About this Policy
1.1 This policy explains when and why we collect personal information , how we use it and how we keep it secure and your rights in relation to it.
1.4 We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the
website for the Information Commissioner (www.ico.gov.uk). For the purposes of
the GDPR, we will be the “controller” of all personal data we hold about you.
2. Who are we?
2.1 We are Leith Nautical sailing Academy an RYA Training Centre. We can be contacted at [38 Almondbank Terrace, Edinburgh, EH11 1SR, firstname.lastname@example.org, 07513846229.
3. What information we collect and why.
Type of information Purposes Legal basis of processing
For the purposes of our legitimate
interests in enquiries on attending our RYA courses and maintian a record of students who have completed an RYA course.
We will seek the students consent on booking form
The student may withdraw their consent at any time by contacting
us by e-mail or letter to tell us that they no longer wish their details to be held
4. How we protect your personal data
4.1 We will not transfer your personal data outside the EU without your consent.
4.2 We have implemented generally accepted standards of technology and operationalsecurity in order to protect personal data from loss, misuse, or unauthorised
alteration or destruction.
4.3 Please note however that where you are transmitting information to us over the
internet this can never be guaranteed to be 100% secure.
4.4 For any payments which we take from you online we will use a recognised online secure payment system.
4.5 We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
5. Who else has access to the information you provide us?
5.1 We will never sell your personal data. We will not share your personal data with anythird parties without your prior consent (which you are free to withhold) except where we are required to do so by law.
5.2 We may pass your personal data to third parties who are service providers, agentsand subcontractors to us for the purposes of completing tasks and providing
services to you on our behalf (e.g. to print newsletters and send you mailings). We do this for the purpose of our legitimate interests in operating the Training Centre and for
performing our contract with you. However, we disclose only the personal data thatis necessary for the third party to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own
purposes. It is possible that third parties may themselves engage others (subprocessors) to process your data. Where this is the case third parties will be required to have contractual arrangements with their sub-processor(s) that ensure
your information is kept secure and not used for their own purposes.
5.3 We may also pass your personal data to the RYA for the purposes of fulffiling ourc reponsibilities as a recongnised RYA Training Centre
6. How long do we keep your information?
6.1 We will hold your personal data on our systems for as long as you are a tudent on our course,or for as long as is necessary to comply with our legal and RYA obligations. We will review
your personal data every year to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your personaldata except that we will retain your personal data in an archived form in order to be
able to comply with future legal obligations e.g. compliance with tax requirementsand exemptions, and the establishment, exercise or defence of legal claims.
6.2 We securely destroy all financial information once we have used it and no longerneed it.
7. Your rights
7.1 You have rights under the GDPR:
(a) to access your personal data
(b) to be provided with information about how your personal data is processed
(c) to have your personal data corrected
(d) to have your personal data erased in certain circumstances
(e) to object to or restrict how your personal data is processed
(f) to have your personal data transferred to yourself or to another business in
7.2 You have the right to take any complaints about how we process your personal data
to the Information Commissioner:
0303 123 1113.
Information Commissioner’s Office
Cheshire SK9 5AF
For more details, please address any questions, comments and requests regarding our data
processing practices to our [Data Protection Manager] [insert address or e-mail address].