Who we are

Our website address is: https://shinshinaikido.co.uk

Shin Shin Aikido is a UK-based martial arts association and club. We are the data controller responsible for the personal data collected through this website.

Membership data we collect

When you register as a member or purchase a membership through this website, we collect personal information necessary to manage your membership and provide club services. This may include:

  • Name
  • Email address
  • Date of birth
  • Membership type and status
  • Login credentials (stored securely)
  • Club or association information
  • Order and membership history

This data is collected so we can administer memberships, manage access to member-only content, communicate with members, and meet our contractual obligations to you.

Lawful basis for processing

We process your personal data under the following lawful bases as defined by UK GDPR:

  • Contractual necessity – to provide membership services you have signed up for
  • Legitimate interest – to manage the club, communicate with members, and maintain accurate records
  • Legal obligation – where required for accounting or regulatory purposes

Payments

Membership payments and course bookings are processed securely via third-party payment providers. We do not store or process full card details on our servers.

We retain transaction records (such as order references, amounts, and dates) for accounting and audit purposes, in line with UK legal requirements.

Comments

When visitors leave comments on the site, we collect the data shown in the comments form, as well as the visitor’s IP address and browser user agent string to help with spam detection.

An anonymised string (hash) created from your email address may be provided to the Gravatar service to check if you are using it. The Gravatar service privacy policy is available at:
https://automattic.com/privacy/.

After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS). Visitors to the website can download and extract any location data from images on the site.

Cookies

If you leave a comment on our site, you may opt in to saving your name, email address, and website in cookies. These cookies last for one year.

If you visit our login page, we set a temporary cookie to determine whether your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we set cookies to save your login information and screen display preferences. Login cookies last for two days, screen option cookies last for one year, and “Remember Me” logins last for two weeks. Logging out removes login cookies.

If you edit or publish an article, an additional cookie is saved indicating the post ID. This cookie expires after one day.

Embedded content from other websites

Articles on this site may include embedded content (for example videos or images). Embedded content behaves in the same way as if you visited the third-party website directly.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that content.

Who we share your data with

We do not sell or rent member data.

Your data may be shared only where necessary with:

  • Website service providers
  • Payment processors
  • Spam detection services

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

  • Membership data is retained for the duration of your membership
  • Financial and transaction records are retained for up to 6 years to comply with UK accounting and tax requirements
  • Inactive accounts may be anonymised or deleted after a reasonable period

What rights you have over your data

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request erasure of your data (where legally permissible)
  • Object to or restrict certain types of processing

This does not include data we are required to retain for legal, administrative, or security purposes.

Where your data is sent

Visitor comments may be checked through an automated spam detection service. Data may be processed within the UK or the EEA, or by service providers that comply with UK GDPR requirements.

Contact and data protection queries

If you have any questions about this privacy policy or how your data is handled, or if you wish to exercise your data protection rights, please contact us at:

senseihughes@outlook.com