Privacy Policy - Wildfires Festival
logo
buy tickets
Privacy Policy

Privacy Policy

At Wildfires we are committed to protecting your privacy.

This Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

Any questions regarding this Policy and our privacy practices should be sent by email to info@wildfiresfestival.com.

Data protection law

The Data Protection Act 2018 is the legislation whereby the European General Data Protection Regulation (‘GDPR’) is implemented into UK law.  While the UK has ceased to be part of the European Union, the GDPR continues to apply but the UK maintains independence to review these laws and framework.

In this policy, we refer to the laws that govern data protection in the UK, and relevant guidance from the Information Commissioner’s Office, as ‘UK GDPR’.  

Who we are

Wildfires Festival is an annual three-day festival, which was launched in 2018 as a place to encounter God. It is led by a core team of leaders from 24-7 Prayer, Emmaus Road Church, Pioneer Network and Open Heaven, St Paul’s Hammersmith Church, KXC Church, and Gas Street Church, with legal responsibility of the event held by the trustees of 24-7 Prayer. 24-7 Prayer is an international movement of prayer, mission and justice. 24-7 Prayer is a UK registered charity (no. 1091413) and company limited by guarantee (no. 04176643). The registered address is The Lighthouse, 8-10 High Street Woking, GU21 6BG.

24-7 Prayer is the data controller. This means we decide how your personal data is processed and for what purposes.

How we obtain information from you

We obtain information about you when you use our website, when you contact us, when you make a donation, when you (or someone on your behalf) make a booking to our event, register your child or apply to volunteer.

What type of information can we collect from you

The personal information we collect might include your name, contact number, address, email address, IP address, church, accessibility and additional needs and information regarding what pages are accessed and when. If registering a child under 18, personal information we collect might include their name, date of birth, accessibility and additional needs, guardian names, guardian contact numbers, consent for medical intervention, consent for activities, and consent for photos and videos. If you are a volunteer, we might collect DBS information. If you make a donation online or make a booking online, your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions, as explained below. We may collect sensitive data about you where you directly provide us with that information (including but not limited to your religious beliefs, physical and mental health, etc.).

Use of ‘Cookies’

The Wildfires website uses cookies. A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website. Cookies are used by many websites and may be used by the Wildfires website to collect statistical data about your browsing actions and patterns but do not identify you as an individual. For example, we use cookies to store your country preference. This helps us to improve our website and deliver a better more personalised service.

You can switch off cookies in your browser preferences. Turning cookies off may result in a loss of functionality when using our website.

How your information is used

We will only use your personal data when UK GDPR allows us to.

Typically we may use your information to:

  • process your booking
  • process a child registration
  • process a volunteering application
  • to carry out our obligations arising from any contracts entered into by you and us where necessary;
  • keep records of your relationship with us e.g. questions you have asked or complaints you have made;
  • managing any ‘contact us’ messages
  • notify you of changes to our services;
  • send you communications which you have requested and that may be of interest to you.
  • classify supporters by location, for example Scotland, Northern Ireland or Wales;
  • process a donation that you have made;
  • process orders that you have submitted;
  • dealing with entries into a competition;
  • seek your views or comments on the services we provide;
  • notify you of changes to our services;
  • send you communications which you have requested and that may be of interest to you. These may include information about campaigns, appeals, other fundraising activities;
  • share information with 24-7 Prayer to facilitate event planning and delivery
  • share information with a church leader/administrator if you opt in your booking to camp with a particular church group.

UK GDPR permits us to process personal data where there is a lawful basis for doing so. Typically the relevant lawful basis is likely to be one of the following:

  • ‘Legitimate interest’ – this means the legitimate interests of Wildfires or a third party in conducting or managing our business to provide the best service and most secure experience. We consider and balance any potential impact on you and your rights before we process your data based on our legitimate interests and do not process your data where our interests are overridden by any impact on you unless we have your consent or this is otherwise permitted by law. 
  • ‘Performance of a contract’ – this means processing your data where it is necessary for the performance of a contract we have entered with you or to take steps at your request before entering such contract.
  • ‘Comply with a legal or regulatory obligation’ – means processing your data where it is necessary for us to comply with a legal or regulatory obligation that Wildfires is subject to.
  • ‘Consent’ – this means any freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of your personal data

We will hold your personal information on our systems for as long as is necessary for the relevant activity and as long as is set out in any relevant contract you hold with us. We are legally required to hold some types of information to fulfil our statutory obligations (for example the collection of Gift Aid). We review our retention periods for personal information on a regular basis.

Who has access to your information?

Wildfires staff, 24-7 Prayer staff, trustees, volunteers and event contractors may have access to your personal data.

We will not sell or rent your information to third parties.

We will not share your information with third parties for marketing purposes.

Third Party Service Providers working on our behalf: We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to process donations and send you mailings). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond the Wildfires network for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crimes.

Legal duty: We may need to pass on information if required by law or by a regulatory body. For example, a Gift Aid audit by the HMRC, or if asked for details by a law enforcement agency.

Third Party Product Providers we work in association with: When you are using our secure online donation pages, your donation is processed by a third party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us.

We use the information we collect about you to process orders and to help us improve our services. Please read on for more details about our privacy policy.

Your Choices

You have a choice about whether or not you wish to receive information from us. You will only receive direct marketing communications from us about the vital work we do and our exciting products and services if you have explicitly given your consent for us to communicate with you in this way. If you would like to change your preferences of what you receive, then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information.

We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted. You can change your marketing preferences, or opt-out/withdraw at any time by contacting us by email: info@wildfiresfestival.com.

If you believe that we are handling your data in a way that does not comply with the relevant data protection legislation, then we suggest you contact us in the first instance and, if this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them on 03031 231113 or via email at ico.org.uk/global/contact-us/email or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.

How you can access, update and erase your information

The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or any of the other information we hold is inaccurate or out of date, please email us at: info@wildfiresfestival.com

You have the right to ask for a copy of the information Wildfires hold about you for free. We may charge an appropriate fee for information requests to cover our costs in processing your request when:

  1. a request is manifestly unfounded or excessive, particularly if it is repetitive;
  2. to comply with requests for further copies of the same information. This does not mean that we will charge for all subsequent requests.

Security precautions in place to protect your information

When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with 256 Bit encryption using TLS. When you are on a secure page, a lock icon will appear in your web browser.

Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone and that you change your password frequently.

Profiling

We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and reduce fraud and credit risk.

We will only carry out profiling when we have a lawful basis for doing so and we will document our actions and their lawful basis when we do so. It is your right to object to us creating a profile about you. You can do so by contacting us via email: info@wildfiresfestival.com

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

Transferring your information outside of Europe

As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the UK. By way of example, this may happen if any of our servers are from time to time located in another country and/or where we may share information with other partnering organisations located in other countries.  These countries may not have similar data protection laws to the UK GDPR.

The UK GDPR restricts transfers of personal data outside of the UK to another country (referred to as a “third country”) unless individuals’ rights in respect of their personal data are: 1) protected by an ‘adequacy’ regulation, or 2) protected by an ‘appropriate safeguard’.

  1. Is the restricted transfer covered by adequacy regulations?

UK adequacy regulations set out in law that the legal framework in a particular country, territory, or sector of a country, has been assessed as providing ‘adequate’ protection for individuals’ rights and freedoms about their personal data.  The UK has adopted an approach to include countries covered by European Commission adequacy decisions. Likewise, the European Commission has confirmed it is satisfied that the UK has sufficient adequacy measures in place.

So, we may transfer your personal data within the European Economic Area and any other countries covered by the European Commission’s adequacy decisions.

  • Is the restricted transfer covered by appropriate safeguards?

If there are no UK adequacy regulations in place concerning the country where a partner organisation is based, we will ensure that there are appropriate safeguards in place before sharing your data.

When working with organisations in these regions, we will ensure that an international data sharing contract is in place with those partners, incorporating data protection measures recognised in accordance with UK GDPR.

In the event that there are no adequacy regulations, and we have not been able to implement appropriate safeguards in an international data sharing contract, we will not transfer your personal data outside the UK without your explicit consent.

If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.

Review of this policy

We keep this Policy under regular review. This Policy was last updated in March 2025.