top of page

Privacy Policy

1. INTRODUCTION

1.1 Purpose of This Policy
This privacy policy (“Privacy Policy”) covers our data collection practices and describes what rights you have with respect to your personal information.
 
1.2 Effective Date & Updates
This Privacy Policy is effective as of September 2025 and may be updated from time to time. Please check back periodically for updates.

1.3 When This Policy Applies
This Privacy Policy applies when you visit or use the Rock2Recovery website (www.rock2recovery.co.uk) (the “Site”) or use our services (the “Services”). By using the Site or Services, you acknowledge and accept that this Privacy Policy applies.

2. IMPORTANT INFORMATION AND WHO WE ARE

2.1 Data Controller
The data controller of your personal information is Rock 2 Recovery CIC (“R2R”, “we”, “us”).
 
2.2 Contact Details
You can contact us at: Rock 2 Recovery CIC, support@rock2recovery.co.uk, 23 Southernhay West Third Floor Office, Exeter, Devon, EX1 1PR, telephone 01392 642960.

3. DATA WE COLLECT ABOUT YOU

3.1 Internal Donation Information
When you make a donation through the Site, we collect your name, billing address, payment details, email address and phone number.
 
3.2 Enquiry Information
When you contact us, we collect your name, date of birth, email address, phone number, coaching needs, address, GP practice and next of kin details.
 
3.3 Coaching Information
When attending a coaching session, you may share information such as your health, employment, family details or any information your coach records.

3.4 Device Information
We automatically collect browser details, IP address, time zone, cookies installed, pages viewed, referring sites and usage behaviour when you access the Site.

3.5 External Donation Information
When you donate through external payment providers, we may retrieve your name, email address and phone number from them.
 
3.6 Information from Third Parties
With your permission, we may also receive information from your GP, family members or other third parties.

3.7 Sensitive Personal Information
We may process sensitive information such as health data, usually with your explicit consent or where necessary to protect your vital interests.

4. HOW YOUR PERSONAL INFORMATION IS COLLECTED

4.1 Direct Collection
We collect Internal Donation Information, Enquiry Information and Coaching Information directly from you.
 
4.2 External Donation Data
We retrieve External Donation Information from payment providers for up to six years.
 
4.3 Automated Collection via Cookies
Device Information is collected automatically through cookies used for analytics, security and system functionality.

​4.4 Types of Cookies Used

  • XSRF-TOKEN (fraud detection; session; essential)

  • hs (security; session; essential)

  • svSession (session identification; 6 months; essential)

  • SSR-caching (rendering performance; 24 hours; essential)

  • TS* (attack detection; session; essential)

  • bSession (system effectiveness; 24 hours; essential)

  • fedops.logger.sessionId (error tracking; 12 months; essential)

  • _wixAB3|* (site experiments; 6 months; essential)

  • server-session-bind (API protection; session; essential)

  • client-session-bind (API protection; session; essential)

5. HOW WE USE YOUR PERSONAL INFORMATION

5.1 Donation Processing & Communication
We use Internal Donation Information to process donations, communicate with you, detect fraud and send marketing where allowed.

5.2 Website Analytics & Performance
Device Information helps us detect fraud, analyse Site behaviour and improve functionality and performance.

5.3 Service Delivery
Enquiry Information and Coaching Information are used to deliver our Services, arrange sessions and support coaches with necessary background information.

5.4 External Donation Communication
External Donation Information is used for communications and marketing where preferences allow.

5.5 Research & Improvements
We may use anonymised data for analysis, research and improving our Services.

6. LEGAL BASIS FOR PROCESSING

6.1 Consent

Used for marketing and sensitive data, unless another lawful basis applies.
 

6.2 Contractual Necessity

Applies when you agree to our Terms and Conditions.
 

6.3 Legal Obligations

Covers requirements such as financial reporting to HMRC.
 

6.4 Vital Interests

Allows processing when necessary to protect your life or safety.
 

6.5 Legitimate Interests

Includes governance, operations, marketing, fundraising and financial management aligned with our charitable objectives.

7. WHO WE SHARE YOUR PERSONAL INFORMATION WITH

7.1 External Service Providers

We may share personal information with website hosts, payment providers, subcontractors, mailing houses and fundraising platforms.
 

7.2 Commercial Partners

This includes the Royal Marines Shop for merchandise, Google Analytics, PayPal and Stripe.

7.3 Legal Compliance

We may share information if required by law, such as responding to subpoenas or legal requests.
 

7.4 Safeguards

All third parties must provide adequate safeguards and comply with data protection laws.

8. INTERNATIONAL DATA TRANSFERS

8.1 Transfers Outside the UK

Your data may be stored or processed in countries outside the UK.
 

8.2 Protection Measures

We ensure appropriate safeguards are in place in accordance with UK data protection laws.
 

8.3 Consent for Overseas Transfers

If adequate protection cannot be ensured, we will not transfer your information without your explicit consent.

9. DATA RETENTION AND STORAGE LIMITATION

9.1 Retention Periods

We retain personal information only as long as necessary. Contact information is generally held for the duration of our relationship plus six years.
 

9.2 Legal Requirements

Some data may be retained longer where required by law.

10. CHANGES TO THIS PRIVACY POLICY

10.1 Policy Updates

We may update this Privacy Policy periodically to reflect operational, legal or regulatory changes.
 

10.2 Notice of Changes

Significant updates will be announced on our website or communicated directly to you.
 

10.3 Last Updated

This Privacy Policy was last updated in September 2025.

11. YOUR RIGHTS

11.1 Your Data Protection Rights

You have the right to access, correct, delete, restrict or object to the processing of your personal data.
 

11.2 Data Portability

You can request a copy of your data in a transferable format.
 

11.3 Withdrawal of Consent

You may withdraw consent at any time where processing is based on consent.
 

11.4 Marketing Preferences

You can opt out of marketing communications at any time.
 

11.5 Contact to Exercise Rights

To exercise any of your rights, contact us using the details provided above.
 

11.6 Complaints

You may lodge a complaint with the Information Commissioner’s Office (ICO): Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone 0303 123 1113, email casework@ico.org.uk.

bottom of page