Privacy Policy

Effective date:
Last updated:

This Privacy Policy explains how SailorPass (“we”, “us”, “our”) collects, uses, shares and protects your personal data when you use our websites, applications and services (together, the “Services”). We act as a controller for the processing described in this policy.

Who we are:
Legal entity: TTC Marine Ltd (13400453) trading as SailorPass
Registered address: 6 Shirley Road, Southsea, PO5 2QD
Contact: privacy@sailorpass.com

1. Data we collect

Data you provide to us

  • Account & profile: name, email, password, nationality, date of birth, contact details.
  • Application data: answers to SailorPass questions (e.g., sailing history, roles, results, certifications), uploaded documents or evidence, links to public profiles (e.g., Instagram handle, LinkedIn, team/club pages).
  • Support & correspondence: messages, feedback, and related metadata.
  • Billing (if applicable): transaction details via our payment provider (we do not store full card numbers).

Data we collect automatically

  • Usage: activity logs, device type, browser, language, pages viewed, time on page, referring URLs.
  • Technical: IP address, approximate location, cookies, and similar identifiers.

Data from third parties

  • Event/competition sources: where you ask us to verify results or eligibility, we may obtain data from public leaderboards, class associations, or event organisers.
  • Identity verification (if used): from verification or anti-fraud providers.
  • Social & public profiles: content you make publicly available that you optionally link to your application.

Special category data

We do not intentionally collect special category data (e.g., health, ethnicity) unless you clearly provide it and it is strictly necessary for the Service (for example, to assess age eligibility). If we must process such data, we will ask for your explicit consent or rely on another lawful basis permitted by law and apply additional protections.

2. How we use your data & legal bases

Purpose Examples Legal basis (UK/EU GDPR)
Provide and operate the Services Create/manage accounts; process SailorPass applications; generate and display classifications; maintain core features. Contract (Art. 6(1)(b))
Verification and eligibility checks Validate competition results; confirm identities when needed; prevent misuse. Legitimate interests (Art. 6(1)(f)); Legal obligation (Art. 6(1)(c)) where applicable
Improve and secure the Services Analytics, debugging, fraud prevention, service monitoring. Legitimate interests (Art. 6(1)(f))
Communications Service emails (updates, decisions, changes). Marketing with your consent. Contract/Legitimate interests for service messages; Consent (Art. 6(1)(a)) for marketing
Payments Subscription or one-off payments via third-party processors. Contract; Legal obligation (tax/accounting)
Compliance Respond to lawful requests; enforce terms; defend legal claims. Legal obligation; Legitimate interests

Where we rely on consent, you may withdraw it at any time (this does not affect prior processing). Where we rely on legitimate interests, we balance our interests against your rights and freedoms.

3. Automated decision-making (classification)

SailorPass uses automated systems, including algorithmic/AI-assisted tools, to help evaluate your application and propose a classification (e.g., Personal, Industry, Elite). These systems consider factors such as competition history, results, roles (sailor/coach/industry), and other criteria disclosed in our classification guidelines.

Significant decisions are subject to human review before being finalised. You may:

  • request human intervention,
  • express your point of view, and
  • contest a decision and provide additional information.

To exercise these rights, contact us at privacy@sailorpass.com.

4. Cookies & analytics

We use necessary cookies to make the site work and (with your consent) optional cookies for analytics and improvements. You can manage preferences via our cookie banner or your browser settings.

  • Strictly necessary: session/authentication, security, load balancing.
  • Analytics: usage patterns (e.g., pages visited, features used). We configure analytics to respect privacy (e.g., IP truncation) where possible.
  • Marketing (if used): only with your consent.

For details, see our Cookie Policy.

5. Sharing your data

We share personal data only as necessary for the purposes above:

  • Service providers: hosting, storage, analytics, email, support, payment processing, identity verification. These providers act under contracts that require appropriate safeguards.
  • Competition bodies/organisers: when you ask us to verify results or where required to validate eligibility.
  • Legal and compliance: to comply with law, enforce terms, or protect rights, property, and safety.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, subject to continued protections.

We do not sell your personal data.

6. International transfers

If we transfer your data outside the UK/EEA, we rely on lawful transfer mechanisms such as: UK/EU adequacy decisions, the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses (SCCs), plus supplementary measures where appropriate.

7. Data retention

We keep personal data only for as long as necessary for the purposes collected, including to meet legal, accounting, or reporting requirements. Typical periods:

  • Account data: for the life of your account and up to 24 months after closure (for queries/appeals/fraud prevention), unless legal obligations require longer.
  • Application records: for the classification validity period and related audit windows, ordinarily up to 6 years in the UK for statutory purposes.
  • Logs/analytics: generally 3–24 months, depending on necessity and configuration.

We may anonymise data for statistical purposes; anonymised data is not subject to this policy.

8. Security

We use technical and organisational measures appropriate to risk, including encryption in transit, access controls, least-privilege principles, regular patching, and monitoring. No system is 100% secure; please use a strong unique password and keep your credentials safe.

9. Children

Our Services are not directed to children under 16. If you believe a child has provided us personal data without appropriate consent, please contact us and we will take steps to delete it.

10. Your rights

Under UK/EU data protection law, you have the right to request: access, rectification, erasure, restriction, data portability, and to object to certain processing (including profiling based on legitimate interests). Where we rely on consent, you can withdraw it at any time.

To exercise your rights, email privacy@sailorpass.com. We may need to verify your identity. You also have the right to complain to your supervisory authority:

  • UK: Information Commissioner’s Office (ICO) — ico.org.uk
  • EEA: Contact your local data protection authority — see EDPB members

11. How to contact us

Email: privacy@sailorpass.com
Postal: TTC Marine Ltd, 6 Shirley Road, Southsea, PO5 2QD

12. Changes to this policy

We may update this policy from time to time. We will post the updated version here and change the “Last updated” date above. If changes are material, we will provide additional notice (e.g., email or in-app notice).

Annex: Summary of data categories

Category Examples Source
Identity & contact Name, email, date of birth, nationality You
Application data Sailing history, roles, results, uploaded evidence, public profile links You; public sources at your request
Usage & technical IP, device, logs, cookies Automatic
Payments Transaction metadata Payment processor