We are committed to safeguarding the privacy of your data; in this policy, we explain how we will treat your personal information. This applies to any paper-based data that we keep as records in our office at Calle XXXXX, 08010 Spain - and all electronic data that we keep on databases, hard drives, and any other storage devices that we use.
we comply with the The General Data Protection Regulations (GDPR - 25 May 2018.)
We collect data Lawfully, fairly and transparently. We tell our students what we will do with their data and we do this at the time we collect the data. We only do what we tell the students we will do with their data and do not collect data for one purpose and use it for another.
We strive to ensure that any data we collect is “accurate and, where necessary, kept up to date”. We conduct regular manual checks to update and correct data and during these checks, we check data to ensure that we still need to keep it or not. We also check to ensure that any data we keep is secure.
As defined by the GDPR. we must have a lawful basis to collect data. We have conducted a legitimate interests assessment (LIA) and as an RYA Training Centre our lawful bases for processing are:
Contract: - (a) to fulfill our contractual obligations to our students and (b) because we have been asked to do something before entering into a contract (e.g. provide a quote).
Legitimate interests: - (a) we use people’s data in ways they would reasonably expect and which have a minimal privacy impact. The information we collect is necessary and is limited to the information that we need to take a booking e.g. name, surname, address, nationality, passport number, date of birth & contact details. (b) As a training school, we need to collect data so that we can perform our duties e.g. to deliver training courses safely and efficiently. (c) We do need to understand that each and every student is fit & healthy enough to participate in a course of training so we do ask each student to complete a Fitness to take part and health declaration. More details about this can be found later on within this document.
If we share any data with another organization we make it clear who that is and why and how it is shared.
At this time, we only share data with the following organizations:
RYA - “On successful completion of each course your name, contact details, date of birth, certificate number and date of issue will be shared with the RYA through a secure web portal on www.rya.org.uk.
We have updated all of the information about our courses either on paper or digital versions to include information detailing what is involved in the course e.g. how physical each course is, length and duration of each course and any other factors that need to be taken into consideration such as the craft we use and the area we operate in. This allows candidates to judge their fitness to take part in any particular course with this information recorded on a "Fitness to take part and health declaration"
At the time of booking, we ask if there is any medical or other reason why the student believes they may require some special consideration. Examples are a disability or a medical condition.
Therefore the medical data that we keep is limited solely to a "Fitness to take part and health declaration" and any appropriate adjustments or measures that we have put in place e.g.if a candidate on a course requires a scribe for the exam due to blindness, the course information will record that a scribe is needed for the exam.
When we send course joining instructions to candidates, we also send a Medical Information form asking for accurate and relevant medical information that we need to know about. Students bring this with them at the start of each course. This form is reviewed and stored for the duration of the course only. At the end of the course, this information is destroyed (shredded). During the time that we hold this information, it is kept in a secure location.
All medical forms contain an express statement gaining consent from the student to use that information for assessment purposes.
EMERGENCY CONTACT INFORMATION
We require Emergency Contact Details for each student so that in the event of an accident, we can contact someone who can help us to contact your family and friends. We collect this information on the medical form that we send to students. This information is destroyed at the end of each course.
RECORD KEEPING AND RETENTION OF RECORDS
We are not required by the RYA to keep a local record of RYA certificates once the certificate has been registered; however, for business purposes, we do so for a period of up to 10 years.
Some RYA certificates which are issued are not required to be registered online and this means that we must retain this information. On successful completion of a course, names, certificate numbers, and date of issue will be stored for up to 10 years. This information allows us to verify or replace certificates if required.
We keep records of students and a copy of the relevant booking terms and conditions for a period of 10 years. We do this in case there are any incidents or issues that may require them to be kept.
If a candidate does not wish their details to be stored, we honor their request. If the candidate chooses to do this then we make them aware that neither our center nor the RYA will be able to replace or verify their certificate in the future.
We store SRC exam papers for up to five years.
FEEDBACK FROM STUDENTS
As a professional training school, it is important for us to receive regular feedback from our students and for business purposes, we gather that information. This information is stored securely and is used for the following purposes:
It is important for our business and the RYA that we keep a record of feedback. Student feedback allows us to continually monitor our training to see if improvements can be made.
Anonymously, we may use feedback for marketing purposes on social media platforms.
The RYA may contact students when this is necessary for quality assurance of RYA training, for example in the investigation of a complaint or incident. In these instances, the information is used solely for the requested purpose and is not entered on to the RYA central database.
Some people find the idea of a website storing information on their computer or mobile device a bit intrusive, particularly when this information is stored and used by a third party without them knowing. Although this is generally quite harmless if you prefer, it is possible to block some or all cookies or even to delete cookies that have already been set; but you need to be aware that you might lose some functionality for those websites where you do this.
If you wish to restrict or block web browser cookies which are set on your device then you can do this through your browser settings; the Help function within your browser should tell you how to do this.
A cookie is a simple text file that is stored on your computer or mobile device by a website’s server. Only that server will be able to retrieve or read the contents of that cookie. Each cookie is also unique to each of your web browsers. The cookie will contain anonymous information, such as a unique identifier and the site name and some digits and numbers.
Cookies may be set by the website you are visiting (‘first party cookies’) or they may be set by other websites who run content on the page you are viewing (‘third party cookies’).
First party cookies are set by the website you are visiting and they can only be read by that site. Third-party cookies are set by a different organization to the owner of the website you are visiting. For example, like many other website owners, we use an analytics tool from Google, which allows us to view general information about how users interact with our website. We use this information to improve the online experience for our website visitors.
The website you are visiting may also contain content embedded from external social media websites and these sites may also set their own cookies. We use various social media on our website – such as Facebook, LinkedIn, and Twitter. This will not affect you unless you click on these links.
Session cookies are stored only temporarily during a browsing session and are deleted from the user’s device when the browser is closed.
Persistent cookies are saved on your computer for a fixed period (usually a year or longer) and are not deleted when the browser is closed. Persistent cookies are used where we need to know who you are for more than one browsing session.
Alternatively, you may wish to visit www.aboutcookies.org, which contains comprehensive information on how to do this for a wide variety of desktop browsers.
COLLECTING PERSONAL INFORMATION
In addition to the information that we collect about you (outlined in 1 to 10 above), we will also collect the following data via Google Analytics:
Information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type, and version, operating system, referral source, length of visit, page views and website navigation paths;
USING YOUR PERSONAL INFORMATION
All our website financial transactions are handled through our payment services provider. We will share information with our payment services provider only to the extent necessary for the purposes of processing payments you make via our website, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
SECURITY OF YOUR PERSONAL INFORMATION
We will take reasonable technical and organizational precautions to prevent the loss, misuse or alteration of your personal information.
All electronic financial transactions entered into through our website will be protected by encryption technology.
You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
You may instruct us to provide you with any personal information we hold about you. You may also instruct us to delete this information.
From 25 May 2018, we will not send any email marketing of any kind to our existing database of students. We will be sending this database an email requesting that they provide consent for us to contact them in the future. Our intention is to build a permission-based database of students. In addition, all future students will also be asked for consent to be contacted.
THIRD PARTY WEBSITES
Our website includes hyperlinks to, and details of, third party websites.
We have no control over and are not responsible for, the privacy policies and practices of third parties.
This website is owned and operated by Montenegro Sailing School.
We are registered in Spain under registration number XXXXXXXXX, and our registered office is at Calle XXXXX, 08010, Spain.
Our principal place of business is at Calle XXXXXXX, 08010, Spain.
You can contact us by writing to the business address given above, by using our website contact form, or by email to firstname.lastname@example.org