Data Privacy Notice - DRAFT
Out to Swim
In May 2018, the regulations surrounding how companies and organisations can hold your personal data changed. This Notice tells you how we handle your Personal Data and the rights you have, when we hold it. This Notice is intended to comply with the provisions of the General Data Protection Regulation EU 2016/679 (GDPR) which governs how Personal Data is processed within the European Economic Area (EEA).
We are always happy to explain anything which this Notice does not make clear to you.
Who are we?
We are Out to Swim (OTS), an LGBT+ Masters Aquatics Club
Note: For the sake of clarity OTS also includes Out to Swim South, Out to Swim Orcas, Out to Swim Angels and members of Positive Stokes and TAGS who have signed up on OTS’s membership system.
You will find our contact details at the end of this Notice.
We are the “data controller” for the purposes of GDPR. This means that we decide how your Personal Data is processed and for what purposes.
Your personal data – what is it?
Personal Data is data that relates to a living individual who can be identified from that data. An example of personal data in the context of Out to Swim could be your name, address or health information (where provided). We might be able to identify you from the data itself or by linking that data to other information we have access to. GDPR tells us how we must process your Personal Data.
How do we process your Personal Data?
We comply with our obligations under GDPR in the following ways:
- by keeping Personal Data up to date;
- by storing and destroying it securely;
- by not collecting or retaining unnecessary or excessive amounts of data;
- by protecting Personal Data from loss, misuse, unauthorised access and disclosure; and
- by ensuring that appropriate technical measures are in place to protect Personal Data.
We use your Personal Data for the following purposes:
- To manage your membership information and process payments for the organisation we run.
- To inform you of news, events, activities or services which we think you might like to hear about.
- To share your contact details with officials and other authorised people and companies for the purpose of delivering the service we provide.
What is the legal basis for processing your personal data?
Under the GDPR there are a number of permitted legal reasons that we can use (or ‘process’) your Personal Data. One of the legal reasons is called ‘legitimate interests’. Broadly speaking this means that we can process your personal information as long as it is solely for the successful operation of OTS. Before doing this, we will consider and balance any potential impact on you and your rights.
Security of Data
Within OTS, your Personal Data is stored on a membership system called PaySubsOnline. This System can only be accessed by a limited number of individuals who have been elected by members to carry out specific roles within the club, e.g. the Treasurer and Secretary. Coaches also have limited access to your health data as they are responsible for your well-being on poolside. These individuals have signed a declaration that they will treat any Personal Data they see with confidentiality.
Sharing your personal data
Your Personal Data will be treated as strictly confidential. Personal Data will be shared only with organisations whose services are required in order to help us provide the services we offer our members. We use other companies to help us process your Personal Data so that we can offer you the best possible service. At Out to Swim the two main third parties we share your data with is Swim England and PaySubsOnline (OTS’s membership system providers).
We will only share your Personal Data with other third parties with your consent. These third parties, in turn, may rely on data processors to provide services that help them help us.
Some third parties we use may operate outside the EEA. In these cases, we will make sure that we have robust contracts in place with those third parties and that adequate safeguards exist to protect and secure your Personal Data.
When you give your consent to our holding of your Personal data you agree to us sharing your Personal Data (including special categories of Personal Data – where we have your explicit consent) with third party processors and sub-processors located both inside and outside the EEA.
How long do we keep your Personal Data?
We keep your Personal Data for as long as you are a member of our organisation. After you leave, we will keep your information for no longer than we reasonably need. Usually, this will be for a period of a year for membership information and six years for financial information. This is so that we can support any legal/insurance claims or complaints.
Your rights and your Personal Data.
Unless we have an exemption under GDPR, you have the following rights with respect to your Personal Data: -
- The right to request a copy of the Personal Data which we hold about you, without any charge.
- The right to request that we correct any Personal Data found to be inaccurate or out of date.
- The right to request that your Personal Data is erased where it is no longer necessary for us to keep it.
- The right to withdraw your consent to the processing we carry out at any time.
- The right to request that we provide you with your Personal Data
- The right, where there is a dispute in relation to the accuracy or processing of your Personal Data, to ask us to restrict further processing.
- The right to object to the processing of Personal Data.
- The right to lodge a complaint with the Information Commissioners Office and to seek legal recourse.
If we wish to use your Personal Data for a new purpose, not covered by this Notice, then we will provide you with a new notice explaining this new use. We will do this before we start processing for the new use. We will set out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
If you have a problem, complaint or, if there is something you don’t understand, please contact us first using the following email:
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.