World Archery ('World Archery', 'we', 'us', or 'our') respects your privacy and is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.This policy explains what personal data we collect through our website, how and why we process it, how we protect it, your rights, and how you can contact us for help.

This policy applies to anyone visiting or interacting with our website, including learners, course participants, staff, suppliers, and other contacts.

Data Controller: World Archery

Contact:

We may collect the following types of personal data:

• Name, contact details (email, phone, address)

• Account and log-in details

• Payment or invoicing information

• Records of your course registration, attendance, assessment, or certification

• Correspondence, feedback, or support queries

• Technical information (browser type, device ID, IP address, activity logs)

• Cookie identifiers and other analytics data

We do not collect special category or criminal offence data except as needed for safeguarding or legal obligations, and then only with appropriate safeguards.

We collect data through:

• Information you provide directly (form submissions, account creation, registration, course participation)

• Automated means when you visit or use our website (e.g., cookies, analytics)

• Communications with us (emails, feedback forms, phone calls)

• Third parties (payment processors, partners, referees)

We process your data for the following purposes and with the stated legal basis for each:

• To administer your account and courses; Contract

• To provide and improve website/services; Legitimate interests

• To handle payments, billing, and certification; Contract, legal obligation

• To communicate important updates/promotions; Consent, legitimate interests

• To comply with legal or regulatory obligations; Legal obligation

• For website analytics and security; Legitimate interests, consent

Where processing is based on your consent, you may withdraw it at any time.

We may share your data with:

• Third-party service providers (IT, hosting, payment)

• Legal or regulatory authorities when required

• Accrediting, awarding, or regulatory bodies relevant to your course

• Our professional advisers where necessary for legal or regulatory reasons

We never sell your personal data.

If we transfer your data outside the UK or European Economic Area (EEA), we will:

• Only transfer to countries with an adequacy decision, or

• Use legal safeguards such as Standard Contractual Clauses or International Data Transfer Agreements, and

• Conduct a Transfer Risk Assessment where required

We keep your personal data only as long as necessary:

• Up to 3.5 years after you disengage from our services (unless required longer for legal/accounting reasons)

• For course completers: a minimum of 7 years to meet audit/accreditation requirements

Before deletion, we may invite you to remain in touch; without a reply in 6 months, your data will be securely deleted or anonymised.

You have the right to:

• Be informed about how your data is used

• Access your personal data

• Rectify incorrect or incomplete data

• Request erasure ('right to be forgotten') in certain cases

• Restrict or object to processing in certain circumstances

• Receive your data in a machine-readable format (data portability) where the legal basis is consent or contract and processing is by automated means

• Withdraw your consent at any time (where relevant)

• Lodge a complaint with the Information Commissioner's Office (www.ico.org.uk)

We do not charge fees for subject access requests unless they are manifestly unfounded or excessive.

We use appropriate technical and organisational measures to keep your data secure, including:

• Strong password protection and restricted access

• Encryption of sensitive data

• Regular backups and secure off-site storage

• Physical security for paper records

• Shredding or secure deletion of obsolete files

• Monitoring and regular testing of IT systems

We do not engage in profiling or automated decision-making that has legal or similarly significant effects on individuals.

If you are under 18, please ensure you have guardian/parental consent before engaging our services. Where we collect data from children under 13, we require verifiable parental consent and provide extra safeguards.

We use cookies and similar technologies to help us improve our website, understand its use, and provide a better user experience. We obtain your explicit consent for non-essential cookies and analytics, in line with UK law.

Our website may include links to third-party sites or services. This policy does not apply to them. Please review their privacy notices for more information.

If you have privacy concerns or are unhappy with how we handle your personal data, please contact our DPO via the contact details above.

You also have the right to complain to the Information Commissioner's Office (ICO):

• Website: www.ico.org.uk

• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

• Helpline: 0303 123 111317.

We review and update this policy annually, or as required by changes in the law or our practices. The date above indicates when it was last updated.