Privacy Centre

Welcome to the British Canoeing Awarding Body Privacy Centre. We take your privacy seriously. On this page you will find a privacy overview, our policies and privacy notices.

We are associated with Paddle UK, which is registered with the Information Commissioner’s Office. It’s registration number is Z9466524. Click here to read the certificate on the ICO website.

We have appointed a Data Protection Officer (DPO) to oversee our compliance with data protection laws. The DPO is responsible for ensuring compliance with these laws.

In Awarding Body, this post is held by Nancy Squires, Head of Governance and Compliance. Any questions about our policies or any concerns that our policies have not been followed should be referred in the first instance to the DPO.

Nancy Squires can be contacted on 0115 8968842 or you can email her here.

Privacy Overview

Below is an overview of our approach to privacy. To read a section, simply click or tap on it to expand.

Collecting specific, relevant personal information is a necessary part of us being able to provide you with any services you may request from us or in providing services to our stakeholders and regulators.  When we hold or use your personal information as a data controller we will provide you with a privacy notice. This sets out in detail what information we hold about you, such as contact details and address. It will also show how your personal information may be used, the reasons for these uses and your rights.

Where we collect personal information from you directly, we will provide this privacy notice at the time we collect the personal information from you. Where we receive your personal information indirectly, we will provide this privacy notice when we first contact you, first pass the data to someone else, or within a month, whichever is the earlier.

Generally, we will only provide this privacy notice to you once, at the start of our relationship with you. However, if the applicable privacy notice is updated substantially, then we may provide you with details of the updated version. You are encouraged to check back regularly for updates. See the privacy notices section below

A data controller is a person who controls how personal information is processed and used. A data processor is a person who processes and uses personal information in accordance with the instructions of a third party, such as the data controller. This distinction is important. You have certain rights in relation to your personal information. For example, you have the right to be provided with the personal information held about you and details of its use. You also have the right to have certain personal information erased or anonymised. These rights can generally only be exercised against a data controller of your information.

In most cases of website use we will be a data controller of your personal information. In any case where we are not a data controller, this means that you cannot exercise these rights against us directly. In these cases we will endeavour to inform you who is the data controller of your personal information so that you can direct any such requests to them. It is only a data controller that will provide you with a privacy notice about your personal information. Where we process your personal information as a data processor for a third party, that third party should provide you with a privacy notice. This notice should set out details regarding the processing of your personal information, which should also include the processing to be carried out by us on their behalf.

We will use your personal information as described in the privacy notice provided to you.  But, for example, we may use your personal information to administer any account(s) you have with us or to send you information we think you might find useful, provided you have indicated that you are happy to be contacted for these purposes.

To see how we use your personal information, visit the privacy notices section below. Please note that it is possible for you to be covered by more than one privacy notice. For example, you may be a member who is also a volunteer. In this example both our member privacy notice and our volunteer privacy notice would apply to you.

Details of how we disclose your personal information are set out in the relevant privacy notice provided to you, but generally it is where we need to do so in order to run our organisation. In such circumstances, we will put in place arrangements to protect your personal information. Outside of that we do not disclose your personal information unless we are required to do so by law.

If we transfer personal information about you outside the European Economic Area (EEA), we will let you know. We will ensure all reasonable security measures are taken. We will ensure third party processors are required to process the information in accordance with information protection laws, and we will notify you in your privacy notice if we are the information controller. We do not sell, trade or rent your personal information to others.

Details of how long we hold on to your personal information are set out in the relevant privacy notice provided to you. Times are also available in our Data Retention Policy. We will only hold your information for as long as is necessary, or where you ask us to delete records we may delete it earlier.

The duration for which we retain your personal information will differ depending on the type of information and the reason why it was collected. Some personal information will be retained for a longer period. Such as your individual assessment records for certification and recertification purposes.

Full details of your rights are set out in the relevant privacy notice provided to you, but you are entitled by law to ask for a copy of your personal information at any time. You are also entitled to ask us to correct, delete or update your personal information, to send your personal information to you or another organisation and to object to automated decision making. Where you have given us your consent to use your personal information in a particular manner, you also have the right to withdraw this consent at any time.

To exercise any of your rights, or if you have any questions relating to your rights, please contact us by using the details set out in the Contact Us section. You can also unsubscribe from any direct marketing by clicking on the unsubscribe link in the marketing messages we send. You should note that some of your rights may not be applicable in certain circumstances as they have specific requirements and exemptions which apply to them. They may not also apply to personal information recorded and stored by us.

If you are unhappy with the way we are using your personal information you can complain to the UK Information Commissioner’s Office or your local data protection regulator. More information about your legal rights can be found on the Information Commissioner’s website. However, we are here to help and would encourage you to contact us first to resolve your complaint. Please use the Contact Us section to do this.

Our website may, from time to time, contain links to and from the websites of Paddle UK and our delivery centres. If you follow a link to any of these websites, please note that these websites have their own privacy policies and they will be a data controller of any of your personal information collected via those websites.

We do not accept any responsibility or liability for these policies and you should check these policies before you submit any personal information to these websites. In addition, if you link to a website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third-party site. We recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.

We employ a variety of technical and organisational measures to keep your personal information safe and to prevent unauthorised access to, use of, or disclosure of it. Unfortunately, no information transmission over the Internet is 100% guaranteed to be secure, nor is any storage of information always 100% secure. However, we do take all appropriate steps to protect the security of your personal information.

Certain parts of our websites use “cookies” to keep track of your visit and to help you navigate between sections. A cookie is a small data file that websites store on your computer’s hard-drive. Cookies can contain information such as your user ID and the pages you have visited. The only personal information a cookie contains is information that you have personally supplied. We use cookies on our websites to enable us to deliver content that is specific to your interests. It also helps us learn which sections of our websites you visit, and to help recognise you when you return. Reading cookies does not give us access to other information on your computer’s hard-drive and our websites will not read cookies created by other websites that you have visited.

You may refuse to accept cookies by activating the setting on your browser. Please note, providers of third party content may also use cookies over which we have no control. In common with most websites, our websites log various information about visitors. This includes internet protocol (IP) addresses, browser type, internet service provider (ISP) information, referring/exit pages and date/time stamp. We may use this information to analyse trends, administer websites, track your movement and gather broad demographic information. However, this is not personal data as defined within the GDPR.