Privacy Policy


We really do care about your data and privacy. We want to provide you, our customers, with useful and relevant information without infringing on privacy and in accordance with GDPR.

The right to be informed covers some of the key transparency requirements of GDPR. It is about providing people with clear and concise information about what we do with their personal data. Articles 13 and 14 of the GDPR specify what individuals have the right to be informed about. This is called this ‘privacy information’.

Who we are

We (or “us”) are references to Smiling Barracuda. For the purpose of the Data Protection Act 1998 (the “Act”), the data controller is Smiling Barracuda, a registered limited company (Registered in England No. 10494820) whose registered address is 68 Mayford Road, London, United Kingdom, SW12 8SN.

By contacting us, using our Services or visiting our website, which is owned and controlled by us (“our site”), you are accepting and consenting to the practices described in this policy unless you inform us otherwise.

The purposes of data processing

If you complete a form on any of our websites in order to access our services, or by corresponding with us by phone, e-mail or otherwise, the personal data you provide may be collected by Smiling Barracuda.  This includes information you provide if you apply to our programme, register your interest to receive our newsletter, enquire for general information or post content to a website. The information you give us may include your name, employer, job title, email address and phone number.

The purpose of this processing:

The data given as stated above will be stored by Smiling Barracuda (unless you notify us that you no longer wish us to retain such information, in which case it will be deleted). Smiling Barracuda will only use this data in order to contact you (by email or telephone) on the basis of legitimate interest. If you do not wish to receive certain content you can let us know at [email protected].  

The legitimate interests for the processing:

Article 6.1 of the GDPR defines the lawful grounds for data processing as follows:

Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

Smiling Barracuda will contact you via email, telephone or post, with information that we believe is relevant to you (for the programme and its relevant resources content). You will need to notify us if you do not want to receive this particular information at [email protected]. In which case your profile will be updated.

Should you request us to amend your data, we will endeavor to do so within 1 week of you notifying us. If you wish to be deleted from our database, you will need to notify us. In both instances this update will take effect within 1 week of you notifying us. However, you may receive communications for this transitional period while we process your record.

Smiling Barracuda will also use the information in aggregate form (i.e. so that no individual users are identifiable) to determine demographic profiles in order to: develop marketing profiles and assist in strategic development, enable site audits to be performed and enable Smiling Barracuda to review, develop and improve the services which it offers.

In addition, Smiling Barracuda will use your information to notify you about changes to our services.

The lawful basis for the processing

The Data Protection Act 1998 requires us to process personal data fairly and lawfully. In practice, it means that Smiling Barracuda must

  • Have legitimate grounds for collecting and using the personal data.
  • Not use the data in ways that have unjustified adverse effects on the individuals concerned.
  • Be transparent about how we intend to use the data and give individuals appropriate privacy notices when collecting their personal data.
The categories of personal data obtained

Should Smiling Barracuda obtain information from third-party associations we will provide the individual with privacy information within a reasonable period of time of obtaining the personal data and no later than one month.

The recipient or categories of recipients of the personal data

The Data Protection Act 1998 provides that Smiling Barracuda’s notification of processing must include “a description of any recipient or recipients to whom the data controller intends or may wish to disclose the data”. We will only share contact information with specific third parties of the programme or club (such as sponsors of the programme to which you are registered), for a one time only basis. If you wish to opt out please email [email protected]  

For any third party that Smiling Barracuda shares data with where that third party is a Processor as defined under GDPR, an appropriate Data Processing Agreement is in place. In this regard, Utterly Events are the event management agency who run the operations for all Smiling Barracuda events, and therefore have an appropriate agreement in place. You can find Utterly Events own privacy policy here:

Smiling Barracuda will not sell personal data in any form, including mailing lists. All its data are for the purpose of the club and programme only.

The retention periods for the personal data

Smiling Barracuda take all reasonable action to ensure that the information we collect and use is accurate, complete and up to date. However, the accuracy of the information depends to a large extent on the details you provide. That’s why we recommend that you keep us up to date with changes to your personal details/preferences and let us know if there are any errors in our information. We perform regular reviews of our data and records retained are not kept for longer than necessary.

The rights available to individuals in respect of the processing

The GDPR provides the following rights for individuals:

  • The right to be informed: See section 2 on the right to be informed about the collection and use of your personal data.
  • The right of access: You have the right to access your personal data. A copy of the information can be accessed free of charge.
  • The right to rectification: You can make a request for rectification at anytime.
  • The right to erasure: Also known as ‘the right to be forgotten’. You can make a request for erasure at any time.
  • The right to restrict processing: You can make a request for restriction at any time.
  • The right to data portability: You can request to obtain and reuse your personal data for your own purposes across different services.
  • The right to object: You have the right to object to the processing based on legitimate interests.

For any of the above rights available, you can inform us verbally or in writing or by emailing us at [email protected] and we will respond to this request within one month of receipt.

The right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes GDPR. You can do so by contacting the Information Commissioner’s Office (ICO).

How do we protect your information?

The data that we collect from you will be stored within Europe. By providing us with your personal data, you agree to this storing and/or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on secure servers hosted by a third-party within Europe. This third-party has no permission to use this data.

Any country outside of the EEA / EU we share data with will be compliant with the level of security required for companies within; this includes ensuring companies in the US are members of the Privacy Shield scheme and other companies outside the US have contractual obligations in place to provide the same security.

Unfortunately, the transmission of data and information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted via our Services or sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.


A cookie is a small text file that is downloaded onto ‘terminal equipment’ (e.g a computer or smartphone) when the user accesses a website. It allows the website to recognise that user’s device and store some information about the user’s preferences or past actions. When cookies can identify an individual via their device, it is considered personal data. This includes cookies for analytics, advertising and functional services, such as survey and chat tools.

Implied consent is no longer sufficient. Consent must be given through a clear affirmative action.
‘By using this site, you accept cookies’ messages are also not sufficient for the same reasons. If there is no genuine and free choice, then there is no valid consent. We make it possible to both accept or reject cookies. This means: It must be as easy to withdraw consent as it is to give it. If we want to tell people to block cookies if you don’t give your consent, we must make them accept cookies first.

We may use “session” cookies on the website. We will use the session cookies to: keep track of your user navigation. Session cookies are deleted from your computer when you close your browser.

We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google’s privacy policy is available at:

Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third-party cookies. Blocking all cookies will, however, have a negative impact upon the usability of many websites.

Contacting us

If you have any questions or concerns about Smiling Barracuda.’s use of your personal information, please email [email protected] or write to: 68 Mayford Road, London, United Kingdom, SW12 8SN.

Unsubscribe from our newsletter

If you wish to no longer receive email newsletters from us, you can remove your email from our database here.