Great Waves Swimming Academy is fully complaint with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).
If at any point you are unhappy with the information provided in this policy, we detail how you can remove your information.
We take the protection of your privacy and confidentiality seriously. We have procedures in place to preserve the confidentiality of information you provide to us.
Our policy complies with UK law, including that required by the EU General Data Protection Regulation (GDPR).
The law requires us to tell you about your rights and our obligations to the processing of your personal data. You can see further information your rights at www.ico.org.uk.
Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.
1. Our Commitment to Protecting your Data
- We will ensure that your personal information is always handled in a manner that is GDPR compliant.
- We will never sell, rent or otherwise distribute or make public your personal information
- We will only collect necessary data.
- We will monitor and safely secure your data.
- We will take appropriate action in the discovery of a breach of your data.
2. National and International Legislation
Our website, internal business systems and our handling of your personal information is designed to comply with the following national and international privacy and data legislation.
- UK Data Protection Act 1988 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
Further details on compliance with the above legislations can be sort from the designated data protection office, with details provided in Section 8.
3. What personal Information is collected by this website
The law requires us to determine the reasons we process your personal information and the basis for needing to process this data. Any information that is not required will not be processed and will be erased after 12 months.
Information we process because we have a service obligation with you
When you contact us through our website, buy a product or service from us, or otherwise agree to our terms and conditions, use of our services begins. In order to carry out our obligations, we must process the information you give us. Some of this information may be personal information. We may use it in order to:
- verify your identity
- sell products to you
- provide you with our services
- provide you with suggestions and advice on products, services and how to obtain the most from Great Waves Swimming Academy
We process your information on the basis that there is an agreed service you have chosen or you have requested we use your information to provide you with information on our services.
Additionally, we may use this information to keep you updated on service you are receiving with Great Waves Swimming Academy. This may come in the form of updates in relation to the service you are accessing.
We shall continue to process this information until the services end or are terminated by either party.
Information we process with your consent
There will be times when services have not yet been acquired, such as when you browse our website or ask us to provide you more information about our business, including our products and services. You will be required to provide your consent for us to process information that may be personal in nature.
Wherever possible, we aim to obtain your explicit consent to process this information, for example, by asking you to tick a box on our contact form indicating your consent. Sometimes you might give your consent implicitly, such as when you send us a message by e-mail to which you would reasonably expect us to reply.
We will only use the personal information for the purpose it has been supplied, for example, to provide information on swimming lesson. We continue to process your information on this basis until you withdraw your consent or it can be reasonably assumed that your consent no longer exists, which is 12 months after terminating our services.
You may withdraw your consent at any time by instructing us firstname.lastname@example.org .
Information we process because we have a legal obligation
If required by law, we may be required to process your personal information in order to apply with statutory obligations. This may be seen in the event that the local authority has been granted the proper authority such as a court order or warrant. In this case information may be of a personal nature.
4. The uses of personal information on our website
Site visitation tracking
Our website uses Google Analytics and other cookies to track user interaction.
We use this information to see the number of people accessing our website, how they journey around the website in order to provide a continually improved service.
Although Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. Google Analytics also records your computer’s IP address, which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see section 7 below).
Contact forms and email links
Should you choose to contact us using the contact form on our Contact us page or an email link, none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors defined in section 7.
Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.
Contacting our Team
When you contact us, whether by telephone, through our website or by e-mail, we collect the data you have given to us in order to reply with the information you need. We record your request and our reply in order to increase the efficiency of our business. We keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you to provide a quality service.
When we receive a complaint, we record all the information you have given to us. We use that information to resolve your complaint.
5. How we store your personal information
Any data that is provided to Great Waves Swimming Academy is stored online. Any paper files provided are transferred into an online file.
This website is hosted by TeleData UK Ltd within a UK data centre located in Congleton, England.
Teledata UK Ltd are one of the most reputable data centre providers in the UK, operating a Tier 3+, ISO27001:2013 certified data centre, offering the highest levels of technical resilience and physical security available.
Some of the data centre’s more notable security features are as follows:
- 3m rota-spike security fence and perimeter anti-ram barriers
- Blast proof anti-intruder shielded external windows and doors
- Proximity access locks on all external and internal doors
- Interlocked man-trap doors with biometric iris scanners to gain access into data floors
- Server cabinets have locked doors (no open racks)
- Perimeter and internal IP CCTV system monitored 24×7
- 24×7 on-site security guards with static and mobile patrols
- All on-site personnel are security vetted to BS7858 standard
- Only authorised security cleared staff are allowed into the facility
All server details are stored on TeleData UK Ltd’s internal management system that is only accessible from their data centre location. This data is stored in an encrypted format and accessed via a front-end which has two-factor authentication in place on a per-user basis.
All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.
7. Third Party Processors
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen. Some of these third parties are based in the USA and are EU-U.S Privacy Shield compliant.
- Facebook (via Facebook Pixels)
Please note, your data will not be automatically shared with all of the above third parties and will only be processed where necessary.
8. How to request your personal data
Access to your personal information
You are able to request or review the personally identifiable information we hold you at any time. You are able to request a copy by contacting email@example.com. Requests for data will be processed within 20 working days, in accordance with the GDPR.
Removal of your information
If you wish us to remove personally identifiable information, you may contact us at firstname.lastname@example.org. This may limit the service we can provide to you.
How you can make a complaint
If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner’s Office. This can be done at https://ico.org.uk/concerns/.
We will report any unlawful data breach of our website’s database or the database(s) of any of our third party data processors. This will be reported to any and all relevant persons / authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
10 Registration with the Information Comissioners Office(ICO)