Privacy Policy
What we collect, why, and how we look after it.
School Of Fish is committed to protecting and respecting your privacy. This policy explains how we collect, use, and protect the personal information of our learners, coaches, parents, guardians, and trainees.
For the purposes of the UK General Data Protection Regulation (UK GDPR), the Data Controller is School Of Fish Ltd, registered in England and Wales (company number 16920892), registered office 41 Harveys Close, Spalding, PE11 2NX, and registered with the Information Commissioner's Office (reference ZC160843).
Effective from May 2026. Jurisdiction: United Kingdom.
What We Collect
We collect different types of data depending on whether you're booking a session, enrolling in a coach training course, or joining a membership.
Personal Identification
- Parents, guardians and adults: name, address, email, phone number.
- Junior learners: name, date of birth (for age-appropriate supervision and rod licence compliance).
- Coach training candidates: name, address, email, phone, date of birth, angling experience.
Sensitive Information (Special Category Data)
Because of the physical nature of angling and our duty of care, we may collect:
- Medical information: allergies, physical disabilities, medication requirements, or learning differences (for example ADHD or autism) where these affect safety on the bankside.
- Dietary requirements: only if food is provided during a session.
- Criminal record data: for coach training candidates only, we process Enhanced DBS check data as required by law for working with children.
Financial Data
Payment details are processed securely via third-party providers (Stripe, PayPal). We do not store full card numbers.
Photos and Video
Photographs and short videos taken during sessions, used for marketing, social media, and training review (subject to your consent at booking).
Children's data. Where we hold data about anyone under 18, it is provided and consented to by a parent or guardian, and we handle it with care appropriate to their age, having regard to the ICO's Age Appropriate Design Code.
How We Collect Your Data
We collect data directly from you when you:
- Book a session, course, or membership through our booking platform.
- Complete a parental consent or medical disclosure form.
- Sign up for our newsletter or join the Coaches Community.
- Send us a message through the contact form on this site, email us, or message us on social media.
How We Use Your Data
Under UK GDPR, we must have a lawful basis for processing your data. The basis depends on what we're using it for:
- Processing bookings and payments. Lawful basis: contract. Necessary to deliver the service you've purchased.
- Ensuring safety (medical information). Lawful basis: vital interests in emergencies, plus explicit consent at the time of booking.
- Photography for marketing. Lawful basis: consent. You can opt in or out at booking and withdraw at any time.
- DBS checks for coach training. Lawful basis: legal obligation. Required for safeguarding children.
- Newsletters and updates. Lawful basis: consent if you opted in, or legitimate interest for existing customers regarding their bookings.
Data Sharing
We do not sell your data. We share it only with:
- Emergency services if an accident occurs on the bankside.
- Service providers who help us operate (booking software, payment processors such as Stripe and PayPal, accounting software). They process your data only for the specified purpose and in accordance with our instructions.
- Our contact form provider (Web3Forms), which delivers messages and form submissions sent through forms on our website to our inbox. They process the form data only to pass it to us, and hold a copy for a short period before it's deleted.
- Google Firebase, which stores the optional cloud backup for our World of Fish game. The backup is encrypted on the device before it is sent, holds only game progress (no name, age, or contact details), is keyed to a code rather than an account, and is deleted automatically after 24 months or by the player at any time. Firebase, and Google reCAPTCHA which guards it against abuse, are only contacted if a player chooses to back up.
- Accrediting bodies (1st4Sport) for the issue and validation of coach training qualifications.
- Regulatory authorities (the Environment Agency, the Information Commissioner's Office, or relevant safeguarding authorities) where legally required.
International transfers. Some of our providers (for example Stripe, PayPal, and Cloudflare) may process data on servers outside the UK. Where they do, that data is protected by appropriate safeguards, such as UK adequacy regulations or standard contractual clauses.
How Long We Keep It
We keep personal data only for as long as needed for the purpose it was collected, plus any legal, accounting, or insurance requirements:
- Standard booking data: retained for 6 years after the last booking for tax and accounting purposes.
- Medical and consent forms: destroyed shortly after each session, unless an incident occurred. Incident-related records are kept for 7 years in line with insurance requirements.
- Coach training records: retained for 7 years after qualification or course end, whichever is later.
- Unsuccessful coach applicants: details deleted after 12 months.
- Marketing data: retained until you withdraw consent or unsubscribe.
Security
We've put appropriate security measures in place to prevent your personal data from being lost, used, or accessed in an unauthorised way:
- Paper forms (such as bankside medical sheets) are kept in a secure folder by the lead coach and destroyed or filed securely after each session.
- Digital data is stored on password-protected, encrypted systems.
- Access is limited to staff who need the data to do their job.
Your Rights
Under UK GDPR, you have the right to:
- Request access to the personal data we hold about you (a Subject Access Request).
- Request correction of any inaccurate data.
- Request erasure of your data, subject to our legal retention requirements.
- Object to your data being processed (for example for marketing).
- Withdraw consent at any time where we rely on consent (for example photography).
To exercise any of these rights, email info@schooloffish.co.uk.
Third-Party Links
Our site may include links to third-party websites (the Angling Trust, Environment Agency, and others). We don't control these sites and we're not responsible for their privacy practices. Check their own privacy policies before sharing data with them.
Cookies & Analytics
This site doesn't use cookies. We use Cloudflare Web Analytics to count visits and see which pages get read, so we know what's useful. It's cookieless, doesn't track individual visitors, and collects no personal data. Nothing is stored on your device, and there's nothing you need to accept or opt out of.
Changes to This Policy
We may update this policy from time to time. The current version is the one published on this page. Significant changes will be notified by email to active customers.
Contact & Complaints
Questions about this policy? Email info@schooloffish.co.uk and we'll come back to you.
You have the right to complain to the Information Commissioner's Office (ico.org.uk). We'd appreciate the chance to address your concerns first.