Privacy Policy

1. Introduction

This Privacy Policy applies to the Royal Life Saving Society UK (RLSS UK) group, including the Royal Life Saving Society UK and its trading subsidiary, RLSS UK Enterprises Limited. Throughout this policy, these entities are collectively referred to as “RLSS UK”, “we”, “us”, or “our”.  

Who We Are  

The Royal Life Saving Society UK (RLSS UK) is:

  • A registered charity in England and Wales (Charity No. 1046060)
  • A registered charity in Scotland (Charity No. SC037912)  
  • A company limited by guarantee, registered in England and Wales (Company No. 3033781), with its registered office at Red Hill House, 227 London Road, Worcester, WR5 2JG.  
  • Registered with the Information Commissioner’s Office (ICO) under registration number Z2811194.  

RLSS UK Enterprises Limited is: 

  • A wholly owned trading subsidiary of RLSS UK. It is registered in England and Wales (Company No. 2559199) with the same registered office.
  • Separately registered with the ICO under registration number Z1546599.  

IQL UK Limited (Company No. 3719774) was also a trading subsidiary of RLSS UK until it became redundant in January 2024.  

Together, RLSS UK and RLSS UK Enterprises Limited support our mission to prevent drowning and promote water safety through charitable and commercial activities.  

Our Role as Data Controllers  

Each of the above entities acts as an independent ‘data controller’ under data protection law. This means they are individually responsible for determining the purposes and methods of processing the personal data they collect and use.  

RLSS UK also operates through 47 membership branches across the UK and Ireland. The charity, its operating company, and these branches are all under the control of RLSS UK for the purposes of processing personal data.  

Our Commitment to Your Privacy  

We are committed to protecting your privacy and personal information. Our Data Protection Officer (DPO) oversees our data protection practices and ensures compliance with the UK General Data Protection Regulation (UK GDPR).  

If you have any questions about how we handle your personal information or wish to exercise your data rights, please refer to this policy's ‘How to Contact Us’ section.  

Purpose of This Privacy Policy  

This Privacy Policy outlines our approach to collecting, processing, storing, and sharing personal data as a data controller. We take your privacy seriously and implement various technical and organisational measures to safeguard the personal information under our control.  

We maintain detailed records of our data processing activities, conduct data protection risk assessments, and follow robust policies as part of our wider Information Security and Governance Framework, which includes our Data Protection and ICT policies.  

2. Personal Data We Collect  

The types of personal data we collect may include:   

  • Name
  • Contact details, such as email address and phone number
  • Your communication and marketing preferences and areas of interest
  • Date of birth and gender
  • Membership and training data: details of your memberships, qualifications, courses attended, or roles held (e.g. Trainer Assessor)  
  • Payment and Financial Information: only when necessary, such as bank details or taxpayer status, to process donations or payments  
  • Technical Data: This includes IP addresses and device information collected via cookies when you visit our website to help us improve our services and security.  
  • Emergency Contact Information: To ensure your safety, we may collect emergency contact details for training, events, and activities conducted in potentially higher-risk environments like swimming pools.  
  • Photographs and Video Recordings: from courses, events, or promotions, which we use only with your consent and for specific purposes such as publicity or internal records.  
  • Preferences and Interests: We use your preferences and interests, such as marketing preferences, subscription choices, or interest in event participation, to tailor communications to you.
  • Survey and Feedback Responses: When you participate in research or provide feedback, we may collect your responses, which help improve our services.
  • We may collect health data, ethnicity, disability status or safeguarding-related information, but only where permitted under Article 9 UK GDPR.

More details on the administrative purposes for which we collect your data can be found here

3. How We Collect Your Personal Data  

We collect your personal data in the following ways:  

  • Directly from you: when you sign up for membership, courses, events, donations, volunteering, or purchase from our shop.
  • Automatically via our website: through cookies and other tracking technologies, which you can manage via our Cookie Policy.
  • From third parties: occasionally, when relevant, such as partner organisations or course providers, but only where you have agreed to this sharing. 
  • From public sources or social media: Only in limited cases can information be verified with appropriate legal grounds.

4. How We Use Your Personal Data 

Below is a table that provides you with the purposes for which we intend to use your personal data and the lawful grounds for doing so.  

Purposes for Processing  Lawful Basis 
Administering membership and benefits (e.g. sending membership cards, updates, placing in branches)  Article 6(1)(b) – Contract 
Registering and managing Trainer Assessors (e.g. updates, course support)  Article 6(1)(b) – Contract 
Issuing awards/qualifications and certificates to candidates  Article 6(1)(b) – Contract 
Managing RLSS UK Shop orders (https://shop.rlss.org.uk)  Article 6(1)(b) – Contract 
Processing donations (including Gift Aid claims) 

Article 6(1)(a) – Consent 

Article 6(1)(c) – Legal Obligation (Finance Act 2010 (s.413–430) and Income Tax Act 2007 (s.416–430) and HMRC charity Toolkit) 
Managing fundraising and volunteer activities  Article 6(1)(a) – Legitimate Interest 
Administering competitions, events, and team managers/officials  Article 6(1)(b) – Contract 
Sending marketing communications (email, newsletter, magazine)  Article 6(1)(a) – Consent
Maintaining Honours and historical records 

Article 6(1)(f) – Legitimate Interest 

Necessary to maintain the integrity and legacy of volunteers 
Managing Lifesaving Sport records (e.g. national records) 

Article 6(1)(f) – Legitimate Interest - Necessary to maintain the integrity and legacy of the sport; minimal impact on individuals  

Contacting Trainer Assessors with qualification updates 

Article 6(1)(f) – Legitimate Interest
Ensures accuracy and safety in training delivery

Responding to public queries or incident reports 

Article 6(1)(f) – Legitimate Interest - fulfilling organisational duties and responding to safety-related concerns 

Processing children’s data (under 13s) for awards and certificates 

Article 6(1)(a) – Consent (from parent/guardian)  

Handling medical emergencies 

Article 6(1)(d) – Vital Interests 
Article 9(2)(c) – Vital Interest - Processing necessary to protect life or prevent serious harm  

Carrying out Disclosure and Barring Checks (DBS)

Article 6(1)(f) – Legitimate Interests: Safeguarding Children and Adults at Risk and protecting participants in Lifesaving Training Programmes.

Article 10 of the UK GDPR and Schedule 1, Part 2, Paragraph 18 of the DPA18 – Safeguarding of Children and Adults at risk
Safeguarding concerns 

Article 6(1)(f) – Legitimate Interest Necessary to protect individuals from harm 

Promoting diversity and inclusion via optional surveys collecting ethnicity or similar Special Category Data 

Article 6(1)(a) + Article 9(2)(a) – Consent  
Complying with legal obligations (e.g., accounting, tax compliance, Gift Aid)  

 Article 6(1)(c) – Legal Obligation   
Sending service communications (e.g., changes to policy, membership updates) 

Article 6(1)(b) – Contract 
Article 6(1)(f) – Legitimate Interest: Depending on context, a contract for members, or a legitimate interest for non-members who have requested a service 
Maintaining historical and statistical data (e.g., anonymised donation records, honours, achievements) 

Article 6(1)(f) – Legitimate Interest 
Recital 26 – Anonymous data - Legitimate interest in research/statistics; truly anonymised data falls outside the GDPR scope 

Failure To Provide Information  

If you don’t provide the personal information we need when we ask for it, we may not be able to respond to you, enter a contract with you or meet our obligations under it.

RLSS UK Enterprises Ltd Approved Training Provider (ATP)

The RLSS UK Enterprises Ltd Approved Training Provider acts as a joint controller alongside RLSS UK. View the purposes for which the RLSS UK Enterprises Ltd - ATP intend to use your personal data and the lawful grounds for doing so here

5. Engagement with Children and Vulnerable People  

We are committed to protecting the privacy and rights of children and vulnerable individuals who engage with RLSS UK through our qualifications, events, or fundraising activities.  

Children Under 13

Under UK data protection law, children under 13 cannot legally provide their own consent. Where personal data is collected (e.g., for course enrolment or issuing certificates), we require the consent of a parent or legal guardian.  

  • Accounts for under-13s must be linked to a parent or guardian’s RLSS UK Account.
  • The parent/guardian is responsible for managing the child’s account settings and preferences.  
Children Aged 13–15
Children aged 13 and over can legally provide consent under the UK GDPR, but we encourage parental involvement where appropriate. 
  • A child over 13 may request to unlink their account from a parent or guardian by contacting our Customer Services team.
  • We will verify identity and consent carefully before making such changes.  
Children Aged 16 and Over

From age 16, young people have full legal control over their personal data.  

  • We will communicate directly with the account holder, unless they provide verbal or written consent for us to liaise with a parent or guardian. 
  • If both agree, they may choose to continue linking their account with a parent/guardian.  
Support for Vulnerable People

We aim to make our services accessible and inclusive. If you identify as a vulnerable person, we will:  

  • Work with you to determine what personal information is necessary.
  • Make reasonable adjustments to ensure your participation is safe, supported, and respectful.
  • Ensure that your information is handled confidentially and sensitively.  

For further support or to request account changes, please email our Customer Services team at [email protected] or call us at 0300 3230 096.  

We understand how important it is to explain things clearly. If you are under 13 or prefer a simpler explanation, we have a Child-Friendly Privacy Policy just for you.

6. Sharing Your Personal Data  

We may share your personal data that we hold with the following organisations:

  • RLSS UK subsidiaries (e.g., RLSS UK Enterprises, RLSS UK Shop)S
  • Service providers that support our IT systems, website, e-commerce platform, or communication services (e.g., tahdah, Intercom, Shopify, Mailchimp, Sage)
  • Payment processors (e.g., Stripe, Worldpay, GoCardless)
  • Delivery and logistics partners (e.g., Forever for distribution)
  • Official bodies (e.g., insurers, child safeguarding authorities, police, Disclosure & Barring Service) where we have a legal obligation
  • RLSS UK Branches for local engagement with members
  • Academic partners or researchers, where consent is provided, or data is anonymised 
  • Accredited RLSS UK course providers and training partners
  • Lawyers, solicitors or tribunals, where required.

7. International Transfers  

Your personal data may be transferred outside the UK. We will ensure that all international transfers comply with applicable data protection laws by implementing appropriate safeguards in compliance with Chapter V of the UK GDPR.  

For example, when we appoint data processors, we check that suitable arrangements are in place, such as Adequacy Regulations, binding corporate rules, international data transfer agreements, standard contractual clauses, or other permitted mechanisms.   

The restricted transfers we make include transferring personal data to the US under the UK extension of the EU: US Data Privacy Framework and/or standard contractual clauses. Further information about the safeguards related to the international transfers we make can be provided on request. 

8. How Long We Keep Your Personal Data  

We retain your personal data only as long as necessary to fulfil the purposes we collected it, including legal, accounting, or reporting requirements.  

We regularly review our retention policies. When data is no longer required, we securely delete it. In some instances, we may keep data longer for archiving in the public interest — for example, for historical records of Honours Awards, in line with Article 5(1)(e) UK GDPR.  

If you have questions about how long we will keep your data, you may request our Retention Schedule using the contact details in the “Contact Us” section.  

9. Automated Decision Making  

We do not use your personal information to make automated decisions about you.   

10. Your Rights

Under Data Protection Legislation, you have the right in certain circumstances to:  

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information without a good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below). 
  • Request the restriction of the processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.  
  • Request the transfer of your personal information to another party (in certain circumstances); and  
  • Object to processing your personal information where we rely on a legitimate interest (or those of a third party). You also have the right to object when we process your personal information for direct marketing purposes.
  • Rights in Relation to Automated Decision Making and Profiling.
  • Withdraw your consent to processing your personal information at any time when consent is relied upon as the lawful basis for processing.  

For more information on how to update your marketing preferences, please click here  

You can exercise your rights by emailing us using the contact details below or by writing to us with the details under “How to Contact Us.” Please mark your correspondence for the attention of the Data Protection Officer.  

You also have a right to lodge a complaint with the Information Commissioner's Office (ICO) where you believe we have not complied with UK data protection law. First, we encourage you to resolve the matter with us. However, you can contact the ICO via www.ico.org.uk, [email protected] or 0303 123 1113.  

11. How to Contact Us  

For further information regarding your personal data or about RLSS UK’s approach to data protection in general, please get in touch with our Data Protection Officer (DPO) at:  

Privacy Officer  
RLSS UK  
Redhill House  
London Road  
WORCESTER  
WR5 2JG  
  
Tel: 0300 3230 096  
Email: [email protected]

This page is just for you — it explains how the Royal Life Saving Society UK (RLSS UK) looks after your personal information when you participate in our activities or use our website. If you’re ever unsure, it’s always OK to ask a grown-up to help you read this.  

2. Who Are We?  

We are RLSS UK — a charity that helps people stay safe in and around water. We run fun activities like Rookie Lifeguard, training sessions, awards, and more!  

3. What Is Personal Data?  

Personal data means any information about you that can be used to identify you. This could be your name, your birthday, or where you live. We only collect the information we really need, and we use it to help give you certificates, run our clubs and courses, or send you things you’ve asked for.  

4. Why Do We Need Your Personal Data?  

When you participate in an RLSS UK course or earn an award, we need to know who you are so we can give you a certificate and keep track of your achievements.  

If you're 13 or older, you can set up your own RLSS UK account.  

If you're under 13, your parent or guardian will help set up an account for you and permit us to use your data.  

5. Who Can See Your Information?  

Your parent or guardian might be able to see your account, depending on how it’s set up.  

RLSS UK staff can see some of your personal information, but only what they need to do their job.  

Sometimes, we work with other trusted companies (like the ones that print certificates), and they may help us process your information. We always ensure your data is protected, even if handled outside the UK.  

6. What Do We Do With Your Data?  

We use your information to:

  • Give you awards and certificates
  • Keep your membership up to date
  • Let you know about activities or events you might like
  • Make our website work better for you  

We do not sell or share your data with anyone else for advertising.  

7. How Long Do We Keep It?  

We keep your personal data only for as long as we need it—for example, while you’re participating in our activities or holding a membership. Some records, like your awards or qualifications, are kept longer so you don’t lose your achievements.  

If you want to know how long we keep your data, just ask!  

8. What Are Your Rights?  

Under the law, you have rights, in particular, you have the right to:  

  • Know what personal data we have about you
  • Ask us to correct anything wrong
  • Ask us to delete your data (in some cases)
  • Say no to specific uses of your data
  • Take back your permission (withdraw consent) at any time, which means if you said it was OK to use your data, you can change your mind later.
  • Ask us to give your data to you or someone else if you want (this is called data portability)
  • Ask us to stop using your data in specific ways if you want (this is called an objection)
  • Know if a computer makes decisions about you without someone checking (like if we use computer programs to decide things about you). We don’t usually do this, but if we do, you have the right to ask us to explain it or to have a person check instead.

A parent or guardian can help you make these requests.  

Who Makes Sure Your Data Is Safe?  

RLSS UK has a special person called a Data Protection Officer who checks that we keep your information safe and follow the rules.  

If you or your parents have questions, you can contact them by:  

Email: [email protected]
Phone: 0300 323 0096  

What About Website Cookies?  

When you visit our website, it leaves tiny footprints called cookies. These help us remember your preferences, like your language or what you looked at before. We use cookies to make your visit easier, not to find out who you are.  

You can ask us to show you what cookies we’ve used or delete them.  

Need Help Or Want To Know More?  

If anything doesn’t make sense or you want to learn more, ask an adult you trust to help you. You can also check out our full Privacy Policy, which is written for grown-ups.  

We care about your privacy and will always treat your personal data respectfully. 

Published:

Updated:

Author:

Share this page
Manage Cookie Preferences