Runspire Together  

Privacy Policy

​

Policy Effective Date: 12 February 2026
Review Date: 12 February 2027
Organisation: Runspire Together
Contact Email: hello@runspire-notts.com
Website: www.runspiretogether.com

​

1. Introduction

​

Runspire Together is committed to protecting and respecting your privacy.

This policy explains how we collect, use, store, and protect personal data in accordance with:

• The UK General Data Protection Regulation (UK GDPR)

• The Data Protection Act 2018

• The Privacy and Electronic Communications Regulations (PECR)

Runspire Together acts as the Data Controller for the personal data we collect.

​

2. What Information We Collect

​

We may collect and process the following types of personal data:

​

a) Identity & Contact Data

​

• Name

• Email address

• Telephone number

• Emergency contact details

• Date of birth (for events, safeguarding and insurance purposes)

 

b) Health Information (Special Category Data)

• Relevant medical conditions

• Allergies

• Injuries

• Physical limitations

This information is collected solely to ensure your safety during sessions and events.

 

c) Participation Data

• Attendance records

• Event registrations

• Course participation

• Volunteer records

 

d) Media Content

• Photographs and videos taken during sessions or events (with consent).

 

e) Website Data

• Cookies

• IP address

• Website usage analytics

 

3. Lawful Basis for Processing

​

Under UK GDPR, we rely on the following lawful bases:

• Consent – for marketing communications, photography, and health information.

• Contract – where processing is necessary to deliver a session, programme, or event you have registered for.

• Legal Obligation – where required for safeguarding, insurance, health and safety, or financial record keeping.

• Legitimate Interests – for managing attendance, improving services, reporting impact, and ensuring participant safety.

• Vital Interests – where medical information is required in an emergency.

Special category health data is processed under Article 9(2)(a) (explicit consent) and Article 9(2)(c) (vital interests).

​

4. How We Use Your Information

​

We use personal data to:

• Deliver running, walking, Nordic walking, and fitness sessions

• Administer Couch to 5K and progression programmes

• Organise community events

• Contact emergency services if required

• Communicate important updates

• Process payments

• Manage volunteers

• Promote Runspire Together activities (where consent has been provided)

• Meet safeguarding, insurance, and governance requirements

• Demonstrate community impact to funders (see Section 6)

We will never sell your data.

​

5. Data Sharing

​

We may share information where necessary and lawful with:

• Emergency services in case of an incident

• Insurance providers where required

• Professional advisers (e.g. accountants or legal advisers)

• Regulatory authorities where required by law

All data sharing is limited to what is necessary and proportionate.

​

6. Funders and Partners

​

Runspire Together may receive funding or work in partnership with:

• Local authorities

• Grant-making trusts and foundations

• Corporate sponsors

• Community organisations

• National governing bodies

 

To meet funding requirements, we may share:

• Anonymous statistical data (e.g. number of participants, age ranges, postcode areas, participation outcomes)

• Aggregated impact reports

• Case studies (with explicit consent)

• Photographs or testimonials (with explicit consent)

 

We do not share identifiable personal data with funders or partners unless:

• You have given explicit consent, or

• It is required by law, or

• It is necessary for safeguarding or insurance purposes.

 

Where partnerships require data sharing, a written agreement will be in place to ensure UK GDPR compliance.

​

7. Data Retention

 

We retain personal data only as long as necessary:

• Participant records: up to 3 years after last engagement

• Accident/incident reports: minimum 3 years (longer where minors are involved)

• Financial records: 6 years (HMRC requirement)

• Safeguarding records: in line with safeguarding legislation and guidance

After this period, data will be securely deleted or anonymised.

 

8. Data Security

​

We implement appropriate technical and organisational measures, including:

• Password-protected systems

• Restricted access to trustees and authorised volunteers

• Secure storage of paper records

• Secure cloud-based systems where possible

 

9. Your Rights Under UK GDPR

​

You have the right to:

• Access your personal data

• Request correction of inaccurate data

• Request deletion (where applicable)

• Restrict processing

• Object to processing

• Withdraw consent at any time

• Request data portability

• Lodge a complaint with the Information Commissioner’s Office (ICO)

ICO website: https://www.ico.org.uk

​

10. Marketing Communications

​

We will only send marketing communications where:

• You have given consent, or

• We have a legitimate interest and you have not opted out.

You may unsubscribe at any time.

​

11. Photography and Media

​

Photos and videos may be taken during sessions and events for marketing and promotional purposes.

Where required, we will:

• Seek explicit consent

• Provide opt-out options

• Respect safeguarding requirements for children

 

12. Children’s Data

​

Where participants are under 18:

• Parental or guardian consent will be obtained

• Safeguarding policies will apply

• Data will be handled with additional care

 

13. Changes to This Policy

​

We may update this policy periodically. The most recent version will always be available on our website.