Core Aquatics provides individualised and group swimming programmes for children and adults and to offer our service we need to collect essential personal data on those lucky individuals taking lessons, their parents or guardians, our swimming teachers and instructors and our pool partners.
This policy will set out, as plainly as possible, the information we collect, how we use it, why we need it and if the information you give us is shared with any other organisations or people.
Core Aquatics and Core Aquatics Limited is owned by the lovely Nicole Martin but for the purposes of data protection legislation Nicole is the Data Controller, the Controller is just a technical term for the person who is responsible for ensuring that your information is used fairly and is responsible for keeping your information safe. For ease of reference we will refer to the Nicole in her role as the Controller as Core Aquatics, we, us or our.
We are registered with the ICO who is the UK’s data protection regulator, under registration number ZA198120. Our full contact details can be found at the end of this policy.
Why we need your information
We need to collect personal information for 4 main reasons
- On our clients to offer swimming lessons and keep you safe
- On parents and guardians for permission and emergency contacts
- On instructors to help deliver our lessons
- On suppliers and other third-party partners to manage our relationship with them.
Swimmers, Clients and Guardians
Why we need your information
Our mission is to help people swim to the best of their ability and to do this we need to know some essential information about you; we need this information to be able to arrange lessons and keep you safe, for example if you have a medical condition or who should pick you up after the lesson. If you are under 16 we will need permission from your parent or guardian and in that case will also need their details.
What Information we capture
We will always need your name, address, date of birth and contact details which will include your phone numbers and email. If you have any medical conditions which may affect how we help you learn to swim, for example if you have asthma, or any other worries or concerns you might have. You will work really hard to earn your certificates and it is really important that we maintain a record of your lessons, achievements and keep copies of your certificates.
For younger people we also ask for details of a parent and guardian, an emergency contact and their relationship to you. We will keep copies of any important conversations we have whether they are verbal, written or electronic, for example if you send us an email, text or instant message. The safety of our swimmers is our priority and if an accident or incident does occur, we must keep accurate records on that.
Finally, we all want to celebrate when you do well, and we may ask to take a photograph or some video to use on our Facebook or social media pages or in our publicity, but only with your permission of course.
How we obtain and process your Information
The only information we hold will usually come directly from you or your guardian. We will however add to the information you give us by recording details of the awards you have obtained, if there is an accident, any other relevant correspondence or important events.
Information you give us, and specific requests such as to use your photograph, or keep you informed about upcoming swimming lessons is captured with you or your guardian’s permission or consent. We will keep details of correspondence and records of your awards based on our legitimate interest and as part of our contractual commitments to you.
The law also states that we must record details of any accidents and if we are worried about your safety there are certain rules we must follow and we will hold this information to comply with those legal obligations.
Where we store your information
The new starter forms which you complete as well as other manual records about you are stored in a secure locked cabinet. Your emails are managed in the cloud by Microsoft who will hold this information in both the UK and European Union. Emails are also accessed via a company laptop and smartphones, but proportionate security is in place to protect these. Your personal and swimming history data is managed in an industry recognised system called Swimsoft with data held in Germany. notifications of lessons and emails are also broadcast from a cloud server based in Germany.
Electronic documents such as contracts are held on an encrypted laptop. Where you have agreed we also post images on our Facebook page and website or in publicity materials, these may be by a third party company managing social media.
With whom we share your information
We have to share your contact, medical and awards information with your swimming teacher or instructor and we need to give limited information to the pool owner. Your certificates are issued by STA or Swim England and we need to share your name and type of award with them.
In the event of an accident or a concern over your safety we will share details with people who can help like the ambulance service, a doctor or the hospital, the Police or your local Council. If we need to ask for special advice or guidance, we may share your information with a solicitor or other qualified person.
For how long we keep your information
Normally we keep you and your guardian’s contact details and your medical details for three years after your last lesson with us. We will keep records of your certificates for three years and details of correspondence will be kept for three years after your last lesson with us.
If there are any unfortunate accidents, injuries or safeguarding issues the law says we must keep that information for longer, how long that will be will depend on the exact nature of the information and the legislation covering this.
Remember you can ask us to delete your information sooner, please see the ‘Your Rights’ section below on how to do this.
Accessing personal information
With certain exceptions, any individual over the age of 13 can request information on themselves, as can a their parent or legal guardian, however if a person other than the individual about whom the information refers ask us for a copy, it may not be appropriate to supply all of the information we hold on their child especially where that is given to us in confidence. Emergency contacts are only entitled to see what information we hold on them and apart from the name of the child for whom they are the contact, no other details on the child or parent will be provided.
You are entitled to see the information held about you and if this is inaccurate you may ask us to make any necessary changes. If you wish to do this, please talk or write to us using the contact details below.
Instructors
Why we need your information
If you are a swimming teacher or instructor, we need to ensure that you are qualified for the role, that appropriate criminal records and background checks are completed prior to engagement, and on an ongoing basis, and to manage our relationship with you.
What Information we capture
We will always need your name, address, date of birth, contact details which will include phone numbers and email, company details and bank details in order to settle invoices. We will also require evidence of your qualifications, courses attended and certifications, professional insurance, and we will maintain a record of any agreements, contracts or correspondence relating to our business relationship; this may include business references, correspondence about you from clients or other third parties.
We may invite you to provide details of your health and any other sensitive information which you feel we need to know in order to keep both you and our clients safe, as well as details of an emergency contact and their relationship to you.
We may also ask to take your photograph to assist in the safeguarding of our vulnerable clients, and with your permission may use your photo or video on our website, in our social media or in publicity materials.
How we obtain and process your Information
The majority of information we hold about you will usually come directly from you, although additional information may be held on file as a result of background checks or third-party references. Some information relating to our business dealings, such as performance reviews, timesheets, invoicing, accident reporting etc, will be generated from both you and third parties depending on the circumstances.
The majority of personal data which you share with us will be processed under our legitimate interests and to fulfil our contractual obligations to you. Any information relating to safeguarding, invoicing, tax reporting will be processed according to our legal obligations. The only data which will be processed with your explicit consent is that relating to your medical conditions, publicity and direct marketing activities. That said, any accidents at work are covered by health and safety legislation and your permission or consent to collect relevant medical information relating to these incidents will not be required as the law says we much collect and where necessary share this information.
Where we store your information
The majority of correspondence and communications between us will be held in our Microsoft Office 365 sever based in the UK and European Union, emails are accessed by laptops and smartphones, but proportionate security is in place to protect these. All paper forms which you provide are stored in a secure locked cabinet at our registered address with all electronic files being held locally in a secure encrypted laptop.
Limited personal data is managed within the Swimsoft cloud platform and where you have agreed we also post images on social media, on our website and in publicity materials.
With whom we share your information
Limited, proportionate and appropriate information is shared about you within the organisation to allow us to manage our relationship, with our clients and with pool owners.
Your personal data will be shared with a third-party company to perform criminal records and background checks, with previous employers or companies for reference purposes, and your information may be shared with certification and awarding bodies to verify your qualifications.
Very limited details are also held in the Swimsoft platform to allow you to manage lessons and coordinate with clients.
In the event that legal, professional or financial advice is required, information may be shared with a lawyer or other industry professional for guidance and advice. If a serious incident should occur your information may be shared with a public body such as the ambulance service, the police, local authority, health and safety executive but more generally with the HMRC.
For how long we keep your information
We will keep your information for as long as our business relationship is in force plus a further seven years after our relationship ends. Within that time, some non-essential personal information will be deleted.
Any documentation relating to accidents, injuries or safeguarding issues will be retained for any extended period as required by law.
You can ask us to delete your non-essential information at any time – see the ‘Your Rights’ section below.
Partners and suppliers
Why we need your information
In order to offer our service, we require the assistance of organisations and private individuals who have swimming pool facilities and more generally we manage business relationships with corporate, professional and third sector organisations in order to offer our commercial and not for profit services.
The majority of information held on partners and suppliers relates purely to the services they offer and with the exception of contact names and some home addresses very little personal data is held on our partners.
What Information we capture
We maintain full organisational details about partners, suppliers and companies with whom we work, their legal status, address and type of business including a specific contact’s name, job title, phone numbers and email.
Contractual documentation and financial information are captured but no biographical information about any individuals working for those organisations is captured.
Where correspondence is entered into relating to the business relationship which may mention an employee, teacher or instructor or a representative of the partner organisation, we shall capture the minimum amount of personal information possible in order to process the enquiry appropriately.
How we obtain and process your Information
The majority of information we hold about specific individuals within partner organisations will usually come directly from the organisation concerned. Although we may identify some contacts through other medium such as local authority directories, publications, public domain sources such as LinkedIn, social media and newspapers. As we never capture sensitive or special category data on our commercial partners, we rely on our legitimate interests, contractual and/or legal obligations to process this information.
For tax purposes or in the event of a formal official investigation we shall process and share personal data according to our legal obligations.
Where we store your information
Contracts and all paper correspondence between you and us is stored in a secure locked cabinet at our registered address with all electronic files being held locally in a secure encrypted laptop with the majority of correspondence and communications between held in our Microsoft Office 365 Sever based in the UK and European Union, emails are also accessed by laptops and smartphones but proportionate security is in place to protect these.
With whom we share your information
The majority of data sharing regarding our suppliers and partners is made anonymously, i.e. at organisation level and without identifying any specific individuals or contacts. Limited, proportionate and appropriate information is shared within the organisation to facilitate our business relationship, and where it is necessary to provide the service, we shall supply partner contact information to our swimming teachers, instructors and clients.
Your information may be shared with a legal or professional third-party, for example for legal advice, or in the case of overdue invoices, with a debt collection agency, but more generally with insurance and certification companies or the HMRC.
For how long we keep your information
We will keep any information relating to financial, tax or legal purposes for seven years. General correspondence will be kept for as long as our business relationship is in force plus three years after our relationship ends. Within that time, any non-essential personal information will be deleted.
Any documentation relating to accidents, injuries or safeguarding issues will be retained for an extended period as required and specified by law or our legal advisors.
You can ask us to delete your non-essential information at any time – see the ‘Your Rights’ section below.
General
To comply with our legal and fiduciary duties we will maintain additional essential records, for example tax and insurance records, according to any legislation in force at that time.
We may from time to time conduct surveys to obtain your views and opinions of the service to help us improve the service we offer to you.
From time to time we may change this privacy policy but we will only inform you of the change if it affects in a fundamental way why or how we are using your personal information. If at some point in the future Core Aquatics is acquired by or sold to another company, then we will write to you advising you of that change.
Marketing, Consents & Permissions
We do not perform any unsolicited marketing. The only notifications we send out relates to course dates and you can opt-out of receiving these notifications at any time by clicking on the unsubscribe link at the bottom of each email, or emailing your request to hello@coreaquatics.co.uk or nicole@coreaquatics.co.uk.
Security
All manual documents, forms and files are retained in a locked filing cabinet at our registered office, and when collected at the pool location, or are in transit, are appropriately supervised, secured and managed. Electronic files are held in on a secure encrypted laptop with industry recognised anti-virus software and firewall, appropriate backups are taken to protect personal information and removable storage devices are encrypted. All emails are held in the Office 365 environment in the UK and EU and local devices access emails via secure connections
Both Core Aquatics and our processors have appropriate and proportionate security to protect your personal data whilst in our, and their care.
CCTV
For your safety and security CCTV is in operation at some of the pools where lessons are offered. Core Aquatics are not responsible for the placement or maintenance of these cameras and have no control over their use. If you have any questions over their use or wish to obtain copies of any footage you will need to contact the pool owner directly although of course we will also be happy to assist you with any concerns you may have.
Signage should be visible to show that cameras are in use.