Call Us Now
0800 002 5651

Facebook Instagram Youtube Linkedin

Privacy Policy & Notice

PRIVACY POLICY:
 
1. Introduction
This Privacy Policy explains how Aquafanatics (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you interact with us, including through our website, social media, and services.
 
 
This policy complies with:
 
• UK GDPR (as incorporated into UK law by the Data Protection Act 2018 and amended by subsequent UK legislation)
• EU GDPR (Regulation (EU) 2016/679)
• The Privacy and Electronic Communications Regulations (PECR)
• Applicable ICO and EDPB guidance
 
 
This policy supplements any other privacy notices we may provide at the point of data collection.
 
1. Who We Are
Data Controller: Aquafanatics
Address: No. 8 Thorpe Road, Norwich, Norfolk, NR1 1RY
Email: info@aquafanatics.org
Data Protection Contact: Craig Hunt
 
 
If you are located in the EU, we may appoint an EU Representative if required by Article 27 GDPR. Details will be provided on request.
 
1. Personal Data We Collect
We only collect personal data that is necessary for our activities. This may include:
 
 
3.1 Identity Data
 
• First name
• Last name
• Username or similar identifier
 
 
3.2 Contact Data
 
• Address
• Email address
• Telephone number
• Job title (if relevant)
 
 
3.3 Financial Data
 
• Bank account details
• Payment card information (processed securely by our payment provider)
 
 
3.4 Transaction Data
 
• Details of products or services purchased
• Payments made or received
 
 
3.5 Technical Data
 
• IP address
• Browser type and version
• Device information
• Usage data relating to how you interact with our website
 
 
3.6 Marketing & Communications Data
 
• Your marketing preferences
• Records of communications with you
 
 
3.7 Aggregated Data
We may collect aggregated or statistical data that does not identify you.
 
1. Children’s Data
We do not intentionally collect personal data from children unless it is strictly necessary for participation in an activity or service.
 
 
Where children’s data is collected, it is limited to:
 
• Child’s name
• School name (where relevant to the activity or service)
 
 
We do not collect:
 
• Contact details
• Location data
• Special category data
• Online identifiers
• Any data unnecessary for the stated purpose
 
 
Where required, we will obtain verifiable parental or guardian consent before collecting or processing a child’s name or school information.
 
Children’s data is retained only for as long as necessary for the activity or service for which it was collected.
 
1. How We Collect Personal Data
We may collect data through:
 
 
5.1 Direct interactions
You may provide personal data to us when you interact with us:
 
• In person
• By post
• By phone
• By email
• Through our website
• Through our social media channels (e.g., comments, messages, or interactions on platforms such as Facebook, Instagram, or similar)
 
 
This may include Identity, Contact, Financial, or other relevant information depending on the nature of the interaction.
 
5.2 Automated technologies
 
• Website analytics
• Cookies and similar technologies (see Cookie Policy)
 
 
5.3 Third parties
 
• Payment processors
• Service providers
• Publicly available sources
 
 
1. Legal Bases for Processing
We process personal data under the following lawful bases:
 
 
Purpose: Providing products/services
Legal Basis: Contract (Art. 6(1)(b))
 
Purpose: Managing payments
Legal Basis: Contract / Legal obligation
 
Purpose: Responding to enquiries
Legal Basis: Legitimate interests
 
Purpose: Sending marketing communications
Legal Basis: Consent (or legitimate interests for existing UK customers under PECR soft opt-in)
 
Purpose: Website analytics
Legal Basis: Consent (cookies)
 
Purpose: Protecting our business
Legal Basis: Legitimate interests
 
Purpose: Legal compliance
Legal Basis: Legal obligation
 
We do not intentionally collect special category data. If such data is provided by you, we will process it only where legally permitted.
 
1. How We Use Personal Data
We use your data to:
 
 
• Provide and manage our services
• Process payments
• Communicate with you
• Improve our website and services
• Send marketing (with consent or soft opt-in)
• Maintain business records
• Comply with legal obligations
 
 
We will not use your data for purposes incompatible with the original purpose without informing you.
 
1. Sharing Your Personal Data
We may share your data with:
 
 
• Service providers (e.g., hosting, payment processing)
• Professional advisers
• Regulators or authorities where legally required
• Prospective buyers in the event of a business sale (with safeguards)
 
 
We do not sell your personal data.
 
Children’s data (name and school only) is shared only where strictly necessary and with appropriate safeguards.
 
1. International Transfers
Where data is transferred outside:
 
 
• The UK, we rely on UK adequacy regulations or appropriate safeguards (e.g., IDTA, UK Addendum to SCCs)
• The EU, we rely on EU adequacy decisions or Standard Contractual Clauses (SCCs)
 
 
We no longer rely on the invalidated EU–US Privacy Shield.
 
1. Data Security
We implement appropriate technical and organisational measures to protect your personal data and reduce the risk of loss, misuse, or unauthorised access. These measures may include:
 
 
• Access controls
• Staff training
• Data minimisation
• Regular review of our security practices
• Incident response procedures
 
 
While we take reasonable steps to safeguard your information, no method of transmission or storage is completely secure. If a data breach occurs that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with legal requirements.
 
1. Data Retention
We retain personal data only as long as necessary for the purposes collected, including:
 
 
• 6 years for financial and transactional records (legal requirement)
• Marketing data until consent is withdrawn
• Children’s data only for the duration of the activity or service requiring it
 
 
After retention periods expire, data is securely deleted or anonymised.
 
1. Your Rights
Under UK GDPR and EU GDPR, you have the right to:
 
 
• Access your data
• Correct inaccurate data
• Request erasure
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent
• Lodge a complaint with the ICO or your EU supervisory authority
 
 
To exercise your rights, contact: info@aquafanatics.org
 
1. Cookies and Tracking
We use cookies and similar technologies for:
 
 
• Website functionality
• Analytics
• Performance
• Marketing (with consent)
 
 
See our separate Cookie Policy for full details.
 
1. Third-Party Links
Our website may contain links to third-party sites. We are not responsible for their privacy practices.
2. Changes to This Policy
We may update this policy from time to time. The latest version will always be available on our website.
3. Contact Us
If you have questions about this policy or your data, contact:
Email: info@aquafanatics.org
Address: No. 8 Thorpe Road, Norwich, Norfolk, NR1 1RY