Privacy Policy
Last updated: December 2025
1. Who We Are
All Thing z Sailing ("we", "our", "us") operates the website allthingzsailing.com. We are the data controller responsible for your personal data.
For any questions about this privacy policy or our data practices, please contact us via our contact form.
2. Information We Collect
We collect and process the following types of personal data:
2.1 Information You Provide
| Data Type | When Collected | Purpose |
|---|---|---|
| Name, Email | Contact form submissions | To respond to your enquiries |
| Website URL, Name, Description | Website submissions | To review and list websites in our directory |
2.2 Information Collected Automatically
| Data Type | Purpose |
|---|---|
| IP Address | Security, rate limiting, fraud prevention |
| Browser type, device information | Technical functionality, analytics |
| Pages visited, time spent | Improving our service |
3. Legal Basis for Processing
Under UK GDPR, we process your personal data based on the following legal grounds:
- Consent: When you submit a contact form or website suggestion (Article 6(1)(a))
- Legitimate Interests: For website security, analytics, and service improvement (Article 6(1)(f))
- Legal Obligation: Where required by law (Article 6(1)(c))
4. Cookies and Similar Technologies
We use cookies and similar technologies on our website:
4.1 Essential Cookies
These are necessary for the website to function and cannot be disabled:
- Session Cookie: Maintains your session while browsing (expires on browser close)
- CSRF Token: Protects against cross-site request forgery attacks
4.2 Functional Cookies
- Cookie Consent: Remembers your cookie preferences
You can manage cookies through your browser settings. Note that disabling essential cookies may affect website functionality.
5. How We Use Your Data
We use your personal data to:
- Respond to your enquiries and messages
- Process website submissions for our directory
- Maintain and improve our website
- Protect against fraud, spam, and abuse
- Comply with legal obligations
We do NOT:
- Sell your personal data to third parties
- Use your data for automated decision-making or profiling
- Send marketing emails unless you explicitly consent
6. Data Sharing
We may share your data with:
- Hosting Providers: To store and serve our website
- Law Enforcement: If legally required to do so
We do not share your personal data with any other third parties.
7. International Data Transfers
Your data is primarily processed within the United Kingdom and European Economic Area (EEA). If any data is transferred outside these regions, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the UK ICO
- Adequacy decisions by the UK Government
8. Data Retention
We retain your personal data only as long as necessary:
| Data Type | Retention Period |
|---|---|
| Contact form messages | 2 years, or until resolved |
| Website submissions | Indefinitely if approved; 1 year if rejected |
| Server logs (IP addresses) | 90 days |
9. Your Rights Under UK GDPR
Under UK data protection law, you have the following rights:
- Right of Access: Request a copy of your data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion of your data
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
To exercise any of these rights, please contact us via our contact form. We will respond within one month.
10. Children's Privacy
Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us.
11. Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- HTTPS encryption for all data transmission
- Secure password hashing for administrative access
- Rate limiting to prevent abuse
- Regular security reviews
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
12. Third-Party Links
Our directory contains links to external websites. We are not responsible for the privacy practices of these third-party sites. We encourage you to read their privacy policies before providing any personal data.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. For significant changes, we may provide additional notice.
14. Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113
15. Contact Us
For any questions or concerns about this Privacy Policy or our data practices, please contact us through our contact form.