White Tip Sailing | Privacy, Cookies & Data Protection Policy

Privacy, Cookies & Data Protection Policy

White Tip Sailing Ltd (WTS)

Last updated: 25 March 2026. Reviewed at least annually.

This policy applies to White Tip sailing Ltd and its sister companies: White Tip Race Academy Ltd and White Tip Racing Ltd

Summary

This policy explains how White Tip Sailing Ltd collects, uses, stores, and shares your personal data. A more detailed explanation of each topic follows in the numbered sections below.

Topic	In brief
What we collect	Only what we need to deliver our services safely, fairly, and effectively.
Medical data	We collect medical information for all participants as a duty of care. A declaration of ‘no medical needs’ is still medical data under data protection law.
Optional questions	We may ask optional questions (e.g. inclusion monitoring, dietary or prayer needs). You can decline to answer.
Legal framework	We comply with UK GDPR, the Data Protection Act 2018, PECR, safeguarding law, and the Data Use and Access Act 2025 where relevant.
Your rights	You can access, correct, or delete your data, and change marketing preferences at any time. Contact info@whitetipsailing.com.

To exercise your rights or ask any question about this policy, contact us at:

Email: info@whitetipsailing.com

Post: Data Protection Lead, White Tip Sailing Ltd, Fleet End Bottom, Warsash, Southampton, SO31 9HL

1. Who We Are

White Tip Sailing Ltd is a company registered in England and Wales (Company No. 13318447). Our administration address is Fleet End Bottom, Warsash, Southampton, SO31 9HL.

We provide RYA training courses both ashore and on the water, operating from Port Hamble Marina, Hamble-le-Rice.

WTS is the data controller for the personal data collected under this policy. We comply with:

• The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018;

• The Privacy and Electronic Communications Regulations (PECR);

• Safeguarding law and relevant sector codes; and

• The Data Use and Access Act 2025 (DUAA) and any related regulations, which we keep under review.

Contact: info@whitetipsailing.com

2. Information We Collect and How We Use It

We collect only the information we genuinely need to deliver our services, safeguard participants, meet our legal obligations, and demonstrate our impact. The categories of information we collect are described below.

2.1 Basic personal details

Name, date of birth, contact details, and emergency contact information. Used to manage bookings, communicate with you, and respond to emergencies.

2.2 Booking and programme information

Booking forms, attendance records, assessment and certification records, and school or group details. Used to administer courses, issue certificates, and meet our obligations to accrediting bodies.

2.3 Medical and special category information

We collect medical information for all participants as part of our duty of care. This includes allergies, medical conditions, disabilities or additional support needs, dietary requirements, and completed medical forms (including a declaration of no medical issues, which remains medical data under data protection law).

We use this information to keep participants safe, make reasonable adjustments, and respond appropriately in emergencies. We do not collect more medical information than is necessary for these purposes.

2.4 Religion or philosophical belief (optional)

We may ask for limited information about your religion or belief in order to make appropriate practical arrangements, such as food requirements or access to prayer facilities. These questions are optional and you may respond ‘prefer not to say’. This information is used only to accommodate your needs and support inclusion; it is not used for any other purpose.

2.5 Financial information

Payment details, processed securely by our payment providers. We do not store full card details. Where applicable, Gift Aid declarations and related donor information.

2.6 Website and digital data

Cookies, analytics data, device identifiers, and IP addresses. See Section 7 for our Cookie Policy.

2.7 Photographs and video

Images taken during activities are used externally only with your consent. Testimonials and case studies are gathered and used only with your consent. Where participants include children or vulnerable adults, our safeguarding guidance applies.

3. Our Lawful Bases for Processing

UK GDPR requires us to identify a lawful basis for each type of processing. We rely on the following:

Contract

To process bookings, deliver programmes safely, and provide essential course-related communications.

Legal obligation

To meet our duties to regulators and accrediting bodies, including the RYA, MCA, and HMRC.

Vital interests

To respond to emergencies and safeguard life.

Legitimate interests

To run WTS effectively. This includes: maintaining safety and security on our premises and vessels; improving our services; contacting alumni; sending postal marketing; sending email or SMS marketing under the PECR soft opt-in (see Section 4); responding to safeguarding concerns and incidents; maintaining IT security; supporting proportionate internet filtering and monitoring; and producing anonymised impact reporting. We balance our legitimate interests against your rights and freedoms on a case-by-case basis.

Consent

For email or SMS marketing where the soft opt-in does not apply; fundraising messages; identifiable photographs or video; optional religion or belief questions; optional demographic monitoring questions; and surveys or case studies. You may withdraw your consent at any time by contacting info@whitetipsailing.com.

Public interest and safeguarding

Where required to protect children or vulnerable adults, in accordance with the WTS Safeguarding Policy and applicable law.

Special category data (Article 9 UK GDPR)

Where we process special category data, we rely on the following additional conditions:

• Health data: explicit consent and/or vital interests; and where applicable, the health and social care or safeguarding conditions in Schedule 1 of the Data Protection Act 2018.

• Religion or philosophical belief: explicit consent; and where appropriate, substantial public interest (equality of opportunity or treatment) under Schedule 1 DPA 2018, supported by an Appropriate Policy Document.

• Equality and inclusion monitoring: substantial public interest (equality of opportunity) under Schedule 1 DPA 2018, with appropriate safeguards and an Appropriate Policy Document.

Criminal offence data: where recordings or monitoring capture data that may relate to a potential criminal offence, we rely on Schedule 1 DPA 2018 substantial public interest conditions (including preventing or detecting unlawful acts), with DPIA, access controls, and appropriate safeguards in place.

4. Marketing

We send marketing communications only where we are permitted to do so. Specifically, we send marketing:

• By email or SMS where you have opted in; or

• By post, on the basis of our legitimate interests; or

• By email or SMS under the PECR soft opt-in, where: you provided your contact details in the course of a booking, enquiry, or purchase; we are marketing similar services; you were given a clear opportunity to opt out at the time; and every subsequent message includes an unsubscribe option.

You can change your marketing preferences or opt out at any time by emailing info@whitetipsailing.com.

We may use trusted third-party providers (such as email platforms and CRM systems) to manage marketing lists and send communications on our behalf. These providers are contractually required to comply with UK GDPR, to act only on our instructions, and never to use your data for their own marketing purposes.

5. How We Use Your Information

In addition to the specific uses described in Section 2, we use your personal data to:

• Deliver courses, including any associated accommodation, meals, and pastoral support, safely and inclusively.

• Make appropriate adjustments for medical conditions, disability, and religion or belief (including food and prayer facilities).

• Maintain the safety and security of our premises, vessels, and participants.

• Meet our legal and regulatory obligations.

We do not sell your personal data to any third party.

6. Who We Share Your Information With

We share personal data only where necessary and only with the following categories of recipient:

• Emergency services, where required to protect life or respond to an incident.

• Accreditation and regulatory bodies, including the RYA, MCA, and HMRC, to meet our legal and accreditation obligations.

• IT, CRM, and payment service providers, including internet filtering and monitoring providers, operating under contract and on our instructions.

• Third-party marketing processors, operating under contract and only on our instructions.

• Police and insurers, for the investigation of incidents or potential criminal offences.

All third parties with whom we share personal data are contractually required to comply with UK GDPR and to process data only as we instruct.

7. How Long We Keep Your Information

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law. Our standard retention periods are:

Category	Retention period
Medical forms	Until the end of the programme, plus up to 12 months (longer if linked to an incident or safeguarding matter).
Safeguarding records	Statutory periods as required by applicable law and guidance.
Accident and incident records	Generally 3 years from the date of the incident; up to age 25 for records relating to children.
Course records and certification	7–10 years.
Marketing preference records	5 years after last contact, for audit purposes.

Detailed retention rules are set out in the WTS Retention & Records Procedure.

8. Your Data Protection Rights

Under UK GDPR you have the following rights in relation to your personal data:

• Right of access: to request a copy of the personal data we hold about you.

• Right to rectification: to ask us to correct or complete inaccurate or incomplete data.

• Right to erasure: to ask us to delete your data where there is no compelling reason for us to continue holding it.

• Right to restriction: to ask us to restrict processing of your data in certain circumstances.

• Right to object: to object to processing based on legitimate interests, including direct marketing and profiling.

• Right to withdraw consent: to withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email info@whitetipsailing.com. We will respond within one calendar month. In complex cases, we may extend this by up to two further months and will notify you if we do so.

These rights are not absolute; in some circumstances we may be entitled to refuse a request, in which case we will explain why.

9. Cookies

Our website uses cookies to support its functionality and to collect anonymised analytics data that helps us understand how visitors use the site. Cookies are small text files placed on your device by your browser when you visit a website.

You can control or disable cookies at any time through your browser settings. Please note that disabling certain cookies may affect the functionality of the website.

A full list of the cookies used on our website, including their purpose and duration, is available via the cookie consent tool on the site.

10. Links to Other Websites

Our website may contain links to external websites operated by third parties. This policy applies only to the WTS website. We are not responsible for the privacy practices of any third-party site and encourage you to read the privacy policy of any website you visit.

11. Security

WTS takes the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, accidental loss, alteration, or disclosure.

Payment data is processed exclusively by our secure third-party payment providers; we do not store full card details. Access to personal data is restricted to staff and contractors who need it to perform their role, and all such persons are subject to obligations of confidentiality.

No method of electronic transmission or storage is completely secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the Information Commissioner’s Office (ICO) in accordance with our legal obligations.

12. Complaints

If you have any concern about how WTS handles your personal data, please contact us in the first instance at info@whitetipsailing.com. We will endeavour to resolve your concern promptly.

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent data protection authority:

• Website: ico.org.uk

• Helpline: 0303 123 1113

13. Changes to This Policy

We review this policy at least annually, or sooner if there are changes to the law or to our data processing practices. The date at the top of this document reflects the most recent update. Where changes are material, we will notify affected individuals directly where practicable.