Website and Cookies Policy and Privacy Notice
1. Introduction
1.1. This policy applies to the GBWR group, as the group composition may vary from time to time; the GBWR group currently comprises Great Britain Wheelchair Rugby Limited and its subsidiary GBWR Trading Limited. All references to GBWR apply to the GBWR group.
1.2. We at GBWR (‘we’, ‘our’, or ‘us’) want to make sure all the personal information we have collected about you, is safe and secure whether we collect it through our website at https://gbwr.org.uk (‘Website’ or ‘Site’) or from other sources including, but not limited to, other websites we may operate (‘Websites or ‘Sites’). This policy set outs our commitments to you, in compliance with and beyond the General Data Protection Regulation (commonly known as the GDPR) and explains how we collect, store, and use your personal information.
1.3. We have not appointed a data protection officer to oversee our compliance with data protection laws as we are not required to do so, but our chief financial and operating officer has overall responsibility for data protection compliance in our organisation. If you have any questions about this policy or what we do with your personal information, contact details are set out in the ‘Contact’ section below.
2. Privacy notice
2.1. Collecting specific, relevant personal information is a necessary part of us being able to provide you with any services you may request from us or in providing services to our customers and members or just managing our relationship with you.
2.2. When we hold or use your personal information as a data controller (see below for a description of what this is) we will provide you with a privacy notice which sets out in detail what information we hold about you (such as your contact details, address, etc), how your personal information may be used, and the reasons for these uses, together with details of your rights.
2.3. Where we collect personal information from you directly, we will provide this privacy notice at the time we collect the personal information from you. Where we receive your personal information indirectly, we will provide this privacy notice when we first contact you, first pass the data to someone else or within a month, whichever is the earlier.
2.4. We will only provide this privacy notice to you once, generally at the start of our relationship with you. However, if the applicable privacy notice is updated substantially, then we may provide you with details of the updated version. You are encouraged to check back regularly for updates.
2.5. Copies of our current privacy notices can be found at our Site(s) or by contacting us at the contact details as set out in the ‘Contact’ section below.
2.6. Please note that it is possible for you to be covered by more than one privacy notice, for example you may be a member who visits our Site(s). In this example both our privacy notice and our website and cookies policy and privacy notice would apply to you.
3. The difference between data controllers and data processors
3.1. A data controller is a person who controls how personal information is processed and used. A data processor is a person who processes and uses personal information in accordance with the instructions of a third party, ie the data controller.
3.2. This distinction is important. You have certain rights in relation to your personal information, for example the right to be provided with the personal information held about you and details of its use and the right to have certain of your personal information either erased or anonymised, commonly referred to as the right to be forgotten (see below to see what rights you have). These rights can generally only be exercised against a data controller of your information.
3.3. In most cases we will be a data controller of your personal information. In any case where we are not a data controller this means that you cannot exercise these rights against us directly (ie where we only act as a data processor), but you can do so against the data controller (ie the person who controls how we process the personal information). In these cases we will endeavour to inform you who is the data controller of your personal information so that you can direct any such requests to them.
3.4. Also, it is only a data controller that will provide you with a privacy notice about your personal information, so where we process your personal information as a data controller we will provide you with a privacy notice. Where we process your personal information as a data processor for a third party, that third party should provide you with a privacy notice which will set out details regarding the processing of your personal information, which should also include the processing to be carried out by us on their behalf.
4. How do we use your personal information?
4.1. We will use your personal information as described in the privacy notice provided to you, but, for example, we may use your personal information to administer any account(s) you have with us or to send you information we think you might find useful, provided you have indicated that you are happy to be contacted for these purposes. To see how we use your personal information, please see our current privacy notices, which can be accessed at our Site(s) or by contacting us at the contact details as set out in the ‘Contact’ section below.
5. Who do we share your personal information with?
5.1. Details of how we disclose your personal information are set out in the relevant privacy notice provided to you, but generally it is where we need to do so in order to run our organisation (eg where other people process information for us). In such circumstances, we will put in place arrangements to protect your personal information. Outside of that we do not disclose your personal information unless we are required to do so by law, or otherwise where you have provided explicit consent for us to do so.
5.2. If we transfer personal information about you outside the European Economic Area (EEA), we will let you know and ensure that all reasonable security measures are taken and that any third-party processers will be required to process the information in accordance with information protection laws and we will notify you in your privacy notice if we are the information controller.
5.3. We do not sell, trade, or rent your personal information to others.
6. How long do we hold on to your personal information?
6.1. Further details of how long we hold onto your personal information for are set out in the relevant privacy notice provided to you, but we will only hold your information for as long as is necessary or, where you ask us to delete records, we may delete it earlier.
6.2. The duration for which we retain your personal information will differ depending on the type of information and the reason why it was collected. However, in some cases personal information may be retained on a long-term basis: for example, personal information that we need to retain for legal purposes will normally be retained for at least six years in accordance with usual commercial practice and regulatory requirements.
7. What are your rights?
7.1. Full details of your rights are set out in the relevant privacy notice provided to you, but you are entitled by law to ask for a copy of your personal information at any time. You are also entitled to ask us to correct, delete, or update your personal information, to send your personal information to you or another organisation and to object to automated decision making. Where you have given us your consent to use your personal information in a particular manner, you also have the right to withdraw this consent at any time.
7.2. To exercise any of your rights, or if you have any questions relating to your rights, please contact us by using the details set out in the ‘Contact’ section below. You can also unsubscribe from any direct marketing by clicking on the unsubscribe link in the marketing messages we send to you.
7.3. You should note that some of your rights may not apply as they have specific requirements and exemptions which apply to them and they may not also apply to personal information recorded and stored by us. However, your right to withdraw consent or object to processing for direct marketing are absolute rights.
7.4. If you are unhappy with the way we are using your personal information you can complain to the UK Information Commissioner’s Office or your local data protection regulator. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/. However, we are here to help and would encourage you to contact us to resolve your complaint first.
8. Linking with third party sites
8.1. Our Site(s) may, from time to time, contain links to and from the websites of our commercial partners, other international and national bodies, sponsors, donors, and clubs, and also to third-party websites which contain items of interest and relevance to the sport of wheelchair rugby and the GBWR group of companies. If you follow a link to any of these websites, please note that these websites have their own privacy policies and they will be a data controller of your personal information. We do not accept any responsibility or liability for these policies and you should check these policies before you submit any personal information to these websites.
8.2. In addition, if you linked to our site(s) from a third-party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third-party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.
9. Take-down policy
9.1. If you consider that the content of a resource within or accessed via, our site(s) infringes UK law, please notify GBWR by contacting info@gbwr.org.uk. Please include the URL of the resource and the reason for withdrawal.
9.2. Your complaint will be acknowledged and an initial assessment will be undertaken within five working days of GBWR staff become aware of the complaint. We aim to acknowledge and assess the complaint on the day of receipt or the next working day thereafter.
9.3. Where grounds for complaint are plausible, the material will be withdrawn from public view. It may be necessary for us to seek legal advice before the complaint can be fully resolved. If the complaint is well founded, the material will be permanently withdrawn from the Site(s). This will be agreed on a case-by-case basis.
10. Security
10.1. We employ a variety of technical and organisational measures to keep your personal information safe and to prevent unauthorised access to, or use, or disclosure of it. Unfortunately, no information transmission over the Internet is guaranteed to be 100% secure nor is any storage of information always 100% secure, but we do take appropriate steps to protect the security of your personal information. We take information and system security very seriously indeed and our Site(s) operate with an SSL certificate, as demonstrated by the padlock symbol in web browser address bars and the https protocol; these certificates are small data files which bind a cryptographic key to allow secure connections from web server to web browser.
11. Cookies
11.1. Certain parts of our Site(s) use ‘cookies’ to keep track of your visit and to help you navigate between sections. A cookie is a small data file that certain websites store on your computer’s hard drive (or other device, such as a smartphone) when you visit such websites. Cookies can contain information such as your user ID and the pages you have visited. The only personal information a cookie contains is information that you have personally supplied.
11.2. We use cookies on our Site(s) to enable us to deliver content that is specific to your interests and gives us an idea of which parts of the Site(s) you are visiting and to recognise you when you return to the Site(s). Reading cookies does not give us access to other information on your computer’s hard drive and our Site(s) will not read cookies created by other websites that you have visited.
11.3. You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. If, however, you select this setting you may be unable to access certain parts of the Site(s). Unless you have adjusted your browser settings so that it will refuse cookies, our system will issue cookies when you access the Site(s).
11.4. Please note providers of third-party content may also use cookies over which we have no control. For detailed information on the cookies we use and the purposes for which we use them see the tables below:
11.5. Cookies at gbwr.org.uk (including list-manage.com for MailChimp newsletter sign up)
| Name | Domain | Description | Duration | Type |
| _ga_* | .gbwr.org.uk | Google Analytics sets this cookie to store and count page views | One year, one month, four days | Analytics |
| _ga | .gbwr.org.uk | Google Analytics sets this cookie used to calculate visitor, session, and campaign data, and also keeps track of site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. | One year, one month, four days | Analytics |
| _abck | .list-manage.com | Akamai Bot Manager sets this cookie which is used to detect and defend when a client attempts to replay a cookie. This cookie manages the interaction with online bots and take the appropriate actions. | One year | Necessary |
| ak_bmsc | .us15.list-manage.com | Akamai Bot Manager sets this cookie which is used to optimise site security by distinguishing between humans and bots. | Two hours | Necessary |
| bm_sz | .list-manage.com | Akamai Bot Manager sets this cookie to manage the interaction with online bots. It also helps in fraud prevention. | Four hours | Necessary |
11.6. Cookies at wrquadnations.com
| Name | Domain | Description | Duration | Type |
| __cf_bm | .fonts.net | This cookie is set by Cloudflare to manage bot traffic and mitigate abuse. It helps distinguish legitimate visitors from automated ones for third-party font loading. | 30 minutes | Necessary |
| __cf_bm | .twitter.com | Similar to the above, but scoped to Twitter embeds — helps Cloudflare detect and filter bots interacting with embedded Twitter elements. | 30 minutes | Necessary |
| _ga | .wrquadnations.com | Installed by Google Analytics to distinguish users. This cookie generates a unique ID for each visitor and is used for analytics reports and traffic tracking. | One year | Analytics |
| _ga_FE356P8RKH | .wrquadnations.com | A Google Analytics cookie specific to a property (GA4). It stores session-level data such as timestamps and user behavior. | One year | Analytics |
| _gat | .wrquadnations.com | Google Analytics cookie used to throttle request rate — limits how often data is sent to GA. Useful on high-traffic sites. | One minute | Analytics |
| _gid | .wrquadnations.com | Another Google Analytics cookie — used to group user sessions for statistical tracking. | One day | Analytics |
| guest_id | .twitter.com | Set by Twitter when loading embedded tweets. It stores a unique ID for non-logged-in visitors to track interaction anonymously. | Six months | Marketing |
| guest_id_ads | .twitter.com | Twitter ad cookie — used to help display personalized Twitter ads based on past interaction with embedded tweets or Twitter links. | Six months | Marketing |
| guest_id_marketing | .twitter.com | A variant of guest_id used by Twitter for marketing tracking purposes (behavioral targeting). | Six months | Marketing |
| personalization_id | .twitter.com | Cookie set by Twitter to collect data on how embedded Twitter services are used, to personalize and optimize ads and content. | Six months | Marketing |
| PHPSESSID | .wrquadnations.com | A session cookie used by the server-side application (likely PHP) to maintain session state across pages, e.g. login status or form data. | Session (until browser close) | Necessary |
12. Log files
12.1. In common with most websites, our Site(s) logs various information about visitors, including internet protocol (IP) addresses, browser type, internet service provider (ISP) information, referring/exit pages, and date/time stamp.
12.2. We may use this information to analyse trends, administer the Site(s), track your movement around the Site(s), and gather broad demographic information.
13. Changes to this policy
13.1. Any changes we may make to this policy in the future will be posted on our Site(s) and, where appropriate in the case of material changes, notified to you by email wherever possible. Please check back frequently to see any updates or changes to this policy and should you object to any alteration, please contact us as set out in the ‘Contact’ section below.
14. Contact
14.1. In the event of any query or complaint in connection with the information we hold about you, please email us at info@gbwr.org.uk or write to us at GBWR, Rugby House, Twickenham Stadium, 200 Whitton Road, Twickenham, TW2 7BA.
14.2. Whilst this privacy policy sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.
V019 approved by the GBWR Board of Trustees at the board meeting held March 2025
To be reviewed by the GBWR Board of Trustees by March 2027
