purposes. 


Lending Library Records 
Pathfinders Cymru operates a lending library for the benefit of members and participants. 
To manage loans and returns, we may collect and store: 
●    Name of borrower 
●    Contact details 
●    Items borrowed 
●    Loan and return dates 
●    Outstanding loans or reminders 


Lending library records are used solely for the administration of the library service and will not be used for unrelated purposes. 
Library membership records will normally be retained for up to one year after membership ends, after which they will be securely deleted unless there is a legitimate reason to retain them for longer. 


How Long We Keep Information 
We only keep personal information for as long as necessary. 
Retention periods are set out in our Data Retention and Handling Policy and vary depending on the type of information involved. 
Examples include: 
●    Membership records 
●    Volunteer records 
●    Safeguarding records 
●    Incident and accident reports 
●    Financial records 
●    Award and accreditation records 
When information is no longer required, it is securely deleted or destroyed. 


Keeping Information Secure 
We take appropriate technical and organisational measures to protect personal information. 
These include: 
●    Password-protected systems 
●    Secure cloud storage 
●    Restricted access to sensitive information 
●    Staff and volunteer confidentiality requirements 
●    Secure destruction of records when no longer needed 


Your Rights 
Under UK GDPR you have the right to: 
●    Request access to your personal information 
●    Request correction of inaccurate information 
●    Request deletion of information where appropriate 
●    Request restriction of processing 
●    Object to certain processing activities 
●    Withdraw consent where consent is the basis for processing 
●    Complain to the Information Commissioner's Office 
Requests can be made by contacting the Data Protection Lead. 


Changes to This Privacy Notice 
We may update this Privacy Notice from time to time. 
The latest version will always be available on our website. 

bottom of page