GDPR Statement, Policy and T&C
- DSA Ltd – About Us
Diamond Swim Academy (DSA) is a Swim School that is registered with Companies House, Federation of Small Businesses, Swim England and Institute of Swimming (IoS) Training. DSA is a provider of Learn To Swim lessons and aquatic services. DSA works in partnership with a number of organisations to provide lessons for adults and children. DSA employs a number of contracted staff to deliver the services.
Data Protection leads for DSA are Sarah Ruckwood and Sophie Grosvenor who are Directors of DSA.
- DSA Ltd – GDPR Statement
In May 2018, the EU General Data Protection Regulation (GDPR) replaces the existing 1995 EU Data Protection Directive (European Directive 95/46/EC).
DSA currently complies with applicable data protection regulations and is committed to GDPR compliance across its relevant services when the GDPR takes effect May 25, 2018. DSA are dedicated to ensure we are compliant in all areas.
DSA has reviewed all areas of work relating to GDPR and have updated policies, standards, documents, governance and undergone training with staff, ensuring all staff are aware of GDPR and what they are required to do.
At DSA, we’re working hard to serve customers a little better every day. Looking after the personal data you share with us is a hugely important part of this. We want you to be confident that you know your data is safe.
DSA work with a third-party company called CoursePro (Cap2). CoursePro have updated their system to ensure they comply with GDPR regulations. Customers will have to opt in to marketing – DSA have sent out an email to all customers asking them to reply, stating preferences. DSA have updated their enrolment form to include opt in marketing preferences. DSA will also send service emails to all registered customers of DSA, this is separate to marketing emails, and will contain information on actual lessons such as cancellations.
All personal data outside CoursePro will be destroyed and not kept as hard copies or electronic copies.
Compliance with the GDPR requires a partnership between DSA and our partners and customers in their use of applicable DSA services. In this context, DSA generally will act as a data processor and our partners and customers generally will act as data controllers. DSA encourages partners and customers to independently familiarize themselves with the GDPR.
This policy has been written to ensure clear guidance is given around personal data and how DSA uses this.
Data Collection and Storage – Purposes
DSA will hold the details of customers that is provided by customers within our secure third party system ‘CoursePro’. This will also include class history and progress notes of each swimmer. More details on the system can be seen at the end of this document. ‘CoursePro’ will hold information it holds or obtains from or about you and will use this for the following purposes:
- For maintaining up to date records
- To create an individual profile for you so that we can understand and respect your preferences
- For service contact methods such as such as emails / SMS / post
- emails / SMS will be sent from ‘CoursePro’
- to send you a welcome pack when you join up to DSA
- to respond to any enquiries, you make
- to administer any events in which you participate or may wish to participate and to deal with any incidents involving you
- to administer contact with you about closures of pools and cancelled lessons
Opt in options
- For marketing – this is an opt in option – emails sent from DSA Team
- to contact you about new lessons, events, offers and opportunities available from DSA by post, email, online or phone (where you have indicated you are happy to hear about these)
Customer Photos and Video – Usage
DSA may record the lessons and events in which you / your child participate in and general images of swimmers will form part of the information we hold and use. In addition to the purposes for general information set out above, DSA may use these recordings and images for the purposes of education and training, swimmer analysis, promotion, performance, development and event analysis. Please ensure, if you do not want your child’s picture taken or filmed, you have ticked the DO NOT CONSENT TO photography on your enrolment form or via the email that from sent from the DSA team on 09.05.2018. Should DSA wish to publish a picture or video of you or your child we will contact you prior to this to ensure you are happy for this to happen. An email will be required from yourself again (or form completed for this project) at each time, to confirm you are happy. We anticipate this such areas, to be news stories on the website.
Customer Data – Medical Conditions
Customers have provided this information via the enrolment form or to DSA directly. This information is stored on our secure system ‘CoursePro’ and teachers will access this electronically for registers at each lesson. We hold these details to ensure the swimmer is safe during lessons and any adaptions to the lesson are made to ensure the swimmer is safe and can fulfil their potential. Any medical issues are always risk assessed and adaptions made to the lesson, if required.
Marketing – Images, Videos or Names
Should DSA wish to publish an article, social media blog, picture or video of you or your child, DSA will contact you prior to this to ensure you are happy for this to happen. An email will be required from yourself again (or form completed for this project) at each time, to confirm you are happy for names and images / videos to be used. We anticipate these areas will predominately be news stories on the website.
Customer Rights – Opt outs
All DSA Customers have the right to refuse direct marketing and can do so by ticking the relevant box(es) on the enrolment form and email sent from the team, which is available through contacting DSA. This can also be requested to change at any time and details of opt in and opt our preferences are stored on CoursePro.
Please note this is separate to service emails, such as cancelled lessons from CoursePro.
Customer Rights – Data Handling
You are entitled to a copy of your personal data from DSA. You are also entitled to amend any of your personal data at any time (by contacting the DSA administration team), such as, address changes, medical changes or incorrect information stored.
Information Commissioner’s Office (ICO)
DSA is registered with the Information Commissions Office (ICO) and fully adheres to the Data Protection act. Our ICO number is ZA105013.
Customer Data – Deletion Of Data
All customers have the right to have data deleted, this will predominately be requested and occur when a swimmer leaves the DSA scheme. Customers can leave the scheme and request all data to be deleted and at this time DSA will comply by this. If a customer does not request the data to be deleted, then DSA will delete data before or up to 12 months of last lesson with DSA, should customers not request this prior to this or get in contact to advise they would like data stored.
Website – Cookies
What information is being collected on individuals
DSA will ask for the following data when a member joins up to swimming lessons at DSA:
- Email address 1 and 2
- Phone number 1 and 2
- Parent details
- Medical Deceleration and details
- Previous swimming history
- Where they heard from us
- School the child attends
- Past swimming history – latest badges etc
- DSA states on form that data will be held 12months from when a person leaves the scheme
- Whether they opt into or out of:
- DSA sending details of products, competitions, promotions and services
- DSA sending details of events
- DSA to send normal communications
- Photography of participant – for marketing purposes, notice board, newsletters and website
DSA will hold the above information on CoursePro our secure system and the additional data will be added:
- Changes to any of the above – parents need to email or call the DSA admin staff to make amendments
- Class history
- New and current and past bookings
- New and current and past award progress
- New and current and past outcome progress
DSA will also hold data on our staff and all documents are password protected on our computers and also in the cloud. DSA directors are the only ones (and the individual staff) that can access this data.
DSA may have historic documents or documents not on CoursePro that hold data on individuals these documents are all password protected and only accessed by DSA admin staff.
If a members wants to be deleted, this can be done on CoursePro and will be done meaning they are deleted from the system and all historic and present data deleted, this will also mean they are deleted off any current classes or future classes.
How will data be used
DSA will collect new joiner data through an enrolment form via the DSA admin team. This will be emailed and the client emails this back or hands this in. The details are entered onto the CoursePro system and the form is destroyed, no electronic forms are held.
Outside ‘CoursePro’, If a swimmer wishes to go on our waiting lists, then this is through a separate area of DSA and password protected. The only members who have access to this are DSA admin staff. This also applies for current members who wish to have siblings placed on the waiting list.
If a current swimmer wishes to be placed on a waiting list internally for another day or time or venue, DSA will store this information within our secure site of ‘CoursePro’.
Outside ‘CoursePro’, DSA will also hold details of swimmers that wish to order awards, or items from the Swim Shop, the name of the swimmer, current day and time of class will be logged on a password protected sheet held in another part of DSA administration areas.
DSA admin staff are the only people within DSA that have access to member private details. Teachers can access CoursePro though a teacher log in and the only thing that is displayed is the register for each class which shows Childs name, contact number and medical details. These cannot be amended but can be viewed. Teachers have access to making amendments on a child’s progress by ticking outcomes, this can be viewed by the parent on the Home Portal of CoursePro.
The data we hold on each individual will enable DSA to run proficient classes with similar ability children, be safe with knowledge of medical records, have contact details for emergency and for if a class is cancelled. Have clear opt in and opt out data on what we send individuals from DSA.
Who is the data shared with
- DSA Admin Staff
- DSA Teachers (limited view)
- Natwest Bank – for BACS transfers for fees or for refunds – this is only names, sortcode and account number
- Marketing – only if an individual asks us to market something on them or we have gained consent to use a child’s photo and name for marketing
- The Blue Coat School (BCS) – this is only relevant to those on the extra-curricular scheme and are students at BCS. all data shared between BCS and EC is password protected. This is solely names to check pupils are eligible for the Extra Curricular lessons and attend BCS,
What will the effect of this be on the individuals concerned and Is the intended likely to cause individuals to object or complain
The effect this data we hold has on the individual is that they can be rest assured from DSA it is safe within CoursePro. Data and details are used to ensure a child is safe, parents can be contacted, progression can be tracked by DSA and parent and medical declarations can be assessed and lessons adjusted if required.
No data is ever passed onto 3rd party marketing companies.
- Diamond Swim Academy LTD Website – Cookies – Policy and Procedure
DSA employ a contracted third-party provider to set up and assist with the running of www.diamondswimacademy.co.uk. DSA
What are cookies
Cookies are small pieces of text sent by a web browser by a website customer’s visit. A cookie file is stored in customer’s web browser and allows the Service or a third-party to recognize each customer and make the customer’s next visit easier and the service more useful to each individual customer. Cookies can be “persistent” or “session” cookies.
When customers use and access the Service, DSA may place a number of cookies files in each customers web browser.
DSA use both session and persistent cookies on the service and DSA use different types of cookies to run the Service:
– Essential cookies. DSA may use essential cookies to authenticate users and prevent fraudulent use of user accounts.
In addition to DSA own cookies, we may also use various third-parties cookies to report usage statistics of the service, deliver advertisements on and through the service, and so on.
What are customer choices regarding cookies
Further information on website cookies
Learn more about cookies and the following third-party websites:
Network Advertising Initiative: http://www.networkadvertising.org/
- Diamond Swim Academy – CoursePro System Data Handling Policy and Procedure
The below gives examples of how DSA store customer data and handle customer data.
Joining the scheme
When a customer joins the scheme, details will be taken over the phone or via a enrolment form – all new joiners are required to complete an enrolment form. The data from this form will be added to the CoursePro system. All electronic and hard copies of the enrolment are securely destroyed once entered onto the system.
Whenever a member of the DSA logs into CoursePro, they must enter a valid username and password. The system cannot be accessed without this. All teachers and DSA staff must log in and out of the system after each use, and all staff have signed Data Protection forms and confidentiality forms. All teachers have been given clear guidance on data control and privacy, and all have signed it and will adhere to it.
Data will be added to a profile page of each customer like this – the marketing preferences will be added at the bottom as per request from the customer:
Customer Preview – staff acknowledgment of data preference
This will be the area all DSA admin staff can see and view when searching for a customer. This allows DSA admin staff to go into the customer details and make changes, amendments as per customer request.
Leaving the scheme
When a customer leaves DSA and the scheme, DSA will delete data on customers within a year of the last swimming lesson – or sooner. The data deleted is the member record and this includes all details on customers and course and progression of outcomes and awards – historic and current. Any reports, DSA run from the system once you are deleted, will show you as a deleted anonymous person, with no personal data attached.
Data Terms and Conditions in ‘CoursePro’
In CoursePro, the basis for data processing is upon the fulfilment of a contract between DSA and our members. Therefore, consent is not required under GDPR. Information initially added to ‘CoursePro’ will be via details given over the phone / email and through DSA enrolment form. Opt in contact and marketing services are asked on the enrolment form but can be given and amended by the customer at any time. The Marketing and Contact Preferences will be added to customers profile on ‘CoursePro’.
Types of contact:
When signing up to HomePortal, a member is asked to confirm that they accept the same T&Cs. This will appear as the below.
The document you are currently reading is our T&Cs and will be available via HomePortal and can be viewed via diamondswimacademy.courseprogress.co.uk/terms or www.diamondswimacademy.co.uk.
6. Financial Data – Policy and Procedure
Types of financial transactions
DSA work with the following types of transactions
- Face to Face (CARD, CASH or CHQ)
- Bank Transfers
- CoursePro Customer Payments (CARD)
- Over the phone (CARD)
Card Data – Over the phone
Balances and refunds can be done via phone calls, however this is not the preferred method of payment. Preferred methods are via the home portal on ‘CoursePro’ where the customer leads this process and makes payment. The card number, security number and expiry date data is entered directly into the card machine and no data is recorded elsewhere. A customer receipt will be printed and can be handed to customer at the next lesson should they want this. All payments will be uploaded to ‘CoursePro’, where new balance can be viewed
Card Data – face to face
Balances and refunds can be done via phone calls, however this is not the preferred method of payment. Preferred methods are via the home portal on ‘CoursePro’ where the customer leads this process and makes payment. Cards will be inserted into the terminal in front of the customer and details are asked to be entered. DSA do not store any card data. A customer receipt will be printed and can be handed to customer. All payments will be uploaded to ‘CoursePro’, where new balance can be viewed
Card Data – Homeportal
Preferred methods are via the home portal on ‘CoursePro’ where the customer leads this process and makes payment. The card number, security number and expiry date data is entered directly into a secure area of CoursePro’ but he customer and a reference number and receipt will be given at the time of full payment taken. DSA use SAGEPay as their payment gateway and all areas are GDPR compliant by DSA, ‘CoursePro’ and SAGEpay.
Balances and refunds can be done via a bank transfer; however, this is not the preferred method of payment, but is the preferred method for refunds. Preferred methods for payment are via the home portal on ‘CoursePro’ where the customer leads this process and makes payment. The card number, security number and expiry date data is entered directly into the card machine and no data is recorded elsewhere.
Customers can make a BACS payment directly to DSA where the customer controls the data. For refunds, DSA will ask for The Account Name, Number and sort code verbally only, and will no store this within the bank online system, this will be deleted each time a refund has been made. In the case a customer emails the BACS details for refund then DSA will destroy this immediately once payment has been made.
Credit is preferred to be given to a customer rather than a refund.