Updated Nov 2018
Data Controller: Simon Gustafson
What this Notice is about
This Privacy Notice tells you what information we obtain and hold about you as a member of Swimabout Swim School. It explains what information we collect, why we collect it, and what we do with it, as well as who we share it with. We collect and handle personal information about our students to enable us to provide swimming lessons. We call this information “your information”. It is also referred to as “data”. You should read this notice when you give us information so you are aware of how and why we are using this. Please update us if any information supplied by you changes.
What Information do we collect about you?
When you join Swimabout you are asked to complete a Registration form which contains the following pertinent data about you and your child:
- Contact details (telephone, email)
- Health issues
What do we do with this data?
Under data protection legislation we can only process data “as necessary” and only to the extent that it is needed. This data is used to:
- Maintain records of our students for the purposes of administration, assessment of abilities/awards, their history within our swimschool
- Ensure our staff are fully aware of any health issues which they need to be aware of when teaching your children
- Communicate with yourselves
We do NOT share this data with anyone else other than members of Swimabout staff and would not (upon request by anyone else) without your explicit permission.
Exceptions would be made if emergency services require the information and you are not available to provide permission or the information which we may have at the time (such as known health issues, next of kin contact details for example).
Storage and security of data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees or contractors and other third parties who have a business on a need to know basis only. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
All our information is stored securely electronically on private, mostly non-cloud based servers or devices. Certain information is also retained on a secure basis in hard copy format.
- Email – Our email system is based on a private secure network, not based in the EU.
- Mobile – Messages and contacts are on an encrypted personal phone which is backed up to the Cloud.
- Electronic Records – All databases containing the information are held on a secure private network, not based in the EU.
- Paper Records – All paper records are secured in an appropriately secure environment and are destroyed after 3 years post students leaving the swim school.
It is in our legitimate interests to maintain an accurate record of communications in all forms which you have with us. We need these records for our ongoing dealings with you, for example, in order to manage your child’s progress within the school, and for our data protection obligations.
Length of storage of data
Data can only be stored on a time limited basis and not indefinitely. We will hold personal data about you for the duration of your child learning with our swim school and for a period of three years following. We are also required to retain some financial information for up to six years for tax purposes.
Where we hold personal data about you or your child, you are the ‘data subject’. Data protection legislation gives you a number of rights. To exercise any of these rights you should contact us. You can do so by email at the address given above or you can telephone us on the number given above. You can also write to us at our address given at the top of this notice. No fee is payable. In particular you have a right to object to the processing of your information where we are processing this in our own legitimate interests. This applies if you feel that this impacts on your own interests or your fundamental rights or freedoms.
These rights are as follows –
- Access – you have the right to make a request to be told what personal data we hold about you. This is a right to obtain confirmation that data has been processed and to have access to your personal data and the right to information details which should be provided with the privacy notice.
- Correction/Rectification – if you consider any data we hold about you is inaccurate you can tell us so that where appropriate this can be corrected. Where a mistake is made in data processing then you can ask to have it rectified.
- Erasure – you have a right to ask us in certain circumstances to erase any data we hold about you (the so called right to be forgotten). Individuals can request the right to have personal data erased to prevent processing in specific circumstances, i.e. it is no longer necessary, consent has been withdrawn, there is an objection and where applicable your rights etc., override the legitimate interests to continue our processing, or data has been unlawfully processed.
- You can object to our processing of data – this allows you to object to our processing of data about you/your child. We must then stop processing data unless we can establish legitimate reason for continuing. In particular this applies where we are relying on our own legitimate interests or those of a third party to process data but it can also apply in other situations.
- Restricting processing – you can ask us to suspend processing of your personal data and we must then restrict processing of data. This includes where you are contesting the accuracy of a statement or the lawfulness of the processing.
- Data portability – this allows individuals to reuse their personal data for their own purposes across different services allowing them to move, copy or transfer personal data more easily.
By signing the Registration form providing us with these details you are forthwith deemed to have provided your consent for us to collate and use the data provided by yourself for our legitimate business purposes.
Withdrawal of consent
Where your consent provides us with the legal gateway to process data about you, you can withdraw this at any time by telling us by email or post using the telephone/addresses given above.
We operate our own internal complaints policy and if you have any concerns about the way in which we collect or handle data please contact us.