Privacy Policy *
Effective Date: 18/02/2026
FlyingSponge™ (“we”, “us”, “our”) is committed to protecting your privacy and ensuring that your personal data is processed lawfully, fairly, and transparently. This Privacy Policy explains how we collect, use, share, and protect your personal information when you book or participate in our immersion programmes, or otherwise interact with us.
1. Data Controller *
FlyingSponge Ltd
Company Number: [INSERT]
Registered Office: [INSERT]
Email: hello@flyingsponge.com
We are the data controller for the purposes of UK GDPR and the Data Protection Act 2018.
2. Personal Data We Collect
We collect personal information that you provide when you:
Book a programme with us
Contact us via email, phone, or website forms
Participate in our programmes
Types of personal data include, but are not limited to:
Identity & contact information: name, email, phone number, date of birth, address
Booking & payment data: payment details (processed securely via third-party providers), travel dates, special requests
Travel & programme information: passport details, visa requirements, health and medical information, dietary requirements
Emergency contacts: name, relationship, phone number, email
Photos and video content: taken during programmes for educational, marketing, or reporting purposes
Communications: emails, messages, and feedback you send to us
3. How We Use Your Personal Data
We process your data for legitimate purposes, including:
Booking and programme administration: to manage your booking, communicate programme details, and provide services you request
Legal and regulatory compliance: for tax, accounting, immigration, and insurance purposes
Health, safety, and safeguarding: to ensure appropriate care and emergency response
Marketing and communications: with your consent, to send news, promotions, or updates about our programmes
Feedback and improvement: to assess satisfaction, evaluate programmes, and improve services
Legal claims and disputes: to protect our rights, investigate complaints, or comply with legal obligations
4. Lawful Basis for Processing
Our lawful basis for processing your personal data includes:
Contractual necessity: processing is necessary to perform the contract with you (e.g., booking a programme)
Legal obligation: processing is required to comply with UK law (e.g., safeguarding, financial reporting)
Legitimate interests: processing for programme administration, fraud prevention, or improving services
Consent: for marketing communications or photography/video use where consent is obtained
5. Sharing Your Data
We may share your personal data with:
Host families, tutors, and local guides — for programme delivery and emergency purposes
Payment processors and insurers — to process bookings, cancellations, or claims
Regulatory authorities — when legally required (e.g., visas, safeguarding concerns)
Service providers and partners — to help us operate our business securely and efficiently
We never sell your personal data to third parties.
6. International Transfers
Your personal data may be transferred outside the UK, for example:
When communicating with host families, tutors or guides abroad
When booking third-party services internationally
We ensure that any such transfers comply with UK GDPR, using appropriate safeguards (e.g., Standard Contractual Clauses or contracts requiring equivalent data protection).
7. Data Retention
We retain your personal data only as long as necessary to:
Fulfil the purposes of your booking or programme participation
Comply with legal obligations (e.g., tax, insurance, safeguarding records)
Resolve disputes or enforce our agreements
Typical retention periods:
Booking & payment records: 7 years
Safeguarding or emergency records: 25 years from date of programme (for adults working with vulnerable groups, best practice)
Marketing data: until you unsubscribe or withdraw consent
8. Your Rights
You have rights under UK GDPR, including the right to:
Access your personal data
Correct inaccurate or incomplete data
Erase your data where there is no legal requirement to retain it
Restrict processing under certain circumstances
Object to processing for marketing or legitimate interests
Data portability — request a copy of your data in a portable format
Withdraw consent at any time for marketing or photography usage
Requests can be sent to hello@flyingsponge.com. We will respond within one month.
9. Security of Your Data
We implement appropriate technical and organisational measures to protect your personal data from:
Unauthorized access
Accidental loss, destruction, or damage
Improper use
We use secure servers, encryption, and password-protected access for all data storage.
10. Cookies and Online Tracking
Our website uses cookies and similar technologies to:
Improve website functionality
Analyse website traffic
Provide targeted marketing (with consent)
You can manage cookie preferences through our website banner or browser settings. See our Cookie Policy for full details.
11. Safeguarding and Health Information
We collect sensitive personal data (health, dietary, medical information) only to ensure your safety and wellbeing during programmes.
This data is processed confidentially and shared only with relevant staff, host families, or medical professionals as necessary.
All staff, hosts, and tutors undergo safeguarding checks and agree to confidentiality obligations.
12. Marketing Communications
We may send you information about our programmes, promotions, or partner offers, only with your consent.
You can opt-out at any time via the unsubscribe link in emails or by contacting us.
13. Complaints and Queries
If you have questions about how we handle your personal data or wish to exercise your rights, contact: hello@flyingsponge.com
If unresolved, you may lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The most current version will always be published on our website with the effective date.