Privacy Policy
Head of The Cork
Last updated: May 2026
1. Who We Are
Head of The Cork is a rowing competition held at Herdade da Cortesia, Avis, Portugal. This privacy policy explains how we collect, use, and protect your personal data when you visit our website or make a booking to participate in our event.
If you have any questions about this policy or how we handle your data, please contact us:
[Head Of The Cork]
Email: [email protected]
Herdade da Cortesia, Avis, 7480-102 Portugal
2. What Data We Collect
Information You Give Us
Via the contact form on our website, we collect:
- Your name
- Your email address
- Any other information you choose to include in your message
Via our booking system (BookWhen), when you register for the event, we collect:
- Your name, email address, and other details required to process your entry (such as club affiliation, boat category, and crew details)
- Payment information — this is handled securely by BookWhen and their payment providers; we do not store card details ourselves
Information Collected Automatically
When you visit our website, we use Google Analytics to collect anonymous usage data, including:
- Pages visited and time spent on each page
- Your general geographic region
- The type of device, browser, and operating system you are using
- How you arrived at our website (e.g. via a search engine or a link)
This data is aggregated and does not identify you personally. It is used solely to help us understand how our website is being used and to improve the experience for visitors.
3. Legal Basis for Processing Your Data
We process your personal data on the following legal grounds under the General Data Protection Regulation (GDPR):
|
Data |
Legal Basis |
|
Contact form submissions |
Legitimate interests — to respond to your enquiry |
|
Event registration and booking data |
Contract — to process your entry and organise your participation in the event |
|
Google Analytics data |
Legitimate interests — to improve our website |
4. How We Use Your Data
We use the data we collect to:
- Respond to messages and enquiries submitted through our contact form
- Process event registrations and manage participant information
- Communicate with you regarding your entry, event schedule, and any updates
- Understand how visitors use our website and improve its content and usability
We do not use your data for marketing purposes, and we do not sell, rent, or share your personal information with third parties except as described in Section 5.
5. Third-Party Services
BookWhen (Booking System)
We use BookWhen as our online booking and event registration platform. When you register for Head of The Cork, your booking data is processed through BookWhen’s platform.
Head of The Cork is the data controller for your registration data. BookWhen acts as our data processor, handling that data on our behalf in accordance with our instructions and a formal Data Processing Agreement.
BookWhen also processes certain data in its own capacity as a data controller — for example, data relating to your use of the BookWhen platform itself. For full details, please read the BookWhen Privacy Policy.
BookWhen is certified to ISO 27001 and Cyber Essentials Plus and takes appropriate security measures to protect your data. They are based in Oxford, England, and have appointed an EU GDPR Article 27 representative in Dublin, Ireland.
Payments made through BookWhen are processed by Stripe. Card details are encrypted and never stored by BookWhen or us directly.
Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses cookies and similar technologies to collect and analyse anonymous information about website use.
You can opt out of Google Analytics tracking at any time by installing the Google Analytics Opt-out Browser Add-on. For more information, see Google’s Privacy Policy.
6. International Data Transfers
The Head of The Cork event takes place at Herdade da Cortesia, Avis, Portugal.
Some of our third-party service providers (including Google and BookWhen’s sub-processors) may transfer data outside the European Economic Area (EEA). Where this occurs, appropriate safeguards are in place — such as the European Commission’s Standard Contractual Clauses (SCCs) — to ensure your data remains protected to EEA standards.
7. How Long We Keep Your Data
- Contact form enquiries: Retained for as long as is necessary to respond to your query, typically no longer than 12 months.
- Event registration data: Retained for the duration of the event and for a reasonable period thereafter, typically 2 years, to handle any queries, disputes, or regulatory requirements.
- Google Analytics data: Retained for 26 months in line with Google’s default settings.
8. Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — ask us to correct inaccurate or incomplete data
- Right to erasure — ask us to delete your personal data in certain circumstances
- Right to restrict processing — ask us to limit how we use your data
- Right to object — object to our processing where we rely on legitimate interests
- Right to data portability — request your data in a structured, machine-readable format
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.
You also have the right to lodge a complaint with the relevant supervisory authority:
- Portugal: Comissão Nacional de Proteção de Dados (CNPD) — [email protected]
- UK: Information Commissioner’s Office (ICO) — 0303 123 1113
9. Data Security
We take reasonable technical and organisational measures to protect your personal data from unauthorised access, loss, or misuse. Our website is served over HTTPS. Booking and payment data is handled through BookWhen’s secure, ISO 27001-certified platform.
If you have reason to believe your data has been compromised, please contact us immediately.
10. Children
Our event may involve participants under the age of 18. If you are entering a minor into the event, you must do so as their parent or legal guardian and you consent to the processing of their data as described in this policy on their behalf. We do not knowingly collect personal data from children directly without parental consent.
11. Changes to This Policy
We may update this privacy policy from time to time. When we do, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.
12. Contact
If you have any questions, concerns, or requests relating to this privacy policy, please contact:
Head Of The Cork
Email: [email protected]
Herdade da Cortesia, Avis, 7480-102 Portugal