Privacy Policy

We are The Riot Act Limited, a Limited Company registered in England and Wales (Company Number: 09780972).
Our registered address is:
2 Haven Court, Leeds, LS16 6SH, United Kingdom

Website: www.theriotact.co.uk
Contact Email: dan@theriotact.co.uk

We are a Theatre in Education company providing educational programs to schools across the UK. Protecting your privacy and personal data is a core commitment of our organisation.

1. The Data We Collect

We collect only the minimum personal data necessary to operate our services. This includes:

  • Full name of school staff members making bookings.

  • School email address.

  • School address.

This information is collected via Google Forms when schools make a booking.

We also collect information through a contact form on our website, which may include your name, email address, and phone number. This information is sent directly to our company email address and is not stored elsewhere.

We may also collect anonymous evaluations from students and staff during and after program delivery. These evaluations do not contain personally identifiable information.

We do not collect personal data from the general public through our website other than through the booking process and contact form.

2. Purpose of Data Collection

We use the information we collect for the following purposes:

  • To manage and confirm school bookings.

  • To organise and deliver educational programs.

  • To communicate with school staff regarding program logistics.

  • To respond to enquiries made via our website contact form.

  • To evaluate the effectiveness of our programs (anonymous feedback only).

We do not use booking or enquiry data for marketing purposes and we do not add contacts to marketing databases.

3. Lawful Basis for Processing

We process your personal data under the following lawful bases in accordance with the UK GDPR:

  • Legitimate Interest – to deliver our services effectively and respond to enquiries.

  • Contract – where a booking constitutes a service agreement between your school and The Riot Act Limited.

  • Consent – where applicable, such as when completing optional evaluations.

4. How We Store and Protect Your Data

  • All booking data is stored in Google Drive and collected via Google Forms, both secured with strong passwords and two-factor authentication.

  • Contact form enquiries are sent directly to our email and are not stored elsewhere.

  • Access to booking data is strictly limited to two authorised staff members.

  • Our staff are trained in data protection best practices.

  • We regularly review data access permissions and storage security.

5. Data Retention

  • All identifiable booking information is deleted once the booked program is delivered and completed.

  • Contact form enquiries are retained only for as long as is necessary to respond to the enquiry and are then deleted.

  • We do not retain personal emails or other identifiers for marketing or future contact.

  • Anonymous evaluation data may be kept for reporting and analysis but will not contain any personal identifiers.

6. Data Sharing

We do not share personal data with third parties unless:

  • We are required to do so by law or regulatory obligation.

  • It is necessary to protect our rights, property, or safety, or the safety of others.

We do not sell, trade, or rent your personal data.

7. Your Data Protection Rights

Under the UK GDPR, you have the following rights:

  • Right of access – request a copy of the personal data we hold about you.

  • Right to rectification – correct inaccurate or incomplete information.

  • Right to erasure – request deletion of your personal data (where applicable).

  • Right to restrict processing – request limits on how we use your data.

  • Right to object – object to processing under certain circumstances.

  • Right to data portability – request your data in a structured, commonly used, machine-readable format.

To exercise any of these rights, please contact us at dan@theriotact.co.uk.

8. Data Breach Procedure

In the unlikely event of a data breach, we will follow UK Information Commissioner’s Office (ICO) guidelines, including:

  • Promptly investigating the breach.

  • Notifying affected individuals where required.

  • Reporting to the ICO within the statutory timeframe.

9. Cookies and Website Tracking

Our website does not directly collect personal data through cookies for marketing purposes. However, we use standard analytics tools to understand website usage. Cookies are small files stored on your browser to enhance website functionality. You can disable cookies in your browser settings, but some website functions may not operate correctly.

10. Third-Party Services

Our booking process uses Google Forms and Google Drive. These are provided by Google LLC, which may store and process your data on servers outside the UK. Google complies with applicable data protection laws and provides contractual safeguards for international data transfers.
We encourage you to read Google’s Privacy Policy for more information.

11. Changes to This Privacy Policy

We may update this policy to reflect legal requirements or operational changes. The most recent version will always be available on our website. If you have questions about this policy or your data, please contact:

Daniel Hobson, Data Protection Officer
The Riot Act Limited
2 Haven Court, Leeds, LS16 6SH
Email: dan@theriotact.co.uk

The link to our complete GDPR policy can be found here