Privacy Policy

1. Who we are and how to contact us

LincolnRowing (lincolnrowing.co.uk) is the controller of the personal information described in this Privacy Policy. We are committed to protecting your privacy and handling your data in a lawful, fair, and transparent way in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

Data protection contact: privacy@lincolnrowing.co.uk

Effective date: 24 November 2025

2. Scope of this policy

This policy explains how we collect, use, disclose, store, and protect personal information when you visit or use lincolnrowing.co.uk, interact with our forms, subscribe to communications, participate in events, make payments or donations via services connected to the site, or otherwise engage with us online.

By using our website, you acknowledge that you have read this policy. Where we rely on consent (for example, for non-essential cookies or email marketing to non-members), we will request it separately.

3. What data we collect

We collect the following categories of personal information, depending on your interactions with us:

  • Identification and contact details: name, email address, telephone number.
  • Membership and participation details: your role or interest in rowing, event registrations, volunteer preferences, age band where relevant to a program or event.
  • Communications data: messages you send via contact forms or email, your preferences for newsletters or updates.
  • Transaction data: records of donations, ticket or event fee payments made through third-party payment providers; we do not receive or store full payment card details.
  • Technical data: IP address, device and browser type, operating system, pages viewed, time and date of visits, referral source, and similar server log information.
  • Cookie and analytics data: information collected via cookies and similar technologies as described in Section 6.
  • Special category data: only where strictly necessary and provided by you for a specific purpose, such as medical or accessibility information required for participation in certain activities or events.

We collect data directly from you (for example, when you submit a form), automatically through your use of the website (for example, via cookies), and, on occasion, from publicly available sources where appropriate (for example, to confirm contact details for event coordination).

4. Purposes of processing and legal bases

We process your personal data for the following purposes, relying on the legal bases indicated:

  • To operate and improve our website, including security, troubleshooting, analytics, and performance monitoring (legitimate interests: running a secure and effective site).
  • To respond to enquiries, manage event registrations, and provide services or information you request (performance of a contract or steps prior to entering into one; and/or legitimate interests to respond to your request).
  • To manage memberships, volunteers, and community activities (performance of a contract; legitimate interests in administering our activities; legal obligations where applicable).
  • To send service messages about events or changes to our services (performance of a contract or legitimate interests to keep you informed about services you use).
  • To send newsletters or marketing communications where permitted (consent, or legitimate interests/soft opt-in under PECR for existing supporters or participants, with the ability to opt out at any time).
  • To process donations or payments via third-party providers and maintain appropriate financial records (performance of a contract; legal obligation to keep records).
  • To ensure safety and safeguarding, including incident reporting where required (vital interests; legal obligations; substantial public interest where applicable).
  • To comply with legal and regulatory obligations, respond to lawful requests, and establish or defend legal claims (legal obligation; legitimate interests).

5. Special category data

We generally do not seek to collect special category data (such as health information). If such data is necessary for a clearly defined purpose (for example, to address accessibility or medical considerations for an event), we will process it only with your explicit consent, or where the processing is necessary to protect vital interests and you are unable to consent, or on another applicable condition under the UK GDPR and the Data Protection Act 2018. We will limit access strictly to those who need to know and will retain the data only as long as necessary for the relevant purpose.

6. Cookies and similar technologies

We use cookies and similar technologies to:

  • Enable core site functionality and security (strictly necessary cookies).
  • Measure and improve site performance and understand usage (analytics cookies, set only with your consent).
  • Remember your preferences (for example, cookie consent status or display settings).

Non-essential cookies (including most analytics cookies) are used only if you provide consent via our cookie banner. You can withdraw or change your consent at any time using the cookie banner controls available on the site or by adjusting your browser settings to block or delete cookies. Blocking certain cookies may impact site functionality.

Retention for analytics data is typically limited and may be configured for up to 14 months. Server logs that include IP addresses are retained for a short period necessary for security, diagnostics, and fraud prevention.

7. Sharing your data

We may share personal data with:

  • Service providers acting as processors, such as website hosting, content delivery networks, email and newsletter platforms, event management tools, analytics providers, IT support, and payment processors. These providers are engaged under contracts that require them to protect your data and act only on our instructions.
  • Professional advisors, insurers, auditors, or legal counsel where needed for compliance or to manage risk.
  • Authorities, regulators, or law enforcement where required by law or to protect rights, property, safety, or to prevent fraud.
  • Event partners or venues strictly as necessary to run an event you have signed up for, and only with appropriate safeguards.

We do not sell your personal data.

8. International data transfers

Some service providers may process data outside the UK. Where that occurs, we ensure appropriate safeguards are in place, such as:

  • UK adequacy regulations for the destination country; or
  • A UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses; and
  • Additional technical and organisational measures as needed.

For transfers to the United States, where applicable we may rely on the UK Extension to the EU-U.S. Data Privacy Framework for certified providers, or on the contractual safeguards described above.

9. Data retention

We retain personal data only for as long as necessary for the purposes for which it was collected, and to comply with legal, accounting, or reporting requirements. Typical retention periods are:

  • Enquiry and contact form submissions: up to 24 months after resolution.
  • Newsletter and marketing preferences: until you unsubscribe or withdraw consent; limited logs of opt-in/opt-out events may be kept for up to 6 years for compliance.
  • Event registration records: up to 3 years after the event, unless a longer period is necessary for safety or legal reasons.
  • Payment and donation records: 6 years from the end of the financial year in which the transaction occurred (to meet legal and tax obligations).
  • Server logs and security logs: typically up to 12 months, unless required longer for security investigations.
  • Special category data for specific events or accommodations: only for the minimum period necessary to support that purpose, typically deleted within 30 days after the event unless a longer period is required by law or you request continued accommodation.

We may retain information for longer where necessary to establish, exercise, or defend legal claims, in line with applicable limitation periods.

10. Your rights

Under the UK GDPR, you have the following rights, subject to certain conditions:

  • Access: request a copy of your personal data and information about how we process it.
  • Rectification: ask us to correct inaccurate or incomplete data.
  • Erasure: request deletion of your data when there is no lawful reason to keep it.
  • Restriction: ask us to restrict processing of your data in certain circumstances.
  • Portability: receive your data in a structured, commonly used, machine-readable format and transmit it to another controller where applicable.
  • Object: object to processing based on legitimate interests or for direct marketing at any time.
  • Withdraw consent: where we rely on consent, you can withdraw it at any time. This does not affect processing that has already occurred.

To exercise your rights, email privacy@lincolnrowing.co.uk. We may need to verify your identity before responding. We aim to respond within one month of receiving your request. If your request is complex or numerous, we may extend this period by two further months and will inform you of the extension.

11. Data security

We use appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), role-based access controls, multi-factor authentication where available, least-privilege principles, regular updates and patching, staff awareness, vendor due diligence, and secure backup practices. While we work to protect your information, no method of transmission or storage is completely secure and we cannot guarantee absolute security.

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will assess the impact and notify you and the Information Commissioner’s Office where required by law.

12. Direct marketing and your choices

We will send you newsletters or updates only in accordance with PECR. If you are not an existing supporter or participant, we will obtain your consent first. If you are an existing supporter or participant, we may rely on the soft opt-in where permitted, and we will always provide a clear way to opt out. You can opt out of marketing at any time by using the unsubscribe instructions in the message or by emailing privacy@lincolnrowing.co.uk.

13. Children and young people

Our website is intended for a general audience. If we knowingly collect personal data relating to children for event or program purposes, we will do so only with appropriate consent from a parent or guardian, or on another lawful basis where permitted. If you believe a child has provided us with personal data without appropriate consent, please contact privacy@lincolnrowing.co.uk so we can take appropriate action.

14. Third-party websites

Our website may contain references to third-party websites or services. Those sites have their own privacy practices. We are not responsible for the privacy, security, or content of third-party sites. We encourage you to review their privacy information before providing personal data.

15. Automated decision-making

We do not use personal data for automated decision-making that produces legal or similarly significant effects about you.

16. International users

If you access our website from outside the UK, please note that your information may be transferred to, stored, and processed in the UK or other countries where our service providers are located. We will protect your information as described in this policy and in accordance with applicable law and transfer safeguards as outlined in Section 8.

17. How to complain

If you have questions or concerns about how we handle your personal data, please contact us at privacy@lincolnrowing.co.uk. You also have the right to lodge a complaint with the UK Information Commissioner’s Office:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Telephone: 0303 123 1113.

18. Changes to this policy

We may update this Privacy Policy to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will revise the effective date at the top of this policy and, where appropriate, provide additional notice on the website. Please review this policy periodically to stay informed about how we protect your information.

19. Data protection contact and DPO

We have appointed a data protection contact to oversee questions about this Privacy Policy and our data practices. You can contact them at privacy@lincolnrowing.co.uk. If your query is sensitive or relates to exercising your rights, please indicate this in your email so we can prioritise your request.

About The Editorial Team Terms of Service Legal Notice Privacy Policy Sitemap Contact
© 2025 LincolnRowing