Privacy Policy

The Outdoor Swimming Society (“The OSS”, “we”, “us” or “our”) is committed to protecting your personal information and being transparent about what we do with it, however you interact with us. We are therefore committed to using your personal information in accordance with our responsibilities. As part of this, we are required to provide you with the information in this Privacy Policy under applicable data privacy laws, including the United Kingdom General Data Protection Regulation, the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (the “Data Protection Laws”).

We won’t do anything with your personal information that you wouldn’t reasonably expect. This Privacy Policy explains how and what we do with your personal information, why we use it and how we store it.

In this Privacy Policy when we refer to ‘The OSS’ we are referring to The Outdoor Swimming Society Limited (which is a not for profit company limited by guarantee, company no. 05847138) and/or OSS Marketplace Ltd (a private limited company, company no. 13751770, which operates to supply the society audience with items such as events, an online shop and courses as part of its fundraising).

If you have any queries about our Privacy Policy, please contact us by email at

1. How and when we collect information about you

We may collect and store personal information about you whenever you interact with us. Examples of this include:

  • When you register for an account in order to make a shop or event purchase on our website at (the “Website”).
  • When you make a donation via the Website.
  • When you sign up for our online newsletter elsewhere
  • When you buy items from our online shop.
  • When you sign up for an event.
  • When you contact us with a query, whether via email, telephone or social media.
  • When you offer to volunteer for us.
  • When you offer to write content for our Website.
  • When you enter one of our competitions.
  • When you send us a direct message on a social media platform (e.g. Facebook, Twitter, Instagram).
  • When you post or comment on a post on one of our social media groups or pages.
  • If you apply for a job with The OSS.

2. What personal information do we collect?

The types of information that we collect will be determined according to the nature of your interactions with The OSS, as described more fully within section 3 below. The majority of this information will be personal information, such as your name, email address, postal address, telephone number, age, gender, social media account information, bank account details and any other personal information that you may choose to provide. In all cases we will only seek to collect information that we need.

Some of the personal information that we collect may be data that is classified as ‘special category personal data’ under the Data Protection Laws, due to its sensitivity. For instance, The OSS may collect health data from you, specifically in relation to any medical conditions. Special category personal data will only be collected where necessary and where such data is needed for safety reasons. For example, we need to know of any medical conditions you have for events, so that our safety team can provide the correct care for you during an event.

3. Why we collect your personal information, how it is stored and our lawful bases for processing

We use and store your personal information in the following ways and in reliance upon the lawful bases described below, in accordance with the Data Protection Laws:

Direct Marketing

When you sign up to receive emails from us (which include our newsletter elsewhere, event information, and shop information) your email address is stored in a mailing list using the online program, Mailchimp. We will then send you elsewhere, which includes information on swimming events and The OSS Shop. For more information on how Mailchimp use and store personal information, please see Mailchimp’s privacy policy. You can unsubscribe from our mailing list using the unsubscribe link at the bottom of any email.

If you register for a place at an event we will collect your email address, following which we will send you event-specific information about that event and other swimming events that we think you might be interested in. Your email will not be used after the final post-event email.

When you send us a direct message on a social media platform (e.g. Facebook, Twitter or Instagram) we use any personal information provided to respond to your message. On occasion, we may contact you via direct message on a social media platform in order to notify you that you have won a competition, to ask whether we can use a photo you have uploaded to the page or group, or because we are interested in a story you have posted.

In accordance with the Data Protection Laws, our lawful basis for processing your personal information in this manner is that:

  • You have provided your consent to receive direct electronic marketing from The OSS in the form of emails from us (our newsletter, event and shop information)
  • You have provided your consent to receive event-specific information by registering to take part in an event
  • The processing is necessary for the purpose of our legitimate interest in keeping OSS members appraised of our activities.

General Processing Activities

When you register for a shop account via the Website (as part of buying shop items or event tickets), we will collect personal information including your email address, username, first name, last name, postal address and any other information that you may choose to provide should you contact us in respect of any issues faced in accessing your account.

When you buy any items from our online shop we need to collect your personal details (name, email address, postal address) and credit/debit card information, to take payment for your goods and to deliver the goods to you. These personal details are held within our Website on the eCommerce platform, WooCommerce and transactions are processed using Stripe. The OSS never has access to your full credit/debit card details when payment is taken in this way. Financial transaction data, excluding credit/debit card details, is held for as long as the law requires us to for tax or accounting purposes, which may be up to six years from the transaction date.

When you make a donation via the Website you will be taken to the webpage of our payments provider PayPal, where you can decide what amount to contribute to The OSS. The OSS never has access to your credit/ debit card details when donations are accepted in this way, with any information being processed by PayPal. For more information on PayPal and how they use and store personal information, please see their Privacy Statement.

When you enter an event, your personal details are collected and used to pay for your event ticket. These data are stored securely within our Website on the eCommerce platform, WooCommerce. The information collected and stored includes your name, email address, postal address, telephone number and credit/debit card details, and your transaction is processed using Stripe. We never have access to your full credit/debit card details when payment is taken in this way. Personal information held in relation to an event will be kept securely for three years from the year of the event, in line with our legal requirements. Financial transaction data, excluding your credit/debit card details, are held for as long as the law requires for tax or accounting purposes, which may be up to six years from the transaction date.

When you enter an event you may be asked whether you agree to your personal details (name, gender, age category) and your event completion time being included on the public results list. This results list may be available following the event on our Website and social media platforms for up to three years. If you change your mind with regards to being on the results list for an event please email to be removed from the list.

We may use event photographers at our swimming events, who will take photos freely throughout the event. Photos are taken at the event on the basis of legitimate interest and will only be taken in the context of: 1) Online event photo galleries; 2) The OSS newsletter elsewhere; 3) The OSS Website; 4) OSS social media; and 5) OSS marketing and publicity. If you do not want photos of yourself used in this way please email prior to or following the event or let the event photographer know that you do not want to be photographed at the event.

At our events we may require your swim to be timed using a timing chip. If that is the case, it will be for safety purposes and to provide timings for each swimmer’s personal interest. These times are subsequently shown on the results list if you have provided consent for your details to be included. We contract out event timing to an external timing company, who will match your time taken with your name using your swimmer number. The external timing company may hold your information (including your name, time and swimmer number) in their records, and should be contacted directly if you wish to discuss the storage of your personal details in their records.

When you offer to volunteer with us we need your personal information (name, email address, telephone number) to contact you with regards to your offer of help. We may also need additional personal and sensitive personal data, such as any medical conditions you have, to assign you an appropriate volunteering role and to make sure we can support you effectively in your volunteering role.

When you contact us with a query of any kind by email (e.g. regarding our newsletter, an event, our Website or our online shop) we use the information you have provided to respond to your initial message. We then delete any emails considered to be solved and will not hold any information (emails or email addresses) we deem to be no longer needed.

When you apply for a job with The OSS we use the contact information provided to respond to your application. In addition, we will ask for your consent to keep your application on record in our email account, so that we can contact you if a future position becomes available to which you are particularly suited. If, following the provision of your consent, you decide that you don’t want your details to be stored in this way please email confirming that you no longer wish to receive information on potential roles with The OSS.

You may interact with us via a page, group or account on a social media platform (e.g. Facebook, Twitter or Instagram). In these cases, your interaction with us is stored on that page, group or account on which it was posted. Such interactions may involve the processing of personal information such as your name. If you would like any such interactions to be removed please either delete the interaction yourself, send us a message on the platform in question, or email us at The personal information stored will be determined by your privacy settings on the social media platform in question.

You may provide content for our Website, which may include personal information such as your name and email address. If you would like your personal details removed from our Website please contact

We may use your personal information to record and deal with a complaint, to record a request not to receive further information and for other essential, internal record keeping purposes. Following completion of any such tasks your personal details will be removed from the records.

When you use our Website, user details will be collected to enable development of the Website and for usage tracking, which is undertaken by Google Analytics. Further details of this type of data collection can be found in the Cookies section below (Section 11).

We may use your personal information to prevent crime and to keep our team and the public safe.

We may use your personal information where we reasonably think that there is a risk of serious harm or abuse to you or someone else.

We may be required to process your personal information to fulfil a legal, regulatory or tax obligation.

In accordance with the Data Protection Laws, we rely upon the following lawful bases for processing your personal information where carrying out the processing activities described above:

  • you have given your consent to the processing of your personal information for one or more of the specific purposes described above; or
  • the processing is necessary for the performance of a contract to which you and The OSS are party; or
  • the processing is necessary for the purposes of our legitimate interests in operating The OSS, managing OSS events and/ or ensuring the safety of all participants in OSS events.

In accordance with the Data Protection Laws, where we process your special category personal data our lawful basis for doing so is that you have provided your explicit consent to the processing of your special category personal data for one or more specified purposes as described above, namely to ensure that we are aware of any medical conditions so that we can keep you safe during our events or in your role with the OSS.

4. How long we store your information

Please refer to section 3 above for further information on how long we may store your personal information within specific contexts. In addition, please note that:

We will keep any personal information which we have collected for processing financial transactions, excluding your credit/debit card details, for as long as the law requires for tax or accounting purposes (which may be up to six years after a particular transaction).

If you have participated in an event or have been a volunteer, we will keep your personal information for three years in line with this Privacy Policy, as is our legal obligation.

When you unsubscribe from our newsletter your personal information is archived by our mailing list database software, Mailchimp. If you wish to rejoin the mailing list at any point you will need to do this via our website sign up page.

In respect of any other personal information, we will retain it for no longer than necessary for the purposes for which it was collected, taking into account guidance issued by the Information Commissioner’s Office.

5. When we share your personal information

As described in section 3 above, we may need to share your information with data hosting providers or service providers, such as our website developer, who help us to deliver our services. These providers will only act under our instruction and are subject to universal strict data protection clauses.

We may also share your personal information with selected third parties including:

  • Analytics and search engine providers that assist us in the improvement and optimisation of the Website, as described in section 11 (Cookies) below.
  • Where either of The Outdoor Swimming Society Limited or OSS Marketplace Ltd merge with another organisation, are acquired by another organisation or form a new entity, in which case we may share your personal information with the relevant organisations (including third party purchasers).

We will disclose your personal information to third parties such as courts, regulatory or law enforcement bodies, or our professional advisors if this is permitted by law and is necessary in order to:

  • Comply with any court order or other legal obligation or when data is requested by our regulators or by government agencies or law enforcement agencies.
  • Enforce or apply any agreement to which we are party.
  • Protect the rights, property, or safety of us, our employees, our clients or others.

6. Protecting your personal information

We use standard organisational safeguards to ensure that your personal information is secure. We limit access to information on a strictly need-to-know basis and will continue to ensure that our team are aware that such information is only used in accordance with this Privacy Policy.

We undertake at least biennial reviews of those who have access to information that we hold to ensure that your information is only accessible by appropriately trained staff and contractors.

If you use your credit or debit card to buy something or make a booking online, we pass your card details securely using WooCommerce to Stripe. We never have direct access to your full payment information.

Whilst we take all possible precautions to ensure your personal information is safe, there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of data (including personal information) disclosed or transmitted over public networks.

Where you or we have provided a password enabling you to access parts of our Website or use our services, it is your responsibility to keep this password confidential. Please choose a secure password and do not share it with anyone else.

7. International transfers

From time to time, we may transfer your personal information outside of the UK to service providers for the purposes described in this Privacy Policy. If we do transfer your personal information, we will put in place appropriate safeguards required by law. For example, we may use model contracts in a form approved by regulators.

We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Privacy Policy.

8. Your rights to your personal information

You have rights in relation to the personal information we hold about you. These include the right to request access to your personal information, to request that it is erased, that its processing is restricted, or that any inaccurate personal information is rectified. You may also have the right to object to the processing of your personal information, or in some circumstances to obtain a copy of the personal information in machine-readable format. If you wish to exercise these rights, please email

When asking for such a procedure, you will need to provide copies of two separate identification documents, such as a passport, driving licence, or utility bill, and any additional information that is relevant to the nature of your contact with us. This information will help us to locate your records. Please send these documents via email to

We will respond within one month of receipt of your written request and copies of your identification documents. Where we provide personal information to you (or someone else on your behalf), we will provide it free of charge except in exceptional circumstances.

9. Our policy for Under 18s and Under 16s

To use our Website you need to be over 18 years old. If you are under the age of 18 you must have the consent of your parent or legal guardian to use or register for any of our services.

10. External websites and social media platforms

Our Website contain hyperlinks to lots of other websites. This Privacy Policy only applies to our Website, so when you follow a link to other websites from ours you should read their own privacy policies. This privacy policy only covers the privacy practices of The OSS and how we will use any information collected from our Website, mailing list and social media pages. It does not cover how providers of social media platforms will use your information. You should read the relevant social media site’s privacy policies before adding any content to our social media pages, and use the social media site privacy settings and reporting mechanisms to control the way that your information is handled on that site.

11. Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. You can find out more about the use of cookies here. Our Website uses cookies to help provide you with the best possible user experience.

We may use cookies to:

  • Identify you when you visit this Website, to keep track of your browsing patterns and build up a demographic profile. Our use of cookies also allows registered users to be presented with a personalised version of the Website, carry out transactions and have access to information about their account.
  • Compile visitor statistics such as how many people have visited our Website, what type of technology they are using, how long they spend on the Website and which pages they look at. This information helps us to improve our Website. We use Google Analytics, which informs us, on an anonymous basis, of how people reached this Website (e.g. from a search engine) and whether they have been here before, helping us to develop our services for you.

Our Website, like most websites, includes functionality provided by third parties and we sometimes include content from YouTube or Vimeo, which use cookies. Please consult the relevant privacy notice or cookie notice of YouTube or Vimeo for further information on how they process your cookie data.

You can switch cookies off by adjusting your browser settings to stop it from accepting cookies. Doing this is likely to limit the functionality of ours and a large proportion of the world’s websites as cookies are a standard part of most modern websites. To opt out of being tracked by Google Analytics across all websites visit

If the settings on your browser are adjusted to accept cookies we take this, and your continued use of our Website, to mean that you are fine with this. Should you wish to remove or not use cookies from our site you can learn how to do this below, however doing so will likely mean that our site will not work as you would expect.

12. How to make a complaint or raise a concern

If you would like more information, have any questions about this Privacy Policy, want to make a formal complaint about our approach to data protection, or raise privacy concerns please contact us by email at

If you would like to make a complaint, please follow our complaints procedure.

13. Changes to our Privacy Policy

Our Privacy Policy may change from time to time, so please check this page occasionally to see if we have undertaken any updates and that you are happy with them.

Last updated: 21 September 2023, to replace the payment system “Opayo” with “Stripe”