Privacy Policy

Chevron Icon

LEGAL

Privacy Policy

Last updated: 5th March 2026

Adventure Risk Management Services Limited trading as Adventure RMS (“we”, “our”, “us”) is committed to protecting your privacy and handling your personal information with transparency, care, and respect. This Privacy Policy explains what information we collect, how we use it, and the rights you have in relation to your data when you visit our website, access our services, or communicate with us.

  1. Information we collect

We collect information to provide our services effectively, improve user experience, and maintain the security of our website.

1.1  Information you provide directly

  • Contact details such as your name, email address, phone number, and organisation.
  • Information submitted through contact or enquiry forms, including training or consultancy enquiries, newsletter sign‑ups, or resource downloads.
  • Information you provide when contacting us for support or general communication.
  • When you purchase a training course or other service.

1.2  Information collected automatically

When you visit our website, we may automatically collect:

  • IP address and general location data.
  • Browser type, device information, and operating system.
  • Pages viewed, time spent on the site, and referring websites.
  • Cookies and similar technologies (see Section 6).

1.3  Information from third parties
We may receive information from:

  • Payment processors (if applicable).
  • Email marketing platforms.
  • Analytics providers such as Google Analytics to collect details of visitor behaviour patterns to understand how many people have visited the site, what pages have been visited and how we can make sure the site meets their needs.
  • This information is processed in a way that does not identify individuals.

2.  How we use your information
We use your information to:

  • Respond to enquiries and provide requested services.
  • Deliver training updates, newsletters, and sector insights (only if you opt in).
  • Improve our website, content, and user experience.
  • Maintain security and prevent misuse of our services.
  • Meet legal, regulatory, or contractual obligations.

We do not sell your personal information to third parties.

3.  Legal basis for processing
We process personal data under the following legal bases:

  • Consent — when you sign up for newsletters or opt in to communications.
  • Contractual necessity — when we need your information to deliver services you have requested.
  • Legitimate interests — for website analytics, service improvement, and security.
  • Legal obligation — when required to comply with applicable laws.

4.  How we share your information
We may share your information with:

  • Service providers who support our operations (e.g., email platforms, analytics tools, secure cloud hosting).
  • Professional advisers such as legal or financial consultants.
  • Regulators or authorities when required by law.

All third‑party providers are required to protect your information and use it only for the purposes we specify. We do not share your information for marketing by third parties.

5.  Data retention
We retain personal information only for as long as necessary to:

  • Provide services you have requested.
  • Maintain accurate business and financial records.
  • Meet legal and regulatory requirements.
  • When data is no longer needed, it is securely deleted or anonymised in line with our Data Protection policy below.

6.  Cookies and tracking technologies
Our website uses cookies and similar technologies to:

  • Enable essential site functionality.
  • Analyse website traffic and performance.
  • Improve user experience.

You can manage or disable cookies through your browser settings. Some features of the site may not function properly without cookies.

7. Your rights
Depending on your location, you may have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your personal information.
  • Object to or restrict certain types of processing.
  • Withdraw consent at any time (for consent‑based processing).
  • Request data portability.

To exercise any of these rights, contact us using the details in Section 10.

8.  Data security
We take appropriate technical and organisational measures to protect your information from:

  • Unauthorised access
  • Loss or misuse
  • Alteration or disclosure

While no system is completely secure, we continuously review and improve our security practices.

9.  International data transfers
In the unlikely event that we transfer your information outside the UK or EU, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses
  • Adequacy decisions
  • Secure, compliant third‑party providers

10.  Contact us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact:
Adventure RMS
Email: info@adventurerms.org.uk

Address:

Adventure RMS
Unit 5, Broadway Barns
The Broadway
Scarning
Dereham
Norfolk
NR19 2LQ

11. Changes to this policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. Continued use of our website indicates acceptance of the updated policy.

All data will be processed, stored and destroyed in line with the Adventure RMS Data Protection policy which is set out below. This policy explains what we collect, why, who we share it with, how long we keep it and your rights.

Data Protection, Management and Control

Policy statement

Adventure RMS is committed to the fair and proper use of information. Adventure RMS acknowledges its role as the controller of data in relation to general business purposes such as human resources and its role as a processor for a competent authority in the consideration of applications, enquiries, complaints and other aspects of the contracted service.

Adventure RMS considers freelance (sub-contracted) inspectors/SMEs to be secondary processors (for a competent authority) and has defined and will monitor the processes through which they are required to ensure compliance.

Adventure RMS commitments in this regard apply to all data regardless of its format (paper based, electronic, on-line)

Policy aims

To ensure, through the application of this policy, the data Adventure RMS controls and processes will be:

  • Securely stored to prevent unauthorised processing or interference
  • Stored in a manner which ensures it cannot be corrupted
  • Made available only to those who require access to it (sufficient & limited)
  • Managed in a manner which provides details of the processing which has taken place
  • Returned and/or destroyed when no longer required (storage limitation)
  • To provide a framework for the management of data controlled by Adventure RMS (HR,
    contracts).
  • To provide a framework for the management of data processed by Adventure RMS.
  • To provide a clear, practicable and workable policy to guide inspectors/SMEs in their role as secondary processors.
  • To define performance standards in relation to the management and control of data which
    can be used to measure compliance with the policy.

Adventure RMS in its role as a controller of data and as a processor of data for a competent authority will:

  • Provide data protection training, relevant to their role, to all new personnel as part of their broader induction process
  • Require all freelance (subcontractor) inspectors/SMEs to read and sign a statement for data processing activities
  • Require service providers (for example accounting & IT) to submit a ‘Record of data processing activities’ relevant to their work with Adventure RMS
  • Ensure that data relating to a provider’s previous licensing history is shared only with the inspector/SME to whom the application has been issued and the relevant Consulting and Endorsing Inspector
  • Remove inspectors/SMEs, consulting inspectors and the endorsing inspector’s access to information when the review process is complete

Actions to be taken by Endorsing Inspector, Consulting Inspectors and Inspectors/SMEs

Comply with the Adventure RMS policy actions as defined below. Only undertake data processing within the licensed software systems provided to them by Adventure RMS.

Data storage

Data will be stored and, based on its category, returned/destroyed on the following basis:

Data collected in order for Adventure RMS to complete the work commissioned by its clients
Processor
Period of contracted service + 3 years

Recruitment
Controller
Successful candidates – duration of contract + 1 year, unsuccessful candidates – 1 year

Induction & Training
Controller
End of employment/contracted period plus 3 years

Accident reports/records
Controller
3 years from last entry

Employment records (P60, P45)
Controller
6 years

HR records
Controller
Duration of employment/contracted period plus 3 years

Data disposal will be undertaken, in line with this protocol, by Adventure RMS through the remote data management functions of the software systems used and within which employed and freelance (subcontracted) personnel are required to operate. This ensures Adventure RMS can reliably ensure compliance with the expectations of the regulations in regard to the storage and disposal of data.

Freedom of Information Act
Adventure RMS is not a public authority and is therefore not subject to the Freedom of Information Act 2000. Should a Freedom of Information Act request be received from a member of the public, the individual making the request will be directed to the relevant public authority.

Adventure RMS may hold information on behalf of a public authority. Upon request from the public authority, Adventure RMS will provide any information required to support the authority’s response.

The data controller and/or processer is Adventure Risk Management Services Limited.

Adventure RMS as a data controller 

  • Data is being controlled for the:
  • Purposes of human resource management within Adventure RMS
  • Management of supplier and subcontractor contracts within Adventure RMS
  • Data which is controlled by Adventure RMS (see above) may be shared with their appointed accounting and booking keeping service for the purpose of payroll, statutory deductions, pension contributions and associated functions.
  • Data which is controlled by Adventure RMS may be accessible to their appointed Information Technology provider in the course of their work in maintaining and supporting the IT operations of Adventure RMS.

Adventure RMS as a data processor 

  • Data is being processed on behalf of clients.
  • Data is being processed for the consideration of applications for licences and completion of consultancy projects and ad hoc work.
  • Data which is processed by Adventure RMS for the AALA and the DLSR is used in the review of applications and the production of reports which help determine whether to grant a licence or not. These reports may be subject to requests made under the Freedom of Information Act. They may also be made available to enforcement authorities during their investigations.
  • Data which is processed by Adventure RMS on behalf of other clients is used to complete projects including the production of reports which are provided to the commissioning client.

Data Protection, Management and Control
AdvRMS12.
V9.0
Updated 21.01.2026 – Review 21.01.2027
Author : T Morton

Adventure RMS Logo