© 2020 All rights reserved
Written by brenda fitzpatrick hennessy
This policy follows our obligations under the General Data Protection Regulation (GDPR) which came into effect on the 25th May 2018.
The GDPR replaces and amends existing regulations and laws and places an enhanced accountability and transparency obligations on organisations such as ours when using your personal data. The GDPR also introduces changes which will give you greater control over your personal data, including the right to object to processing of your data where that processing is being carried out for business.
Please take the time to read this policy. If you are under 16 years of age please review this policy with your parent or guardian and please ensure that you understand it.
The Information we process
To allow us to provide services and to run our business, we collect and process various types of information throughout your relationship with us including basic information such as your name and contact details. We may be required to take information from you in relation to family members and we aim to keep such data to a minimum. The details we take are vital to the progression of bookings and the successful completion of lessons. We do periodic reviews on all customer information held and we aim to keep everything relevant to the service being provided.
Collection of personal information
The types of personal information collected and stored by Edenderry Swimming Pool might include your name, date of birth, e-mail address, postal address, telephone number, mobile number and credit/debit card details (to the extent permitted by the Data Protection Act) “the DPA”.
Edenderry Swimming Pool (or any of its agents) may collect personal information about you in the following ways:
Storage and retention of your information
Data Protection Principles
We shall perform our responsibilities under the Data Protection Acts and GDPR 2018 in accordance with the following eight Data Protection principles:
We shall obtain and process your personal data fairly and in accordance with statutory and other legal obligations.
We shall keep your personal data for purposes that are specific, lawful and clearly stated. Your personal data will only be processed in a manner compatible with these purposes.
Your personal data will be stored for a period of up to 24 months at which point it will be destroyed/purged from our databases or if given permission by you to extend will be held for up to a further 24 months
We shall use and disclose your personal data only in circumstances that are necessary for the purposes for which we collected the data.
We shall take appropriate security measures against unauthorized access to, or alteration, disclosure or destruction of your personal data and against its accidental loss or destruction.
We adopt procedures that ensure high levels of data accuracy, completeness and that your data is up-to-date.
We shall only hold your personal data to the extent that it is adequate, relevant and not excessive.
We adopt procedures to ensure that data subjects can exercise their rights under the Data Protection legislation to access their data.
Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have certain legal rights to control your information and the manner in which we process it, this includes:-
WHERE YOU DO NOT AGREE TO US PROCESSING YOUR INFORMATION, IT MAY NOT BE POSSIBLE FOR US TO CONTINUE TO PROVIDE SERVICES TO YOU.
Fair and Lawful Processing
We must process personal data fairly and lawfully in accordance with individual’s rights under the first principle. This means that we should not process personal data unless the individual whose details we are processing has consented to this happening or we have a legitimate interest to do so.
“Consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
“Legitimate Interests” means the interests of our company in conducting and managing our business to enable us to give you the best service/products and most secure experience. For example, we have an interest in making sure our marketing is relevant for you, so we may
process your information to send you marketing that is tailored to your interests. It can also apply to processing that is in your interests. For example, we may process your information to protect you against fraud. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. Our legitimate business interests do not automatically override your interests. We will not use your Personal Data for activities where our interests are overridden by the impact on you unless we have your consent or are otherwise required or permitted to by law.
Subject Access Request
If you would like to have a copy of the data we hold about you, you can contact us by email at email@example.com. Also if you would like us to amend such details please also issue your request in writing by email. We will issue you with a form that will be required to be completed and posted back to us. This form will enable you to request exactly what information you need/ want. Once we have received your request back the office will begin processing and information will be returned within the timeframe specified under GDPR i.e 30 days.
The way we use your information
It is in our interest as a business to ensure that we provide you with the most appropriate service/ lessons or class bookings and that we continually develop and improve as an organization, this may require us to process your information to understand your preferences and expectations which will help us provide the most appropriate service.
Overall responsibility for ensuring compliance with Data Protection Acts rests with the Chairman.
All employees and contractors of Edenderry Swimming Pool who separately collect, control or process the content and use of personal data are individually responsible for compliance with the Data Protection Acts. The Pool Manager will co-ordinate the provision of support, assistance, advice, and training throughout Edenderry Swimming Pool to ensure that the Pool is in a position to comply with the legislation.
Procedures and Guidelines
Edenderry Swimming Pool is firmly committed to ensuring personal privacy and compliance with the Data Protection Acts, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.
This Data Protection Policy is supplemented (and may be amended) by specific policies and procedures by the Board of Directors of Edenderry Swimming Pool.