Muddy Feet Privacy

We respect your privacy and are committed to protecting your personal information, which we call “personal data”. This privacy notice will tell you how we look after your personal data and about your privacy rights. Muddy Feet Training is committed to protecting the privacy of its users. This Privacy Policy is designed to help you understand what information we gather, how we use it, what we do to protect it, and to assist you in making informed decisions when using our Service. Muddy Feet Training will adhere to the Principles of Data Protection, as detailed in the GDPR

We have tried to be brief and clear. We are happy to provide any additional information or explanation.

  1. General information


Data Controller (referred to as “we/us/our”)

Muddy Feet Training

Name or title of Data Protection Manager:


Alexandra Williams




Registered with the Information Commissioner's Office under

registration reference:


You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) ( We would appreciate the chance to deal with your concerns first.





You may give us data orally or by filling in forms or by corresponding with us by post, phone, email, web or otherwise, for example when you:


•             enter into a contract with us or contact us about doing so;

•             contact us about any contract we have with you;

•             request marketing to be sent to you;

•             book on to an event, party or training course

•             We may also receive personal data about you from third parties and public sources, including other customers when they interact with us)



We will only use your personal data when the law allows us to.  We have set out below how and why we plan to use your personal data.




Lawful basis for processing including basis of legitimate interest


To register you with our business including booking on to events and training courses

Performance of a contract with you

Sharing personal data for qualification or safeguarding checks

This will not occur without the express permission of the person whose data must be shared.

There are circumstances where the law allows us to disclose data (including sensitive data) without the data subject’s consent.

These are:

Carrying out a legal duty or as authorised by the Secretary of State

Protecting vital interests of a Individual/Service User or other person

The Individual/Service User has already made the information public

Conducting any legal proceedings, obtaining legal advice or defending any legal rights

Monitoring for equal opportunities purposes – i.e. race, disability or religion

Providing a confidential service where the Individual/Service User’s consent cannot be obtained or where it is reasonable to proceed without consent: e.g. where we would wish to avoid forcing stressed or ill Individuals/Service Users to provide consent signatures.

Muddy Feet Training intends to ensure that personal information is treated lawfully and correctly.

To perform any contract with you including:

Managing payments, fees and charges

Collecting and recovering money owed to us

 Addressing any breach



Performance of a contract with you

Necessary for our legitimate interests (to recover debts due to us)

Necessary for our legitimate interests (to ensure compliance with contract terms)



To manage our relationship with you which will include:

Notifying you about changes to our terms or privacy policy

Notifying you about changes to our business which are relevant to you




Performance of a contract with you

Necessary to comply with a legal obligation

Necessary for our legitimate interests (to keep our records updated and to study how people use our business)


To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)


Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

Necessary to comply with a legal obligation


To make suggestions and recommendations to you about goods or services that may be of interest to you


Necessary for our legitimate interests (to develop and grow our business)


Asking you to partake in a review

Necessary for our legitimate interests (to study how people use our business, to develop and grow our business)


To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you


Necessary for our legitimate interests (to study how people use our business, to develop and grow our business and to inform our marketing strategy)


To use data analytics to improve our website, products/services, marketing, relationships and experiences


Necessary for our legitimate interests (to define types of people for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)






We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you.

We may then use your personal data to send you marketing communications from us if you have requested information from us or purchased goods or services from us in each case, you have not opted out of receiving that marketing.


We will get your express opt-in consent before we use your personal data for any other marketing purpose, we do not share your details with third parties for marketing purposes.


You can ask us or third parties to stop sending you marketing messages at any time by contacting our DPM.


Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.

However, if we need to use your personal data for a new purpose and the law allows us to do so, we will notify you and explain the legal basis for our actions.



If we want to collect personally identifiable information through our website, we will be up front about this.

When someone visits our website, we may use a third-party service to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone.


Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.



We shall ensure data :

  • Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met,
  • Shall be obtained only for one or more of the purposes specified in the Act, and shall not be processed in any manner incompatible with that purpose or those purposes,
  • Shall be adequate, relevant and not excessive in relation to those purpose(s)
  • Shall be accurate and, where necessary, kept up to date,
  • Shall not be kept for longer than is necessary
  • Shall be processed in accordance with the rights of data subjects under the Act,
  • Shall be kept secure by the Data Controller who takes appropriate technical and other measures to prevent unauthorised or unlawful processing or accidental loss or destruction of, or damage to, personal information,
  • Shall not be transferred to a country or territory outside the European Economic Area.

To do this we will :

  • Observe fully conditions regarding the fair collection and use of information
  • Meet its legal obligations to specify the purposes for which information is used
  • Collect and process appropriate information, and only to the extent that it is needed to fulfill its operational needs or to comply with any legal requirements
  • Ensure the quality of information used
  • Ensure that the rights of people about whom information is held, can be fully exercised under the Act.

These include:

The right to be informed that processing is being undertaken,

The right of access to one’s personal information

The right to prevent processing in certain circumstances and

The right to correct, rectify, block or erase information which is regarded as wrong information)

Take appropriate technical and organisational security measures to safeguard personal information

Ensure that personal information is not transferred abroad without suitable safeguards

Treat people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information

Set out clear procedures for responding to requests for information



Informed consent is when

An Individual/Service User clearly understands why their information is needed, who it will be shared with, the possible consequences of them agreeing or refusing the proposed use of the data

And then gives their consent.

Muddy Feet Training will ensure that data is collected within the boundaries defined in this policy. This applies to data that is collected in person, or by completing a form.

When collecting data, Muddy Feet Training will ensure that the Individual/Service User:

  • Clearly understands why the information is needed
  • Understands what it will be used for and what the consequences are should the Individual/Service User decide not to give consent to processing
  • As far as reasonably possible, grants explicit consent, either written or verbal for data to be processed
  • Is, as far as reasonably practicable, competent enough to give consent and has given so freely without any duress
  • Has received sufficient information on why their data is needed and how it will be used



Information and records relating to service users will be stored securely and will only be accessible to authorised staff and volunteers.

Information will be stored for only as long as it is needed or required statute and will be disposed of appropriately.

It is Muddy feet Training responsibility to ensure all personal and company data is non-recoverable from any computer system previously used within the organisation, which has been passed on/sold to a third party.


All Individuals/Service Users have the right to access the information that we holds about them. We will also take reasonable steps to ensure that this information is kept up to date by asking data subjects whether there have been any changes.

We have  a Data Protection Officer with specific responsibility for ensuring compliance with Data Protection Everyone processing personal information understands that they are contractually responsible for following good data protection practice  


Applications to access or erase data held by us must be made in writing by the person whose information is being requested. We will respond to the written request as soon as possible and and complete the request within one calendar month. Where data will be erased, and we will inform the subject that the information has been erased.

This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the GDPR.

In case of any queries or questions in relation to this policy please contact the Data Protection Officer

Without gutter