DEVELOPMENT SERVER - Changes here do not affect the live site

Privacy Policy

Last updated: 27 February 2026

1. Who we are

CadetCore is a training management system operated by individual Sea Cadet units under the governance of the Marine Society & Sea Cadets (MSSC). Each unit is the data controller for the personal data it holds within the system. The unit administrator is responsible for managing data subject requests.

2. What data we collect

  • Cadet names and Westminster PINs (Personal Identification Numbers)
  • Training completion records, module progress, and syllabus data
  • Qualification awards and promotion history
  • Boating hours and activity logs
  • Staff/instructor names and email addresses

3. Why we collect it

Personal data is processed for the purpose of managing cadet training records, tracking syllabus progress, planning training sessions, and supporting promotion decisions within the Sea Cadet organisation.

4. Legal basis

We process personal data on the basis of legitimate interests (managing cadet training within MSSC governance) and contractual necessity (supporting the unit's obligations to MSSC for training delivery and reporting).

5. Data retention

Active cadet records are retained for as long as the cadet is enrolled at the unit. When a cadet leaves, their record may be deactivated and retained for a reasonable period before permanent deletion. Deleted records are removed from the live database but may persist in encrypted backups for up to 14 days until those backups expire.

6. Your rights

Under UK GDPR, data subjects have the right to:

  • Access - request a copy of all personal data held about them
  • Rectification - request correction of inaccurate data
  • Erasure - request deletion of their personal data
  • Portability - receive their data in a structured, machine-readable format

To exercise any of these rights, contact your unit administrator.

7. Data security

All personal data (names, PINs, and email addresses) is encrypted at rest using AES-256-GCM encryption. Data in transit is protected by TLS. Access to the system is controlled by role-based permissions with two-factor authentication.

8. Contact

For any data protection queries, please contact your unit administrator or the unit's commanding officer.