Privacy Policy
Last updated: 3 May 2026
In short
We collect only the information needed to run the club: your contact details, your Canoeing Ireland membership data, and any information you give us directly. We share data with Canoeing Ireland (our national governing body). We never sell your data. You can ask to access, correct, or delete your information at any time by emailing info@dublinkayakclub.ie.
1. Who we are
Dublin Kayak Club (DKC) is an unincorporated members' association based in Lucan, Co. Dublin. For the purposes of data protection law, DKC is the data controller of the personal information described in this policy. The website and member records are managed by Mark Sheils on behalf of the club.
Privacy queries should be addressed to info@dublinkayakclub.ie.
2. Legal framework
This policy is governed by the Data Protection Act 2018 (Ireland), the EU General Data Protection Regulation (Regulation 2016/679), and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (S.I. 336/2011) as amended.
3. Information we collect
We may collect the following categories of personal data:
- Identity and contact data: name, email, postal address, phone number
- Membership data received from Canoeing Ireland: date of birth, gender, qualification credentials, affiliation status
- Information you provide voluntarily through the contact form, membership applications, or trip sign-ups
- Communications: emails and messages you send us
- Photographs and video footage of club activities (subject to the consent process at section 8)
4. How we use your data and our legal bases
We process your data on the following legal bases:
- Contract (Art 6(1)(b) GDPR): membership administration, fee processing, trip allocation, certification tracking.
- Legitimate interests (Art 6(1)(f) GDPR): running club communications, organising events, sharing data with Canoeing Ireland for sport governance.
- Consent (Art 6(1)(a) GDPR): photography for marketing, optional newsletters, anything not strictly required to administer your membership. You can withdraw consent at any time.
- Legal obligation (Art 6(1)(c) GDPR): safeguarding records under the Children First Act 2015, incident reporting required by Canoeing Ireland or insurers.
5. Who we share data with
- Canoeing Ireland, the national governing body, for membership and sport administration. Affiliation requires the transfer of basic identity data and qualification credentials.
- Insurers, in the event of an incident or claim.
- An Garda Síochána, statutory agencies, or Tusla, where required by law for crime prevention, safeguarding, or member safety.
- Service providers we use to run the website, including our email-sending provider (Postmark, US-based) and hosting (within the EEA). See section 6 for transfer safeguards.
We do not sell your personal data and we do not use it for advertising profiling.
6. International transfers
Most data is held within the European Economic Area. Where a service provider is based outside the EEA (notably Postmark, our transactional email provider), the transfer is protected by the EU–US Data Privacy Framework and Standard Contractual Clauses approved by the European Commission.
7. Retention
- Member records: duration of membership, plus 7 years for insurance and incident-claim purposes.
- Enquiry and contact-form messages: 12 months from last contact.
- Safeguarding and incident records: until the subject reaches age 25 (longer for serious cases as required by law).
- Marketing-consent records: until you withdraw consent.
8. Children and junior members
Some of our members are under 18. Where the member is under 16, we require verifiable consent from a parent or guardian before processing their personal data. We process junior-member data in line with the Children First Act 2015 and Sport Ireland Safeguarding Guidance for Children and Young People in Sport. Photographs of junior members are not published without parental consent.
9. Cookies
This site sets only essential cookies needed to operate the member login and basic-access areas. We do not use analytics, advertising, or tracking cookies. If we add any non-essential cookie in future, we will request your consent through a cookie banner before setting it.
10. Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you (Article 15)
- Rectify inaccurate or incomplete data (Article 16)
- Erase your data, where applicable (Article 17)
- Restrict processing in certain circumstances (Article 18)
- Receive your data in a portable format (Article 20)
- Object to processing, including objection to direct marketing (Article 21)
- Withdraw consent at any time, where processing is based on consent (Article 7(3))
- Not be subject to automated decision-making. DKC does not carry out any automated decision-making.
To exercise any of these rights, email info@dublinkayakclub.ie. We will respond within one calendar month. We may ask you to verify your identity before releasing personal records.
11. Security and breach notification
We protect your data using industry-standard technical and organisational measures, including encryption in transit and at rest, access controls, and supplier review. We acknowledge that internet communications can never be fully risk-free. In the event of a personal data breach affecting your information, we will notify you and the Data Protection Commission within 72 hours as required by Article 33 GDPR.
12. Complaints
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Data Protection Commission (Ireland), 21 Fitzwilliam Square South, Dublin 2, D02 RD28. Tel: +353 (0)761 104 800. Web: dataprotection.ie.
13. Changes to this policy
We may update this policy from time to time. The current version is always available at dublinkayakclub.ie/privacy-policy, with the “Last updated” date at the top of the page.