Privacy Policy

SwimReady Swim School – Privacy Policy

Last updated: [insert date]

SwimReady Swim School (“SwimReady”, “we”, “us”, “our”) is committed to protecting your privacy and handling your personal data in a fair, transparent and lawful way.

This Privacy Policy explains how we collect, use and protect personal data when you:

  • visit our website
  • contact us by email, phone, SMS or social media
  • book or attend swimming lessons with us
  • use our online booking and payment platform

We comply with all applicable data protection laws, including:

  • the UK General Data Protection Regulation (UK GDPR)
  • the Data Protection Act 2018
  • the Privacy and Electronic Communications Regulations (PECR)
  • and, where applicable, the EU General Data Protection Regulation (EU GDPR)

If you have any questions about this Privacy Policy or how we use your personal data, please contact us using the details below.


1. Who we are and how to contact us

Controller:

SwimReady Swim School is the “data controller” of the personal data we collect and process.

Contact details:

  • Email: info@swimready.co.uk
  • Phone: 07850 674111
  • Postal address: SwimReady Swim School, c/o Hilton Cardiff Hotel, Kingsway, Cardiff, CF10 3HH, United Kingdom

If you have any questions, concerns or requests about your personal data, please contact us at info@swimready.co.ukin the first instance.


2. What personal data we collect

We collect and process different types of personal data depending on how you interact with us.

2.1 Data about swimmers and parents/guardians

When you enquire about, book or attend lessons, we may collect:

  • Identity and contact details
  • Name of swimmer (adult or child)
  • Parent/guardian name (for children)
  • Email address
  • Telephone number(s)
  • Postal address (optional, e.g. for invoices or correspondence)
  • Booking and lesson information
  • Lesson type (1:1, 2:1, group)
  • Day/time, level and progress notes
  • Attendance records
  • Communication history regarding lessons
  • Health and medical information (special category data)
  • Information you provide about medical conditions, disabilities, allergies, injuries, learning or behavioural needs relevant to swimming
  • Any emergency contact details you provide

We only collect health information where it is necessary to keep swimmers safe and to tailor our teaching to individual needs.

2.2 Payment and transaction data

We use Soakly (and/or other secure payment providers) to process bookings and payments. The data involved may include:

  • Date and time of payment
  • Amount paid and what it relates to
  • Last 4 digits of card or account (depending on provider)
  • Payment status and records

We do not store or have direct access to your full payment card details; these are handled securely by our chosen payment provider(s).

2.3 Website and digital communication data

When you visit our website or interact with us online, we may collect:

  • IP address and general location (country/region)
  • Device and browser type
  • Pages visited and time spent on our site
  • Cookies and similar technologies (see Section 8 below)
  • Email/SMS engagement data (e.g. whether you opened a newsletter)

2.4 Marketing and communication preferences

We keep a record of:

  • Whether you have consented to receive our newsletters, offers or updates
  • Your communication preferences (e.g. email only, no marketing etc.)

3. How we collect your personal data

We may collect personal data:

  • Directly from you, for example when you:
  • Complete a booking form or register on our booking platform
  • Contact us by email, phone, SMS, social media or in person
  • Provide medical or emergency information for a swimmer
  • Sign up to our newsletter or marketing list
  • Automatically, for example when you:
  • Visit our website (through cookies, logs and analytics tools)
  • Open our emails or click links in them
  • From third parties, for example:
  • Payment providers (e.g. Soakly) who share limited information necessary to confirm your payment and manage your booking
  • Referrals from other clients, schools or organisations (typically only your contact details and child’s name)

4. Legal bases for processing your data

We process your personal data only when we have a lawful basis to do so under data protection law. The main legal bases we rely on are:

  1. Contract – processing is necessary to enter into or perform a contract with you.
  • Example: taking bookings, delivering lessons, managing your account and payments.
  1. Legitimate interests – processing is necessary for our legitimate interests (or those of a third party) and these are not overridden by your rights.
  • Example: managing our business, scheduling lessons, improving our services, keeping basic records, minimising no-shows.
  1. Legal obligation – processing is necessary to comply with a legal obligation.
  • Example: accounting, tax and insurance requirements.
  1. Consent – you have given clear consent for us to process your data for a specific purpose.
  • Example: sending you marketing emails or using photos of you/your child in promotional materials (where applicable).

You have the right to withdraw your consent at any time (see Section 9).

For special category data (such as health information), we process it under:

  • Article 9(2)(h) UK GDPR – necessary for the purposes of preventive or occupational medicine, medical diagnosis, or the provision of health or social care, and
  • Article 9(2)(a) – your explicit consent, where we ask for it (e.g. additional sensitive details you choose to share).

5. How we use your personal data

We use personal data for the following purposes:

5.1 To provide and manage swimming lessons

  • To process enquiries and bookings
  • To allocate swimmers to suitable classes and instructors
  • To tailor teaching to age, ability and health needs
  • To communicate lesson times, cancellations and changes
  • To track progress and attendance

Lawful basis: Contract; legitimate interests; for health data, Article 9(2)(h).

5.2 To manage payments and accounts

  • To issue invoices and confirmations
  • To record payments and handle refunds or credits
  • To manage outstanding balances and keep basic financial records

Lawful basis: Contract; legal obligation; legitimate interests.

5.3 For safety, safeguarding and incident management

  • To ensure we are aware of any medical conditions, disabilities or additional needs that may affect safety in the pool
  • To keep records of incidents, accidents or safeguarding concerns
  • To contact you or emergency services if needed

Lawful basis: Legitimate interests; vital interests; legal obligation; for health data, Article 9(2)(h).

5.4 To communicate with you

  • To send essential service messages about lessons (e.g. reminders, cancellations, schedule changes)
  • To respond to queries, complaints and feedback

Lawful basis: Contract; legitimate interests.

5.5 Marketing and newsletters

  • To send occasional updates about new classes, timetable changes, holiday courses, offers or general SwimReady news
  • To run promotions or referral schemes

We will only send marketing communications when we have:

  • your consent, or
  • soft opt-in right under PECR (e.g. you’re an existing client and we’re telling you about similar services).

You can opt out of marketing at any time (see Section 9.5).

Lawful basis: Consent; legitimate interests (for limited existing-customer marketing allowed by PECR).

5.6 Website management and analytics

  • To keep our website secure, functional and user-friendly
  • To understand how visitors use the website so we can improve it
  • To detect and prevent misuse or attacks

Lawful basis: Legitimate interests.


6. Who we share your data with

We only share personal data when it is necessary and lawful to do so. Typical recipients include:

  • Booking and payment providers (e.g. Soakly or similar)
  • To manage bookings, schedules and payments securely.
  • IT service providers and website hosts
  • To operate and maintain our website, email and digital systems.
  • Professional advisors (e.g. accountant, insurers, legal advisers)
  • To meet our legal and accounting obligations and manage risks.
  • Public authorities
  • If required by law or to protect vital interests (e.g. emergency services, regulatory bodies, courts).
  • Instructors and staff
  • Who need limited information (e.g. swimmer’s name, age, medical notes) to deliver lessons safely and effectively.

We do not sell your personal data to third parties.

Whenever we share data with third-party service providers, we require them to:

  • use it only for the purposes we specify,
  • keep it secure, and
  • comply with applicable data protection laws.

7. International transfers

Our core operations are based in the UK. Some of our third-party service providers (such as email, website hosting or booking platforms) may store or process data outside the UK and the European Economic Area (EEA).

Where this happens, we ensure that appropriate safeguards are in place, for example:

  • an adequacy decision by the UK or EU; or
  • standard contractual clauses approved by the UK or EU; and
  • additional technical and organisational security measures.

You can contact us if you would like more information about international transfers and safeguards.


8. Cookies and website tracking

Our website may use cookies and similar technologies to:

  • make the site work properly
  • remember your preferences
  • understand how visitors use the site
  • improve performance and content

Cookies are small text files placed on your device. Some cookies are strictly necessary for the website to function; others (such as analytics or marketing cookies) are optional.

Where required by law, we will:

  • display a cookie banner when you first visit our site, and
  • ask for your consent before placing non-essential cookies.

You can manage or delete cookies in your browser settings at any time, though this may affect how the website functions.

If we use analytics tools (e.g. Google Analytics), we will seek to:

  • anonymise IP addresses where possible
  • avoid collecting more data than necessary
  • use the data only to understand website performance and usage.

9. Your data protection rights

Under UK and EU data protection law, you have various rights in relation to your personal data. These include:

9.1 Right of access

You have the right to request a copy of the personal data we hold about you, and information about how we process it.

9.2 Right to rectification

You can ask us to correct or update any inaccurate or incomplete personal data we hold about you.

9.3 Right to erasure (“right to be forgotten”)

In certain circumstances, you can ask us to delete your personal data. For example, when it is no longer needed for the purpose it was collected, or if you withdraw consent (where consent was the lawful basis).

9.4 Right to restrict processing

You can ask us to restrict the processing of your data in certain situations, for example while we are verifying its accuracy or dealing with an objection.

9.5 Right to object

You may object to our processing of your personal data where we rely on legitimate interests (including for direct marketing).

  • If you object to direct marketing, we will stop sending you marketing messages.

9.6 Right to data portability

Where the processing is based on consent or contract and is carried out by automated means, you may request that we provide your data in a structured, commonly-used, machine-readable format, or transfer it to another controller, where technically feasible.

9.7 Rights in relation to automated decision-making

We do not use your personal data for automated decision-making that produces legal or similarly significant effects.


10. How to exercise your rights

To exercise any of your rights, please contact us at:

  • Email: info@swimready.co.uk
  • Phone: 07850 674111
  • Postal: SwimReady Swim School, c/o Hilton Cardiff Hotel, Kingsway, Cardiff, CF10 3HH

We may need to ask for proof of identity to ensure we are dealing with the correct person, especially where a request concerns children’s data.

We aim to respond to all valid requests within one month, as required by law. In some cases (for example, complex or numerous requests), we may need more time, but we will inform you if this is the case.


11. How long we keep your data

We keep personal data only for as long as reasonably necessary for the purposes set out in this Policy, and to satisfy any legal, accounting or reporting requirements.

In general:

  • For active clients, we keep your data while you or your child are enrolled in lessons.
  • After you stop lessons, we may retain basic contact and booking information for a period (for example, up to 6 years) to:
  • comply with tax, accounting and insurance obligations, and
  • manage any queries or claims that may arise.

Health information and other sensitive data will be retained only as long as necessary for safety, legal or insurance-related purposes, and then securely deleted or anonymised.

We review our data retention practices periodically and securely delete or anonymise data that is no longer required.


12. Security of your personal data

We take the security of your personal data seriously and use appropriate technical and organisational measures to protect it, including:

  • Secure systems and password protection
  • Restricted access to personal data on a need-to-know basis
  • Use of reputable, secure third-party platforms for booking, payment and email
  • Staff awareness and basic data protection training

However, no system can be completely secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority where required by law.


13. Children’s data

We provide swimming lessons to children and process children’s personal data on a regular basis. We take particular care to protect children’s privacy.

  • We collect personal data about children through their parent or legal guardian, who acts as the main contact and contractual party.
  • We will only use children’s data as necessary to deliver lessons safely and effectively.
  • Any use of children’s images for promotional purposes will only occur with explicit, written consent from a parent or guardian, and you are free to refuse or withdraw that consent at any time.

14. Marketing communications

We may occasionally send you information about:

  • new classes or time slots
  • holiday courses or intensives
  • special offers, news or events related to SwimReady

We will only send marketing communications in line with:

  • your consent; or
  • the soft opt-in rules under PECR for existing customers.

You can opt out of marketing at any time by:

  • clicking “unsubscribe” in our emails, or
  • contacting us at info@swimready.co.uk.

Service messages relating to your lessons (e.g. cancellations, changes) are not considered marketing and will still be sent where necessary.


15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our practices or the services we offer.

When we make significant changes:

  • we will update the “Last updated” date at the top of this page, and
  • where appropriate, we will notify active clients by email or another suitable method.

We encourage you to review this Policy periodically to stay informed about how we protect your data.


16. Complaints and your right to contact the ICO

If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve your concern.

If you are not satisfied with our response, you have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

ICO contact details (UK):

  • Website: https://ico.org.uk
  • Phone: 0303 123 1113
  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

If you are located in the EU, you may also have the right to complain to your local data protection authority.