The Treasure Hunt Company is a trading name that operates as part of GOTO Events Ltd (Out of The Office Ltd – Trading as GOTO Events). The privacy and data protection practices described in this policy apply equally to The Treasure Hunt Company and all services delivered under the GOTO Events group.
GOTO Events Privacy & Data Protection Policy
1. Who We Are
GOTO Events Ltd is a UK-based corporate events company. The Treasure Hunt Company is part of the GOTO Events group. For the purposes of data protection law, we are the "data controller" of the personal information you provide to us.
- Email: hello@treasure-hunt.co.uk
- Phone: 0207 118 4115
- Address: G1 Fulcrum Business Centre, 9 Vantage Way, Poole, Dorset, BH12 4NU
- Data Protection Officer: Steve Perkins
Supervisory authority: If you are not satisfied with our response to any data protection concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): www.ico.org.uk
2. What Data We Collect
We may collect and process the following personal data:
- Full name
- Contact information (email address, phone number)
- Employer or company name
- Medical information (where applicable for event safety)
- Emergency contact details
- Signatures and consent confirmations
3. Legal Basis for Processing
We process personal data on the following legal bases:
- Contractual necessity – for managing bookings and delivering our services.
- Legitimate interest – to ensure the safety of all participants during events.
- Legal obligation – to retain information as required by insurers and regulators.
- Explicit consent – for processing special category data such as medical information and photo/video content.
3.1 Legitimate Interest for Collecting Data
We collect and use limited personal information as part of delivering our event services in ways that are reasonable, proportionate, and expected by our clients and participants.
Our legitimate interests include:
- Ensuring we can safely and effectively deliver the agreed services (e.g. confirming headcounts, managing event logistics, verifying booking details)
- Protecting the health and wellbeing of participants (e.g. capturing relevant medical disclosures that may affect participation in physical activities)
- Maintaining accurate records for compliance, insurance, and liability purposes
We only collect information that is necessary and relevant to these purposes. The benefits of collecting this information (such as ensuring participant safety and honouring our contractual obligations) clearly outweigh the minimal risk or impact on the individuals involved. We do not use personal data in ways that are unexpected, intrusive, or unfair, and we take robust security measures to ensure confidentiality and integrity of all data collected.
4. Special Category Data
We may collect health-related information to ensure participant safety during physically active events. This data is only collected with explicit consent and will be handled with the highest level of confidentiality. We ensure this data is:
- Submitted individually (not in shared formats)
- Stored securely with limited access
- Only accessible by authorised personnel (e.g. trained event staff)
5. Photography & Videography
We may photograph or record parts of our events for promotional purposes. This is always done with explicit, opt-in consent that is separate from the event booking contract. Participation in the event does not require agreement to photography. If you wish to withdraw consent either before or after an event, please contact us and we will ensure your image/video is not used or is removed from future materials.
6. Data Sharing
We do not sell, share, or transfer your personal data to any third parties for marketing or unrelated purposes.
In the interest of participant safety and regulatory compliance, limited data (e.g. relevant medical details or emergency contact information) may be disclosed to emergency services, insurers, or authorised medical personnel when necessary. Any such sharing is done strictly on a need-to-know basis and under appropriate safeguards.
7. Data Retention
In line with our insurer's requirements, we retain signed disclaimers and relevant event documentation for 7 years. After this period, data is securely destroyed or anonymised.
8. Data Security
We take data protection seriously and employ multiple layers of IT security as detailed in our internal policies:
- IT Security Policy
- IT Security Testing Policy
- IT Password Policy
- IT Access Log File Policy
We also use industry-leading technologies such as Mimecast and Two-Factor Authentication (2FA) to protect stored data.
9. Your Rights
Under the UK GDPR, you have the right to:
- Access your personal data
- Request rectification or erasure
- Restrict or object to processing
- Withdraw consent at any time
- Lodge a complaint with the ICO
To exercise any of these rights, please email hello@treasure-hunt.co.uk.
10. Cookies and Tracking
Our website uses cookies to enhance user experience, provide social media features, and analyse traffic. Cookies are small files stored on your device that help us understand how visitors interact with our site. We use:
- Necessary cookies – to ensure our website functions correctly
- Analytics cookies – to help improve our website through anonymous usage data (e.g. Google Analytics)
- Marketing cookies – only with user consent, for occasional campaign performance tracking
When you visit our site, you will be asked to consent to the use of cookies. You can change or withdraw your consent at any time by adjusting your browser settings or revisiting the cookie banner. For more information, or to view or manage your cookie preferences, please contact us at hello@treasure-hunt.co.uk.
11. Updates to This Policy
We may update this policy from time to time to reflect legal or operational changes. The latest version will always be available on this page.