Privacy Policy 

Download a PDF copy of our Privacy Policy. 
Last updated 03 July 2019

About us

The Royal Life Saving Society UK (“RLSS UK”) is the drowning prevention charity (charity number 1046060) and is the UK’s leading provider of water safety education and qualifications. RLSS UK is also the National Governing Body, recognised by Sport England, for the sport of life saving. RLSS UK’s  website is http://www.rlss.org.uk/

RLSS UK is structured as two limited companies and 47 membership branches located across the UK. The two limited companies are:

  • RLSS U.K. Enterprises Limited (trading as RLSS Direct), with registered office at Redhill House, London Road, WORCESTER, WR5 2JG, United Kingdom (company number 02559199). RLSS Direct stocks, sells and fulfils a range of products to help support the delivery of vocational and non-vocational awards and qualifications mainly via the website https://www.rlssdirect.co.uk/
  • IQL UK Limited with registered office at Redhill House, London Road, WORCESTER, WR5 2JG, United Kingdom (company number 03719774). IQL UK is the lifesaving qualification awarding body offering OFQUAL regulated and non-regulated vocational training programmes and qualifications. Through IQL UK, there are more than 90,000 RLSS UK pool lifeguards trained in the National Pool Lifeguard Qualification (NPLQ) and around 95 per cent of all pool lifeguards are trained by RLSS UK.

RLSS UK is the controller of all personal data processed by the charity, the two above operating companies and the 47 membership branches.


Data Protection Officer

RLSS UK’s Privacy Officer is:

Jason Ellis
RLSS UK
Redhill House
London Road
Worcester
WR5 2JG

(t) 0300 3230 096
(e) [email protected] 


Personal Data Processed by RLSS UK

RLSS UK collects, stores and processes personal data for several purposes, mainly: membership administration, financial accounting, marketing and the administration of the charity. The detail of this is described in the table below. 

Type of data

Purpose

Legal Basis

Retention period

Volunteer/Club Positions

Volunteer Application Forms

Administration

Performance of a contract

 

Some processing may be legitimate interests*

2 years

Club Officer Roles

Administration

Legitimate Interests*

 

Visible records of those is currently in position – Hidden records for historic purposes.

 

No retention period records stay forever

Volunteer complaints

Management of complaints

Necessary for compliance with a legal obligation

 

Necessary for the purpose of legitimate interest

3 years form the end of the complaint procedure

Members/Candidates/Trainers

Membership list comprising names, addresses, telephone numbers

Membership administration and communication

Performance of a contract and some processing may be Legitimate Interest*

2 years after membership ceases

Course candidates – Community based awards comprising names, addresses, telephone numbers, email addresses and course results

Award administration

Performance of a contract and some processing may be Legitimate interest

2 years after all membership and awards have expired***

Course candidates – Non - Regulated awards comprising names, addresses, telephone numbers, email addresses and course results

Award administration

Performance of a contract and some processing may be Legitimate interest

2 years after all membership and awards have expired***

Course candidates – regulated awards comprising names, addresses, telephone numbers, email addresses and course results

Award administration

Performance of a contract and some processing may be Legitimate interest

7 years from the day of assessment ***

Course candidates – other organisations awards/qualifications comprising names, addresses, telephone numbers, email addresses and course results

Award administration

Performance of a contract and some processing may be Legitimate interest

7 years from the day of assessment***

Trainer Assessor candidates/paperwork – names, addresses, telephone numbers, email addresses and course results

Award administration

Performance of a contract and some processing may be legitimate interest

???

Instructor and Instructor Tutor candidates/paperwork

Award administration

Performance of a contract and some processing may be legitimate interest

???

Candidate certificate data held on Credcert– name, address, email address

Award administration

Performance of a contract and some processing may be legitimate interest

Non- regulated awards and community awards – 2 years from the date of processing

 

Regulated awards and awards from other organisations – 7 years from the date of processing

Honours Nominations

Administration of the honours recognition and rewarding Process

Legitimate Interest*

No retention period records stay forever

Membership benefits

To send information which is included within your membership of RLSS UK including details about competitions, conference, honours, events and any updates to awards and qualifications

Performance of a contract

2 years after all membership and awards have expired***

Queries or complaints data

To maintain a record of your interaction with RLSS UK regarding your query or complaint

Legitimate Interest*

3 years from the end of the complaint procedure

Completed reasonable adjustment forms

To maintain a record of any reasonable adjustment granted to the candidates

Legitimate interest*

2 years from the end of activity by the individual

Children’s Data

Children under the age of 16

Administration of award data

Consent from a parent or guardian or another adult acting in loco parentis

2 years after all membership and awards have expired**

Athletes and Officials/Coaches/Team Managers

Event attendees

Administration

Performance of a contract

 

Legitimate interests*

1 year

National Records Database

Administration of the National Records

Performance of a contract

 

Legitimate interest*

No retention period records stay forever

Elite athletes

Administration of the Elite athletes

Performance of a contract

 

Legitimate interests*

1 year

Officials/ Coaches/Team Managers

Administration

Performance of a contract

 

Legitimate interests*

1 year

Data for the arranging of transportation to and from events

Administration

Consent

Deleted once event is finished

Additional Data Processed

Names and contact details of Suppliers

Supplier and procurement administration

Performance of a contract

7 years

Donations

Charity Donations from members of the public

Consent of the individuals

7 years

RLSS UK Course Finder website

Advertisement of courses

Performance of a contract

Deleted once the course has started

 

* Note the legitimate interest may include:

  • retaining records to properly administer and manage your membership or awards and qualifications data with us.
  • In the case of Club Officer Roles – data may be required in relation to complaints or claims and to ensure the effective management of any disciplinary hearings, appeals and adjudications.
  • In the case of Event attendees/Elite athletes and Officials/Coaches and Team Managers we have a legitimate interest to provide you and other members of our organisation with a safe environment in which to participate in sport.
  • National records database – we have a legitimate interest to maintain the records of those competitors who achieve a National record within Lifesaving events
  • Honours nominations – we have a legitimate interest to maintain the records of those individuals who have achieved an RLSS UK Honour for historical purposes.
  • Queries or complaints data – legitimate interest to provide complaint handling services to you in case there are any issues with your membership/club/event etc

** Note that certain information collected for the purposes of personnel administration are a contractual and statutory requirement which are necessary to enter into a contract of membership.  Failure to provide this information may result in our inability to offer membership.

*** Note that certain candidates may have achieved an RLSS UK Honour and will remain on the system indefinitely as this is classed as data of historical purpose.


Data Sharing

 RLSS UK shares personal data with the following organisations:

Organisation name/category of organisation

Purpose of the sharing

Data Storage Location

RLSS Commonwealth

To aid RLSS Commonwealth with data on UK Members

RLSS UK

Official Organisations

We share the personal data of some of our membership necessary because of a legal obligation with official authorities such as governing bodies, insurance companies, police, child welfare

All personal data is stored in secure UK data centres operated by organisations with ISO 270001 certification.

 

Disclosure & Barring Service

To disclose a copy of a person’s criminal record

All personal data is stored in secure UK data centres operated by organisations with ISO 270001 certification.

 

RLSS UK Branches

We share the personal data of some of our members from time to time with members of their local Branch

All personal data is stored securely by members of the RLSS UK Branch in which the data is disclosed

 


Sub-contract Processing

RLSS UK uses sub-contact organisations to process personal data under a written contract which defines that they must comply with stringent data privacy requirements. RLSS UK only employs organisations that comply with the provisions of the General Data Protection Regulation. These organisations are audited to ensure compliance. RLSS UK’s processors include: 

Organisation name/category of organisation

Nature of the Processing

Data Storage

Digital Service Providers (APT Solutions and Galtec)

We employ specialist companies to host our database and facilitate our IT services meaning that they potentially have access to any personal data collected via the channel they manage for us. These organisations are data processors and governed by legally binding contract set out in GDPR

All personal data is stored in secure UK data centres operated by organisations with ISO 270001 certification.

 

Stratum APT

Secure hosting of RLSS UK database

All personal data is stored in Secure UK data centres operated by organisations with ISO 270001 certification

Mailchimp

To facilitate the sending of RLSS UK emails

 

M Leach Jewellers

To facilitate in the engraving of medals and trophies for sporting events, championships and honour events

 

Claremont cars

To facilitate airport transfers for Board of Trustees, event volunteers

 

Laerdal

Supply of medical therapy and training products

 

 

 

 


Data Augmentation

RLSS UK uses augmentation services to satisfy its legal obligation to ensure the accuracy of personal data being processed by using, for example:

  • Royal Mail Postal Address File (PAF) to update redirected addresses and to ensure address accuracy and completeness.

Profiling

RLSS UK does not use profiling


International Transfers

We will neither transfer nor process personal data outside the United Kingdom, nor will we permit personal data to be transferred or processed outside the United Kingdom by a third party, unless it is under one or more of the following conditions:-

  • the territory into which the data are being transferred is one approved by the UK’s Information Commissioner;
  • the territory into which the data are being transferred is within the European Economic Area;
  • the territory into which the data are being transferred has an adequacy decision issued by the European Commission;
  • the transfer is to the United States of America and the recipient is registered under the EU/US Privacy Shield scheme;
  • the transfer is made under the unaltered terms of the standard contractual clauses issued by the European Commission for such purposes;
  • the transfer is made under the provision of binding corporate rules which have been approved and certified by the European Commission;
  • the transfer is made in accordance with one of the exceptions set out in Data Protection Legislation.

Secure storage of data.

All personal data are stored in secure UK data centres operated by organisations with ISO 270001 certification.


Your Rights

You have the following rights concerning your personal data:

Right of access

You have the right to obtain confirmation from RLSS UK as to whether or not personal data concerning you are being processed, and, where that is the case, access to that personal data.

Right to rectification

You have the right to oblige RLSS UK to rectify inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement.

Right to erasure (right to be forgotten)

You have the right (under certain circumstances, but not all) to oblige RLSS UK to erase personal data concerning you.

Right to restriction of processing

You have the right (under certain circumstances, but not all) to oblige RLSS UK to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you.

Right to data portability

You have the right (under certain circumstances, but not all) to oblige RLSS UK to provide you with the personal data about you which you have provided to RLSS UK in a structured, commonly used and machine-readable format.

You also have the right to oblige RLSS UK to transmit those data to another controller.

Right to withdraw consent

If the lawful basis for processing is consent, you have the right to withdraw that consent by contacting [email protected] to arrange for a withdrawal of consent form to be sent or by downloading from the RLSS UK website.

Right to object to direct marketing

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing.

Rights in relation to automated decision making and profiling

RLSS UK does not perform any automated decision-making based on personal data that produces legal effects or similarly significantly affects you.

 


Your right to lodge a complaint with a supervisory authority

If you wish to exercise any of your rights concerning your personal data, please contact RLSS UK’s Data Protection Officer at the address shown above. If you are not satisfied with the response you receive you have the right to lodge a complaint with the supervisory authority. In the United Kingdom this is:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF 

(t) 0303 123 1113
(e) [email protected]


Cookie Policy

Click here to download the Cookie Policy.
Updated January 2019. 

  1. Introduction

1.1    Our website www.rlss.org.uk uses cookies.

1.2    Insofar as those cookies are not strictly necessary for the provision of our website and services, we will ask you to consent to our use of cookies when you first visit our website.


  1. Credit

2.1    This document was created using a template from SEQ Legal (https://seqlegal.com).


  1. About cookies

3.1    A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

3.2    Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

3.3    Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.


  1. Cookies that we use

4.1    We use cookies for the following purposes:

 (a)   Necessary cookies

        Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Cookie Name

Used by

Description

Expiration

_cfduid

Cloudflare

Used by the content network, Cloudflare, to identify trusted web traffic. It does not contain any personal information.

1 year

ASP.NET_SessionId

Website

Used for authenticating a user's session after logging in. Closes when the user exits the browser. It does not contain any personal information.

End of session

ARRAffinity

Website

Tells our infrastructure which server to handle the request. It does not contain any personal information and is used only for analytical purposes.

End of session

MemberLoggedIn

Website

A binary flag which stores whether a user is logged in or not. It does not contain any personal information.

End of session

_stripe_sid

Stripe

Used by our payment provider, Stripe, in order to process payments on checkout.

End of session

_stripe_mid

Stripe

Used by our payment provider, Stripe, in order to process payments on checkout.

1 year

nsr

Stripe

Used by our payment provider, Stripe, in order to process payments on checkout.

End of session

 

(b)     Statistic cookies

        Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Cookie Name

Used by

Description

Expiration

@@History/@@scroll|#

Website

Used by AppInsights to allow for monitoring of the platform database. It does not contain any personal information and is used only for analytical purposes.

End of session

_ga and _gid

Google Analytics

Used to distinguish between website users in Google Analytics.

2 years

_gat

Google Analytics

Used to moderate calls to the Google Analytics service. It does not contain any personal information and is used only for analytical purposes.

End of session

ai_session and ai_user

Website

Tracks users as they navigate the website predominately for infrastructure performance insights. It does not contain any personal information.

End of session

p.gif

Typekit

Used by the font provider, Typekit, if you are using one of their fonts. Used for compliance and billing purposes only. It does not contain any personal information.

End of session

__utma

Google Analytics

Stores the amount of visits of a user, the time of their first visit, the previous visit, and the current visit. It does not contain any personal information and is used only for analytical purposes.

2 years

__utmz

Google Analytics

This performance cookie stores where a user came from (eg. search engine, search keyword, link). It does not contain any personal information and is used only for analytical purposes.

6 months

__unam

ShareThis

Set as part of the ShareThis service and monitors "click-stream" activity, e.g. web pages viewed, navigation from page to page, time spent on each page etc. The ShareThis service only identifies a user if they have separately signed up with ShareThis for a ShareThis account and given them consent. Checks how long a user stays on a site: when a visit starts, and ends. It does not contain any personal information and is used only for analytical purposes.

14 months

cc_cookie_accept

Website

Stores whether the user has accepted the cookie message or not. It does not contain any personal information and is used only for analytical purposes.

365 days

 

(c)    Marketing cookies

        Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Cookie Name

Used by

Description

Expiration

 NID

 Google

Registers a unique ID that identifies a returning user's device. Can be used for targeted ads. It does not contain any personal information. 

 6 months

 collect

 Google Analytics

Used to send data to Google Analytics a user's device and behaviour. It does not contain any personal information. 

 End of session

 r/collect

 Doubeclick.net

These cookies are managed by DoubleClick, an advertising platform we use to display adverts.

 End of session

 

IDE,  DSID,

_ct_rmm

 Doubleclick.net

These cookies are managed by DoubleClick, an advertising platform we use to display adverts.

 2 years

 DisplayName

 Website

 Keeps track of a donors preference to show their name during a Direct Debit.

 End of session

VISITOR_INFO1_LIVE

Youtube

Used by Youtube if you've embedded a Youtube video in your posts. Tries to estimate a user's bandwidth on pages with integrated Youtube videos. It does not contain any personal information.

179 days

 YSC

 Youtube

Used by Youtube if you've embedded a Youtube video in your posts. Registers a unique ID to keep statistics of what videos from Youtube a user has seen. It does not contain any personal information

 End of session

 


  1. Cookies used by our service providers

5.1    Our service providers use cookies and those cookies may be stored on your computer when you visit our website.

5.2    We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google's privacy policy is available at: https://www.google.com/policies/privacy/.


  1. Managing cookies

6.1    Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

(a)    https://support.google.com/chrome/answer/95647?hl=en (Chrome);

(b)    https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);

(c)    http://www.opera.com/help/tutorials/security/cookies/ (Opera);

(d)    https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);

(e)    https://support.apple.com/kb/PH21411 (Safari); and

(f)    https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).

6.2    Blocking all cookies will have a negative impact upon the usability of many websites.

6.3    If you block cookies, you will not be able to use all the features on our website.


  1. Cookie preferences

7.1    At this time you can not manage your preferences relating to the use of cookies on our website.


  1. Our details

8.1    This website is owned and operated by Raising IT on behalf of Royal Life Saving Society (RLSS UK).

8.2    The Royal Life Saving Society UK (RLSS UK) is a registered charity in England and Wales (1046060) and in Scotland (SC037912). Company limited by guarantee registered in England and Wales (3033781).

8.3    Our principal place of business is at RLSS UK, Red Hill House, 227 London Road, Worcester, WR5 2JG;

8.4    You can contact us: