Runspire Together

Privacy Policy

Policy Effective Date: 31st March 2026
Review Date: 12 February 2027
Organisation: Runspire Together
Contact Email: hello@runspire-notts.com
Website: www.runspiretogether.com

 

1. Introduction

Runspire Together is committed to protecting and respecting your privacy.

This policy explains how we collect, use, store, and protect personal data in accordance with:

• The UK General Data Protection Regulation (UK GDPR)
• The Data Protection Act 2018
• The Privacy and Electronic Communications Regulations (PECR)

Runspire Together acts as the Data Controller for the personal data we collect.

 

2. What Information We Collect

We may collect and process the following types of personal data:

 

a) Identity & Contact Data

• Name
• Email address
• Telephone number
• Emergency contact details
• Date of birth (for events, safeguarding and insurance purposes)

​

b) Health Information (Special Category Data)

• Relevant medical conditions
• Allergies
• Injuries
• Physical limitations

This information is collected solely to ensure your safety during sessions and events.

​

c) Participation Data

• Attendance records
• Event registrations
• Course participation
• Volunteer records

​

d) Media Content

• Photographs and videos taken during sessions or events (with consent)

​

e) Website Data

• Cookies
• IP address
• Website usage analytics

​

f) Identification Photos

​

A profile photo may be taken by your Runspire Together group leader. This is used solely for identification purposes to help ensure we hold the correct details for participants and volunteers, particularly in the event of an emergency or safeguarding situation. These photos are not used for marketing unless separate consent has been provided.

 

3. Lawful Basis for Processing

​

Under UK GDPR, we rely on the following lawful bases:

Consent – for marketing communications, photography, and health information.

Contract – where processing is necessary to deliver a session, programme, or event you have registered for.

Legal Obligation – where required for safeguarding, insurance, health and safety, or financial record keeping.

Legitimate Interests – for managing attendance, improving services, reporting impact, and ensuring participant safety.

Vital Interests – where medical information is required in an emergency.

Special category health data is processed under Article 9(2)(a) (explicit consent) and Article 9(2)(c) (vital interests).

 

4. How We Use Your Information

We use personal data to:

• Deliver running, walking, Nordic walking, and fitness sessions
• Administer Couch to 5K and progression programmes
• Organise community events
• Contact emergency services if required
• Communicate important updates
• Process payments
• Manage volunteers
• Promote Runspire Together activities (where consent has been provided)
• Meet safeguarding, insurance, and governance requirements
• Demonstrate community impact to funders (see Section 6)

We will never sell your data.

 

5. Data Sharing

We may share information where necessary and lawful with:

• Emergency services in case of an incident
• Insurance providers where required
• Professional advisers (for example accountants or legal advisers)
• Regulatory authorities where required by law

All data sharing is limited to what is necessary and proportionate.

 

6. Funders and Partners

Runspire Together may receive funding or work in partnership with:

• Local authorities
• Grant-making trusts and foundations
• Corporate sponsors
• Community organisations
• National governing bodies

To meet funding requirements, we may share:

• Anonymous statistical data (for example number of participants, age ranges, postcode areas, participation outcomes)
• Aggregated impact reports
• Case studies (with explicit consent)
• Photographs or testimonials (with explicit consent)

We do not share identifiable personal data with funders or partners unless:

• You have given explicit consent, or
• It is required by law, or
• It is necessary for safeguarding or insurance purposes

Where partnerships require data sharing, a written agreement will be in place to ensure UK GDPR compliance.

 

7. Data Retention

We retain personal data only as long as necessary:

• Participant records: up to 3 years after last engagement
• Accident/incident reports: minimum 3 years (longer where minors are involved)
• Financial records: 6 years (HMRC requirement)
• Safeguarding records: in line with safeguarding legislation and guidance

After this period, data will be securely deleted or anonymised.

 

8. Data Security

We implement appropriate technical and organisational measures, including:

• Password-protected systems
• Restricted access to trustees and authorised volunteers
• Secure storage of paper records
• Secure cloud-based systems where possible

Runspire Together stores participant and volunteer information securely using Beacon CRM and Wix, which are secure cloud-based systems used to manage registrations, attendance records, communications, and programme administration.

Access to these systems is restricted to authorised Runspire Together staff, trustees, and approved volunteers who require access for operational, safeguarding, or administrative purposes.

Profile identification photos are stored securely within these systems and are only used to help confirm participant identity where necessary for safety and emergency response purposes.

 

9. Your Rights Under UK GDPR

You have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion (where applicable)
• Restrict processing
• Object to processing
• Withdraw consent at any time
• Request data portability
• Lodge a complaint with the Information Commissioner’s Office (ICO)

ICO website:
https://www.ico.org.uk

 

10. Marketing Communications

We will only send marketing communications where:

• You have given consent, or
• We have a legitimate interest and you have not opted out.

You may unsubscribe at any time.

 

11. Photography and Media

Photos and videos may be taken during sessions and events for marketing and promotional purposes.

Where required, we will:

• Seek explicit consent
• Provide opt-out options
• Respect safeguarding requirements for children

 

12. Children’s Data

Where participants are under 18:

• Parental or guardian consent will be obtained
• Safeguarding policies will apply
• Data will be handled with additional care

 

13. Changes to This Policy

We may update this policy periodically. The most recent version will always be available on our website.

We may update this policy periodically. The most recent version will always be available on our website.