Privacy Policy

‍

1. Data Controller Information

Data Controller:

Keep Sailing Limited

Email: info@keepsailing.co.uk

Website: www.keepsailing.co.uk

For any privacy-related queries, please contact us at info@keepsailing.co.uk.

2. Legal Basis for Processing Personal Data

We process your personal data under the following legal bases:

• Contract Performance: To fulfill our obligations under our booking terms and conditions
• Legitimate Interest: For marketing, analytics, safety records, and business operations
• Consent: For photography, marketing communications, and non-essential processing
• Legal Obligation: To comply with RYA requirements, safety regulations, and legal duties
• Vital Interests: In emergency situations for health and safety purposes

3. Personal Data We Collect

3.1 Booking and Course Information

• Full name, address, email address, telephone number
• Date of birth and age verification
• Payment information (processed securely through third-party providers)
• Course preferences and booking history
• Gift voucher and course credit information
• Note: Most booking data is stored within our Sailia booking system

3.2 Health and Safety Data

• Medical conditions and fitness declarations
• Dietary requirements and allergies
• Emergency contact information
• Swimming ability and water confidence levels
• Medication information that may affect participation
• Alcohol and substance declarations
• Note: Waiver and health information is stored within our Sailia booking system

3.3 Group Booking Information

• Group leader details and responsibilities
• Participant consent forms
• Parental/guardian consent for under-18s
• Group member contact and medical information
• Note: Group booking data is managed within our Sailia booking system

3.4 Assessment and Certification Data

• Course attendance records
• Assessment results and competency evaluations
• Certificate issuance and completion status
• Instructor feedback and training notes

3.5 Digital and Technical Data

• Website usage data and cookies
• IP addresses and browser information
• Email engagement statistics
• CCTV footage at our premises

3.6 Photography and Video Content

• Images and videos taken during courses and events
• Metadata associated with media files
• Publication consent records

3.7 Staff and Instructor Information

• Professional qualifications and certifications
• DBS disclosure information (where applicable)
• Performance and training records
• Contact and emergency information

4. How We Use Your Personal Data

4.1 Course Management and Delivery

• Processing and confirming bookings
• Managing course attendance and completion
• Conducting assessments and issuing certifications
• Providing coaching feedback and instruction
• Managing health and safety requirements
• Handling cancellations, transfers, and refunds

4.2 Safety and Emergency Purposes

• Maintaining emergency contact information
• Managing medical conditions and dietary requirements
• Conducting risk assessments
• Emergency response and incident management
• Compliance with health and safety regulations

4.3 Business Operations

• Customer service and support
• Financial management and accounting
• Insurance and liability management
• Quality assurance and course improvement
• Complaints handling and resolution

4.4 Marketing and Communications

• Sending promotional materials and course updates
• Newsletter distribution (with consent)
• Social media marketing and engagement
• Website content and testimonials
• Market research and customer feedback

4.5 Legal and Regulatory Compliance

• RYA certification and record-keeping requirements
• Age verification and parental consent
• DBS checks for staff (where required)
• Dispute resolution and legal proceedings
• Regulatory reporting and compliance

5. Data Sharing and Third-Party Processors

5.1 Royal Yachting Association (RYA)

Upon course completion, we share the following information with the RYA:

• Name, email address, date of birth, and address
• Course details and certifications obtained
• This enables certificate verification and central record management
• Your RYA Interactive account will be removed after one year
• Full RYA privacy details: www.ryainteractive.org

5.2 Sailing Clubs and Training Venues

We share limited information with partner sailing clubs:

• Name and address for temporary membership
• Course attendance and completion data
• This enables venue access and safety management

5.3 Technology Service Providers

We use the following third-party processors:

• Sailia: Our primary booking system that stores booking data, waiver information, and customer records
• Google: Email services, analytics, and cloud storage
• Mailchimp: Email marketing and newsletter services
• Stripe: Secure payment processing
• Website hosting providers: Data storage and website functionality

Important: By making a booking with us, you are also subject to Sailia's privacy policies and terms of service, as your booking and waiver data is processed and stored within their system.

5.4 Legal and Emergency Disclosure

We may share data with:

• Police and law enforcement (upon lawful request)
• Emergency services during health and safety incidents
• Legal advisors and courts in dispute resolution
• Insurance companies for claims processing
• Regulatory bodies for compliance purposes

5.5 WhatsApp Groups

• Joining course-related WhatsApp groups is optional
• By joining, you consent to sharing contact information with other group members
• We are not responsible for data misuse within WhatsApp groups
• Participants may be removed for inappropriate behavior

6. Data Retention Periods

6.1 Course and Certification Records

• Certificate records: 7 years (for verification purposes)
• Course attendance: 7 years (for regulatory compliance)
• Assessment records: 7 years (for quality assurance)

6.2 Financial and Booking Data

• Payment records: 7 years (for accounting and tax purposes)
• Booking information: 7 years (for customer service)
• Refund and cancellation records: 7 years (for dispute resolution)

6.3 Health and Safety Information

• Medical declarations: 7 years (for insurance and safety purposes)
• Incident reports: 7 years (for regulatory compliance)
• Emergency contact information: Duration of customer relationship

6.4 Marketing and Communications

• Email newsletter subscriptions: Until unsubscribed
• Website analytics: 26 months (Google Analytics default)
• Photography consent: 7 years or until consent withdrawn

6.5 Staff and Instructor Data

• Employment records: 7 years after employment ends
• DBS disclosures: As per DBS Code of Practice
• Training records: 7 years (for qualification verification)

7. Your Rights Under GDPR

7.1 Right of Access

You can request copies of all personal data we hold about you. We will provide this within one month, subject to identity verification.

7.2 Right of Rectification

You can request correction of inaccurate or incomplete personal data. We will update our records and notify relevant third parties.

7.3 Right of Erasure ("Right to be Forgotten")

You can request deletion of your personal data, subject to:

• Legal retention requirements
• Legitimate business interests
• Ongoing contractual obligations

7.4 Right to Restrict Processing

You can request that we limit how we use your data while disputes are resolved or data is verified.

7.5 Right to Data Portability

You can request your personal data in a structured, machine-readable format for transfer to another service provider.

7.6 Right to Object

You can object to processing based on legitimate interests, including direct marketing (which we will stop immediately).

7.7 Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that significantly affects you.

8. Photography and Video Policy

8.1 Consent and Purpose

By booking with us, you consent to photography and video recording for:

• Coaching feedback and instruction
• Course documentation and records
• Website content and promotional materials
• Social media posts on official channels
• Marketing materials (digital and print)

8.2 Publication and Use

Images may be published on:

• Keep Sailing website (www.keepsailing.co.uk)
• Keep Sailing social media accounts
• Marketing and promotional materials
• Third-party websites promoting our services
• Keep Sailing premises and notice boards

8.3 Your Rights Regarding Images

• Opt-out: Contact info@keepsailing.co.uk before your course
• Withdraw consent: Request removal from future use at any time
• Access copies: Request images containing you (ID verification required)
• Selective consent: Consent to some uses but not others

8.4 Image Management

• No identifying information published with images unless separately agreed
• Images retained for up to 7 years
• Removal within 30 days of consent withdrawal
• Cannot recall existing printed materials already distributed

9. Cookies and Website Analytics

9.1 Cookies We Use

Our website uses cookies for:

• Essential website functionality
• Performance and analytics (Google Analytics)
• User preferences and settings
• Security and fraud prevention

9.2 Analytics and Tracking

We use Google Analytics to understand:

• Website usage patterns and popular content
• User demographics and interests
• Course booking behavior and conversion rates
• Technical performance and errors

9.3 Managing Cookies

You can control cookies through your browser settings. Disabling cookies may affect website functionality.

10. Data Security Measures

10.1 Technical Safeguards

• Encrypted data transmission (SSL/TLS)
• Secure cloud storage with access controls
• Regular security updates and patches
• Multi-factor authentication for staff accounts
• Secure payment processing (PCI DSS compliant)

10.2 Organizational Measures

• Staff training on data protection
• Access controls and permission management
• Regular security audits and assessments
• Incident response procedures
• Secure disposal of paper records

10.3 Physical Security

• Locked filing cabinets for paper records
• Secure premises with access controls
• CCTV monitoring (with appropriate signage)
• Secure destruction of confidential waste

11. Data Breach Procedures

11.1 Breach Detection and Response

In the event of a data breach, we will:

• Contain and assess the breach within 24 hours
• Notify the ICO within 72 hours (if required by law)
• Inform affected individuals without undue delay
• Document the breach and response actions
• Review and improve security measures

11.2 High-Risk Breaches

If a breach poses high risks to your rights and freedoms, we will:

• Notify you immediately with clear, plain language
• Advise on protective measures you can take
• Provide ongoing updates on our response
• Offer support and remediation where appropriate

12. Children's Privacy

12.1 Under-18 Participants

For participants under 18:

• Parental/guardian consent required for booking
• Parent/guardian must complete all forms and declarations
• Photography consent must be given by parent/guardian
• Parents/guardians have all rights regarding their child's data

12.2 Under-16 Marketing

We do not send marketing communications to anyone under 16 without explicit parental consent.

13. International Data Transfers

13.1 Third Country Processing

Some of our service providers may process data outside the UK/EU:

• Google services (with appropriate safeguards)
• Website hosting and cloud services
• Payment processing providers

13.2 Safeguards

All international transfers are protected by:

• Adequacy decisions where available
• Standard Contractual Clauses (SCCs)
• Appropriate technical and organizational measures
• Regular review of transfer arrangements

14. Complaints and Regulatory Contact

14.1 Internal Complaints

For privacy-related complaints:

1. Contact us at info@keepsailing.co.uk
2. We will acknowledge within 5 working days
3. Full response within 30 days
4. Escalation procedures if unsatisfied

14.2 Regulatory Complaints

You have the right to complain to the supervisory authority:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Telephone: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

15. Policy Updates and Changes

15.1 Policy Revisions

We may update this Privacy Policy to reflect:

• Changes in data protection laws
• New business practices or services
• Enhanced security measures
• Regulatory requirements

15.2 Notification of Changes

• Material changes will be communicated via email
• Updated policy posted on our website
• Continued use constitutes acceptance of changes
• Right to withdraw consent for any new processing purposes

16. Third-Party Policies and Additional Terms

Sailia Booking System:

By making a booking with Keep Sailing, you acknowledge that your booking data, waiver information, and related personal data will be processed and stored within the Sailia booking system. You are therefore also subject to Sailia's privacy policies and terms of service. We recommend reviewing Sailia's data protection policies alongside this Privacy Policy.

Other Third-Party Services:

Use of our services may also involve third-party processors mentioned in Section 5 of this policy. Each processor operates under their own privacy policies and terms of service.

17. Contact Information

Data Protection Enquiries:

Email: info@keepsailing.co.uk

Website: www.keepsailing.co.uk

For specific data requests:

• Subject Access Requests: info@keepsailing.co.uk
• Consent withdrawal: info@keepsailing.co.uk
• Photography opt-out: info@keepsailing.co.uk
• Marketing unsubscribe: Use email links or contact info@keepsailing.co.uk

Last Updated: 01/08/2025

Next Review Date: 01/08/2026

By using our services or website, you acknowledge that you have read, understood, and agree to this Privacy Policy.

‍