Our privacy policy is intended to ensure that personal information is dealt with correctly, securely, with consent, and in accordance with the General Data Protection Regulation (GDPR), that goes hand in hand with the existing data protection regimes in place throughout the European Union (EU), including the UK. It introduces a number of new obligations and requirements on controllers and processors.

Lsst Ltd collects and uses personal information about staff, pupils, parents or carers and other individuals who come into contact with our swim school. This information is gathered in order to perform the swim school’s contract with our members and regular swimming clients and for the purposes of our legitimate interests in operating our swim school.
This will apply to all data regardless of the way it is collected, used, recorded, stored and destroyed, and irrespective of whether it is held in paper files or electronically. All staff involved with the collection, processing and disclosure of personal data are aware of their duties and responsibilities and adhere to these guidelines.

Schools have a duty to be registered, as Data Controllers, with the Information Commissioner’s Office (ICO) detailing the information held and its use. We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. For the purposes of the GDPR, we will be the “controller” of all personal data we hold about you.

Being GDPR compliant establishes enforceable principles that we adhere to at all times:

1) Personal data shall be processed fairly and lawfully;
2) Personal data shall be obtained with consent only, for one or more specified and lawful purposes;
3) Personal data shall be adequate, relevant and not excessive;
4) Personal data shall be accurate and where necessary, kept up to date;
5) Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose or those purposes;
6) Personal data shall be processed in accordance with the rights of data;
7) Personal data shall be kept secure i.e. protected by an appropriate degree of security;
8) We store your information in digital format on secure cloud servers and systems hosted both inside and outside the European Union (EU). Where your data is being transferred outside the EU we are using adequate safeguards by using EU model clauses other technical and organisational controls with our service providers.

Your rights under the GDPR:

(a) to access your personal data
(b) to be provided with information about how your personal data is processed
(c) to have your personal data corrected
(d) to have your personal data erased in certain circumstances
(e) to object to or restrict how your personal data is processed

Our swim school is committed to maintaining the above principles at all times:

• Inform individuals why the information is being collected when it is collected
• Inform individuals when their information is shared, and why and with whom it was shared
• Check the quality and the accuracy of the information it holds
• Ensure that information is not retained for longer than is necessary
• Ensure that when obsolete information is destroyed that it is done so appropriately and securely
• Ensure that clear and robust safeguards are in place to protect personal information from loss, theft and unauthorised disclosure, irrespective of the format in which it is recorded
• Set out procedures to ensure compliance with the duty to respond to requests for access to personal information, known as Subject Access Requests

Please note our database EZ Facility is also fully compliant with GDPR and you can find this private policy here.

Further advice and information is available from the Information Commissioner’s Office.