Our Privacy Policy

Privacy Policy 

Download a PDF copy of our Privacy Policy.

Last updated: December 2020

About us

The Royal Life Saving Society UK (RLSS UK) is a charity that enhances communities, so everyone can enjoy being in, on, and around water, safely; because every life is worth saving. Our work is vital in every city, town, community, and household. (charity number 1046060) and is the UK’s leading provider of water safety education and qualifications. RLSS UK is also the National Governing Body, recognised by Sport England, for the sport of lifesaving. RLSS UK’s website is http://www.rlss.org.uk/

RLSS UK is structured, as two limited companies and 47 membership branches located across the UK and Ireland. The two limited companies are:

  • RLSS U.K. Enterprises Limited (trading as RLSS UK Shop), with registered office at Redhill House, London Road, WORCESTER, WR5 2JG, United Kingdom (company number 02559199). RLSS UK Shop stock, sell and fulfil a range of products to help support the delivery of vocational and non-vocational awards and qualifications mainly via the website https://www.rlss.org.uk
  • IQL UK Limited with registered office at Redhill House, London Road, WORCESTER, WR5 2JG, United Kingdom (company number 03719774). IQL UK is the lifesaving qualification awarding body offering OFQUAL CCEA and regulated and non-regulated vocational training programmes and qualifications. Through IQL UK, there are more than 90,000 RLSS UK pool lifeguards trained in the National Pool Lifeguard Qualification (NPLQ), and around 95 percent of all pool lifeguards are trained by RLSS UK.

RLSS UK is the controller of all personal data processed by the charity, the two above operating companies and the 47 membership branches.


Registration with the Information Commissioner’s Office

 

For the purpose of the Data Protection Act (2018) Royal Life Saving Society UK is registered as a data controller with the Information Commissioners Office with registration number 2811194.

RLSS UK’s Privacy Officer is:

Privacy Officer
RLSS UK
Redhill House
London Road
WORCESTER
WR5 2JG

(t) 0300 3230 096
(e) gdpr@rlss.org.uk 


Personal Data Processed by RLSS UK

RLSS UK collects, stores, and processes personal data for several purposes, mainly: personnel administration, financial accounting, marketing, and the administration of the charity. The detail of this is described in the table below.

Type of data

Purpose

Legal Basis

Retention period

Staff/Employment

Recruitment

Recruiting staff

Consent

3 months from date of application

Personnel – Names, addresses, telephone numbers, email addresses, National Insurance Number

Administration

Performance of a contract

 

Some processing may be legitimate interests**

7 years after employment ceases

Personnel – Contracts, hours of work

Administration

Performance of a contract

 

Some processing may be legitimate interests**

7 years after employment ceases

Payroll - Names, employee’s society numbers, payroll number, National Insurance

Administration of Payroll

Performance of a contract

7 years

Volunteer/Club Positions

Volunteer Application Forms

Administration

Performance of a contract

 

Some processing may be legitimate interests*

2 years

Club Officer Roles

Administration

Legitimate Interests*

 

Visible records of those currently in position – Hidden records for historic purposes.

 

No retention period records stay forever

Volunteer complaints

Management of complaints

Necessary for compliance with a legal obligation

 

Necessary for the purpose of legitimate interest

3 years form the end of the complaint procedure

Members/Candidates/Trainers

Membership list comprising names, addresses, telephone numbers

Membership administration and communication

Performance of a contract

Some processing may be Legitimate Interest*

2 years after membership ceases

Course candidates – Community-based awards comprising names, addresses, telephone numbers, email addresses, and course results

Award administration

Performance of a contract

2 years after all membership and awards have expired***

Course candidates – Non - Regulated awards comprising names, addresses, telephone numbers, email addresses and course results

Award administration

Performance of a contract 

2 years after all membership and awards have expired***

Honours Nominations

Administration of the honours recognition and rewarding Process

Legitimate Interest*

No retention period records stay forever

Membership benefits

To send information which is included within your membership package of RLSS UK including details about member benefits, competitions, conference, honours, events and any updates to awards and qualifications

Performance of a contract

2 years after all membership and awards have expired***

Formal complaints data

To maintain a record of your interaction with RLSS UK regarding your complaint

Legitimate Interest*

No retention period complaints paperwork stays forever

Completed reasonable adjustment forms

To maintain a record of any reasonable adjustment granted to the candidates

Legitimate interest*

2 years from the end of activity by the individual

Children’s Data

Children under the age of 16

Administration of award data

Consent from a parent or guardian or another adult acting in loco parentis

2 years after all membership and awards have expired**

Athletes and Officials/Coaches/Team Managers

Event attendees

Administration

Performance of a contract

 

Legitimate interests*

1 year

National Records Database

Administration of the National Records

Performance of a contract

 

Legitimate interest*

No retention period records stay forever

Elite athletes

Administration of the Elite athletes

Performance of a contract

 

Legitimate interests*

1 year

Officials/ Coaches/Team Managers

Administration

Performance of a contract

 

Legitimate interests*

1 year

Data for the arranging of transportation to and from events

Administration

Consent

Deleted once the event is finished

RLSS UK Shop

Names, contact details and payment details of consumers

To supply goods and resources

Performance of a contract

7 years

Additional Data Processed

Names and contact details of Suppliers

Supplier and procurement administration

Performance of a contract

7 years

Donations

Charity Donations from members of the public

Consent of the individuals

7 years

RLSS UK Course Finder website

Advertisement of courses

Performance of a contract

Deleted once the course has started

Capacity Marketing for Charities (Capacity)

Administration

Consent

No retention period records of will pledges stay forever as a plaque within RLSS UK HQ

1891 Fellowship

Administration

Consent

No retention period

* Note the legitimate interest may include:

  • retaining records to properly administer and manage your membership or awards and qualifications data with us.
  • In the case of Club Officer Roles – data may be required in relation to complaints or claims and to ensure the effective management of any disciplinary hearings, appeals and adjudications.
  • In the case of Event attendees/Elite athletes and Officials/Coaches and Team Managers, we have a legitimate interest to provide you and other members of our organisation with a safe environment in which to participate in sport.
  • National records database – we have a legitimate interest to maintain the records of those competitors who achieve a National record within Lifesaving events
  • Honours nominations – we have a legitimate interest to maintain the records of those individuals who have achieved an RLSS UK Honour for historical purposes.
  • Queries or complaints data – legitimate interest to provide complaint handling services to you in case there are any issues with your membership/club/event etc

** Note that certain information collected for the purposes of personnel administration is a contractual and statutory requirement which are necessary to enter into a contract of membership.  Failure to provide this information may result in our inability to offer membership.

*** Note that certain candidates may have achieved an RLSS UK Honour and will remain on the system indefinitely as this is classed as data of historical purpose.


Data Sharing

 RLSS UK shares personal data with the following organisations:

Organisation name/category of organisation

Purpose of the sharing

Data Storage Location

RLSS Commonwealth

To aid RLSS Commonwealth with data on UK Members

RLSS UK

Digital Service Providers (tahDah Limited, Intercom and Galtec) 

We employ specialist companies to host our database and facilitate our IT services meaning that they potentially have access to any personal data collected via the channel they manage for us. These organisations are data processors and governed by legal obligations set out in GDPR 

All personal data is stored in secure UK data centres operated by organisations with ISO 270001 certification.  

Official Organisations

We share the personal data of some of our membership necessary because of a legal obligation with official authorities such as governing bodies, insurance companies, police, child welfare

All personal data is stored in secure UK data centres operated by organisations with ISO 270001 certification.

 

Disclosure & Barring Service

To disclose a copy of a person’s criminal record

All personal data is stored in secure UK data centres operated by organisations with ISO 270001 certification.

 

RLSS UK Branches

We share the personal data of some of our members with members of their local Branch

All personal data is stored securely by members of the RLSS UK Branch in which the data is disclosed

Tricord Smart Fulfilment

For the fulfillment of course candidate pack orders, TA and ATC/P onboarding applications

All personal data is stored on secure servers

Linn Systems Limited (Linnworks)

Data and Stock Management - Order management system that will talk virtually to Shopify and Walkers to fulfill orders and manage stock levels

All personal data is stored in secure UK data centres operated by organisations with ISO 270001 certification.

 

Shopify Plus Platform

Website Platform that our e-commerce website is built on

All personal data is stored in secure UK data centres operated by organisations with ISO 270001 certification.

 

Statement

Agency who manages the build and ongoing maintenance of our e-commerce website hosted on the Shopify Plus Platform

All personal data is stored in secure UK data centres operated by organisations with ISO 270001 certification.

 

Walkers

Warehouse and Distribution who will be in charge of the warehousing, fulfilment and distribution from orders.

All personal data is stored in secure UK data centres operated by organisations with ISO 270001 certification.

 

Excelify.io

Export and Import Data

All personal data is stored in secure UK data centres operated by organisations with ISO 270001 certification.

 

CyberSource on behalf of Total Processing UK

Payment Gateway

All personal data is stored in secure UK data centres operated by organisations with ISO 270001 certification.

 

Laerdal

For the supply and dispatch of medical therapy and training products

All personal data is stored on secure servers

 


Sub-contract Processing

RLSS UK uses sub-contact organisations to process personal data under a written contract which defines that they must comply with stringent data privacy requirements. RLSS UK only employs organisations that comply with the provisions of the General Data Protection Regulation. These organisations are audited to ensure compliance. RLSS UK’s processors include:

  • tahdah for the secure hosting of database 
  • Intercom for business messaging services 
    • Galtec for the IT services helpdesk
    • Mailchimp to facilitate the sending of group emails
    • M Leach Jewellers for engraving medals and trophies
    • Claremont cars for airport transfers
    • Laerdal for the supply of medical therapy and training products
    • Print Waste recycling services for the secure removal of waste and confidential waste materials
    • Scottish Widows and NEST for staff pension schemes.Tricord Smart Fulfilment for the dispatch of course packs, TA and ATC/P onboarding application hosting
    • Linnworks for data and stock management of RLSS UK Shop
    • Shopify Plus for the website platform
    • Walkers for warehouse and distribution
    • io for the import and export of data
    • Cybersource as a payment gateway

    Data Augmentation

    RLSS UK uses augmentation services to satisfy its legal obligation to ensure the accuracy of personal data being processed by using, for example:

    • Royal Mail Postal Address File (PAF) to update redirected addresses and to ensure address accuracy and completeness.

    Profiling

    RLSS UK does not use profiling


    International Transfers

    RLSS UK transfers personal data outside of the United Kingdom to the following organisations: 

    Organisation

    Country

    Purpose

    Safeguards

    Mailchimp

    USA

    To send group emails to members and candidates on our database about things that they have opted in, to hear about.

    Mailchimp participates in and has certified its compliance with the EU- U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. They are committed to subjecting all Personal Information received from EEA member countries, United Kingdom, and Switzerland, respectively, in reliance on each Privacy Shield Framework, to each Framework’s applicable Principles.

     

    Mailchimp is responsible for the processing of Personal Information they receive under each Privacy Shield Framework and subsequently transfer to a third party acting as an agent on their behalf. They comply with the Privacy Shield Principles for all onward transfers of Personal Information from the EEA, United Kingdom, and Switzerland, including the onward transfer liability provisions.

     

    Members located in Switzerland, United Kingdom and the EEA are subject to their Data Processing Addendum which can be found here, as described in their Standard Terms of Use.

    SurveyMonkey

    USA

    To facilitate the sending of member surveys from time to time.

    SurveyMonkey Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield. SurveyMonkey is committed to subjecting all personal information and data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.  https://www.privacyshield.gov/

     


    Secure storage of data.

    All personal data are stored in secure UK data centres operated by organisations with ISO 270001 certification.


    Your Rights

    You have the following rights concerning your personal data:

    Right of access

    You have the right to obtain confirmation from RLSS UK as to whether personal data concerning you are being processed, and, where that is the case, access to that personal data.

    Right to rectification

    You have the right to oblige RLSS UK to rectify inaccurate personal data concerning you. Considering the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement.

    Right to erasure (right to be forgotten)

    You have the right (under certain circumstances, but not all) to oblige RLSS UK to erase personal data concerning you.

    Right to restriction of processing

    You have the right (under certain circumstances, but not all) to oblige RLSS UK to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you.

    Right to data portability

    You have the right (under certain circumstances, but not all) to oblige RLSS UK to provide you with the personal data about you which you have provided to RLSS UK in a structured, commonly used and machine-readable format.

    You also have the right to oblige RLSS UK to transmit those data to another controller.

    Right to withdraw consent

    If the lawful basis for processing is consent, you have the right to withdraw that consent by contacting gdpr@rlss.org.uk to arrange for a withdrawal of consent form to be sent or by downloading from the RLSS UK website.

    Right to object to direct marketing

    Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing.

    Rights in relation to automated decision making and profiling

    RLSS UK does not perform any automated decision-making based on personal data that produces legal effects or similarly significantly affects you.

     


    Your right to lodge a complaint with a supervisory authority

    If you wish to exercise any of your rights concerning your personal data, please contact RLSS UK’s Data Protection Officer at the address shown above. If you are not satisfied with the response you receive you have the right to lodge a complaint with the supervisory authority. In the United Kingdom this is:

    Information Commissioner's Office
    Wycliffe House
    Water Lane
    Wilmslow
    Cheshire
    SK9 5AF 

    (t) 0303 123 1113
    (e) casework@ico.org.uk