DOLPHINS SWIM ACADEMY DATA PROTECTION POLICY (GDPR)
DOLPHINS SWIM ACADEMY is committed to ensuring confidentiality and safe storage of personal or sensitive data for all individuals engaging with an activity concerning the swimming lessons with DOLPHINS SWIM ACADEMY. POLICY AIM AND PURPOSE
This policy has been designed to highlight the types of information which could be considered as personal or sensitive, as well as ensure that the processing (including the concepts of obtaining, recording, retrieval, consultation, holding, disclosing and using) of personal or sensitive data by DOLPHINS SWIM ACADEMY is managed in a safe and confidential manner.
DEFINITION OF DATA
Data refers to information about an individual that may be used or processed by DOLPHINS SWIM ACADEMY for contact details. Data can be identified by two categories.
PERSONAL DATA
Information which relates to an individual who is identifiable from the data or from the data along with additional information, which is already in possession, or likely to come into possession of DOLPHINS SWIM ACADEMY. This includes information about the individual such as facts and opinions which can be held electronically or on paper.
SENSITIVE PERSONAL DATA
Information about an individual relating to racial or ethnic origin, political opinions, religious beliefs, physical or mental health or condition, sexuality, the commission or alleged commission of any offence, criminal proceedings or convictions.
THE SIX PRINCIPLES OF GDPR
The General Data Protection Regulation (GDPR) defines the following SIX principles which must be adhered to in order to comply with the Law and protect the privacy of the data subject.
The General Data Protection Regulation (GDPR) will apply from 25 May 2018, when it supersedes the UK Data Protection Act 1998 (DPA). Significant and wide-reaching in scope, the new law brings a 21st century approach to data protection. It expands the rights of individuals to control how their personal data is collected and processed and places a range of new obligations on organisations to be more accountable for data protection.
DOLPHINS SWIM ACADEMY DATA PROTECTION POLICY (GDPR)
1. Processed lawfully, fairly and transparently.
2. Collected only for specific legitimate purposes.
3. Adequate, relevant and limited to what is necessary.
4. Must be accurate and kept up to date.
5. Stored only as long as is necessary.
6. Ensure appropriate security, integrity and confidentiality
COMPLYING WITH GENERAL DATA PROTECTION REGULATION (GDPR)
DOLPHINS SWIM ACADEMY must ensure that:
- DOLPHINS is registered with Independent Commissioners Office (ICO)
- All members of DOLPHINS staff, and Centre Staff whether permanent or temporary have access to this Policy and understand the SIX principles of the Act.
- All forms or documents which collect personal or sensitive data include a Data Protection statement.
- All records are accurate and up to date, including achievement data uploaded to the data base.
- All records are kept centrally, securely and password protected
- No data is used for the purpose of marketing from third party businesses unless the individual provides written consent.
- Any e-mails which are sent to more than one individual are BCC ‘d (blind copied)
- No personal data is disclosed, written or verbal, to anyone outside of DOLPHINS SWIM ACADEMY unless provided with written acknowledgement from the individual to do so.
- Only nominated members of staff have access to personal data and understand how to comply with the Regulations.
- For the purpose of the achievement data only authorised users will have access to the organisation portal and will have been vetted prior to organisation.
- Achievement data is not used for any other purpose than those permitted in this policy, including for marketing or financial gain.
AT DOLPHINS THIS IS HOW WE PROCESS AND LOOK AFTER YOUR DATA
How do we collect your data?
We collect the information below via email or through the booking form some data is collected verbally eg if no DOB is given and we ask parents on poolside.
Why do we need the data we collect?
Customers details;
Adults name – We need to know the carer for the child. Address – We need to know this for invoicing
Mobile number – We can send out text messages for urgent and important notices
Email address – We use this to communicate with our clients for child’s progress, newsletters, invoicing, promotions and dealing with enquires.
Child’s Students details:
Childs name – We use this to book them into classes
Age of child – We use this so we can teach to their development stage
Ability level – We use this to ensure they are put into the correct level of class
Medical/Learning – We use this to offer the appropriate support
School attended – We use this as a marketing tool to see where our customers come from.
Who accesses your data?
Lesley Ketley and Vicky Hart have full access to all clients for the purpose listed above.
DOLPHINS teachers have access to limited data of only their own class through the register and tick sheets. The purpose of which is to familiarise themselves with swimmers needs and names/ages/ability.
How do we store your data?
We have a central data base which is stored centrally, and no other third party has access to your data and it is not shared with any other businesses.. Your details are stored on Drop Box who take all proportional steps to safeguard your data from unauthorised access. All Drop Box users are protected by multiple, redundant firewalls and intrusion detection and prevention systems that are regularly monitored and tested. 256-bit Secure Sockets Layer (SSL) data encryption is employed to protect all data access across the Internet.
How can you keep your data up to date?
If you need to change any of the details that we have please email us on dolphinsswimacademy@btinternet.com
What happens to my data if I leave DOLPHINS SWIM ACADEMY?
Your data will become inactive. We will continue to send you newsletters and promotion emails unless you ask us to stop sending emails to you. Please email us on dolphinsswimacademy@btinternet.com if you do not want to receive information from us.
How can my data be removed?
We keep the data on Drop Box until notified otherwise or after 5 years. We will email to check annually and in the meantime if you wish to be removed from our data base, please email us on dolphinsswimacademy@btinternet.com
DATA PROTECTION STATEMENT
DOLPHINS SWIM ACADEMY DATA PROTECTION POLICY (GDPR)
Below is an example of a Data Protection Statement, which will be available on documentation produced by DOLPHINS SWIM ACADEMY, which collects personal data.
DOLPHINS SWIM ACADEMY will use your personal data for the purpose of your involvement in the learning at DOLPHINS SWIM ACADEMY and I understand that by submitting my data I am consenting to receive information about the course I have booked by post, e-mail, SMS/MMS, on-line or telephone unless stated otherwise. I will receive bi termly newsletters with the option to unsubscribe. Please refer to our Data protection policy for further information
PRIVACY NOTICES
Under the General Data Protection Regulations 2018, all organisations that process learner data must ensure that the learner is informed of how their information is processed and shared. A privacy notice is a method of informing learners about how their information is collected, what it is used for and who is using the information.
MONITORING AND REVIEW OF THE POLICY
This policy and its procedures will be reviewed periodically in light of changing business priorities and practices to take into account any changes in legislation to ensure that it remains fit for purpose and reflects the requirements as set by GDPR and how the use of data is managed.
The information contained within this Policy will also be reviewed against the requirements set out by the Independent Commissioners Office to ensure that data is compliant with GDPR. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection- regulation-gdpr/
The next annual date for review will be 1 May 2019
Cookies
We use cookies for website statistic analysis. A cookie is a small text file that our web server places on your computer hard drive to be a unique identifier. Cookies enable us to track usage patterns and deliver customised content to our users. Our cookies do not have an expiration date and do not collect personally identifiable information.
You can block cookies by activating the setting on your browser which allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be to access all or parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon you visit our website.
What we may use your information for
The information collected by us will be used for statistical and internal marketing purposes and so as to ensure that content from our website is presented in the most effective manner for your and your computer.
If you provide us with specific information, and at your request, you may receive email announcements, news updates or other specifically requested information.
Disclosure of your information
We may disclose your information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your information in the event that we sell or buy any business assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
Links
From time to time we may offer links to other web sites. Please note, when you click on links to other websites, we encourage you to read their privacy policies. Their standards may differ from ours and we do not accept responsibility or liability for their policies.
Your rights
You have a right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise this right at any time by contacting us.
Access to information
The Act gives you the right to access information held about you. Your right to access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.