Greek Sailing Academy logo
Greek Sailing AcademyRYA Training Centre
Enquire Now

Legal

Privacy Policy

This Privacy Policy explains how Greek Sailing Academy collects, uses, stores, and protects personal data in connection with course enquiries, bookings, training delivery, safety procedures, and use of our website.

We process personal data in line with GDPR and only use the data we need for legitimate training, booking, safety, and administrative purposes.

1. Introduction

Greek Sailing Academy ("GRSA", "we", "our", or "us") is committed to protecting your personal data and processing it fairly, lawfully, and transparently.

This Privacy Policy explains how we collect, use, store, and protect personal data when you contact us, enquire about a course, make a booking, attend training, or use our website.

We process personal data in line with the General Data Protection Regulation (GDPR), including the core principles of lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability.

2. Data Controller

The data controller responsible for your personal data is:

Greek Sailing Academy (GRSA)
77th km Athens – Sounio Avenue
Olympic Marine
19500 Lavrio, Greece

Office & Training: rya@southseasail.com
Principal: christos@southseasail.com
Chief Instructor: stefan@southseasail.com

3. What Personal Data We Collect

Depending on your interaction with us, we may collect:

Identity data: name, date of birth, nationality, and similar identifying details.

Contact data: email address, telephone number, postal address, and emergency contact details.

Booking data: course selection, dates, payment status, booking history, and related communications.

Safety and medical data: information relevant to health, allergies, medication, swimming ability, fitness to participate, accessibility needs, and any other information necessary for safe course delivery.

Course participation data: attendance, progress, certifications, instructor notes, and operational or safety-related records.

Website and enquiry data: information you submit through forms, emails, or website use, and limited technical data such as IP address, browser type, and device information where applicable.

Your SOP states that booking involves collection of candidate data, including age, emergency contacts, and medical information before enrollment is finalized.

4. How We Collect Personal Data

We collect personal data directly from you when you:

contact us by email, phone, website form, or in person;

submit an enquiry or booking request;

complete candidate, medical, or emergency contact forms;

make a payment or receive an invoice;

attend a course, briefing, or assessment;

communicate with instructors or staff before, during, or after training.

We may also receive limited data from a parent, guardian, employer, or person making the booking on your behalf where relevant and lawful.

5. Why We Use Your Data

We use personal data to:

respond to enquiries and manage bookings;

review candidate suitability for a course;

issue invoices and manage payments;

organize course attendance, timetables, and logistics;

deliver training safely and appropriately;

manage risk assessments, emergency procedures, and first aid;

maintain course, certification, and administrative records;

communicate important operational or safety updates;

comply with legal, regulatory, and safeguarding obligations;

improve our services and maintain internal records.

Your SOP explains that collected student information is shared internally with the Principal and Chief Instructor for evaluation and safe course administration.

7. Health and Medical Information

Some information you provide for course safety may be health-related and therefore treated as special category data.

We only collect and use this information where it is necessary for safe participation, risk assessment, emergency planning, first aid, accessibility support, or other lawful and proportionate safety purposes.

Access to this information is restricted to those who need it, such as relevant administrative staff, the Principal, the Chief Instructor, or instructors involved in delivering your course safely.

Your SOP and health and safety procedures explicitly refer to collecting medical information before arrival and communicating relevant medical information as appropriate for safety cover and instructors.

8. Who We Share Data With

We may share personal data where necessary with:

internal GRSA staff responsible for administration and training;

instructors and safety personnel involved in course delivery;

payment providers, accountants, or professional advisers;

the RYA or related certification bodies where relevant;

emergency services, medical professionals, or authorities where required;

technology and hosting providers who support our operations.

We do not sell your personal data.

9. Data Retention

We keep personal data only for as long as reasonably necessary for the purpose for which it was collected, including for training, administration, certification, safety, safeguarding, accounting, and legal compliance.

Retention periods may vary depending on the nature of the data and any legal or operational requirement to keep it.

When data is no longer needed, we will delete it, anonymize it, or securely archive it where lawful and appropriate.

10. Data Security

We use appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, disclosure, or alteration.

These measures may include controlled access, secure systems, administrative procedures, internal role-based access, and secure handling of safety and participant records.

11. Your Rights Under GDPR

Under the GDPR, individuals have important rights over their personal data. These include the right to be informed, access, rectification, erasure, restriction of processing, data portability, objection, and rights related to automated decision-making.

Access — you can ask for a copy of the personal data we hold about you.

Rectification — you can ask us to correct inaccurate or incomplete data.

Erasure — you can ask us to delete data in certain circumstances.

Restriction — you can ask us to limit how we use your data in certain cases.

Portability — where applicable, you can ask for your data in a structured format.

Objection — you can object to certain processing, especially where we rely on legitimate interests.

Withdraw consent — where we rely on consent, you can withdraw it at any time.

12. Children and Safeguarding

Where children or vulnerable adults participate in GRSA activities, we process data with particular care and in line with safeguarding and safety requirements.

We may collect parent or guardian contact details, emergency information, consent information, and other data necessary for safe participation and lawful administration.

Your safeguarding policy requires written consent before taking or publishing photos or videos of a child or vulnerable adult.

13. Photos, Video, and Marketing

We may occasionally take or use photographs or videos relating to our courses, training center, or activities.

Where consent is required, especially for children or vulnerable adults, we will seek it before using images for marketing, social media, or promotional purposes.

You may contact us at any time if you want to ask about image use or withdraw a consent previously given, where applicable.

14. Website, Cookies, and Analytics

Our website may use essential technical tools and, where implemented, cookies or analytics to operate properly, improve user experience, and understand website usage.

If non-essential cookies or tracking tools are used, they should be managed through an appropriate cookie notice or consent tool.

15. Complaints and Contact

If you would like to exercise your data protection rights or have any questions about this Privacy Policy, please contact us:

Office & Training: rya@southseasail.com
Principal: christos@southseasail.com
Chief Instructor: stefan@southseasail.com

You also have the right to lodge a complaint with the competent data protection supervisory authority if you believe your personal data has been handled unlawfully. GDPR rights and complaint pathways are recognized by the European Commission and the EDPB.