Privacy Policy

Privacy Notice

Our privacy policy

This document explains why we collect your personal data, what we record, how it is used and stored, and what rights you have relating to it.

Download a PDF version of this privacy policy

This document explains why we collect your personal data, what we record, how it is used and stored, and what rights you have relating to it.

We are:

  • The Outward Bound Trust, an educational charity, which provides residential and non-residential outdoor learning programmes to young people who come to us as individuals or with their school, college or youth group.
  • Outward Bound Corporate Ltd, a wholly-owned subsidiary of The Outward Bound Trust, which sells commercial residential outdoor learning programmes for apprentices and graduates. All of its profits go to the charity.

For all practical purposes, we are one organisation. The policies, staff and management systems of The Outward Bound Trust also cover Outward Bound Corporate Ltd and so this Privacy Statement applies to both companies.

The Outward Bound Trust is data controller for all personal data covered by this document. Outward Bound Corporate Ltd is also a joint controller with The Outward Bound Trust for personal data relating to the apprentice and graduate courses that it sells.

There is a single point of contact for The Outward Bound Trust and Outward Bound Corporate Ltd:

Telephone: 01931 740 000

Email: enquiries@outwardbound.org.uk

Address: Hackthorpe Hall, Hackthorpe, Penrith, Cumbria.

We are committed to keeping your personal data safe and secure, and to meeting the requirements of the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 (“DPA”), the Privacy and Electronic Communication Regulations 2003 (“PECR”) and other relevant data protection law.

We keep this Privacy Statement up to date to help you understand what we do with your personal data. This is version 8.0 of this document, and we last updated it on 22/01/2025.


1. Your data and how we use it

1.1 Summary

We protect your personal data and will never sell it to anyone.

We collect and process personal data to fulfil our charitable purposes and to administer and deliver our courses. When we collect your personal data, we aim to be clear about our reasons for doing so, and we will only use it in ways that you would reasonably expect.

In general, when you:

  • visit our website
  • communicate with us
  • apply for or book a course with us
  • take part in a course or event with us
  • donate to us;

at some point we will need to collect and use some of your personal data. We will do our best to keep your information up to date. Please let us know if your details change.

We want to be open, honest and fair in the way that we use your data. Section 4 of this Privacy Statement gives you details of your legal rights over your personal data.

If you aren’t yet a donor or customer, we might use some publicly available data to help us to get to know you. This is in our legitimate interests as a charity dependant on fundraising and course bookings for income. You have the right to opt out of marketing and fundraising messages at any time.

We might also sometimes combine information that you’ve already given us with data from publicly available sources, such as information about the area where you live. This is so we can better understand you as a young person, customer or donor. This then helps us to work and communicate more effectively. Again, this is in our legitimate interest as a charity.

We keep your data secure and continually improve our systems and processes, using audits and expert advice to help us.

We use carefully chosen suppliers to help us with specific tasks. This sometimes means we need to share some of your personal data with them. For example, this could be to send you an email newsletter that you’ve opted in to, or to process a payment. We share only the information needed to carry out the particular task. Our contracts with our suppliers require them to only act on our instructions, to keep your data secure and to comply with data protection laws. We always keep control of your data.

Like any other organisation in the UK, if asked by the police, or other regulatory or government authority, we may be required by law to pass on your personal data to them, and we might not be allowed to tell you if this happens.

The rest of section 1 goes into more detail about what we do with your personal data depending on your relationship with us.

1.2 When you visit our website

When you use our website, we collect and process certain types of personal data and place some cookies on your device. For more details, please see the website privacy notice at https://www.outwardbound.org.uk/your-personal-data

1.3 If you are a course participant or applicant


If you are completing a Participant Information Form for someone else (such as your child), you should tell them that we will have their data and that they have certain rights relating to it. Show them this Privacy Statement and help them to understand it.

If you are a course participant (or applicant), we may use your personal data for the purposes of:

  • Processing your course booking
  • Administering your course including any allocation of charitable funding
  • Managing your health, safety and wellbeing and that of people around you
  • Statistical analysis to aid evaluation, improvement and reporting

We may be given some of your personal data by your school/college or employer, or by the person who booked your course. This information helps us to plan and prepare your course and accommodation, and usually includes:

  • your name
  • gender
  • age
  • and sometimes, your school/college class, your job role, or other contextual information about you or the group you are coming with.

1.3.0.1 Participant Information Form and health data

We require you to complete a secure online Participant Information Form (“PIF”) before you can take part in an Outward Bound course. On this form we ask for some sensitive personal information, including:

  • date of birth
  • next of kin
  • gender
  • detailed medical information, including allergies and physical and mental health conditions
  • information on your dietary needs
  • if you are disabled, information about your access needs
  • any other information you may decide to tell us that helps us look after you.

This sensitive data is strictly confidential, and we take extra care with it. We mainly use it to manage the health, safety and wellbeing of you and those around you, including to provide appropriate support and medical care if required. If you are under 18, we need your parent or guardian to submit your form on your behalf.

As part of our safety management process, we will sometimes need to contact you (or your parent/guardian if you are under 18) to discuss some of the information given on your form. We will try to do this by phone but might need to email if we can’t get through on the phone. This type of contact is necessary so you can’t opt out of it.

We understand that there might be things going on in your life that might affect your time at Outward Bound but which you don’t want to appear on your Participant Information Form. If this is the case for you, please directly contact the centre you’re going to and ask to speak to the Safeguarding Lead. The contact information for each centre is on our website.

After your course, we need to keep the data from your PIF along with other records about your time with us, such as information about any adverse incidents or unintended events during your course. This helps us to meet our legal responsibilities. We will keep this information for three years after your course if you are over 18. If you are under 18, we keep it until you are at least 21 years old. In some circumstances we may need to keep some sensitive information for longer.

The lawful condition for processing the sensitive data for health, safety and wellbeing purposes is substantial public interest – safeguarding of children and individuals at risk.

1.3.0.2 Data on background and characteristics for statistical analysis

We also ask for some sensitive data about your background and characteristics. This is used for statistical analysis. Usually this is information you’ve chosen to tell us on the Participant Information Form. For certain funded courses we might also ask you for extra information. We anonymise and aggregate sensitive data as soon as possible in the analysis process. This anonymised data is then used to help us understand and improve how we include as many people as possible, and to help us report to donors and to partner organisations (see 1.3.2 below).

The statistical analysis of sensitive data is carried out in accordance with UK GDPR Article 89 and is done in our legitimate interest.

1.3.0.3 Other non-sensitive information collected during or after your course

During or after your course we may also collect:

  • your responses to any evaluation questions

This information is used to evaluate and report on the impact of our work and to help us improve our courses. It is anonymised whenever possible. We will never identify you in a report or case study without your express permission in advance.

  • any feedback you give us

We use this information to keep improving our centres and courses. Feedback and evaluation information is used in line with our legitimate interests.

We also collect:

  • your contact details

We may need to send you important information about your course. You can’t opt out of receiving this type of message.

  • your (and your parent or guardian’s) preferences for receiving marketing messages from us, and contact details for doing so.

You are in control of whether to receive marketing messages from us. Our marketing is done in line with the legitimate interests of the charity.

We may also hold records of any written communication with us.

1.3.1 Working with your school, college or employer

If you come to us with your school, college or employer, we might need them to help us to make sure that Personal Information Forms are completed by you and other people on your course. Your school, college or employer cannot see what you have entered on the form. We do tell them whether you have completed the form or not.

Your school, college or employer may share other information about you with us, and we may share information with them about you. This is part of how we work in partnership to look after you before, during and after your time with us, which includes fulfilling our safeguarding responsibilities.

If you are an Employee Ambassador, we will usually require you to undergo a check with the Disclosure and Barring Service (England and Wales) or Disclosure Scotland. We will tell you what additional information we need you to supply to facilitate this, and we will need you to show us the disclosure certificate that is issued to you. We keep a record that we have done this.

1.3.2 Working with funders, partners and awarding bodies

We deliver some courses that involve working with awarding bodies. For example, some courses include an accredited qualification such as the SCFQ Level 7 Community Leadership Award. If you come on a course incorporating a qualification we will need to share your name, date of birth, candidate number and other relevant information with the awarding body so that you can gain the qualification, and so that they can assure the quality of the award provision. We also use your data to produce aggregated statistical information on the backgrounds of people undertaking the qualification for quality, reporting and improvement purposes.

From time to time, we might offer other third-party awards as part of our courses. The arrangements for these are similar.

Other courses are funded in whole or part by donor organisations or individuals. Our agreements with these partners sometimes require us to share anonymised demographic data with them, or to report on the results of our statistical analyses of participant data.

1.3.3 Funded programmes

If you apply for a place on a funded programme (such as the Mark Scott Leadership for Life Award, or Scotland’s Next Generation), we may combine the information you give us with publicly available information about the area where you live such as data from indices of deprivation. This helps us to allocate places effectively, to match you to a donor, and to help us report to our donors on how we use their money.

1.3.4 Photos and videos of you for marketing purposes

If, and only if, you or your parent/guardian gives permission by selecting the appropriate box on the Participant Information Form, we may use photos and videos of you taken during your course for marketing and fundraising purposes, including on our website, social media channels, and for printed media such as brochures and reports. Unless there is a specific purpose, which will always be agreed with you in advance, we will not use your name alongside the images.


1.4 If you came on an Outward Bound course in the past

We have been going since 1941 and in that time have had over 1.2 million people come on courses with us. We keep paper archives of many historical courses at our current centres. Unfortunately we don’t hold records from the Moray Sea School or Holne Park, Ashburton.

If you came on a course with us in the past, it’s possible that we could have records of:

  • your name, age and other basic information about you at the time
  • photographs of you during your course
  • your detailed course report and other paperwork from the course.

Exactly what information we have depends on when and where your course was:

  • If your course was more than 10 years ago: to find out if we do have a record of your course in our archive and to obtain a copy of it, as well as to hear about our alumni programme, please contact our Alumni Team at alumni@outwardbound.org.uk.
  • If your course was less than 10 years ago: email enquiries@outwardbound.org.uk if you want to know what personal data we hold and obtain a copy.

The historical course archive data is held for archiving purposes in the public interest and for historical research purposes.

Section 4 below gives you more information about your rights over your personal data and how to exercise them.

1.5 If you are a donor, or a prospective donor

If you have donated to us, or if we consider you to be a prospective donor, the personal data we hold on you may include:

  • your name and contact details
  • your preferences on how to contact you
  • your history of donations to us
  • invoicing or Request for Donation information
  • your job title and other information about the company you work for
  • general information about your interests and business activities
  • records of events you have attended with us
  • your history of support for us
  • records of your written communications with us.

We usually gather or generate this information in the course of setting up or fulfilling your donation agreement with us. If you are not yet one of our donors, we might have obtained some information from publicly available sources through our prospect research. This information is used in line with our legitimate interest as a charity reliant on fundraising. You always have the option to opt out of any messages we send you, and you can request at any time that we stop processing your data or delete it. See Section 4 of this Privacy Statement to find out how to do that.

We are registered with the Fundraising Regulator and follow the Fundraising Code of Practice.

1.6 If you are a customer

If you have booked a course with us, we will usually hold the following information about you in order to fulfil our contract with you or to manage your relationship with us:

  • your name and contact details
  • your job title and other information about your place of work
  • your preferences on how to contact you
  • your history of bookings with us
  • invoicing information
  • records of your written communications with us.

We gather this personal information directly from you during the booking process and throughout the course of your relationship with us.

During or after the course you booked, we may also collect:

  • your responses to any impact evaluation or feedback opportunities.

This information is used to help us keep improving our courses and the way we work with you and other customers, or to evaluate and report on the impact of our work - in which case it is usually anonymised. We will always ask your permission if we want to use your name in any of our evaluation reports or marketing material. Evaluation and feedback is done in line with our legitimate interest as a charity.

1.7 If you are not yet one of our customers

We might have found basic information about you, including contact details, from publicly available sources. We use this to help us to get in touch with you. This is in line with our legitimate interest as a charity.

You might also have directly given us your information when you completed one of our forms, attended a course with us, or got in touch with us some other way.

1.8 Marketing and fundraising communications

If you have opted in, or if you have previously booked a course, donated to us, or attended an event with us, then from time to time, we may tell you about news, events, activities or offers which we think may be of interest to you. You can opt out of receiving these messages whenever you like.

We limit the number of marketing and fundraising messages that we send, and we use profiling and segmentation to make sure that you only get messages that we think are likely to be relevant to you.

If you do not wish to receive marketing or fundraising messages by post, phone, text or email, you can notify us to change any of your preferences at any time using the contact details in section 5 of this policy. Our marketing emails have unsubscribe links at the bottom to make it easy for you to opt out of receiving them.

2. How we look after your personal data

We protect your personal data and will never sell it to anyone.

We hold and process your personal data on The Outward Bound Trust’s computer and paper systems. We use our supplier’s systems for certain tasks. We continually improve our processes and systems. We consider data protection by default and by design.

2.1 Security

We take the security of your data seriously. We use internal and third-party audits and certification programmes to test and improve the security of our systems. We have Clean Screen and Clean Desk policies and encrypt all data held on phones and computers. Our staff undergo DBS checks and have data protection training before handling personal data. Access to personal data is limited to those people who require it for their roles, and logins are secured with multi-factor authentication. Medical information and other sensitive data gathered through the Participant Information Form is subject to additional access and retention controls and cannot be exported from the system.

Sensitive data including data from the Participant Information Form is only stored and processed within the UK.

2.2 Suppliers

We use carefully chosen suppliers to help us with certain tasks. These include processing personal data for managing bookings, administering courses, taking payments and communicating with you. We use Data Processing Agreements and other contractual arrangements to ensure your data is only processed on our instructions, in line with the law. We monitor the performance of our suppliers to ensure that our standards are maintained.

2.2.1 Overseas data transfers

Some non-sensitive data processed by our suppliers might be electronically transferred to and processed at locations outside the UK or the European Economic Area (“EEA”). In these cases, we use binding contractual arrangements to ensure that your data is protected. These might include where appropriate Standard Contractual Clauses or UK International Data Transfer Agreements

3. Changes to this statement

We make changes to this Privacy Statement from time to time as part of our commitment to continual improvement. The latest approved version of this policy will always be available on our website.

If we make any significant changes in the purposes that we use your personal data for, we will make this clear on our website or contact you directly.

Since the previous version (7.0):

  • We have added extra detail and clarification in section 1.3, including a subsection on use of images of you with your consent for marketing purposes.
  • We have added more detail in section 1.4 about the purpose of holding historical paper archives
  • We have added information in section 4.1 about our policy on consent to provide a young person’s data to another person.
  • We have updated job titles and personnel where relevant.
  • There are various minor changes for clarity or ease of reading.

4. Your data rights

You have the following rights relating to your personal data. If you want to exercise any of your data rights, just get in touch with us using the details in Section 5 below. To keep your data safe we may need to check that you are who you say you are.

4.1 The rights to know what data we hold about you, what we use it for, and to request a copy of personal information held about you

We will provide this information within one month. It will help us if you can be specific about the types of data you would like a copy of.

If you are a parent or guardian requesting a copy of your child’s data, please be aware that we normally require the consent of any young person aged 12 or over before providing their data to anyone.

4.2 The right to request that any inaccuracies be corrected

We will usually be able to do this immediately, although in some circumstances it might take us up to one month to complete your request.

4.3 The rights to request us to stop processing your personal data and to request us to delete your personal data

There might sometimes be good reasons why we need to keep some data, even if you have asked us to delete it. For example, if you have asked us not to send emails to you, we will need to keep your email address to check against so that we don’t accidentally send you emails in future.

4.4 The right to complain to the Information Commissioner’s Office or the Fundraising Regulator

You can do this at any time, although of course it would be helpful if you discussed any problems you have with us first. The Information Commissioner’s Office can be found at ico.org.uk and the Fundraising Regulator can be found at fundraisingregulator.org.uk

5. Contact Us

Please get in touch if you have any questions about this policy, would like us to stop sending you messages or using your data, or if you would like to exercise any of your personal data rights.

Telephone: 01931 740 000

Email: enquiries@outwardbound.org.uk

Address: The Outward Bound Trust, Hackthorpe Hall, Hackthorpe, Penrith, Cumbria.

5.1 Data Protection Officer

Our Data Protection Officer is John Chivall (he/him).

Email: john.chivall@outwardbound.org.uk