GDPR Compliance Information
S4 Swim School does not share your personal data with any other company. We do allow access to S4 Swim Franchising Company as required, as they undertake internal audits on all their franchise companies.
What Data Do We Keep?
The data we hold on you as an individual is as follows:
- Swimmer's Name
- Parent/Carer's Name
- Phone number
- Email address
- Emergency contact number
- Age/date of birth (if under 18)
- Swimming awards achieved by the swimmer
- Information on accident forms (keep for 3 years, or with children keep till they turn 25)
- We will also keep your confirmation of consent for us to keep your data
- Medical conditions if required
Where Do We Keep It?
All digital data is kept within secure encrypted websites and password protected databases
Only Company Directors, Selected Administration Staff and our Website Developers have access to this data. (And S4 Franchise Company, as previously stated)
Data that is no longer needed is removed from all systems.
How Do We Use It?
We will use your phone number to contact you about cancelled sessions, pool information, and for the promotion of any future courses.
We will use your emergency contact number only if you are involved in an emergency and we need to alert someone for you.
We use the swimmer's information for class registers, information on current swimming levels (awards achieved), attendance, medical details if applicable.
The new GDPR insists that we have your implicit consent to keep this information on you (or Parent/Carer's consent for children under 16), for the purpose we have stated and in the manner which it is held. You are advised that every individual has a right to complain to the ICO if they think there is a problem with the way we are handling their data.
If you wish to see what data we hold on you, we are obliged to provide this free of charge, within one month as long as the request is not manifestly unfounded or excessive. If we refuse your request we will tell you why, and you have the right to complain to the supervisory authority (the ICO) and to a judicial remedy.
In the event that you do not wish to consent to us holding your data then we will securely dispose of it immediately (excepting any accident forms, which must be kept for 3 years, or in the case of a child, until they are 25)
We are required to repost to the ICO any data breach where it is likely to result in a risk to the rights and freedoms of individuals (for example, it could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage) not later than 72 hours after we have become aware of the breach. We would also have to directly notify the individuals concerned.