top of page

Privacy Policy – Dark Roc Ltd

Last updated: January 2026

Dark Roc Ltd (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal data responsibly and transparently. This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Company name: Dark Roc Ltd
Registered in: United Kingdom

We are the data controller for the personal data described in this policy.

2. What Personal Data We Collect

We may collect and process the following types of personal data:

  • Name, address, email address, and telephone number

  • Date of birth

  • Emergency contact details

  • Booking, attendance, and course participation records

  • Payment and invoicing information

  • Website usage data (such as IP address and browser information)

Where required by law or for safety purposes, we may also collect:

  • Photographic identification documents (e.g. passport or driving licence)

  • Disclosure and Barring Service (DBS) information

3. How We Use Personal Data

We use personal data to:

  • Provide and manage our services

  • Process bookings and enquiries

  • Communicate with clients and participants

  • Meet legal, regulatory, and safeguarding obligations

  • Maintain business records and accounts

  • Improve our services and website functionality

4. Lawful Basis for Processing

We process personal data under one or more of the following lawful bases:

  • Performance of a contract – where processing is necessary to deliver our services

  • Legal obligation – where we are required to comply with legal or regulatory requirements

  • Legitimate interests – where processing is necessary for the operation of our business and does not override individual rights

  • Consent – where required, such as for marketing communications

5. Processing of Identification and DBS Information

In order to provide our services and to meet legal, regulatory, and safety obligations, Dark Roc Ltd is required to collect and process identification documents and Disclosure and Barring Service (DBS) information.

This information may include full name, date of birth, address, photographic identification (such as a passport or driving licence), and DBS certificate information.

We process this information on the following lawful bases:

  • Legal obligation – where identity verification or suitability checks are required by law or regulatory standards

  • Performance of a contract – where processing is necessary to provide our services

  • Substantial public interest – for safeguarding, security, and safety purposes, in accordance with UK data protection law

DBS information is treated as criminal offence data and is handled with enhanced security and confidentiality measures in line with the UK GDPR and the Data Protection Act 2018.

6. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes for which it was collected.

  • General customer and client records are retained for up to 7 years to meet legal and accounting requirements.

  • Identification documents and DBS information are retained for a maximum of 6 months following verification or course completion, unless a longer retention period is required by law.

  • Once retention periods expire, personal data is securely deleted or destroyed.

7. Who We Share Data With

We may share personal data with trusted third parties where necessary, including:

  • DBS processing and verification bodies

  • Professional advisers such as accountants or legal advisers

  • IT and system service providers supporting our operations

All third parties are required to handle personal data securely and in compliance with data protection legislation.

We do not sell personal data to third parties.

8. How We Protect Your Data

We take appropriate technical and organisational measures to protect personal data, including:

  • Restricted access to sensitive information

  • Secure digital storage systems

  • Secure handling and disposal of physical documents

Access to identification and DBS information is strictly limited to authorised personnel only.

9. Your Data Protection Rights

Under UK data protection law, you have the right to:

  • Access your personal data

  • Request correction of inaccurate or incomplete data

  • Request erasure of your data where applicable

  • Restrict or object to processing in certain circumstances

  • Request data portability

  • Withdraw consent where processing is based on consent

To exercise your rights, please contact us using the details below.

10. Cookies and Website Data

Our website may use cookies and similar technologies to improve functionality and analyse usage. You can manage cookie preferences through your browser settings.

11. Complaints

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner’s Office.

12. Data Protection Registration

Dark Roc Ltd is registered with the UK Information Commissioner’s Office and complies with applicable UK data protection legislation.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle personal data, please contact us through the contact details provided on our website.​

bottom of page