Last Updated: 16 Nov 2020
Our website may provide links to third party websites. We are not responsible for the conduct of third party companies linked to the website and you should refer to the privacy notices of these third parties about how they may handle your personal information.
2. Who we are
Swim121, Mansfield Road, Chesterfield, S41 0JN
Swim121 determine the purposes and means of gathering and using your personal data, we are considered “data controllers” of your personal data.
3. How your personal data is collected
We may collect personal data about you when:
• the personal data is provided to us by you (e.g. when you contact us by email or telephone)
• the personal data is collected in the normal course of our relationship with you (e.g. when you sign up to become a member, make a booking, make a payment or purchase products or services);
• the personal data has been made public by you (e.g. contacting Swim121 via a social media platform);
• the personal data is received by us from third parties (e.g. parents and guardians or local authorities);
• the personal data is received from trusted suppliers (e.g. payment providers, marketing agencies);
• the personal data is collected via our IT systems (e.g. our website, CCTV surveillance, mobile applications); and
• the personal data is created by us, such as records of your communications with us including complaints.
Cookies are small text files that are downloaded onto your device when you visit a website. Our website itself does not store any cookies for the user, however our google analytics do store tracking scripts.
5. Personal data collected
The categories of personal information about you which we may collect and use includes:
• Personal details: title, full name, home address, telephone and mobile numbers, email address, gender, date of birth, age.
• An emergency contact detail: full name, relationship to you and mobile telephone numbers.
• Internal Identifiers: consent forms, membership identification number, customer card.
• Financial Details: purchase transaction history.
• Correspondence: details of referrals and other contact and correspondence with you.
• Services Usage: service usage statistics.
• Preferences: permissions, or preferences that you have specified, such as whether you wish to subscribe to our mailing list or agree to our terms and conditions.
• Incident History: health and safety accidents, security incidents, accident information, complaints communications, insurance claims history, reports and notes about health, treatment and care including details about hospital and doctor’s clinic visits.
• Special Category Personal Data: health and medical information.
• Website Access Details: your computers unique identifier (e.g. IP Address), the date and time you accessed the Website.
The provision of some information is optional, but, in certain circumstances we will not be able to deliver the services and/or products you have requested if we are not provided with all relevant personal data.
6. How and why we use your personal data
Data protection and privacy laws requires companies to have a “legal basis” or “lawful ground” to collect and use your personal information. Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:
• we have obtained your prior consent, including for direct marketing;
• we need to use your personal information in connection with the swimmer undertaking pool instruction.
• we need to use your personal information for our legitimate interest or those of a third party (and our interests are not overridden by your data protection rights), such as for monitoring service quality and business procedure compliance.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We carry out balancing tests for all the data processing we do based of our legitimate interest and you can obtain information on our balancing tests by contacting us on the details below.
Below is a summary of how we use and the legal basis we rely on to use your personal data (please refer to section 7 below for details about how we handle your special category personal data):
What we use your personal information for
Provision of services: for the administration and delivery of swimming tuition services to you including processing your membership application or booking, communicating with you and providing customer service.
• The use is necessary in connection with the performance of our contract with you or to take steps at your request prior to entering into a contract with us; or
• For our legitimate interests or those of a third party to provide the requested services and respond to any complaints or comments you may send us.
• For our legitimate interests or those of a third party to support our administrative and business functions.
• Pre Assessment lessons: details collected prior to starting membership and/or swim programme with us in order to assess activity requirements.
For our legitimate interests or those of a third party to provide information to our insurers;
For our legitimate interest or those of a third party to assist with providing safe and professional swim guidance and programming.
Fraud detection: to prevent and detect fraud against you, such as providing proof of identity if you request a copy of your data.
For our legitimate interests or those of a third party to minimise fraud that could be damaging for us and for you; or
To comply with our legal and regulatory obligations.
Safety: to ensure safe working practices and working environment.
To comply with our legal and regulatory obligations; or
For our legitimate interests or those of a third party by making sure we are following our own internal procedures and working efficiently and safely so we can deliver the best service to you.
Security: for security purposes, such as preventing unauthorised access and modifications to systems and protecting our staff, premises and vehicles.
For our legitimate interests or those of a third party to prevent and detect criminal activity.
For our legitimate interests or those of a third party to protect the well-being of our staff and ensuring the physical and electronic security of our business, premises and assets; or
To comply with our legal and regulatory obligations
IT and website operations: for the operation and management of our websites and IT systems, providing content and communicating with you and ensuring the security and availability of our IT systems.
For the performance of our contract with you or to take steps at your request before entering into a contract; or
For our legitimate interests or those of a third party to operate our websites and IT systems including reporting faults.
Marketing: to promote our services via by email, telephone, social media, post or in person or otherwise but ensuring that such communications are provided to you in compliance with applicable law.
For our legitimate interests or those of a third party for the purpose of promotion; or
We have obtained your prior consent
Internal compliance: to ensure business policies are adhered to, such as policies covering security and internet use.
For our legitimate interests or those of a third party for the purposes of ensuring we are following our own internal procedures to deliver the best service to you.
Investigations and complaints management: to detect, investigate and/or prevent breaches of policy, complaints, claims, incidents and criminal offences.
For our legitimate interests or those of a third party to detect and protect against breaches of our policies, applicable laws and for the establishment, exercise or defence of legal claims; or
For our legitimate interests or those of a third party to establish the facts in the event of a complaint, claim or query from a caller;
To comply with our legal and regulatory obligations.
Compliance: compliance with our legal and regulatory obligations such as Health and Safety, including maintaining an internal record of compliance.
To comply with our legal and regulatory obligations; or
For our legitimate interests or those of a third party for the purpose of maintaining a record of compliance with our legal and regulatory obligations.
Legal Proceedings: establishing, exercising and defending legal rights.
To comply with our legal and regulatory obligations; or
For our legitimate interests or those of a third party for the purpose of establishing, exercising or defending our legal rights.
Business Analysis: for business management and operational reasons.
For our legitimate interests or those of a third party to provide an efficient and high quality service to you.
Business Reorganisation: to share with third parties, the event of a change of management, sale, merger, reorganisation or similar event.
For our legitimate interests or those of a third party to assist with the sale or potential sale, change of management or reorganisation of our business.
Quality and Training: for quality assurance and staff and supplier training purposes.
For our legitimate interests or those of a third party to monitor and assess the quality of our service delivery (including compliance with our customer service standards) and to provide training from time to time to those staff involved in the provision of our services as required;
Record maintenance: to update and enhance customer records.
For the performance of our contract with you or to take steps at your request before entering into a contract;
To comply with our legal and regulatory obligations; or
For our legitimate interests or those of a third party to support our administrative and business functions.
Research: to conduct market or customer satisfaction research, statistical analysis to help us manage our business such as analysing gym usage or engaging with you to obtain your views on our products and services.
For our legitimate interests or those of a third party to provide an efficient and high quality service to you; or
We have obtained your prior consent.
Risk management: audit, compliance, controls and other risk management.
For our legitimate interests or those of a third party to manage risks to which our business and staff are exposed.
7. When is special category personal data collected and used?
Special categories of information is given to certain kinds of personal data that is particularly sensitive and requires higher levels of protection. This is information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, trade union membership.
We may from time to time request that you provide special category personal information. We will primarily collect and use this information in the following scenarios:
• ask you about health concerns or disabilities when signing up for membership so that we can ensure that what we deliver is both suitable and tailored to you.
• request to record your ethnicity so that we can compare in aggregate our membership base with the local population to ensure we’re representing our local communities.
• you may choose to share special category information in your communications with us.
We need to have further justification for collecting, storing and using this type of personal information, in addition to having one of the general bases set out in section 6 above. Where required by applicable laws, we will take steps to have in place an appropriate policy document and safeguards relating to the processing of such personal information.
Where we do collect and handle special category personal information, we will only handle that information in accordance with applicable law, including where:
• we have your explicit consent – including where you voluntarily provide us with that information
• processing is necessary for the establishment, exercise or defence of legal claims; or
• processing is necessary for reasons of substantial public interest such as preventing and detecting unlawful acts of fraud.
Less commonly, we may process this type of information where it is needed to protect your vital interests (or someone else's vital interests) and you are not capable of giving your consent, or where you have already made the information public.
8. Direct marketing
We may use your personal information to send you updates (by email, telephone, push notifications, post or text message) about our services including exclusive offers, promotions or products where you as a consumer have consented for us to do so.
To protect your privacy rights and to ensure you have control over how we market to you:
At any time you can update or correct your personal profile, or change your preferences for the way in which you would like us to communicate with you, including how you receive details of latest offers or news from us;
• If you have an online account with us, the easiest way to make updates to your marketing preferences and/or change your personal details is to log onto your account.
• You can opt out of receiving marketing communications from us at any time by:
• You can also click the "unsubscribe" link that you find on any online newsletters or marketing communication you receive;
• disabling push notifications within the setting screen of our customer login pages.
• sending us an email to firstname.lastname@example.org. Please ensure your correspondence is marked ‘Unsubscribe: Marketing Contact List’ and include your full name, email and telephone number to ensure your details are fully deleted from our direct marketing system (please specify whether you would like us to stop all forms of marketing or just a particular type of marketing)
• by replying STOP to any of our text messages
• call us directly and speaking to a member of our team on 01246 208995 or in person at the front desk on your next visit.
• We will not sell your information, or share with other organisations without your prior permission for marketing purposes. We will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you.
We currently have closed circuit television (CCTV) operating on our premises - carpark and outside reception area. The information processed may include visual images of personal appearance and behaviours in the immediate vicinity of the area under surveillance.
We display signs to inform visitors and staff that they are under surveillance and may be video. This information is kept in secure environments and access is restricted to designated staff and any use shall be in compliance with Swim121 security and privacy policies.
We retain CCTV recordings centrally for up to 31 days, and for a longer period if they are relevant to an incident, complaint, investigation, legal proceedings or for as long as legally required by regulatory bodies and law enforcement agencies.
10. Children’s information
Our services may be booked directly and used by individuals aged 16 years or over. We do not knowingly collect or solicit personal information directly from anyone under the age of 16 or knowingly allow such persons to provide us with their personal information without parent or guardian consent.
If you are under 16, do not send any information about yourself to us, including your name, address, telephone numbers, or email address, unless you have your parent's or guardian's permission.
In the event we learn that we have collected personal information from anyone under the age of 18, and do not have a parent or guardian's consent, we will delete that information as quickly as possible.
If you have any concerns, please contact via the details in section 17.
11. Sharing your personal information with others
We will only disclose personal information to a third party in very limited circumstances, or where we are permitted to do so by law. The third parties to whom we provide your personal data include:
Organisations within Swim121, where such disclosure is necessary to provide you with our services or to manage our business;
• with third parties who help manage our business and deliver services (e.g. payment service providers, IT support service providers, analysis experts such as Arkom, communication platform providers). These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us.
• third parties approved by you e.g. when you request your details to be transferred;
• our professional advisors (e.g. law firms, insurers, auditors, brokers); and
• Government, regulatory and law enforcement bodies where we are required in order:
• to comply with our legal obligations;
• to exercise our legal rights (e.g. pursue or defend a claim); and
• for the prevention, detection and investigation of crime.
• Swim121 may share your personal information to third parties in connection with a reorganisation, restructuring, merger, acquisition, sale or transfer of assets, or in the event there is an operational or management change of the business.
We also impose data protection obligations on contracted third parties to ensure they can only use your data to provide services to Swim121 for the purposes listed above. These third parties cannot pass your details onto any other parties unless instructed to by Swim121.
12. Transferring your personal information globally
The personal information that we collect from you will not be transferred to, and stored at, a destination outside the UK.
13. Security of your personal information
We take precautions including administrative, technical and physical measures to safeguard your personal information against loss, theft and misuse, as well as against unauthorised access, modification, disclosure, alteration and destruction. We protect your personal information using a variety of security measures including:
• password access;
• data back-up;
• placing confidentiality requirements on employees and service providers;
• providing training to our employees to ensure that your personal data in handled correctly;
• destroying or permanently anonymising personal information if it is no longer needed for the purposes it was collected; and
• secure physical storage units for hard copy files with appropriate security restrictions, preventing damage, and unauthorised access to your personal information.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we have in place robust procedures and security features to try to prevent unauthorised access
14. How long do we keep your personal information?
Generally, we will retain your personal data in accordance with any applicable limitation period (as set out in any applicable law), which will usually be six (6) years following the expiry of our business relationship with you.
In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements or to have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings. When no longer necessary to retain your personal information, we will delete or anonymise it.
15. Your legal rights in respect of your personal information
You have legal rights in connection with personal information. Under certain circumstances, by law you have the right to:
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information (commonly known as the "right to be forgotten"). This enables you to ask us to delete or remove personal information in limited circumstances, where: (i) it is no longer needed for the purposes for which it was collected; (ii) you have withdrawn your consent (where the data processing was based on consent); (iii) following a successful right to object (see Object to processing); (iv) it has been processed unlawfully; or (v) to comply with a legal obligation to which the Swim121/or Arkom is subject.
We are not required to comply with your request to erase personal information if the processing of your personal information is necessary for a number of reasons, including: (i) for compliance with a legal obligation; or (ii) for the establishment, exercise or defence of legal claims.
Object to processing of your personal information by us or on our behalf which has our legitimate interests as its legal basis for that processing, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. You can object at any time to your personal information being processed for direct marketing (including profiling).
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, but only where: (i) its accuracy is contested, to allow us to verify its accuracy; (ii) the processing is unlawful, but you do not want it erased; (iii) it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or (iv) you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal information following a request for restriction, where: (i) we have your consent; (ii) to establish, exercise or defend legal claims; or (iii) to protect the rights of another natural or legal person.
Request the transfer of your personal information. You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where: (i) the processing is based on your consent or on the performance of a contract with you; and (ii) the processing is carried out by automated means.
Obtain a copy, or reference to, the personal data safeguards used for transfers outside the European Union. We may redact data transfer agreements to protect commercial terms.
Withdraw consent to processing where the legal basis for processing is solely justified on the grounds of consent (please refer to section 8 for details about withdrawing consent to direct marketing).
Please note, to ensure security of personal information, we may ask you to verify your identity before proceeding with any such request.
We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
If you would like to exercise any of these rights, please submit your requests to: email@example.com or call 01246 208995.
Subject to legal and other permissible considerations, we will make every effort to honour your request promptly to inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
16. Requests about your child’s information
Children have the same rights over their own personal information as an adult. However, as young children may not understand these rights or are not capable of exercising these right, in some cases their parents / guardians may do so on their behalf.
17. Data protection contacts
Data Protection Officer
Alternatively, please email firstname.lastname@example.org.
We ask that you please attempt to resolve any issues with us first by contacting the DPO, however you have a right to lodge a complaint (which in the UK is the Information Commissioner's Office). The supervisory authority will then investigate your complaint accordingly.